diff options
| author | Matthew Miller <matthew@millerti.me> | 2022-02-10 16:31:38 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-10 16:31:38 -0800 |
| commit | ef75d848a7da6ad8da773db53072be56dd43e6de (patch) | |
| tree | 5ba33d4c9aa8876900162f28551b76e6a96cfb25 /packages/server/src/helpers/validateCertificatePath.ts | |
| parent | a8b97311fdec49734d2476c8654202b567d89ffb (diff) | |
| parent | 830c3e7ff1d83268d048e3dba280752ab8e2b029 (diff) | |
Merge pull request #178 from MasterKale/fix/fido-mds-authr-pubkey-check
fix/fido-mds-authr-pubkey-check
Diffstat (limited to 'packages/server/src/helpers/validateCertificatePath.ts')
| -rw-r--r-- | packages/server/src/helpers/validateCertificatePath.ts | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/packages/server/src/helpers/validateCertificatePath.ts b/packages/server/src/helpers/validateCertificatePath.ts index 77d7f77..96d3f50 100644 --- a/packages/server/src/helpers/validateCertificatePath.ts +++ b/packages/server/src/helpers/validateCertificatePath.ts @@ -23,16 +23,21 @@ export default async function validateCertificatePath( } let invalidSubjectAndIssuerError = false; + let certificateNotYetValidOrExpiredErrorMessage = undefined; for (const rootCert of rootCertificates) { try { const certsWithRoot = certificates.concat([rootCert]); await _validatePath(certsWithRoot); - // If we successfully validated a path then there's no need to continue + // If we successfully validated a path then there's no need to continue. Reset any existing + // errors that were thrown by earlier root certificates invalidSubjectAndIssuerError = false; + certificateNotYetValidOrExpiredErrorMessage = undefined; break; } catch (err) { if (err instanceof InvalidSubjectAndIssuer) { invalidSubjectAndIssuerError = true; + } else if (err instanceof CertificateNotYetValidOrExpired) { + certificateNotYetValidOrExpiredErrorMessage = err.message; } else { throw err; } @@ -42,6 +47,8 @@ export default async function validateCertificatePath( // We tried multiple root certs and none of them worked if (invalidSubjectAndIssuerError) { throw new InvalidSubjectAndIssuer(); + } else if (certificateNotYetValidOrExpiredErrorMessage) { + throw new CertificateNotYetValidOrExpired(certificateNotYetValidOrExpiredErrorMessage); } return true; @@ -86,11 +93,17 @@ async function _validatePath(certificates: string[]): Promise<boolean> { const now = new Date(Date.now()); if (notBefore > now || notAfter < now) { if (isLeafCert) { - throw new Error('Leaf certificate is not yet valid or expired'); + throw new CertificateNotYetValidOrExpired( + `Leaf certificate is not yet valid or expired: ${issuerPem}` + ); } else if (isRootCert) { - throw new Error('Root certificate is not yet valid or expired'); + throw new CertificateNotYetValidOrExpired( + `Root certificate is not yet valid or expired: ${issuerPem}` + ); } else { - throw new Error('Intermediate certificate is not yet valid or expired'); + throw new CertificateNotYetValidOrExpired( + `Intermediate certificate is not yet valid or expired: ${issuerPem}` + ); } } @@ -122,3 +135,10 @@ class InvalidSubjectAndIssuer extends Error { this.name = 'InvalidSubjectAndIssuer'; } } + +class CertificateNotYetValidOrExpired extends Error { + constructor(message: string) { + super(message); + this.name = 'CertificateNotYetValidOrExpired'; + } +} |