diff options
| author | Matthew Miller <matthew@millerti.me> | 2021-08-20 08:40:07 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2021-08-20 08:40:07 -0700 |
| commit | 36f8eb6a86355b875d8def9085d786c73f1208e9 (patch) | |
| tree | 909e31908a21b858252445e4444f84b62d7b39b4 /packages/server/src | |
| parent | caabb15b106abf7336d9577ddd5cbcf477f99fd4 (diff) | |
Add default root cert for MDS
Diffstat (limited to 'packages/server/src')
| -rw-r--r-- | packages/server/src/services/defaultRootCerts/mds.ts | 32 | ||||
| -rw-r--r-- | packages/server/src/services/settingsService.ts | 6 |
2 files changed, 38 insertions, 0 deletions
diff --git a/packages/server/src/services/defaultRootCerts/mds.ts b/packages/server/src/services/defaultRootCerts/mds.ts new file mode 100644 index 0000000..1a06db1 --- /dev/null +++ b/packages/server/src/services/defaultRootCerts/mds.ts @@ -0,0 +1,32 @@ +/** + * GlobalSign Root CA - R3 + * + * Downloaded from https://valid.r3.roots.globalsign.com/ + * + * Valid until 2029-03-18 @ 00:00 PST + * + * SHA256 Fingerprint + * CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B + */ +export const GlobalSign_Root_CA_R3 = `-----BEGIN CERTIFICATE----- + MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G + A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp + Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 + MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG + A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI + hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 + RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT + gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm + KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd + QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ + XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw + DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o + LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU + RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp + jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK + 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX + mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs + Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH + WD9f + -----END CERTIFICATE----- + `; diff --git a/packages/server/src/services/settingsService.ts b/packages/server/src/services/settingsService.ts index e8cd9f9..e0481c7 100644 --- a/packages/server/src/services/settingsService.ts +++ b/packages/server/src/services/settingsService.ts @@ -7,6 +7,7 @@ import { Google_Hardware_Attestation_Root_2, } from './defaultRootCerts/android-key'; import { Apple_WebAuthn_Root_CA } from './defaultRootCerts/apple'; +import { GlobalSign_Root_CA_R3 } from './defaultRootCerts/mds'; class SettingsService { // Certificates are stored as PEM-formatted strings @@ -68,6 +69,11 @@ settingsService.setRootCertificates({ certificates: [Apple_WebAuthn_Root_CA], }); +settingsService.setRootCertificates({ + identifier: 'mds', + certificates: [GlobalSign_Root_CA_R3], +}); + type RootCertIdentifier = AttestationFormat | 'mds'; export default settingsService; |