summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--packages/server/src/helpers/validateCertificatePath.ts4
-rw-r--r--packages/server/src/helpers/validateCertificateValidityWindow.ts7
2 files changed, 9 insertions, 2 deletions
diff --git a/packages/server/src/helpers/validateCertificatePath.ts b/packages/server/src/helpers/validateCertificatePath.ts
index ae8a2fd..32c1c6b 100644
--- a/packages/server/src/helpers/validateCertificatePath.ts
+++ b/packages/server/src/helpers/validateCertificatePath.ts
@@ -4,6 +4,7 @@
import { KJUR, X509, ASN1HEX, zulutodate } from 'jsrsasign';
import isCertRevoked from './isCertRevoked';
+import { validateCertificateValidityWindow } from './validateCertificateValidityWindow';
const { crypto } = KJUR;
@@ -80,8 +81,7 @@ async function _validatePath(certificates: string[]): Promise<boolean> {
const notBefore = zulutodate(issuerCert.getNotBefore());
const notAfter = zulutodate(issuerCert.getNotAfter());
- const now = new Date();
- if (notBefore > now || notAfter < now) {
+ if (!validateCertificateValidityWindow(notBefore, notAfter)) {
throw new Error('Intermediate certificate is not yet valid or expired');
}
diff --git a/packages/server/src/helpers/validateCertificateValidityWindow.ts b/packages/server/src/helpers/validateCertificateValidityWindow.ts
new file mode 100644
index 0000000..e1a0926
--- /dev/null
+++ b/packages/server/src/helpers/validateCertificateValidityWindow.ts
@@ -0,0 +1,7 @@
+/**
+ * Make sure "now" is within a specific time frame
+ */
+export function validateCertificateValidityWindow(notBefore: Date, notAfter: Date): boolean {
+ const now = new Date();
+ return notBefore < now && now < notAfter;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 06:26:30 +0000