diff options
| -rw-r--r-- | packages/server/src/helpers/isCertRevoked.ts | 14 | ||||
| -rw-r--r-- | packages/server/src/metadata/metadataService.ts | 14 |
2 files changed, 0 insertions, 28 deletions
diff --git a/packages/server/src/helpers/isCertRevoked.ts b/packages/server/src/helpers/isCertRevoked.ts index 34ef7fe..4eeacbb 100644 --- a/packages/server/src/helpers/isCertRevoked.ts +++ b/packages/server/src/helpers/isCertRevoked.ts @@ -21,27 +21,19 @@ const cacheRevokedCerts: { [certAuthorityKeyID: string]: CAAuthorityInfo } = {}; * CRL certificate structure referenced from https://tools.ietf.org/html/rfc5280#page-117 */ export default async function isCertRevoked(cert: X509): Promise<boolean> { - console.log(`Getting cert serial`); const certSerialHex = cert.getSerialNumberHex(); - console.log(`Checking certificate revocation for ${cert.getSerialNumberHex()}`); - // Check to see if we've got cached info for the cert's CA - console.log(`Getting cert auth key ID`); let certAuthKeyID: { kid: string } | null = null; try { certAuthKeyID = cert.getExtAuthorityKeyIdentifier(); } catch (err) { - console.error('error getting auth key id:', err.message); return false; } - console.log('cert auth key id:', certAuthKeyID); - if (certAuthKeyID) { const cached = cacheRevokedCerts[certAuthKeyID.kid]; if (cached) { - console.log(`Found cached info for CA ID ${certAuthKeyID.kid}`, cached); const now = new Date(); // If there's a nextUpdate then make sure we're before it if (!cached.nextUpdate || cached.nextUpdate > now) { @@ -55,25 +47,21 @@ export default async function isCertRevoked(cert: X509): Promise<boolean> { crlURL = cert.getExtCRLDistributionPointsURI(); } catch (err) { // Cert probably didn't include any CDP URIs - console.error(`Error getting cert CDP URIs: ${err.message}`); return false; } // If no URL is provided then we have nothing to check if (!crlURL) { - console.error(`No CDP URIs for certificate`); return false; } // Download and read the CRL const crlCert = new X509(); try { - console.log(`Downloading CRL:`, crlURL[0]); const respCRL = await fetch(crlURL[0]); const dataCRL = await respCRL.text(); crlCert.readCertPEM(dataCRL); } catch (err) { - console.error(`Error downloading CRL: ${err}`); return false; } @@ -100,11 +88,9 @@ export default async function isCertRevoked(cert: X509): Promise<boolean> { // Cache the results if (certAuthKeyID) { - console.log(`Adding cached info for CA ID ${certAuthKeyID.kid}:`, newCached); cacheRevokedCerts[certAuthKeyID.kid] = newCached; } - console.log('checking if this cert is in new list of revoked certs'); return newCached.revokedCerts.indexOf(certSerialHex) >= 0; } diff --git a/packages/server/src/metadata/metadataService.ts b/packages/server/src/metadata/metadataService.ts index 3e7f79f..4cfe2bb 100644 --- a/packages/server/src/metadata/metadataService.ts +++ b/packages/server/src/metadata/metadataService.ts @@ -70,8 +70,6 @@ class MetadataService { // If metadata statements are provided, load them into the cache first if (statements?.length) { - console.log(`Adding ${statements.length} statements to cache`); - statements.forEach(statement => { // Only cache statements that are for FIDO2-compatible authenticators if (statement.aaguid) { @@ -91,8 +89,6 @@ class MetadataService { // If MDS servers are provided, then process them and add their statements to the cache if (mdsServers?.length) { - console.log(`Querying ${mdsServers.length} MDS services`); - for (const server of mdsServers) { try { await this.downloadTOC({ @@ -105,14 +101,10 @@ class MetadataService { }); } catch (err) { // Notify of the error and move on - console.error(`Error processing ${server.url}: ${err.message}`); } } } - console.log('MDS cache:', JSON.stringify(Object.keys(this.mdsCache))); - console.log('Statement cache:', JSON.stringify(Object.keys(this.statementCache))); - this.state = SERVICE_STATE.READY; } @@ -177,7 +169,6 @@ class MetadataService { // If the statement hasn't been cached but came from an MDS TOC, then download it if (!cachedStatement.statement && cachedStatement.tocURL) { // Download the metadata statement if it's not been cached - console.debug('Downloading statement from', cachedStatement.url); const resp = await fetch(cachedStatement.url); const data = await resp.text(); const statement: MetadataStatement = JSON.parse( @@ -190,7 +181,6 @@ class MetadataService { const calculatedHash = base64url.encode(toHash(data, hashAlg)); if (calculatedHash === cachedStatement.hash) { - console.log('hash matched, storing statement in cache'); // Update the cached entry with the latest statement cachedStatement.statement = statement; } else { @@ -211,7 +201,6 @@ class MetadataService { const { url, no, rootCertURL, metadataURLSuffix } = mds; // Query MDS for the latest TOC - console.debug(`Downloading TOC: ${url}`); const respTOC = await fetch(url); const data = await respTOC.text(); @@ -228,7 +217,6 @@ class MetadataService { let fullCertPath = header.x5c.map(convertASN1toPEM); if (rootCertURL.length > 0) { - console.debug(`Downloading root cert: ${rootCertURL}`); // Download FIDO the root certificate and append it to the TOC certs const respFIDORootCert = await fetch(rootCertURL); const fidoRootCert = await respFIDORootCert.text(); @@ -260,8 +248,6 @@ class MetadataService { throw new Error('TOC signature could not be verified'); } - console.log(`TOC verified, caching ${payload.entries.length} statements`); - // Prepare the in-memory cache of statements. for (const entry of payload.entries) { // Only cache entries with an `aaguid` |