summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src/helpers/validateCertificatePath.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src/helpers/validateCertificatePath.ts')
-rw-r--r--packages/server/src/helpers/validateCertificatePath.ts55
1 files changed, 55 insertions, 0 deletions
diff --git a/packages/server/src/helpers/validateCertificatePath.ts b/packages/server/src/helpers/validateCertificatePath.ts
new file mode 100644
index 0000000..685ddd8
--- /dev/null
+++ b/packages/server/src/helpers/validateCertificatePath.ts
@@ -0,0 +1,55 @@
+export default function validateCertificatePath(certificates: any[]) {
+ console.log('certificates', certificates);
+ return false;
+ // TODO: Re-investigate this if we decide to "use MDS or Metadata Statements"
+ // console.debug('validating certificate path');
+
+ // const uniqueCerts = new Set(certificates);
+
+ // if (uniqueCerts.size !== certificates.length) {
+ // throw new Error('Certificate path could not be verified due to duplicate certificates');
+ // }
+
+ // certificates.forEach((subjectPEM, index) => {
+ // const subjectCert = new jsrsasign.X509();
+ // subjectCert.readCertPEM(subjectPEM);
+
+ // let issuerPEM;
+ // if (index + 1 >= certificates.length) {
+ // console.debug('using subjectPEM as issuerPEM');
+ // issuerPEM = subjectPEM;
+ // } else {
+ // console.debug('using next cert as issuerPEM');
+ // issuerPEM = certificates[index + 1];
+ // }
+
+ // const issuerCert = new jsrsasign.X509();
+ // issuerCert.readCertPEM(issuerPEM);
+
+ // const subjectCertString = subjectCert.getSubjectString();
+ // const issuerCertString = issuerCert.getSubjectString();
+ // if (subjectCertString !== issuerCertString) {
+ // console.error('subject strings didn\'t match');
+ // console.debug('subjectCertString:', subjectCertString);
+ // console.debug('issuerCertString:', issuerCertString);
+ // throw new Error('Certificate issuers didn\'t match');
+ // }
+
+ // const subjectCertStruct = jsrsasign.ASN1HEX.getTLVbyList(subjectCert.hex, 0, [0]);
+ // const algorithm = subjectCert.getSignatureAlgorithmField();
+ // const signatureHex = subjectCert.getSignatureValueHex();
+
+ // const Signature = new jsrsasign.crypto.Signature({ alg: algorithm });
+ // Signature.init(issuerPEM);
+ // Signature.updateHex(subjectCertStruct);
+
+ // const sigVerified = Signature.verify(signatureHex);
+ // if (!sigVerified) {
+ // console.error('failed to validate certificate path');
+ // console.debug('sigVerified:', sigVerified);
+ // throw new Error('Certificate path could not be validated');
+ // }
+ // });
+
+ // return true;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-25 19:48:57 +0000