summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/metadata/metadataService.ts7
1 files changed, 4 insertions, 3 deletions
diff --git a/packages/server/src/metadata/metadataService.ts b/packages/server/src/metadata/metadataService.ts
index 7d8c392..b9be929 100644
--- a/packages/server/src/metadata/metadataService.ts
+++ b/packages/server/src/metadata/metadataService.ts
@@ -121,16 +121,17 @@ class MetadataService {
try {
// Validate the certificate chain
+ // TODO: Check for certificate revocation
validateCertificatePath(fullCertPath);
} catch (err) {
console.error(err);
- // From FIDO MDS docs: "The FIDO Server SHOULD ignore the file if the signature is invalid."
+ // From FIDO MDS docs: "ignore the file if the chain cannot be verified or if one of the
+ // chain certificates is revoked"
return;
}
- // TODO: Figure out why the signature won't verify here
+ // Verify the TOC JWT signature
const leafCert = fullCertPath[0];
-
const verified = KJUR.jws.JWS.verifyJWT(data, leafCert, {
alg: [header.alg],
// Empty values to appease TypeScript and this library's subtly mis-typed @types definitions
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-22 16:01:33 +0000