2 files changed, 21 insertions, 75 deletions

diff --git a/packages/server/src/services/settingsService.test.ts b/packages/server/src/services/settingsService.test.ts
index cc455f7..9187ae1 100644
--- a/packages/server/src/services/settingsService.test.ts
+++ b/packages/server/src/services/settingsService.test.ts
@@ -3,73 +3,39 @@ import path from 'path';
 
 import settingsService from './settingsService';
 
-// Buffer
-const gsr2 = fs.readFileSync(path.resolve(__dirname, './defaultRootCerts/GSR2.crt'));
-const gsr2AsPEM = `-----BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
------END CERTIFICATE-----
-`;
-// PEM string
-const apple = fs.readFileSync(
-  path.resolve(__dirname, './defaultRootCerts/Apple_WebAuthn_Root_CA.pem'),
-  { encoding: 'utf-8' },
-);
-const appleAsPEM = `-----BEGIN CERTIFICATE-----
-MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w
-HQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ
-bmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx
-NTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG
-A1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k
-xu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/
-pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk
-2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
-MGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3
-jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B
-1bWeT0vT
------END CERTIFICATE-----
-`;
+import GSR1 from './defaultRootCerts/GSR1';
+import Apple_WebAuthn_Root_CA from './defaultRootCerts/Apple_WebAuthn_Root_CA';
+
+function pemToBuffer(pem: string): Buffer {
+  const trimmed = pem
+    .replace('-----BEGIN CERTIFICATE-----', '')
+    .replace('-----END CERTIFICATE-----', '')
+    .replace('\n', '');
+  return Buffer.from(trimmed, 'base64');
+}
 
 describe('setRootCertificate/getRootCertificate', () => {
   test('should accept cert as Buffer', () => {
+    const gsr1Buffer = pemToBuffer(GSR1);
     settingsService.setRootCertificates({
       attestationFormat: 'android-safetynet',
-      certificates: [gsr2],
+      certificates: [gsr1Buffer],
     });
 
     const certs = settingsService.getRootCertificates({ attestationFormat: 'android-safetynet' });
 
-    expect(certs).toEqual([gsr2AsPEM]);
+    expect(certs).toEqual([GSR1]);
   });
 
   test('should accept cert as PEM string', () => {
     settingsService.setRootCertificates({
       attestationFormat: 'apple',
-      certificates: [apple],
+      certificates: [Apple_WebAuthn_Root_CA],
     });
 
     const certs = settingsService.getRootCertificates({ attestationFormat: 'apple' });
 
-    expect(certs).toEqual([appleAsPEM]);
+    expect(certs).toEqual([Apple_WebAuthn_Root_CA]);
   });
 
   test('should return empty array when certificate is not set', () => {
diff --git a/packages/server/src/services/settingsService.ts b/packages/server/src/services/settingsService.ts
index 50a698e..205bf18 100644
--- a/packages/server/src/services/settingsService.ts
+++ b/packages/server/src/services/settingsService.ts
@@ -1,9 +1,10 @@
-import fs from 'fs';
-import path from 'path';
-
 import { AttestationFormat } from '../helpers/decodeAttestationObject';
 import convertCertBufferToPEM from '../helpers/convertCertBufferToPEM';
 
+import GSR1 from './defaultRootCerts/GSR1';
+import GSR2 from './defaultRootCerts/GSR2';
+import Apple_WebAuthn_Root_CA from './defaultRootCerts/Apple_WebAuthn_Root_CA';
+
 class SettingsService {
   // Certificates are stored as PEM-formatted strings
   private pemCertificates: Map<AttestationFormat, string[]>;
@@ -49,35 +50,14 @@ class SettingsService {
 const settingsService = new SettingsService();
 
 // Initialize default certificates
-/**
- * Google GlobalSign R2
- *
- * Downloaded from https://pki.goog/gsr2/GSR2.crt
- *
- * Valid until 2021-12-15 @ 00:00 PST
- */
 settingsService.setRootCertificates({
   attestationFormat: 'android-safetynet',
-  certificates: [
-    fs.readFileSync(path.resolve(__dirname, './defaultRootCerts/GSR2.crt')),
-    fs.readFileSync(path.resolve(__dirname, './defaultRootCerts/GSR1.crt')),
-  ],
+  certificates: [GSR2, GSR1],
 });
 
-/**
- * Apple WebAuthn Root CA PEM
- *
- * Downloaded from https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
- *
- * Valid until 2045-03-14 @ 17:00 PST
- */
 settingsService.setRootCertificates({
   attestationFormat: 'apple',
-  certificates: [
-    fs.readFileSync(path.resolve(__dirname, './defaultRootCerts/Apple_WebAuthn_Root_CA.pem'), {
-      encoding: 'utf-8',
-    }),
-  ],
+  certificates: [Apple_WebAuthn_Root_CA],
 });
 
 export default settingsService;