blob: 685ddd8e4a64170482aef21b8b1abb00113804f2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
export default function validateCertificatePath(certificates: any[]) {
console.log('certificates', certificates);
return false;
// TODO: Re-investigate this if we decide to "use MDS or Metadata Statements"
// console.debug('validating certificate path');
// const uniqueCerts = new Set(certificates);
// if (uniqueCerts.size !== certificates.length) {
// throw new Error('Certificate path could not be verified due to duplicate certificates');
// }
// certificates.forEach((subjectPEM, index) => {
// const subjectCert = new jsrsasign.X509();
// subjectCert.readCertPEM(subjectPEM);
// let issuerPEM;
// if (index + 1 >= certificates.length) {
// console.debug('using subjectPEM as issuerPEM');
// issuerPEM = subjectPEM;
// } else {
// console.debug('using next cert as issuerPEM');
// issuerPEM = certificates[index + 1];
// }
// const issuerCert = new jsrsasign.X509();
// issuerCert.readCertPEM(issuerPEM);
// const subjectCertString = subjectCert.getSubjectString();
// const issuerCertString = issuerCert.getSubjectString();
// if (subjectCertString !== issuerCertString) {
// console.error('subject strings didn\'t match');
// console.debug('subjectCertString:', subjectCertString);
// console.debug('issuerCertString:', issuerCertString);
// throw new Error('Certificate issuers didn\'t match');
// }
// const subjectCertStruct = jsrsasign.ASN1HEX.getTLVbyList(subjectCert.hex, 0, [0]);
// const algorithm = subjectCert.getSignatureAlgorithmField();
// const signatureHex = subjectCert.getSignatureValueHex();
// const Signature = new jsrsasign.crypto.Signature({ alg: algorithm });
// Signature.init(issuerPEM);
// Signature.updateHex(subjectCertStruct);
// const sigVerified = Signature.verify(signatureHex);
// if (!sigVerified) {
// console.error('failed to validate certificate path');
// console.debug('sigVerified:', sigVerified);
// throw new Error('Certificate path could not be validated');
// }
// });
// return true;
}
|
