New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@expo/code-signing-certificates
Advanced tools
@expo/code-signing-certificates - npm Package Compare versions
Comparing version 0.0.2 to 0.0.3
@@ -15,2 +15,3 @@ "use strict"; | ||
| expect(keyPair.publicKey).toBeTruthy(); | ||
| expect(keyPair.publicKey.n.bitLength()).toEqual(2048); | ||
| const digest = node_forge_1.md.sha256.create().update('hello'); | ||
@@ -266,4 +267,8 @@ expect(keyPair.publicKey.verify(digest.digest().getBytes(), keyPair.privateKey.sign(digest))).toBeTruthy(); | ||
| }); | ||
| expect(certificate.validity.notBefore.getTime()).toBeLessThanOrEqual(Date.now()); | ||
| const expectedNotAfter = certificate.validity.notBefore; | ||
| expectedNotAfter.setDate(expectedNotAfter.getDate() + 30); | ||
| expect(certificate.validity.notAfter.getTime()).toEqual(expectedNotAfter.getTime()); | ||
| }); | ||
| }); | ||
| //# sourceMappingURL=main-test.js.map |
| import { pki as PKI } from 'node-forge'; | ||
| /** | ||
| * Custom X.509 extension that stores information about the Expo project that a code signing certificate is valid for. | ||
| * Used to prevent spoofing of scoping identifiers in Expo Go. | ||
| * | ||
| * Note: Generated with oidgen script. Resides in the Microsoft OID space. Could apply for Expo space but would take time: https://pen.iana.org/pen/PenApplication.page | ||
| */ | ||
| export declare const expoProjectInformationOID = "1.2.840.113556.1.8000.2554.43437.254.128.102.157.7894389.20439.2.1"; | ||
@@ -25,4 +31,3 @@ /** | ||
| * Convert a PEM-formatted RSA key pair to a key pair for use with this library. | ||
| * @param privateKeyPEM PEM formatted private key | ||
| * @param publicKeyPEM PEM formatted public key | ||
| * @param keyPair PEM-formatted private key and public key | ||
| * @returns RSA key pair | ||
@@ -84,5 +89,3 @@ */ | ||
| /** | ||
| * Generate a self-signed code-signing certificate for use with expo-updates. | ||
| * Note that while certificate chains may be supported at some point in expo-updates, for now | ||
| * only self-signed certificates are supported. | ||
| * Generate a self-signed (root) code-signing certificate valid for use with expo-updates. | ||
| * | ||
@@ -99,8 +102,11 @@ * @returns PKI.Certificate valid for expo-updates code signing | ||
| /** | ||
| * Sign a string with an RSA private key and verify that the signature is valid for the RSA | ||
| * public key in the certificate. | ||
| * Sign a SHA-256 hash of the provided string with an RSA private key and verify that the signature | ||
| * is valid for the RSA public key in the certificate. The verification part is most useful for | ||
| * debugging, so while this may be used in server implementation for expo-updates code signing, | ||
| * a similar method without verification can be created for efficiency for use in production. | ||
| * | ||
| * @param privateKey RSA private key | ||
| * @param certificate X.509 certificate | ||
| * @param stringToSign string for which to generate a signature and verify | ||
| * @returns base64-encoded signature | ||
| * @param stringToSign string to hash, generate a signature for, and verify | ||
| * @returns base64-encoded RSA signature | ||
| */ | ||
@@ -117,3 +123,3 @@ export declare function signStringRSASHA256AndVerify(privateKey: PKI.rsa.PrivateKey, certificate: PKI.Certificate, stringToSign: string): string; | ||
| * For use by a server to generate a development certificate (good for 30 days) for a particular | ||
| * appId and scopeKey (fields verified by the client during certificate validation). | ||
| * appId and scopeKey (Expo project manifest fields verified by the client during certificate validation). | ||
| * | ||
@@ -120,0 +126,0 @@ * Note that this function assumes the issuer is trusted, and that the user that created the CSR and issued |
@@ -10,3 +10,8 @@ "use strict"; | ||
| const utils_1 = require("./utils"); | ||
| // generated with oidgen script. in the microsoft OID space. could apply for Expo space but would take time: https://pen.iana.org/pen/PenApplication.page | ||
| /** | ||
| * Custom X.509 extension that stores information about the Expo project that a code signing certificate is valid for. | ||
| * Used to prevent spoofing of scoping identifiers in Expo Go. | ||
| * | ||
| * Note: Generated with oidgen script. Resides in the Microsoft OID space. Could apply for Expo space but would take time: https://pen.iana.org/pen/PenApplication.page | ||
| */ | ||
| exports.expoProjectInformationOID = '1.2.840.113556.1.8000.2554.43437.254.128.102.157.7894389.20439.2.1'; | ||
@@ -44,4 +49,3 @@ /** | ||
| * Convert a PEM-formatted RSA key pair to a key pair for use with this library. | ||
| * @param privateKeyPEM PEM formatted private key | ||
| * @param publicKeyPEM PEM formatted public key | ||
| * @param keyPair PEM-formatted private key and public key | ||
| * @returns RSA key pair | ||
@@ -102,5 +106,3 @@ */ | ||
| /** | ||
| * Generate a self-signed code-signing certificate for use with expo-updates. | ||
| * Note that while certificate chains may be supported at some point in expo-updates, for now | ||
| * only self-signed certificates are supported. | ||
| * Generate a self-signed (root) code-signing certificate valid for use with expo-updates. | ||
| * | ||
@@ -191,8 +193,11 @@ * @returns PKI.Certificate valid for expo-updates code signing | ||
| /** | ||
| * Sign a string with an RSA private key and verify that the signature is valid for the RSA | ||
| * public key in the certificate. | ||
| * Sign a SHA-256 hash of the provided string with an RSA private key and verify that the signature | ||
| * is valid for the RSA public key in the certificate. The verification part is most useful for | ||
| * debugging, so while this may be used in server implementation for expo-updates code signing, | ||
| * a similar method without verification can be created for efficiency for use in production. | ||
| * | ||
| * @param privateKey RSA private key | ||
| * @param certificate X.509 certificate | ||
| * @param stringToSign string for which to generate a signature and verify | ||
| * @returns base64-encoded signature | ||
| * @param stringToSign string to hash, generate a signature for, and verify | ||
| * @returns base64-encoded RSA signature | ||
| */ | ||
@@ -231,3 +236,3 @@ function signStringRSASHA256AndVerify(privateKey, certificate, stringToSign) { | ||
| * For use by a server to generate a development certificate (good for 30 days) for a particular | ||
| * appId and scopeKey (fields verified by the client during certificate validation). | ||
| * appId and scopeKey (Expo project manifest fields verified by the client during certificate validation). | ||
| * | ||
@@ -252,4 +257,5 @@ * Note that this function assumes the issuer is trusted, and that the user that created the CSR and issued | ||
| certificate.setSubject(csr.subject.attributes); | ||
| // 30 day validity | ||
| // 30 day validity into the future, 1 day in the past just in case of clock skew at callsite | ||
| certificate.validity.notBefore = new Date(); | ||
| certificate.validity.notBefore.setDate(certificate.validity.notBefore.getDate() - 1); | ||
| certificate.validity.notAfter = new Date(); | ||
@@ -256,0 +262,0 @@ certificate.validity.notAfter.setDate(certificate.validity.notBefore.getDate() + 30); |
| { | ||
| "name": "@expo/code-signing-certificates", | ||
| "version": "0.0.2", | ||
| "version": "0.0.3", | ||
| "description": "A library for working with expo-updates code signing certificates", | ||
@@ -15,2 +15,3 @@ "main": "build/main.js", | ||
| "generate-example-self-signed": "ts-node -r tsconfig-paths/register --project tsconfig.scripts.json ./scripts/generateExampleSelfSignedCertificate.ts", | ||
| "generate-certificates-for-tests": "ts-node -r tsconfig-paths/register --project tsconfig.scripts.json ./scripts/generateCertificatesForTests.ts", | ||
| "oidgen": "ts-node -r tsconfig-paths/register --project tsconfig.scripts.json ./scripts/oidgen/oidgen.ts", | ||
@@ -17,0 +18,0 @@ "sign-manifest-for-testing": "ts-node -r tsconfig-paths/register --project tsconfig.scripts.json ./scripts/signManifestForTesting.ts" |
@@ -1,2 +0,2 @@ | ||
| # code-signing-certificates | ||
| # @expo/code-signing-certificates | ||
@@ -8,2 +8,2 @@ A library for working with expo-updates code signing certificates. | ||
| [](https://www.npmjs.com/package/@expo/code-signing-certificates) | ||
| [](https://www.npmjs.com/package/@expo/code-signing-certificates) | ||
| [](https://www.npmjs.com/package/@expo/code-signing-certificates) |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
53835
3.96%- Lines of code
731
2.38%- Number of lines in readme file
9
12.5%No dependency changes