New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@expo/code-signing-certificates

Package Overview
Dependencies
Maintainers
20
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@expo/code-signing-certificates - npm Package Compare versions

Comparing version

0.0.4
to
0.0.5

8

build/__tests__/main-test.js

@@ -211,3 +211,3 @@ "use strict";

});
describe(main_1.signStringRSASHA256AndVerify, () => {
describe(main_1.signBufferRSASHA256AndVerify, () => {
it('signs and verifies', async () => {

@@ -220,5 +220,9 @@ const [privateKeyPEM, certificatePEM] = await Promise.all([

const certificate = (0, main_1.convertCertificatePEMToCertificate)(certificatePEM);
const signature = (0, main_1.signStringRSASHA256AndVerify)(privateKey, certificate, 'hello', 'utf8');
const signature = (0, main_1.signBufferRSASHA256AndVerify)(privateKey, certificate, Buffer.from('hello', 'utf-8'));
expect(signature).toMatchSnapshot();
});
test.each([['a', 'öäå']])('encoding assumption about node-forge: case %p', (input) => {
expect(Buffer.from(input).toString('binary')).toEqual(node_forge_1.util.encodeUtf8(input));
expect(Buffer.from(input, 'utf-8').toString('binary')).toEqual(node_forge_1.util.encodeUtf8(input));
});
});

@@ -225,0 +229,0 @@ describe('CSR generation and certificate generation from CA + CSR', () => {

7

build/main.d.ts

@@ -1,2 +0,3 @@

import { Encoding, pki as PKI } from 'node-forge';
/// <reference types="node" />
import { pki as PKI } from 'node-forge';
/**

@@ -107,6 +108,6 @@ * Custom X.509 extension that stores information about the Expo project that a code signing certificate is valid for.

* @param certificate X.509 certificate
* @param stringToSign string to hash, generate a signature for, and verify
* @param bufferToSign buffer to hash, generate a signature for, and verify
* @returns base64-encoded RSA signature
*/
export declare function signStringRSASHA256AndVerify(privateKey: PKI.rsa.PrivateKey, certificate: PKI.Certificate, stringToSign: string, encoding: Encoding): string;
export declare function signBufferRSASHA256AndVerify(privateKey: PKI.rsa.PrivateKey, certificate: PKI.Certificate, bufferToSign: Buffer): string;
/**

@@ -113,0 +114,0 @@ * Generate a self-signed CSR for a given key pair. Most commonly used with {@link generateDevelopmentCertificateFromCSR}.

10

build/main.js

@@ -6,3 +6,3 @@ "use strict";

Object.defineProperty(exports, "__esModule", { value: true });
exports.generateDevelopmentCertificateFromCSR = exports.generateCSR = exports.signStringRSASHA256AndVerify = exports.validateSelfSignedCertificate = exports.generateSelfSignedCodeSigningCertificate = exports.convertCSRPEMToCSR = exports.convertCSRToCSRPEM = exports.convertCertificatePEMToCertificate = exports.convertPrivateKeyPEMToPrivateKey = exports.convertPublicKeyPEMToPublicKey = exports.convertKeyPairPEMToKeyPair = exports.convertCertificateToCertificatePEM = exports.convertKeyPairToPEM = exports.generateKeyPair = exports.expoProjectInformationOID = void 0;
exports.generateDevelopmentCertificateFromCSR = exports.generateCSR = exports.signBufferRSASHA256AndVerify = exports.validateSelfSignedCertificate = exports.generateSelfSignedCodeSigningCertificate = exports.convertCSRPEMToCSR = exports.convertCSRToCSRPEM = exports.convertCertificatePEMToCertificate = exports.convertPrivateKeyPEMToPrivateKey = exports.convertPublicKeyPEMToPublicKey = exports.convertKeyPairPEMToKeyPair = exports.convertCertificateToCertificatePEM = exports.convertKeyPairToPEM = exports.generateKeyPair = exports.expoProjectInformationOID = void 0;
const assert_1 = __importDefault(require("assert"));

@@ -198,7 +198,7 @@ const node_forge_1 = require("node-forge");

* @param certificate X.509 certificate
* @param stringToSign string to hash, generate a signature for, and verify
* @param bufferToSign buffer to hash, generate a signature for, and verify
* @returns base64-encoded RSA signature
*/
function signStringRSASHA256AndVerify(privateKey, certificate, stringToSign, encoding) {
const digest = node_forge_1.md.sha256.create().update(stringToSign, encoding);
function signBufferRSASHA256AndVerify(privateKey, certificate, bufferToSign) {
const digest = node_forge_1.md.sha256.create().update(bufferToSign.toString('binary'));
const digestSignature = privateKey.sign(digest);

@@ -211,3 +211,3 @@ const isValidSignature = certificate.publicKey.verify(digest.digest().getBytes(), digestSignature);

}
exports.signStringRSASHA256AndVerify = signStringRSASHA256AndVerify;
exports.signBufferRSASHA256AndVerify = signBufferRSASHA256AndVerify;
/**

@@ -214,0 +214,0 @@ * Generate a self-signed CSR for a given key pair. Most commonly used with {@link generateDevelopmentCertificateFromCSR}.

2

package.json
{
"name": "@expo/code-signing-certificates",
"version": "0.0.4",
"version": "0.0.5",
"description": "A library for working with expo-updates code signing certificates",

@@ -5,0 +5,0 @@ "main": "build/main.js",

build/__tests__/main-test.js.map

Sorry, the diff of this file is not supported yet

build/main.js.map

Sorry, the diff of this file is not supported yet