Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@sphereon/ssi-sdk-ext.x509-utils

Package Overview
Dependencies
Maintainers
0
Versions
143
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@sphereon/ssi-sdk-ext.x509-utils - npm Package Compare versions

Comparing version 0.26.1-next.10 to 0.26.1-next.11

1

dist/x509/x509-validator.d.ts

@@ -26,2 +26,3 @@ import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509';

message: string;
detailMessage?: string;
verificationTime: Date;

@@ -28,0 +29,0 @@ certificateChain?: Array<CertificateInfo>;

19

dist/x509/x509-validator.js

@@ -123,8 +123,9 @@ "use strict";

const previousCert = i > 0 ? chain[i - 1] : undefined;
if (blindlyTrusted.some((trusted) => (0, x509_utils_1.areCertificatesEqual)(trusted.certificate, currentCert.certificate))) {
const blindlyTrustedCert = blindlyTrusted.find((trusted) => (0, x509_utils_1.areCertificatesEqual)(trusted.certificate, currentCert.certificate));
if (blindlyTrustedCert) {
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`);
return Object.assign({ error: false, critical: false, message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime, certificateChain: chain.map((cert) => cert.certificateInfo) }, (client && { client }));
return Object.assign({ error: false, critical: false, message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`, detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`, trustAnchor: blindlyTrustedCert === null || blindlyTrustedCert === void 0 ? void 0 : blindlyTrustedCert.certificateInfo, verificationTime, certificateChain: chain.map((cert) => cert.certificateInfo) }, (client && { client }));
}
if (i > 0) {
if (currentCert.x509Certificate.issuer !== chain[i - 1].x509Certificate.subject) {
if (previousCert) {
if (currentCert.x509Certificate.issuer !== previousCert.x509Certificate.subject) {
if (!reversed && !disallowReversedChain) {

@@ -139,3 +140,3 @@ return yield validateX509CertificateChainImpl({

}
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.certificateInfo.subject.dn.DN} with subject string ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.x509Certificate.subject}.`, verificationTime }, (client && { client }));
}

@@ -157,3 +158,3 @@ }

}
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`, verificationTime }, (client && { client }));
}

@@ -165,6 +166,6 @@ foundTrustAnchor = foundTrustAnchor !== null && foundTrustAnchor !== void 0 ? foundTrustAnchor : trustedCerts === null || trustedCerts === void 0 ? void 0 : trustedCerts.find((trusted) => isSameCertificate(trusted.x509Certificate, currentCert.x509Certificate));

}
if (foundTrustAnchor) {
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
if (foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo) {
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
}
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `No trust anchor was found in the chain. between ${chain[0].certificateInfo.subject.dn.DN} and ${chain[chain.length - 1].certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
});

@@ -171,0 +172,0 @@ const isSameCertificate = (cert1, cert2) => {

4

package.json
{
"name": "@sphereon/ssi-sdk-ext.x509-utils",
"description": "Sphereon SSI-SDK plugin functions for X.509 Certificate handling.",
"version": "0.26.1-next.10+ab181a0",
"version": "0.26.1-next.11+c33024d",
"source": "src/index.ts",

@@ -45,3 +45,3 @@ "main": "dist/index.js",

],
"gitHead": "ab181a04061d3ee13e4e90f53c1ff414bf6784ae"
"gitHead": "c33024dfff5c4c8711c493ff676c8e24f14de484"
}

17

src/x509/x509-validator.ts

@@ -44,2 +44,3 @@ import { AsnParser } from '@peculiar/asn1-schema'

message: string
detailMessage?: string
verificationTime: Date

@@ -182,3 +183,4 @@ certificateChain?: Array<CertificateInfo>

const previousCert = i > 0 ? chain[i - 1] : undefined
if (blindlyTrusted.some((trusted) => areCertificatesEqual(trusted.certificate, currentCert.certificate))) {
const blindlyTrustedCert = blindlyTrusted.find((trusted) => areCertificatesEqual(trusted.certificate, currentCert.certificate))
if (blindlyTrustedCert) {
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`)

@@ -189,3 +191,4 @@ return {

message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`,
trustAnchor: foundTrustAnchor?.certificateInfo,
detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`,
trustAnchor: blindlyTrustedCert?.certificateInfo,
verificationTime,

@@ -196,4 +199,4 @@ certificateChain: chain.map((cert) => cert.certificateInfo),

}
if (i > 0) {
if (currentCert.x509Certificate.issuer !== chain[i - 1].x509Certificate.subject) {
if (previousCert) {
if (currentCert.x509Certificate.issuer !== previousCert.x509Certificate.subject) {
if (!reversed && !disallowReversedChain) {

@@ -212,2 +215,3 @@ return await validateX509CertificateChainImpl({

message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert?.certificateInfo.subject.dn.DN} with subject string ${previousCert?.x509Certificate.subject}.`,
verificationTime,

@@ -239,2 +243,3 @@ ...(client && { client }),

message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`,
verificationTime,

@@ -259,3 +264,3 @@ ...(client && { client }),

if (foundTrustAnchor) {
if (foundTrustAnchor?.certificateInfo) {
return {

@@ -265,2 +270,3 @@ error: false,

message: `Certificate chain was valid`,
detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor?.certificateInfo.subject.dn.DN}.`,
trustAnchor: foundTrustAnchor?.certificateInfo,

@@ -276,2 +282,3 @@ verificationTime,

message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
detailMessage: `No trust anchor was found in the chain. between ${chain[0].certificateInfo.subject.dn.DN} and ${chain[chain.length - 1].certificateInfo.subject.dn.DN}.`,
verificationTime,

@@ -278,0 +285,0 @@ ...(client && { client }),

dist/x509/x509-validator.d.ts.map

Sorry, the diff of this file is not supported yet

dist/x509/x509-validator.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc