@sphereon/ssi-sdk-ext.x509-utils - npm Package Compare versions

Comparing version 0.26.1-next.28 to 0.26.1-next.30

dist/x509/x509-validator.d.ts

		@@ -39,2 +39,3 @@ import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509';
		export type X509CertificateChainValidationOpts = {
		allowNoTrustAnchorsFound?: boolean;
		trustRootWhenNoAnchors?: boolean;
		@@ -41,0 +42,0 @@ allowSingleNoCAChainElement?: boolean;

dist/x509/x509-validator.js

		@@ -73,2 +73,4 @@ "use strict";
		const validateX509CertificateChain = (_a) => __awaiter(void 0, [_a], void 0, function* ({ chain: pemOrDerChain, trustAnchors, verificationTime = new Date(), opts = {
		// If no trust anchor is found, but the chain itself checks out, allow. (defaults to false:)
		allowNoTrustAnchorsFound: false,
		trustRootWhenNoAnchors: false,
		@@ -92,3 +94,3 @@ allowSingleNoCAChainElement: true,
		const verificationTime = typeof verifyAt === 'string' ? new Date(verifyAt) : verifyAt;
		const { trustRootWhenNoAnchors = false, allowSingleNoCAChainElement = true, blindlyTrustedAnchors = [], disallowReversedChain = false, client, } = opts;
		const { allowNoTrustAnchorsFound = false, trustRootWhenNoAnchors = false, allowSingleNoCAChainElement = true, blindlyTrustedAnchors = [], disallowReversedChain = false, client, } = opts;
		const trustedPEMs = trustRootWhenNoAnchors && !trustAnchors ? [pemOrDerChain[pemOrDerChain.length - 1]] : trustAnchors;
		@@ -107,3 +109,2 @@ if (pemOrDerChain.length === 0) {
		const x5cOrdereredChain = reversed ? [...chain] : [...chain].reverse();
		console.log(`x5c orderered chain (reverse: ${reversed}): ${x5cOrdereredChain.map((cert) => cert.certificateInfo.subject.dn.DN).join(', ')}`);
		const trustedCerts = trustedPEMs ? yield Promise.all(trustedPEMs.map((raw) => (0, exports.parseCertificate)(raw))) : undefined;
		@@ -150,2 +151,3 @@ const blindlyTrusted = (_b = (yield Promise.all(blindlyTrustedAnchors.map((raw) => {
		if (!result) {
		// First cert needs to be self signed
		if (i == 0 && !reversed && !disallowReversedChain) {
		@@ -167,4 +169,6 @@ return yield validateX509CertificateChainImpl({
		}
		if (foundTrustAnchor === null \|\| foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo) {
		return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor === null \|\| foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null \|\| foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
		if ((foundTrustAnchor === null \|\| foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo) \|\| allowNoTrustAnchorsFound) {
		return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: foundTrustAnchor
		? `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor === null \|\| foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo.subject.dn.DN}.`
		: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} and chain were valid, but no trust anchor has been found. Ignoring as user allowed (allowNoTrustAnchorsFound: ${allowNoTrustAnchorsFound}).)`, trustAnchor: foundTrustAnchor === null \|\| foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
		}
		@@ -171,0 +175,0 @@ return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `No trust anchor was found in the chain. between (intermediate) CA ${x5cOrdereredChain[chain.length - 1].certificateInfo.subject.dn.DN} and leaf ${x5cOrdereredChain[0].certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));

package.json

		{
		"name": "@sphereon/ssi-sdk-ext.x509-utils",
		"description": "Sphereon SSI-SDK plugin functions for X.509 Certificate handling.",
		"version": "0.26.1-next.28+683ddb7",
		"version": "0.26.1-next.30+b1c6ff7",
		"source": "src/index.ts",
		@@ -45,3 +45,3 @@ "main": "dist/index.js",
		],
		"gitHead": "683ddb776b3b6d8e54bcf944cc4c32c7a7fecefc"
		"gitHead": "b1c6ff753ba397e3d7732d768c23699e83047f6d"
		}

src/x509/x509-validator.ts

		@@ -10,3 +10,3 @@ import { AsnParser } from '@peculiar/asn1-schema'
		import * as u8a from 'uint8arrays'
		import {globalCrypto} from "./crypto";
		import { globalCrypto } from './crypto'
		import { areCertificatesEqual, derToPEM, pemOrDerToX509Certificate } from './x509-utils'
		@@ -78,2 +78,5 @@
		export type X509CertificateChainValidationOpts = {
		// If no trust anchor is found, but the chain itself checks out, allow. (defaults to false:)
		allowNoTrustAnchorsFound?: boolean

		// Trust the supplied root from the chain, when no anchors are being passed in.
		@@ -101,2 +104,4 @@ trustRootWhenNoAnchors?: boolean
		opts = {
		// If no trust anchor is found, but the chain itself checks out, allow. (defaults to false:)
		allowNoTrustAnchorsFound: false,
		trustRootWhenNoAnchors: false,
		@@ -137,2 +142,3 @@ allowSingleNoCAChainElement: true,
		const {
		allowNoTrustAnchorsFound = false,
		trustRootWhenNoAnchors = false,
		@@ -159,3 +165,2 @@ allowSingleNoCAChainElement = true,
		const x5cOrdereredChain = reversed ? [...chain] : [...chain].reverse()
		console.log(`x5c orderered chain (reverse: ${reversed}): ${x5cOrdereredChain.map((cert) => cert.certificateInfo.subject.dn.DN).join(', ')}`)

		@@ -228,2 +233,3 @@ const trustedCerts = trustedPEMs ? await Promise.all(trustedPEMs.map((raw) => parseCertificate(raw))) : undefined
		if (!result) {
		// First cert needs to be self signed
		if (i == 0 && !reversed && !disallowReversedChain) {
		@@ -238,2 +244,3 @@ return await validateX509CertificateChainImpl({
		}

		return {
		@@ -267,3 +274,3 @@ error: true,

		if (foundTrustAnchor?.certificateInfo) {
		if (foundTrustAnchor?.certificateInfo \|\| allowNoTrustAnchorsFound) {
		return {
		@@ -274,3 +281,5 @@ error: false,
		certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
		detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor?.certificateInfo.subject.dn.DN}.`,
		detailMessage: foundTrustAnchor
		? `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor?.certificateInfo.subject.dn.DN}.`
		: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} and chain were valid, but no trust anchor has been found. Ignoring as user allowed (allowNoTrustAnchorsFound: ${allowNoTrustAnchorsFound}).)`,
		trustAnchor: foundTrustAnchor?.certificateInfo,
		@@ -287,5 +296,5 @@ verificationTime,
		certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
		detailMessage: `No trust anchor was found in the chain. between (intermediate) CA ${x5cOrdereredChain[chain.length - 1].certificateInfo.subject.dn.DN} and leaf ${
		x5cOrdereredChain[0].certificateInfo.subject.dn.DN
		}.`,
		detailMessage: `No trust anchor was found in the chain. between (intermediate) CA ${
		x5cOrdereredChain[chain.length - 1].certificateInfo.subject.dn.DN
		} and leaf ${x5cOrdereredChain[0].certificateInfo.subject.dn.DN}.`,
		verificationTime,
		@@ -292,0 +301,0 @@ ...(client && { client }),

dist/x509/x509-validator.d.ts.map

Sorry, the diff of this file is not supported yet

dist/x509/x509-validator.js.map

Sorry, the diff of this file is not supported yet

@sphereon/ssi-sdk-ext.x509-utils - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics