chore: wip

chrisbbreuer · chrisbbreuer · commit 53abfc9b3c1c · 2025-02-23T13:13:42.000-08:00
diff --git a/src/pki.ts b/src/pki.ts
@@ -9,7 +9,7 @@ import { privateKeyFromAsn1, privateKeyToAsn1, rsa } from './algorithms/asymmetr
  */
 import { asn1 } from './encoding/asn1'
 import { pem } from './encoding/pem'
-import { certificateExtensionsToAsn1, certificateToAsn1, CRIAttributesAsArray, getCertificationRequestInfo } from './x509'
+import { certificateExtensionsToAsn1, certificateFromPem, certificateToAsn1, CRIAttributesAsArray, getCertificationRequestInfo } from './x509'
 
 interface CustomError extends Error {
   headerType?: string
@@ -76,7 +76,8 @@ export function privateKeyInfoToPem(pki: any, maxline: number = 64): string {
   return pem.encode(msg, { maxline })
 }
 
-export interface Pki {
+export interface PKI {
+  certificateFromPem: typeof certificateFromPem
   certificateExtensionsToAsn1: typeof certificateExtensionsToAsn1
   certificateToAsn1: typeof certificateToAsn1
   CRIAttributesAsArray: typeof CRIAttributesAsArray
@@ -87,7 +88,8 @@ export interface Pki {
   rsa: RSA
 }
 
-export const pki: Pki = {
+export const pki: PKI = {
+  certificateFromPem,
   certificateExtensionsToAsn1,
   certificateToAsn1,
   getCertificationRequestInfo,
diff --git a/src/x509.ts b/src/x509.ts
@@ -901,7 +901,7 @@ export function verifySignature(options: {
 
     const hashFn = (md as unknown as HashFunctions)[hashOid].create()
     rval = options.certificate.publicKey.verify(
-      (options.md as unknown as MD).digest().getBytes(),
+      options.md.digest().getBytes(),
       options.signature,
       { mgf, hash: hashFn, saltLength: params.saltLength || 20 },
     )
@@ -2742,11 +2742,10 @@ export function createCaStore(certs: Certificate[]): CAStore {
         }
       }
     },
-    hasCertificate(cert) {
+    hasCertificate(cert: Certificate) {
       // convert from pem if necessary
-      if (typeof cert === 'string') {
+      if (typeof cert === 'string')
         cert = pki.certificateFromPem(cert)
-      }
 
       let match = getBySubject(cert.subject)
       if (!match)
@@ -2784,23 +2783,23 @@ export function createCaStore(certs: Certificate[]): CAStore {
 
       return certList
     },
-    removeCertificate(cert) {
+    removeCertificate(cert: Certificate) {
       let result
 
       // convert from pem if necessary
-      if (typeof cert === 'string') {
+      if (typeof cert === 'string')
         cert = certificateFromPem(cert)
-      }
+
       ensureSubjectHasHash(cert.subject)
-      if (!caStore.hasCertificate(cert)) {
+      if (!caStore.hasCertificate(cert))
         return null
-      }
 
       const match = getBySubject(cert.subject)
 
       if (!Array.isArray(match)) {
         result = caStore.certs[cert.subject.hash]
         delete caStore.certs[cert.subject.hash]
+
         return result
       }
 
@@ -2813,16 +2812,17 @@ export function createCaStore(certs: Certificate[]): CAStore {
           match.splice(i, 1)
         }
       }
-      if (match.length === 0) {
+
+      if (match.length === 0)
         delete caStore.certs[cert.subject.hash]
-      }
 
       return result
     },
   }
 
   function getBySubject(subject: { hash: string | null }) {
     ensureSubjectHasHash(subject)
+
     return caStore.certs[subject.hash || ''] || null
   }
 
@@ -2942,11 +2942,11 @@ export function verifyCertificateChain(
             }
           }
         }
-        catch (ex) {
+        catch (e: any) {
           error = {
             message: 'Certificate signature is invalid.',
             error: 'pki.BadCertificate',
-            details: ex.toString(),
+            details: e.toString(),
           }
         }
       }
@@ -3020,15 +3020,16 @@ export function verifyCertificateChain(
 function _containsAll(iattr: RDNAttribute[], sattr: RDNAttribute[]): boolean {
   // ensure all parent subject attributes are present in issuer
   let rval = true
+
   for (let i = 0; rval && i < sattr.length; ++i) {
     const attr = sattr[i]
     rval = false
     for (let j = 0; !rval && j < iattr.length; ++j) {
-      if (attr.type === iattr[j].type && attr.value === iattr[j].value) {
+      if (attr.type === iattr[j].type && attr.value === iattr[j].value)
         rval = true
-      }
     }
   }
+
   return rval
 }
 

Original file line number	Diff line number	Diff line change
`@@ -901,7 +901,7 @@ export function verifySignature(options: {`
`901`	`901`
`902`	`902`	`const hashFn = (md as unknown as HashFunctions)[hashOid].create()`
`903`	`903`	`rval = options.certificate.publicKey.verify(`
`904`		`- (options.md as unknown as MD).digest().getBytes(),`
	`904`	`+ options.md.digest().getBytes(),`
`905`	`905`	`options.signature,`
`906`	`906`	`{ mgf, hash: hashFn, saltLength: params.saltLength \|\| 20 },`
`907`	`907`	`)`
`@@ -2742,11 +2742,10 @@ export function createCaStore(certs: Certificate[]): CAStore {`
`2742`	`2742`	`}`
`2743`	`2743`	`}`
`2744`	`2744`	`},`
`2745`		`- hasCertificate(cert) {`
	`2745`	`+ hasCertificate(cert: Certificate) {`
`2746`	`2746`	`// convert from pem if necessary`
`2747`		`- if (typeof cert === 'string') {`
	`2747`	`+ if (typeof cert === 'string')`
`2748`	`2748`	`cert = pki.certificateFromPem(cert)`
`2749`		`- }`
`2750`	`2749`
`2751`	`2750`	`let match = getBySubject(cert.subject)`
`2752`	`2751`	`if (!match)`
`@@ -2784,23 +2783,23 @@ export function createCaStore(certs: Certificate[]): CAStore {`
`2784`	`2783`
`2785`	`2784`	`return certList`
`2786`	`2785`	`},`
`2787`		`- removeCertificate(cert) {`
	`2786`	`+ removeCertificate(cert: Certificate) {`
`2788`	`2787`	`let result`
`2789`	`2788`
`2790`	`2789`	`// convert from pem if necessary`
`2791`		`- if (typeof cert === 'string') {`
	`2790`	`+ if (typeof cert === 'string')`
`2792`	`2791`	`cert = certificateFromPem(cert)`
`2793`		`- }`
	`2792`	`+`
`2794`	`2793`	`ensureSubjectHasHash(cert.subject)`
`2795`		`- if (!caStore.hasCertificate(cert)) {`
	`2794`	`+ if (!caStore.hasCertificate(cert))`
`2796`	`2795`	`return null`
`2797`		`- }`
`2798`	`2796`
`2799`	`2797`	`const match = getBySubject(cert.subject)`
`2800`	`2798`
`2801`	`2799`	`if (!Array.isArray(match)) {`
`2802`	`2800`	`result = caStore.certs[cert.subject.hash]`
`2803`	`2801`	`delete caStore.certs[cert.subject.hash]`
	`2802`	`+`
`2804`	`2803`	`return result`
`2805`	`2804`	`}`
`2806`	`2805`
`@@ -2813,16 +2812,17 @@ export function createCaStore(certs: Certificate[]): CAStore {`
`2813`	`2812`	`match.splice(i, 1)`
`2814`	`2813`	`}`
`2815`	`2814`	`}`
`2816`		`- if (match.length === 0) {`
	`2815`	`+`
	`2816`	`+ if (match.length === 0)`
`2817`	`2817`	`delete caStore.certs[cert.subject.hash]`
`2818`		`- }`
`2819`	`2818`
`2820`	`2819`	`return result`
`2821`	`2820`	`},`
`2822`	`2821`	`}`
`2823`	`2822`
`2824`	`2823`	`function getBySubject(subject: { hash: string \| null }) {`
`2825`	`2824`	`ensureSubjectHasHash(subject)`
	`2825`	`+`
`2826`	`2826`	`return caStore.certs[subject.hash \|\| ''] \|\| null`
`2827`	`2827`	`}`
`2828`	`2828`
`@@ -2942,11 +2942,11 @@ export function verifyCertificateChain(`
`2942`	`2942`	`}`
`2943`	`2943`	`}`
`2944`	`2944`	`}`
`2945`		`- catch (ex) {`
	`2945`	`+ catch (e: any) {`
`2946`	`2946`	`error = {`
`2947`	`2947`	`message: 'Certificate signature is invalid.',`
`2948`	`2948`	`error: 'pki.BadCertificate',`
`2949`		`- details: ex.toString(),`
	`2949`	`+ details: e.toString(),`
`2950`	`2950`	`}`
`2951`	`2951`	`}`
`2952`	`2952`	`}`
`@@ -3020,15 +3020,16 @@ export function verifyCertificateChain(`
`3020`	`3020`	`function _containsAll(iattr: RDNAttribute[], sattr: RDNAttribute[]): boolean {`
`3021`	`3021`	`// ensure all parent subject attributes are present in issuer`
`3022`	`3022`	`let rval = true`
	`3023`	`+`
`3023`	`3024`	`for (let i = 0; rval && i < sattr.length; ++i) {`
`3024`	`3025`	`const attr = sattr[i]`
`3025`	`3026`	`rval = false`
`3026`	`3027`	`for (let j = 0; !rval && j < iattr.length; ++j) {`
`3027`		`- if (attr.type === iattr[j].type && attr.value === iattr[j].value) {`
	`3028`	`+ if (attr.type === iattr[j].type && attr.value === iattr[j].value)`
`3028`	`3029`	`rval = true`
`3029`		`- }`
`3030`	`3030`	`}`
`3031`	`3031`	`}`
	`3032`	`+`
`3032`	`3033`	`return rval`
`3033`	`3034`	`}`
`3034`	`3035`