Skip to content

Commit

Permalink
Add fixes for getIssuer and getSerial (#15) (#138)
Browse files Browse the repository at this point in the history
* Add fixes for getIssuer and getSerial (#15)

* Add search for commonName in getIssuer
* Properly return serial number from _cert in getSerial

* Use array.prototype.find instead of a for loop to find commonName

* Remove static and private from searchForCommonName

* Use for of loop in searchForCommonName

* Add compatability to getSerial

* Use double quotes in getSerial

* Fix typo and suggest using getSerial("v2") in deprecation warning

* Use cert.getCommonName to get serial in CertManager

* Remove unnecessary param from getCommonName

* Change names of variables / functions in CertManager to indicate that common name is used as a key instead of the serial number

---------

Co-authored-by: James Cullum (Pseudonym) <JamesCullum@users.noreply.github.com>
  • Loading branch information
RyanHopkins7 and JamesCullum authored Oct 6, 2023
1 parent e4fd8a0 commit b058745
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 22 deletions.
48 changes: 30 additions & 18 deletions lib/certUtils.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,25 +33,24 @@ class Certificate {
}

getCommonName() {
const X509_COMMON_NAME_KEY = "2.5.4.3";

let commonName = ""; // Default in case no subject is found
return this.searchForCommonName(this._cert.subject.typesAndValues);
}

// Search the subject's attributes for the common name of the certificate
const subjectAttributes = this._cert.subject.typesAndValues;
for (let index = 0; index < subjectAttributes.length; index++) {
const attribute = subjectAttributes[index];
if (attribute.type === X509_COMMON_NAME_KEY) {
commonName = attribute.value.valueBlock.value;
break;
searchForCommonName(attributes) {
const X509_COMMON_NAME_KEY = "2.5.4.3";
// Search the attributes for the common name of the certificate
for (const attr of attributes) {
if (attr.type === X509_COMMON_NAME_KEY) {
return attr.value.valueBlock.value;
}
}
return commonName;
// Return empty string if not found
return "";
}

verify() {
const issuerSerial = this.getIssuer();
const issuerCert = CertManager.getCertBySerial(issuerSerial);
const issuerCommonName = this.getIssuer();
const issuerCert = CertManager.getCertByCommonName(issuerCommonName);
const _issuerCert = issuerCert ? issuerCert._cert : undefined;
return this._cert.verify(_issuerCert)
.catch((err) => {
Expand Down Expand Up @@ -79,11 +78,19 @@ class Certificate {
}

getIssuer() {
return this._cert.issuer.typesAndValues[0].value.valueBlock.value;
return this.searchForCommonName(this._cert.issuer.typesAndValues);
}

getSerial() {
return this._cert.subject.typesAndValues[0].value.valueBlock.value;
getSerial(compatibility) {
if (compatibility === undefined) {
console.warn("[DEPRECATION WARNING] Please use getSerial(\"v2\").");
} else if (compatibility === "v1") {
console.warn("[DEPRECATION WARNING] Please migrate to getSerial(\"v2\") which will return just the serial number.");
}

return (compatibility === "v2")
? this._cert.serialNumber.valueBlock.toString()
: this.getCommonName();
}

getVersion() {
Expand Down Expand Up @@ -480,8 +487,8 @@ const certMap = new Map();
class CertManager {
static addCert(certBuf) {
const cert = new Certificate(certBuf);
const serial = cert.getSerial();
certMap.set(serial, cert);
const commonName = cert.getCommonName();
certMap.set(commonName, cert);

return true;
}
Expand All @@ -491,9 +498,14 @@ class CertManager {
}

static getCertBySerial(serial) {
console.warn("[DEPRECATION WARNING] Please use CertManager.getCertByCommonName(commonName).");
return certMap.get(serial);
}

static getCertByCommonName(commonName) {
return certMap.get(commonName);
}

static removeAll() {
certMap.clear();
}
Expand Down
8 changes: 4 additions & 4 deletions test/certUtils.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -116,15 +116,15 @@ describe("cert utils", function() {
describe("getSerial", function() {
it("returns correct serial for attestation", function() {
const cert = new Certificate(h.certs.yubiKeyAttestation);
const serial = cert.getSerial();
assert.strictEqual(serial, "Yubico U2F EE Serial 1432534688");
const serial = cert.getSerial("v2");
assert.strictEqual(serial, "1432534688");
});
it("returns correct serial for root", function() {
const cert = new Certificate(h.certs.yubicoRoot);
const serial = cert.getSerial();
const serial = cert.getSerial("v2");
assert.strictEqual(
serial,
"Yubico U2F Root CA Serial 457200631",
"457200631",
);
});
});
Expand Down

0 comments on commit b058745

Please sign in to comment.