Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add fixes for getIssuer and getSerial (#15) #138

Merged
merged 11 commits into from
Oct 6, 2023
48 changes: 30 additions & 18 deletions lib/certUtils.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,25 +33,24 @@ class Certificate {
}

getCommonName() {
const X509_COMMON_NAME_KEY = "2.5.4.3";

let commonName = ""; // Default in case no subject is found
return this.searchForCommonName(this._cert.subject.typesAndValues);
}

// Search the subject's attributes for the common name of the certificate
const subjectAttributes = this._cert.subject.typesAndValues;
for (let index = 0; index < subjectAttributes.length; index++) {
const attribute = subjectAttributes[index];
if (attribute.type === X509_COMMON_NAME_KEY) {
commonName = attribute.value.valueBlock.value;
break;
searchForCommonName(attributes) {
const X509_COMMON_NAME_KEY = "2.5.4.3";
// Search the attributes for the common name of the certificate
for (const attr of attributes) {
if (attr.type === X509_COMMON_NAME_KEY) {
return attr.value.valueBlock.value;
}
}
return commonName;
// Return empty string if not found
return "";
}

verify() {
const issuerSerial = this.getIssuer();
const issuerCert = CertManager.getCertBySerial(issuerSerial);
const issuerCommonName = this.getIssuer();
const issuerCert = CertManager.getCertByCommonName(issuerCommonName);
const _issuerCert = issuerCert ? issuerCert._cert : undefined;
return this._cert.verify(_issuerCert)
.catch((err) => {
Expand Down Expand Up @@ -79,11 +78,19 @@ class Certificate {
}

getIssuer() {
return this._cert.issuer.typesAndValues[0].value.valueBlock.value;
return this.searchForCommonName(this._cert.issuer.typesAndValues);
}

getSerial() {
return this._cert.subject.typesAndValues[0].value.valueBlock.value;
getSerial(compatibility) {
if (compatibility === undefined) {
console.warn("[DEPRECATION WARNING] Please use getSerial(\"v2\").");
} else if (compatibility === "v1") {
console.warn("[DEPRECATION WARNING] Please migrate to getSerial(\"v2\") which will return just the serial number.");
}

return (compatibility === "v2")
? this._cert.serialNumber.valueBlock.toString()
: this.getCommonName();
}

getVersion() {
Expand Down Expand Up @@ -480,8 +487,8 @@ const certMap = new Map();
class CertManager {
static addCert(certBuf) {
const cert = new Certificate(certBuf);
const serial = cert.getSerial();
certMap.set(serial, cert);
const commonName = cert.getCommonName();
certMap.set(commonName, cert);

return true;
}
Expand All @@ -491,9 +498,14 @@ class CertManager {
}

static getCertBySerial(serial) {
console.warn("[DEPRECATION WARNING] Please use CertManager.getCertByCommonName(commonName).");
return certMap.get(serial);
}

static getCertByCommonName(commonName) {
return certMap.get(commonName);
}

static removeAll() {
certMap.clear();
}
Expand Down
8 changes: 4 additions & 4 deletions test/certUtils.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -116,15 +116,15 @@ describe("cert utils", function() {
describe("getSerial", function() {
it("returns correct serial for attestation", function() {
const cert = new Certificate(h.certs.yubiKeyAttestation);
const serial = cert.getSerial();
assert.strictEqual(serial, "Yubico U2F EE Serial 1432534688");
const serial = cert.getSerial("v2");
assert.strictEqual(serial, "1432534688");
JamesCullum marked this conversation as resolved.
Show resolved Hide resolved
});
it("returns correct serial for root", function() {
const cert = new Certificate(h.certs.yubicoRoot);
const serial = cert.getSerial();
const serial = cert.getSerial("v2");
assert.strictEqual(
serial,
"Yubico U2F Root CA Serial 457200631",
"457200631",
);
});
});
Expand Down
Loading