github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-01-09 14:48:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: use the full chain (#1491)

Browse Source
This commit is contained in:
Nesopie
2025-12-12 14:40:26 +05:30
committed by GitHub
parent 3471b62d4e
commit 0c54572616
1 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
common/src/utils/attest.ts
View File

@@ -87,21 +87,19 @@ function compareCertificates(cert1: forge.pki.Certificate, cert2: forge.pki.Cert
}
function verifyCertificateChain({ leaf, intermediate, root }: PKICertificates) {
const caStore = forge.pki.createCaStore([intermediate, root]);
const caStore = forge.pki.createCaStore([root]);
forge.pki.verifyCertificateChain(caStore, [leaf], (vfd, depth, chain) => {
if (!vfd) {
forge.pki.verifyCertificateChain(caStore, [leaf, intermediate, root], (vfd, depth) => {
if (vfd !== true) {
throw new Error(`Certificate verification failed at depth ${depth}`);
}
return true;
});
[leaf, intermediate, root].forEach((cert) => {
const now = new Date();
if (now < cert.validity.notBefore || now > cert.validity.notAfter) {
throw new Error('Certificate is not within validity period');
}
});
const now = new Date();
if (now < root.validity.notBefore || now > root.validity.notAfter) {
throw new Error('Certificate is not within validity period');
}
}
/**