Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.verify = void 0;
const forge = __importStar(require("@vereign/node-forge"));
const certUtils_1 = require("./certUtils");
const signatureUtils_1 = require("./signatureUtils");
const verify = (signature, signatureMeta) => {
const message = (0, signatureUtils_1.getMessageFromSignature)(signature);
const { certificates, rawCapture: { signature: sig, authenticatedAttributes: attrs, digestAlgorithm, }, } = message;
const hashAlgorithmOid = forge.asn1.derToOid(digestAlgorithm);
const hashAlgorithm = forge.pki.oids[hashAlgorithmOid].toLowerCase();
const set = forge.asn1.create(forge.asn1.Class.UNIVERSAL, forge.asn1.Type.SET, true, attrs);
const clientCertificate = (0, certUtils_1.getClientCertificate)(certificates);
const digest = forge.md[hashAlgorithm]
.create()
.update(forge.asn1.toDer(set).data)
.digest()
.getBytes();
//FIXME: verification for some of the pdf documents is failing
// Encryption block is invalid.
// Check if the code is wrong or the PDF is not valid
// try {
// const validAuthenticatedAttributes = clientCertificate["publicKey"].verify(
// digest,
// sig
// );
// } catch (error) {
// console.log(error);
// }
// if (!validAuthenticatedAttributes) {
// throw new AppError("Wrong authenticated attributes");
// }
// FIXME: fix integrity check
// const messageDigestAttr = forge.pki.oids.messageDigest;
// const fullAttrDigest = attrs.find(
// (attr) => forge.asn1.derToOid(attr.value[0].value) === messageDigestAttr
// );
// const attrDigest = fullAttrDigest.value[1].value[0].value;
// const dataDigest = forge.md[hashAlgorithm]
// .create()
// .update(signedData.toString("latin1"))
// .digest()
// .getBytes();
// const integrity = dataDigest === attrDigest;
const sortedCerts = (0, certUtils_1.sortCertificateChain)(certificates);
const parsedCerts = (0, certUtils_1.extractCertificatesDetails)(sortedCerts);
// const authenticity = authenticateSignature(sortedCerts);
const isExpired = (0, certUtils_1.isCertsExpired)(sortedCerts);
return {
// verified: integrity && authenticity && !expired,
// authenticity,
// integrity,
isExpired,
meta: Object.assign({ certs: parsedCerts }, signatureMeta),
};
};
exports.verify = verify;