Skip to content
Snippets Groups Projects
verify.ts 2.36 KiB
Newer Older
  • Learn to ignore specific revisions
  • import * as forge from "@vereign/node-forge";
    
    Zdravko Iliev's avatar
    Zdravko Iliev committed
    import {
      extractCertificatesDetails,
      getClientCertificate,
      isCertsExpired,
      sortCertificateChain,
    } from "./certUtils";
    
    import { AppError } from "./errors";
    
    Zdravko Iliev's avatar
    Zdravko Iliev committed
    import { getMessageFromSignature } from "./signatureUtils";
    
    export const verify = (signature, signatureMeta) => {
      const message = getMessageFromSignature(signature);
    
    Zdravko Iliev's avatar
    Zdravko Iliev committed
      const {
        certificates,
        rawCapture: {
          signature: sig,
          authenticatedAttributes: attrs,
          digestAlgorithm,
        },
      } = message;
      const hashAlgorithmOid = forge.asn1.derToOid(digestAlgorithm);
      const hashAlgorithm = forge.pki.oids[hashAlgorithmOid].toLowerCase();
      const set = forge.asn1.create(
        forge.asn1.Class.UNIVERSAL,
        forge.asn1.Type.SET,
        true,
        attrs
      );
      const clientCertificate = getClientCertificate(certificates);
      const digest = forge.md[hashAlgorithm]
        .create()
        .update(forge.asn1.toDer(set).data)
        .digest()
        .getBytes();
    
    
      //FIXME: verification for some of the pdf documents is failing
      // Encryption block is invalid.
      // Check if the code is wrong or the PDF is not valid
      // try {
      //   const validAuthenticatedAttributes = clientCertificate["publicKey"].verify(
      //     digest,
      //     sig
      //   );
      // } catch (error) {
      //   console.log(error);
      // }
    
      // if (!validAuthenticatedAttributes) {
      //   throw new AppError("Wrong authenticated attributes");
      // }
    
      // FIXME: fix integrity check
    
    Zdravko Iliev's avatar
    Zdravko Iliev committed
      //   const messageDigestAttr = forge.pki.oids.messageDigest;
      //   const fullAttrDigest = attrs.find(
      //     (attr) => forge.asn1.derToOid(attr.value[0].value) === messageDigestAttr
      //   );
      //   const attrDigest = fullAttrDigest.value[1].value[0].value;
      //   const dataDigest = forge.md[hashAlgorithm]
      //     .create()
      //     .update(signedData.toString("latin1"))
      //     .digest()
      // .getBytes();
      //   const integrity = dataDigest === attrDigest;
    
      const sortedCerts = sortCertificateChain(certificates);
      const parsedCerts = extractCertificatesDetails(sortedCerts);
    
      //FIXME: fix authenticity check after you have the root cert
    
    Zdravko Iliev's avatar
    Zdravko Iliev committed
      //   const authenticity = authenticateSignature(sortedCerts);
      const isExpired = isCertsExpired(sortedCerts);
      return {
        // verified: integrity && authenticity && !expired,
        // authenticity,
        // integrity,
        isExpired,
        meta: { certs: parsedCerts, ...signatureMeta },
      };
    };