23 lines
1.1 KiB
JavaScript
23 lines
1.1 KiB
JavaScript
|
"use strict";
|
||
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
||
|
|
exports.verifySigningCertificate = void 0;
|
||
|
|
const chain_1 = require("./chain");
|
||
|
|
const sct_1 = require("./sct");
|
||
|
|
const signer_1 = require("./signer");
|
||
|
|
function verifySigningCertificate(bundle, trustedRoot, options) {
|
||
|
|
// Check that a trusted certificate chain can be found for the signing
|
||
|
|
// certificate in the bundle. Only the first certificate in the bundle's
|
||
|
|
// chain is used -- everything else must come from the trusted root.
|
||
|
|
const trustedChain = (0, chain_1.verifyChain)(bundle.verificationMaterial.content.x509CertificateChain.certificates[0], trustedRoot.certificateAuthorities);
|
||
|
|
// Unless disabled, verify the SCTs in the signing certificate
|
||
|
|
if (options.ctlogOptions.disable === false) {
|
||
|
|
(0, sct_1.verifySCTs)(trustedChain, trustedRoot.ctlogs, options.ctlogOptions);
|
||
|
|
}
|
||
|
|
// Verify the signing certificate against the provided identities
|
||
|
|
// if provided
|
||
|
|
if (options.signers) {
|
||
|
|
(0, signer_1.verifySignerIdentity)(trustedChain[0], options.signers.certificateIdentities);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
exports.verifySigningCertificate = verifySigningCertificate;
|