Skip to content

Commit b6aafd4

Browse files
Josef FröhleDexus
Josef Fröhle
authored and
Dexus
committed
fix(package): #117 verifySigningChain optional CA certificates
1 parent 904f74d commit b6aafd4

File tree

3 files changed

+102
-12
lines changed

3 files changed

+102
-12
lines changed

lib/pem.js

+26-12
Original file line numberDiff line numberDiff line change
@@ -868,27 +868,41 @@ function checkPkcs12 (bufferOrPath, passphrase, callback) {
868868
* Verifies the signing chain of the passed certificate
869869
* @static
870870
* @param {String|Array} PEM encoded certificate include intermediate certificates
871-
* @param {String|Array} List of CA certificates
871+
* @param {String|Array} [List] of CA certificates
872872
* @param {Function} callback Callback function with an error object and a boolean valid
873873
*/
874874
function verifySigningChain (certificate, ca, callback) {
875+
if (!callback && typeof ca === 'function') {
876+
callback = ca
877+
ca = undefined
878+
}
875879
if (!Array.isArray(certificate)) {
876880
certificate = [certificate]
877881
}
878-
if (!Array.isArray(ca)) {
879-
ca = [ca]
882+
if (!Array.isArray(ca) && ca !== undefined) {
883+
if (ca !== '') {
884+
ca = [ca]
885+
}
880886
}
881887

882-
var files = [
883-
ca.join('\n'),
884-
certificate.join('\n')
885-
]
888+
var files = []
886889

887-
var params = ['verify',
888-
'-CAfile',
889-
'--TMPFILE--',
890-
'--TMPFILE--'
891-
]
890+
if (ca !== undefined) {
891+
// ca certificates
892+
files.push(ca.join('\n'))
893+
}
894+
// certificate incl. intermediate certificates
895+
files.push(certificate.join('\n'))
896+
897+
var params = ['verify']
898+
899+
if (ca !== undefined) {
900+
// ca certificates
901+
params.push('-CAfile')
902+
params.push('--TMPFILE--')
903+
}
904+
// certificate incl. intermediate certificates
905+
params.push('--TMPFILE--')
892906

893907
openssl.spawnWrapper(params, files, function (err, code, stdout) {
894908
if (err) {

test/fixtures/google.com.pem

+68
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDwjCCAqqgAwIBAgIIMPfmgdxQ04QwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
3+
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
4+
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwOTI2MTA1OTAwWhcNMTcxMjE5MTA1OTAw
5+
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
6+
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
7+
Lmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQptqSsDzHdgCpE
8+
2bLsaN1aKT/np0r/I2bQ2QZueQvOWKwaJD5Kt6s6HE1LUZ/omxTwacgT7HDWmj8f
9+
bhMEZ45No4IBWDCCAVQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAsG
10+
A1UdDwQEAwIHgDAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTBoBggrBgEFBQcB
11+
AQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5j
12+
cnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3Aw
13+
HQYDVR0OBBYEFD1fAbfuUfW5VEUWBvJeq8hsdnzlMAwGA1UdEwEB/wQCMAAwHwYD
14+
VR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEE
15+
AdZ5AgUBMAgGBmeBDAECAjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdv
16+
b2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBEd6FLPzPDnVVS
17+
HLBtKfb5Gv3rkLku4wy13QORTK1yU+c2cbWCiVXyU8rXUqWLeFfjNw5Z6/2vvNRF
18+
SQ2G/isM+GdT42UI0cPxYV+oLfxcQU9pu2FnsIaq1mSu0ckIe7gFSXRnUZWOHMur
19+
WkSP+4EwUZlXgK/h06fy3Ran1NmBglwWGF3MXAGgNeFeKSRtszn8pClOaWOmjNt8
20+
pzp6KfJIaZV0y1ss1I8x1XnR7EFbG+9vPQpsB2xhEPqyC78QoazaCS3y9AyFrpzb
21+
Ig2jZRLdtq9bLhsEb1jSM3qIECCiPu0AwNLU+508PVyYXlvRTfwMVo1PfllWhiMP
22+
Ub8Y7gCe
23+
-----END CERTIFICATE-----
24+
-----BEGIN CERTIFICATE-----
25+
MIIEKDCCAxCgAwIBAgIQAQAhJYiw+lmnd+8Fe2Yn3zANBgkqhkiG9w0BAQsFADBC
26+
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
27+
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE3MDUyMjExMzIzN1oXDTE4MTIzMTIzNTk1
28+
OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMT
29+
HEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUA
30+
A4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk/8RlwGohGfuCPxfGJziHu
31+
Wv5hDbcyRImgdAtTT1WkzoJile7rWV/G4QWAEsRelD+8W0g49FP3JOb7kekVxM/0
32+
Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf/86PKc3Bo69SxEE630k3ub5/DFx
33+
+5TVYPMuSq9C0svqxGoassxT3RVLix/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7j
34+
gEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57
35+
r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjggERMIIBDTAfBgNV
36+
HSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1
37+
dvWBtrtiGrpagS8wDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggr
38+
BgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAw
39+
NQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9i
40+
YWwuY3JsMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwHQYDVR0l
41+
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDKSeWs
42+
12Rkd1u+cfrP9B4jx5ppY1Rf60zWGSgjZGaOHMeHgGRfBIsmr5jfCnC8vBk97nsz
43+
qX+99AXUcLsFJnnqmseYuQcZZTTMPOk/xQH6bwx+23pwXEz+LQDwyr4tjrSogPsB
44+
E4jLnD/lu3fKOmc2887VJwJyQ6C9bgLxRwVxPgFZ6RGeGvOED4Cmong1L7bHon8X
45+
fOGLVq7uZ4hRJzBgpWJSwzfVO+qFKgE4h6LPcK2kesnE58rF2rwjMvL+GMJ74N87
46+
L9TQEOaWTPtEtyFkDbkAlDASJodYmDkFOA/MgkgMCkdm7r+0X8T/cKjhf4t5K7hl
47+
MqO5tzHpCvX2HzLc
48+
-----END CERTIFICATE-----
49+
-----BEGIN CERTIFICATE-----
50+
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
51+
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
52+
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
53+
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
54+
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
55+
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
56+
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
57+
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
58+
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
59+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
60+
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
61+
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
62+
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
63+
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
64+
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
65+
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
66+
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
67+
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
68+
-----END CERTIFICATE-----

test/pem.spec.js

+8
Original file line numberDiff line numberDiff line change
@@ -581,6 +581,14 @@ describe('General Tests', function () {
581581
})
582582
})
583583
})
584+
it('Verify google.com certificate without provided CA certificates', function (done) {
585+
var certificate = fs.readFileSync('./test/fixtures/google.com.pem').toString()
586+
pem.verifySigningChain(certificate, function (error, valid) {
587+
hlp.checkError(error)
588+
expect(valid).to.be.false()
589+
done()
590+
})
591+
})
584592
it('Verify deep sigining chain', function (done) {
585593
pem.createCertificate({
586594
commonName: 'Intermediate CA Certificate',

0 commit comments

Comments
 (0)