1"use strict"; 2Object.defineProperty(exports, "__esModule", { value: true }); 3exports.verifySCTs = void 0; 4/* 5Copyright 2023 The Sigstore Authors. 6 7Licensed under the Apache License, Version 2.0 (the "License"); 8you may not use this file except in compliance with the License. 9You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13Unless required by applicable law or agreed to in writing, software 14distributed under the License is distributed on an "AS IS" BASIS, 15WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16See the License for the specific language governing permissions and 17limitations under the License. 18*/ 19const core_1 = require("@sigstore/core"); 20const error_1 = require("../error"); 21const trust_1 = require("../trust"); 22function verifySCTs(cert, issuer, ctlogs) { 23 let extSCT; 24 // Verifying the SCT requires that we remove the SCT extension and 25 // re-encode the TBS structure to DER -- this value is part of the data 26 // over which the signature is calculated. Since this is a destructive action 27 // we create a copy of the certificate so we can remove the SCT extension 28 // without affecting the original certificate. 29 const clone = cert.clone(); 30 // Intentionally not using the findExtension method here because we want to 31 // remove the the SCT extension from the certificate before calculating the 32 // PreCert structure 33 for (let i = 0; i < clone.extensions.length; i++) { 34 const ext = clone.extensions[i]; 35 if (ext.subs[0].toOID() === core_1.EXTENSION_OID_SCT) { 36 extSCT = new core_1.X509SCTExtension(ext); 37 // Remove the extension from the certificate 38 clone.extensions.splice(i, 1); 39 break; 40 } 41 } 42 // No SCT extension found to verify 43 if (!extSCT) { 44 return []; 45 } 46 // Found an SCT extension but it has no SCTs 47 /* istanbul ignore if -- too difficult to fabricate test case for this */ 48 if (extSCT.signedCertificateTimestamps.length === 0) { 49 return []; 50 } 51 // Construct the PreCert structure 52 // https://www.rfc-editor.org/rfc/rfc6962#section-3.2 53 const preCert = new core_1.ByteStream(); 54 // Calculate hash of the issuer's public key 55 const issuerId = core_1.crypto.hash(issuer.publicKey); 56 preCert.appendView(issuerId); 57 // Re-encodes the certificate to DER after removing the SCT extension 58 const tbs = clone.tbsCertificate.toDER(); 59 preCert.appendUint24(tbs.length); 60 preCert.appendView(tbs); 61 // Calculate and return the verification results for each SCT 62 return extSCT.signedCertificateTimestamps.map((sct) => { 63 // Find the ctlog instance that corresponds to the SCT's logID 64 const validCTLogs = (0, trust_1.filterTLogAuthorities)(ctlogs, { 65 logID: sct.logID, 66 targetDate: sct.datetime, 67 }); 68 // See if the SCT is valid for any of the CT logs 69 const verified = validCTLogs.some((log) => sct.verify(preCert.buffer, log.publicKey)); 70 if (!verified) { 71 throw new error_1.VerificationError({ 72 code: 'CERTIFICATE_ERROR', 73 message: 'SCT verification failed', 74 }); 75 } 76 return sct.logID; 77 }); 78} 79exports.verifySCTs = verifySCTs; 80