UNPKG

@bsv/sdk

Version:

BSV Blockchain Software Development Kit

github.com/bsv-blockchain/ts-sdk

bsv-blockchain/ts-sdk

74 lines (66 loc) 2.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import { OriginatorDomainNameStringUnder250Bytes, WalletInterface } from '../../wallet/index.js' import { AuthMessage, RequestedCertificateSet } from '../types.js' import { VerifiableCertificate } from '../certificates/VerifiableCertificate.js' /** * Validates and processes the certificates received from a peer. * * @private * @param {AuthMessage} message - The message containing the certificates to validate. * @returns {Promise<void>} * @throws Will throw an error if certificate validation or field decryption fails. */ export const validateCertificates = async ( verifierWallet: WalletInterface, message: AuthMessage, certificatesRequested?: RequestedCertificateSet, originator?: OriginatorDomainNameStringUnder250Bytes ): Promise<void> => { if ((message.certificates == null) || message.certificates.length === 0) { throw new Error('No certificates were provided in the AuthMessage.') } await Promise.all( message.certificates.map(async (incomingCert: VerifiableCertificate) => { if (incomingCert.subject !== message.identityKey) { throw new Error( `The subject of one of your certificates ("${incomingCert.subject}") is not the same as the request sender ("${message.identityKey}").` ) } // Verify Certificate structure and signature const certToVerify = new VerifiableCertificate( incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.keyring, incomingCert.signature ) const isValidCert = await certToVerify.verify() if (!isValidCert) { throw new Error( `The signature for the certificate with serial number ${certToVerify.serialNumber} is invalid!` ) } // Check if the certificate matches requested certifiers, types, and fields if (certificatesRequested != null) { const { certifiers, types } = certificatesRequested // Check certifier matches if (!certifiers.includes(certToVerify.certifier)) { throw new Error( `Certificate with serial number ${certToVerify.serialNumber} has an unrequested certifier: ${certToVerify.certifier}` ) } // Check type and fields match requested const requestedFields = types[certToVerify.type] if (requestedFields == null) { throw new Error( `Certificate with type ${certToVerify.type} was not requested` ) } } // Attempt to decrypt fields await certToVerify.decryptFields(verifierWallet, undefined, undefined, originator) }) ) }