@sphereon/ssi-sdk-ext.x509-utils/dist/x509/x509-validator.d.ts

Sphereon SSI-SDK plugin functions for X.509 Certificate handling.

import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509';
import { AlgorithmProvider, X509Certificate } from '@peculiar/x509';
import { JWK } from '@sphereon/ssi-types';
import { Certificate } from 'pkijs';
export type DNInfo = {
    DN: string;
    attributes: Record<string, string>;
};
export type CertificateInfo = {
    certificate?: any;
    notBefore: Date;
    notAfter: Date;
    publicKeyJWK?: any;
    issuer: {
        dn: DNInfo;
    };
    subject: {
        dn: DNInfo;
        subjectAlternativeNames: SubjectAlternativeName[];
    };
};
export type X509ValidationResult = {
    error: boolean;
    critical: boolean;
    message: string;
    detailMessage?: string;
    verificationTime: Date;
    certificateChain?: Array<CertificateInfo>;
    trustAnchor?: CertificateInfo;
    client?: {
        clientId: string;
        clientIdScheme: ClientIdScheme;
    };
};
export declare const getCertificateInfo: (certificate: Certificate, opts?: {
    sanTypeFilter: SubjectAlternativeGeneralName | SubjectAlternativeGeneralName[];
}) => Promise<CertificateInfo>;
export type X509CertificateChainValidationOpts = {
    allowNoTrustAnchorsFound?: boolean;
    trustRootWhenNoAnchors?: boolean;
    allowSingleNoCAChainElement?: boolean;
    blindlyTrustedAnchors?: string[];
    disallowReversedChain?: boolean;
    client?: {
        clientId: string;
        clientIdScheme: ClientIdScheme;
    };
};
export declare const validateX509CertificateChain: ({ chain: pemOrDerChain, trustAnchors, verificationTime, opts, }: {
    chain: (Uint8Array | string)[];
    trustAnchors?: string[];
    verificationTime?: Date;
    opts?: X509CertificateChainValidationOpts;
}) => Promise<X509ValidationResult>;
export declare const getX509AlgorithmProvider: () => AlgorithmProvider;
export type ParsedCertificate = {
    publicKeyInfo: SubjectPublicKeyInfo;
    publicKeyJwk?: JWK;
    publicKeyRaw: Uint8Array;
    publicKeyAlgorithm: Algorithm;
    certificateInfo: CertificateInfo;
    certificate: Certificate;
    x509Certificate: X509Certificate;
};
export declare const parseCertificate: (rawCert: string | Uint8Array) => Promise<ParsedCertificate>;
export declare const getIssuerDN: (cert: Certificate) => DNInfo;
export declare const getSubjectDN: (cert: Certificate) => DNInfo;
export declare const getCertificateSubjectPublicKeyJWK: (pemOrDerCert: string | Uint8Array | Certificate) => Promise<JWK>;
/**
 *  otherName                       [0]     OtherName,
 *         rfc822Name                      [1]     IA5String,
 *         dNSName                         [2]     IA5String,
 *         x400Address                     [3]     ORAddress,
 *         directoryName                   [4]     Name,
 *         ediPartyName                    [5]     EDIPartyName,
 *         uniformResourceIdentifier       [6]     IA5String,
 *         iPAddress                       [7]     OCTET STRING,
 *         registeredID                    [8]     OBJECT IDENTIFIER }
 */
export declare enum SubjectAlternativeGeneralName {
    rfc822Name = 1,// email
    dnsName = 2,
    uniformResourceIdentifier = 6,
    ipAddress = 7
}
export interface SubjectAlternativeName {
    value: string;
    type: SubjectAlternativeGeneralName;
}
export type ClientIdScheme = 'x509_san_dns' | 'x509_san_uri';
export declare const assertCertificateMatchesClientIdScheme: (certificate: Certificate, clientId: string, clientIdScheme: ClientIdScheme) => void;
export declare const validateCertificateChainMatchesClientIdScheme: (certificate: Certificate, clientId: string, clientIdScheme: ClientIdScheme) => Promise<X509ValidationResult>;
export declare const getSubjectAlternativeNames: (certificate: Certificate, opts?: {
    typeFilter?: SubjectAlternativeGeneralName | SubjectAlternativeGeneralName[];
    clientIdSchemeFilter?: ClientIdScheme;
}) => SubjectAlternativeName[];
//# sourceMappingURL=x509-validator.d.ts.map