UNPKG

@universal-verify/trust-list

Version:

List of issuers trusted by Universal Verify

github.com/universal-verify/trust-list

universal-verify/trust-list

116 lines (96 loc) 4.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import fs from 'fs'; import path from 'path'; import { execSync } from 'child_process'; function checkCertificateExpiration(certificatePem) { try { // Create a temporary file with the certificate const tempFile = path.join(process.cwd(), 'temp_cert_validation.pem'); fs.writeFileSync(tempFile, certificatePem); // Use OpenSSL to get certificate expiration date const opensslOutput = execSync(`openssl x509 -in "${tempFile}" -noout -dates`, { encoding: 'utf8' }); // Clean up temp file fs.unlinkSync(tempFile); // Parse the notAfter date const notAfterMatch = opensslOutput.match(/notAfter=([^\n]+)/); if (!notAfterMatch) { throw new Error('Could not parse certificate expiration date'); } const expirationDate = new Date(notAfterMatch[1]); const now = new Date(); const oneMonthFromNow = new Date(); oneMonthFromNow.setMonth(oneMonthFromNow.getMonth() + 1); return { expirationDate, isExpired: expirationDate < now, expiresWithinMonth: expirationDate < oneMonthFromNow && expirationDate > now, daysUntilExpiration: Math.ceil((expirationDate - now) / (1000 * 60 * 60 * 24)) }; } catch (error) { throw new Error(`Failed to check certificate expiration: ${error.message}`); } } function checkCertificateExpirations(trustList) { const warnings = []; const expired = []; trustList.forEach((issuer, issuerIndex) => { if (issuer.certificates) { issuer.certificates.forEach((cert, certIndex) => { if(cert.allowExpired) return; try { const expirationInfo = checkCertificateExpiration(cert.data); if (expirationInfo.isExpired) { expired.push(`Issuer ${issuerIndex + 1} (${issuer.name}): Certificate ${certIndex + 1} expired on ${expirationInfo.expirationDate.toISOString().split('T')[0]}`); } else if (expirationInfo.expiresWithinMonth) { warnings.push(`Issuer ${issuerIndex + 1} (${issuer.name}): Certificate ${certIndex + 1} expires in ${expirationInfo.daysUntilExpiration} days on ${expirationInfo.expirationDate.toISOString().split('T')[0]}`); } } catch (error) { console.error('Error checking certificate expiration:'); console.error(error); process.exit(1); } }); } }); return { warnings, expired }; } function main() { const trustListPath = path.join(process.cwd(), 'trust-list.json'); try { // Read the trust list const trustListContent = fs.readFileSync(trustListPath, 'utf8'); const trustList = JSON.parse(trustListContent); // Check certificate expirations const { warnings, expired } = checkCertificateExpirations(trustList); // Display warnings if (warnings.length > 0) { console.warn('⚠️ Certificate expirations upcoming soon:'); warnings.forEach(warning => { console.warn(` - ${warning}`); }); } // Display expired certificates if (expired.length > 0) { console.error('❌ Certificate expirations:'); expired.forEach(error => { console.error(` - ${error}`); }); } if (warnings.length > 0) { console.log(`⚠️ ${warnings.length} certificate(s) expiring soon - please review`); } if (expired.length > 0) { console.log(`❌ ${expired.length} certificate(s) expired - please review`); } if(expired.length == 0 && warnings.length == 0) { console.log('✅ No expired or expiring certificates found'); } process.exit(0); } catch (error) { console.error('❌ Error checking certificate expirations:', error.message); process.exit(1); } } // Run the main function if this script is executed directly if (import.meta.url === `file://${process.argv[1]}`) { main(); }