UNPKG

covid-certificate

Version:

Parse and verify a european digital covid certificate (dcc)

github.com/btielen/covid-certificate

btielen/covid-certificate

44 lines (43 loc) 2.24 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.verifySignature = void 0; const findCertificateData_1 = require("../issuer/findCertificateData"); const createPublicKey_1 = require("../issuer/createPublicKey"); const VerificationResult_1 = require("./VerificationResult"); const ECDS256SignatureVerifier_1 = __importDefault(require("../cose/ECDS256SignatureVerifier")); const ChainValidator_1 = __importDefault(require("../validate/ChainValidator")); const KnownAlgorithmValidator_1 = __importDefault(require("../validate/cose/KnownAlgorithmValidator")); const HasKidValidator_1 = __importDefault(require("../validate/cose/HasKidValidator")); const headers_1 = require("../cose/header/headers"); const verifySignature = (certificate) => { // Validate COSE message const validator = new ChainValidator_1.default([ new KnownAlgorithmValidator_1.default(), new HasKidValidator_1.default(), ]); const validationResult = validator.validate(certificate); if (!validationResult.isValid()) { return new VerificationResult_1.VerificationError("COSE is not valid: " + validationResult.getMessage()); } // Find issuer certificate let kid; try { kid = (0, headers_1.extractKid)(certificate.getProtectedHeaders(), certificate.getUnprotectedHeaders()); } catch (error) { return new VerificationResult_1.VerificationError("There is no kid found in the headers of the cose message"); } const issuerCert = (0, findCertificateData_1.findCertificateData)(kid); if (issuerCert === null) { return new VerificationResult_1.VerificationError("Unknown Issuer certificate with kid " + kid); } const sigVerifier = new ECDS256SignatureVerifier_1.default(); const verificationResult = sigVerifier.verify(certificate, (0, createPublicKey_1.createPublicKey)(issuerCert)); if (!verificationResult) return new VerificationResult_1.VerificationError("Signature is tempered"); return new VerificationResult_1.Valid(); }; exports.verifySignature = verifySignature;