UNPKG

edockit

Version:

A JavaScript library for listing, parsing, and verifying the contents and signatures of electronic documents (eDoc) and Associated Signature Containers (ASiC-E), supporting EU eIDAS standards for digital signatures and electronic seals.

github.com/edgarsj/edockit

edgarsj/edockit

143 lines (142 loc) 5.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
import { CertificateInfo } from "./certificate"; import { SignatureInfo } from "./parser"; import { RevocationResult, RevocationCheckOptions } from "./revocation/types"; import { TimestampVerificationResult } from "./timestamp/types"; /** * Options for verification process */ export interface VerificationOptions { checkCertificateValidity?: boolean; verifySignatures?: boolean; verifyChecksums?: boolean; verifyTime?: Date; /** Check certificate revocation via OCSP/CRL (default: true) */ checkRevocation?: boolean; /** Options for revocation checking (timeouts, etc.) */ revocationOptions?: RevocationCheckOptions; /** Verify RFC 3161 timestamp if present (default: true) */ verifyTimestamps?: boolean; } /** * Result of a checksum verification */ export interface ChecksumVerificationResult { isValid: boolean; details: Record<string, { expected: string; actual: string; matches: boolean; fileFound: boolean; }>; } /** * Result of a signature verification */ export interface SignatureVerificationResult { isValid: boolean; reason?: string; /** True if verification failed due to platform limitation (e.g., RSA >4096 in Safari) */ unsupportedPlatform?: boolean; errorDetails?: { category: string; originalMessage: string; algorithm: any; environment: string; keyLength: number; }; } /** * Result of a certificate verification */ export interface CertificateVerificationResult { isValid: boolean; reason?: string; info?: CertificateInfo; /** Revocation check result (if checkRevocation was enabled) */ revocation?: RevocationResult; } /** * Validation status for granular verification results * - VALID: Signature cryptographically valid, all checks pass * - INVALID: Definitely wrong (bad checksum, tampered content, crypto failure with supported key) * - INDETERMINATE: Can't conclude (expired cert without POE, missing chain, revocation unknown) * - UNSUPPORTED: Platform can't verify (e.g., RSA >4096 bits in Safari/WebKit) */ export type ValidationStatus = "VALID" | "INVALID" | "INDETERMINATE" | "UNSUPPORTED"; /** * Describes a limitation that prevented full verification */ export interface ValidationLimitation { /** Machine-readable code (e.g., 'RSA_KEY_SIZE_UNSUPPORTED', 'CERT_EXPIRED_NO_POE') */ code: string; /** Human-readable description */ description: string; /** Platform where this limitation applies (e.g., 'Safari/WebKit') */ platform?: string; } /** * Complete verification result */ export interface VerificationResult { /** Whether the signature is valid (for backwards compatibility) */ isValid: boolean; /** Granular validation status */ status: ValidationStatus; /** Human-readable status explanation */ statusMessage?: string; /** Limitations that prevented full verification (for INDETERMINATE/UNSUPPORTED) */ limitations?: ValidationLimitation[]; certificate: CertificateVerificationResult; checksums: ChecksumVerificationResult; signature?: SignatureVerificationResult; /** Timestamp verification result (if timestamp present and verifyTimestamps enabled) */ timestamp?: TimestampVerificationResult; errors?: string[]; } /** * Compute a digest (hash) of file content with browser/node compatibility * @param fileContent The file content as Uint8Array * @param algorithm The digest algorithm to use (e.g., 'SHA-256') * @returns Promise with Base64-encoded digest */ export declare function computeDigest(fileContent: Uint8Array, algorithm: string): Promise<string>; /** * Verify checksums of files against signature * @param signature The signature information * @param files Map of filenames to file contents * @returns Promise with verification results for each file */ export declare function verifyChecksums(signature: { signedChecksums: Record<string, string>; digestAlgorithms?: Record<string, string>; algorithm?: string; }, files: Map<string, Uint8Array>): Promise<ChecksumVerificationResult>; /** * Verify certificate validity * @param certificatePEM PEM-formatted certificate * @param verifyTime Time to check validity against * @returns Certificate verification result */ export declare function verifyCertificate(certificatePEM: string, verifyTime?: Date): Promise<CertificateVerificationResult>; /** * Verify the XML signature specifically using SignedInfo and SignatureValue * @param signatureXml The XML string of the SignedInfo element * @param signatureValue The base64-encoded signature value * @param publicKeyData The public key raw data * @param algorithm Key algorithm details * @param canonicalizationMethod The canonicalization method used * @returns Signature verification result */ export declare function verifySignedInfo(signatureXml: string, signatureValue: string, publicKeyData: ArrayBuffer, algorithm: { name: string; hash: string; namedCurve?: string; }, canonicalizationMethod?: string): Promise<SignatureVerificationResult>; /** * Verify a complete signature (certificate, checksums, and signature) * @param signatureInfo Signature information * @param files File contents * @param options Verification options * @returns Complete verification result */ export declare function verifySignature(signatureInfo: SignatureInfo, files: Map<string, Uint8Array>, options?: VerificationOptions): Promise<VerificationResult>;