UNPKG

electron-root-ssl-pinning

Version:

Pinning root CA certificates into your Electron app

github.com/myxious/electron-root-ssl-pinning

myxious/electron-root-ssl-pinning

50 lines (49 loc) 2.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const lodash_flow_1 = __importDefault(require("lodash.flow")); const parsePemFile_1 = require("./parsePemFile"); const utils_1 = require("./utils"); const createChainVerifier_1 = require("./createChainVerifier"); exports.createRootCaVerifier = rootCertificates => lodash_flow_1.default(determineTypeOfGivenArgument, createCAStore, createChainVerifier_1.createChainVerifier)(rootCertificates); /** * Determine if 'rootCertificates' is either a pathname to '*.pem' file or an array of certificates */ function determineTypeOfGivenArgument(rootCertificates) { if (typeof rootCertificates === "string") { return parsePemFile_1.parsePemFile(rootCertificates); } else if (Array.isArray(rootCertificates)) { return rootCertificates; } throw new Error("You have to provide a path to '*.pem' file or an array of root CA"); } exports.determineTypeOfGivenArgument = determineTypeOfGivenArgument; /** * Create root CA store dictionary: { ['* commonName * organizationName * organizationalUnitName *']: PKICertificate } */ function createCAStore(rootCertificatesList) { try { return rootCertificatesList.reduce((dictionary, pem) => { const pkiCert = utils_1.createPKICertificate(pem); const isCorrectValidityPeriod = utils_1.isValidityPeriodCorrect(pkiCert); const pemFirstSymbols = pem.slice(27, 47).trim(); if (!isCorrectValidityPeriod) { console.error(`Given root certificate '${pemFirstSymbols}...' has an invalid validity period (either it has expired or is not valid yet)`); } if (!utils_1.isRootCertificate(pkiCert)) { throw new Error(`Certificate '${pemFirstSymbols}...' is not a root CA`); } const dn = utils_1.findDistinguishedName(pkiCert, "subject"); dictionary[dn] = pkiCert; return dictionary; }, {}); } catch (err) { console.error("An error occurred during creation of CA store. Please check correctness of your root certificates."); throw err; } } exports.createCAStore = createCAStore;