UNPKG

pdf-signature-reader-sl

Version:

Verify digital signatures in PDF documents with content validation and enhanced support for Spanish certificates (FNMT, DNIe, corporate)

github.com/keviinmiichael/pdf-signature-reader

keviinmiichael/pdf-signature-reader

92 lines (72 loc) 2.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
const tls = require('tls'); const forge = require('node-forge'); const fs = require('fs'); const path = require('path'); let customRootCertificates = null; let caValidationMode = 'all'; const loadCustomRootCertificates = (caPath) => { try { if (!caPath || !fs.existsSync(caPath)) { throw new Error(`Custom root CA file not found: ${caPath}`); } const customCerts = fs.readFileSync(caPath, 'utf8'); const certRegex = /-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----/g; const matches = customCerts.match(certRegex); if (!matches || matches.length === 0) { throw new Error(`No valid certificates found in: ${caPath}`); } return matches; } catch (error) { console.warn('Warning: Could not load custom root certificates:', error.message); return []; } }; const setCertificateOptions = (options = {}) => { const { caPath, caValidation = 'all' } = options; caValidationMode = caValidation; if (caPath) { customRootCertificates = loadCustomRootCertificates(caPath); } else { customRootCertificates = null; } }; const clearCustomRootCertificates = () => { customRootCertificates = null; caValidationMode = 'all'; }; const getRootCAs = () => { if (caValidationMode === 'custom') { return customRootCertificates || []; } const systemCerts = tls.rootCertificates; if (customRootCertificates && customRootCertificates.length > 0) { return [...systemCerts, ...customRootCertificates]; } return systemCerts; }; const verifyRootCert = (chainRootInForgeFormat) => !!getRootCAs() .find((rootCAInPem) => { try { const rootCAInForgeCert = forge.pki.certificateFromPem(rootCAInPem); return forge.pki.certificateToPem(chainRootInForgeFormat) === rootCAInPem || rootCAInForgeCert.issued(chainRootInForgeFormat); } catch (e) { return false; } }); const verifyCaBundle = (certs) => !!certs .find((cert, i) => certs[i + 1] && certs[i + 1].issued(cert)); const isCertsExpired = (certs) => !!certs .find(({ validity: { notAfter, notBefore } }) => notAfter.getTime() < Date.now() || notBefore.getTime() > Date.now()); const authenticateSignature = (certs) => verifyCaBundle(certs) && verifyRootCert(certs[certs.length - 1]); module.exports = { authenticateSignature, verifyCaBundle, verifyRootCert, isCertsExpired, setCertificateOptions, clearCustomRootCertificates, getRootCAs, // Exportar para testing };