Closed bindon closed 1 year ago
I am experiencing the following problem
// self-signed certificate verification const certificate = new X509Certificate(buffer); await certificate.verify({}, new Crypto()); // => true await certificate.verify({ publicKey: certificate.publicKey }, new Crypto()); // => false
So, as a result of checking the X509Certificate.verify() source code, it seems that the default value is used without using the parameter crypto.
X509Certificate.verify()
crypto
if (!paramsKey) { // self-signed keyAlgorithm = { ...this.publicKey.algorithm, ...this.signatureAlgorithm }; publicKey = await this.publicKey.export(keyAlgorithm, ["verify"], crypto); } else if ("publicKey" in paramsKey) { // IPublicKeyContainer keyAlgorithm = { ...paramsKey.publicKey.algorithm, ...this.signatureAlgorithm }; publicKey = await paramsKey.publicKey.export(keyAlgorithm, ["verify"]); // this } else if (paramsKey instanceof PublicKey) { // PublicKey keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm }; publicKey = await paramsKey.export(keyAlgorithm, ["verify"]); // this } else if (BufferSourceConverter.isBufferSource(paramsKey)) { const key = new PublicKey(paramsKey); keyAlgorithm = { ...key.algorithm, ...this.signatureAlgorithm }; publicKey = await key.export(keyAlgorithm, ["verify"]); // this } else { // CryptoKey keyAlgorithm = { ...paramsKey.algorithm, ...this.signatureAlgorithm }; publicKey = paramsKey; }
There is a workaround as follows, but it seems like a fix is needed.
cryptoProvider.set(new Crypto()); await certificate.verify({ publicKey: certificate.publicKey });
I am experiencing the following problem
So, as a result of checking the
X509Certificate.verify()
source code, it seems that the default value is used without using the parametercrypto
.There is a workaround as follows, but it seems like a fix is needed.