search

PeculiarVentures / x509

@peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy
https://peculiarventures.github.io/x509/
MIT License
78 stars 10 forks source link

X509ChainBuilder.build is not working as expect #60

Closed shynome closed 10 months ago

shynome commented 10 months ago

I found the problem source is X509Certificate.publicKey.export() != X509Certificate.publicKey, because when I replace await item.publicKey.export(crypto) with item.publicKey X509ChainBuilder.build will be working

publicKey: await item.publicKey.export(crypto),

My packge version

    "@peculiar/webcrypto": "^1.4.3",
    "@peculiar/x509": "^1.9.3"
microshine commented 10 months ago

X509Certificate.publicKey is PublicKey, X509Certificate.publicKey.export returns CryptoKey. These are different objects, and they can't be compared using the comparison operator. What are you trying to do?

shynome commented 10 months ago

I check it again, it seem some key export failed, pem1 is fine, but pem2 chain is broken. If use item.publicKey directly, pem2 will verify successful

let pem1 = `-----BEGIN CERTIFICATE-----
MIIDIDCCAgigAwIBAgIIQU4B1vCH2u8wDQYJKoZIhvcNAQELBQAwDDEKMAgGA1UE
CxMBQjAeFw0yMzA4MTYwMDAwMDBaFw0yNDA4MTUyMzU5NTlaMAwxCjAIBgNVBAsT
AUMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyECUyekEDRGrKgh7e
d4oQ8+2ZPg1858jowIJ3vPGhKkk0evTmT44ZiLVgWGhq5V0xBXgQErhjZEJ3C0v8
+8Vnlhja23lQwFiHKpDQJKyzKX2J3uXVzMpv0IhFPkYaQ+dH+k7D6g7DBowAfI5c
7hZ/vjqwpIIW8WAbwGkkgmMS3bh6aeWnFavudvanbEAl8ih7Xksq2cbXhwkspuoP
qa7x7vTEifJMGWNY4KOy49Io+1ANJfyQUs7kpzmCbEcCCDIo1NivCGsrErmOS9nm
ufonvztRnhCBMpFqQEoDIY1aDsDRMtSlQ+DqxrW21xhqtjkV3oKuTWZCiRzRD0+l
D5shAgMBAAGjgYUwgYIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUva2YrtVLRBKx
f16OgDblBIWPHVowCwYDVR0PBAQDAgO4MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBEG
CWCGSAGG+EIBAQQEAwIFoDAeBglghkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRl
MA0GCSqGSIb3DQEBCwUAA4IBAQA2vkpr/52lzFIHd0BFR+/JVQSr+F5cw/lNAIFh
hHGrfkn2QyEqwkMxMyBpePnR8uz16kZEhpgc6MGekvoj+h2gO56sMr6i5FszXWr+
y7DEH0jTpukM4bpOHu/HTKWmJZe4VbTf+12Qq/g7z82z1JF3FTBSE+SY1mjrTSgA
K5TiaQ49N5q2mHvDWVH6tER1o2zVLMBZhb1EFlnVBPeJvpwRlLP9qvLZ5zy98B5w
+IraMm65QresylLJXqrLC4weNmnZr7WJTbudKKCPxj3NMzvXAWEnbm8xfEP+ZqbM
iLJopGUpTCkSFAtTddt+UntuiAa99lylF/a9ae8mqb2y8Kcv
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIIUOrdMriOfyQwDQYJKoZIhvcNAQELBQAwDDEKMAgGA1UE
CxMBQTAeFw0yMzA4MTYwMDAwMDBaFw0yODA4MTUyMzU5NTlaMAwxCjAIBgNVBAsT
AUIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCukngtGu4+PpBg7S36
DSd/fGJY0k85RmMDbZtxImFDETOfeZGh0HyDXg15QSEM4rpWTk/WZ+wwuHX4BcXF
0aNeemhWKLX6we8R+XP3B32gXnek1iLmLR7lqpc+HthboPr8GrxbOqDJYBLcEeFT
0EaYllD2c3H5rMfGgGG7VebuQEupGjzV5WK081eTMyXgteLcH78cLmAWmggV99Ae
Uv8w1LqZS+6xsOMJDoa3xQZGDauX+LdBaswg9MNkq4MxJ/U8GKOoR5BClGMPRNbt
tyNujgSuGmZiDg0euRfjCZlJuW5R8VuJocGJNzJUZB7HifRN0ND00GVaaQYrsWOZ
yDolAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFL9FnY1ZPUjw
bnr6FeVz/acJeIOgMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJ
YIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEA
nJgRR4az7EiA/YczhEdFfv7hofEdgducv2rIFDtggzqAWJ8BoEz/RU3vxGUhyjKa
VVbfS6ZUAWtAbLB/R+7xXXbCpxzMChi70LP+MKjbIlA07cAP4jPV0Uf1OwLZoVnF
fYBGUH1l7KzWskH9EDhHzvN07y+6Jqq0PejtzR7iKUN9bFz/gx3BAuZn3mZwF6LQ
YeAAS9Ceh2D5JCuVxXD3AQIn239Ah0vjD5pkDaqpSzbrDcUE50BrFzmHepjFdsfT
9aCjzJehPi4ZzUqMA5MGScnqkZn+dveH4s3vt563A7T4mKeBCazqfKEPJ42+Yo5e
gjbVLIVkwerC99YP/aC+fg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIIFD5APYkpFNkwDQYJKoZIhvcNAQELBQAwDDEKMAgGA1UE
CxMBQTAeFw0yMzA4MTYwMDAwMDBaFw0zMzA4MTUyMzU5NTlaMAwxCjAIBgNVBAsT
AUEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoPLXVmfC43hqWklAk
hoRA1xHFR6KIPHFh1TTpZGRFOpeJKB/5u3FF0UnhrMut5RiWumDaqm5M249S14Mm
xG9cUQEtzWTOW3sq2MbmtwBSX82S3uOaiz9kD8RUimwy/VVTUVw6irekMk999M4X
VPGKUW96g1FGymdG0fHWMEsHg5yfhiHb6ZcQXfQtUAJpSJpkgOKvVF3cS4IBpSfB
bE9emKNQVkSMhjlUeu0ZDgtUXvG9GZI0QhoWSZCXop7Q3NMUjNeNMr3ZVIYgTGHd
tTp/I4kU8FNaxdt1igitrpRTa/PAtyARLz18A8Geq9gvOoIeB5ks5JfGr5c4wEyJ
+FfbAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGfxmRR9B5Kk
z26wl3TpS1zfikLgMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJ
YIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEA
Y+8r31kRCNyMi3o5EAKcfLGeh61+uj2qeVgj8jmuziUF5hrgCadWvJDlVyCNMc30
J//rAdHcRqdR68qhPpP5CkARGn9EY9ktl0LKHZkwAmd7MZctNmzmwHmytw/D8204
3aakdR4d0hVv8nmRer82XU2l0W1u1au+XBmA8/NXq8cZMXrbdJ4NfxqihUmPbwn6
QoVN2AoInqP3b9gb+lXKZOANicqbkUYsTwzCOESu9Icslsz0xsaIbbbpIhUjFXul
uy4RLi5edwqe61SUtffRgNfxUEn//tLGWihHUlc0RrjXbYJMSOI1MGdUyntsMhMi
cALXziOhMrsELc6zHTx2lQ==
-----END CERTIFICATE-----
`;

let pem2 = `-----BEGIN CERTIFICATE-----
MIIEmzCCAoOgAwIBAgIIAk82i+WStagwDQYJKoZIhvcNAQEMBQAwOTEPMA0GA1UE
ChMGUmVNb29uMQ8wDQYDVQQLEwZSZU1vb24xFTATBgNVBAMTDFJlTW9vbiBTdGFm
ZjAeFw0yMzAyMTQwMDAwMDBaFw0yNjAyMTMyMzU5NTlaMFoxDzANBgNVBAoTBlJl
TW9vbjEPMA0GA1UECxMGUmVNb29uMRcwFQYDVQQDDA5saXlhQHJlbW9vbi5jbjEd
MBsGCSqGSIb3DQEJARYObGl5YUByZW1vb24uY24wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9M7/qzc0AMza23Ob19VCehWzMlpIz8aft03l4WIAUIflE
h6s3ZSKB98mIYE3Sj2eM3lmCUM/tnbQJebvffTAXCUQJYZtvmPa+RqZzXlUMJk/U
yGWXq4I8us+8O0Jb/MZ5RhMT5KKenloalXK+fGxlmm0ajQF/0oROEbf8M7KT7rcp
f/aMmnASQdBG3bw0qF2sp/QNvx/BLHcU/AVW68J/NO73lT+uynmJ616KzRWADBMO
jScK7ukNHmQaBa3+a7EbhajD95BDmF2sCVTQ19M+vN29zX7r1y+9UAHlfe2V52kD
/dAMPeyrRaUDg7F1m5cfCE5cXqMkOsasHwS7l4QJAgMBAAGjgYUwgYIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUNVNOjytTcvPlm6HGAZTOazueFvowCwYDVR0PBAQD
AgO4MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIFoDAeBglg
hkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBDAUAA4ICAQBs
EIzhB+oUL38pliNBTeu5Sj6dndmfofj95lALPg8oIQC0Up5B514/4SB9YjK3OEUW
uN6QLGJ84XjljarBdnnZsx3cVXxgNPLvrmtm6Q8ikobykwe4z8b1j8PZ9GFlh85M
sSkVCCsUqmHmKFg0rcNGzsQlrfVUH7CgSGI0ZGjrf1+3ySF1LniNSWvGZRLscyWz
Ncdqt4JY4z7WjG/aODGfti1JvHNDyK0W256gMuK3786BPG0zA20MXtbb+g/a5a3z
IKeJ64bYp2J6MoGGlFs8ECND99ZDZZscOcSTw3RZ/+Zx6wq2BcF+EtbAhfZeaEvV
+KJ01dAbjzmqGesOuwQ0jVZOHKJ7zSXlG41Xv03MUNaaSEx2xtXmeE7pqqhhOZ+Z
yjzR9QzNyBCj8YvXrtCpCWDogngAK3J0WUZdo1hBoERxRdlcCoL6pYkCEXgggJDz
RbCIyGRowRocsipQyB+KNm+GbrfQv7BPIxNR9HrxW8aCnzazUbzbCHTwMgpmi7rl
pFdPb/tbvIpgoZNMNGEClV7GO7uwSOHKI7CK/pF179yPXZoOjXYYDKvVqut6xuJQ
Bo3Ukeh/RC1S9vWlAG++HFNpEBINq8ELNkFEwoICD+9N4145Lwh9ff9npKcI9q4v
KN2GH/MfIw6TJH4ow16t4VYQeIe6u0XDSD44jxGc5w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIHYDCCA0igAwIBAgIIOWImwrLCoZ4wDQYJKoZIhvcNAQEMBQAwMzEPMA0GA1UE
ChMGUmVNb29uMQ8wDQYDVQQLEwZSZU1vb24xDzANBgNVBAMTBlJlTW9vbjAeFw0y
MzAyMTQwMDAwMDBaFw0zMzAyMTMyMzU5NTlaMDkxDzANBgNVBAoTBlJlTW9vbjEP
MA0GA1UECxMGUmVNb29uMRUwEwYDVQQDEwxSZU1vb24gU3RhZmYwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDKzJiqCaERV6VP8OS1Lx8Ua8ZO43vgBfYU
QfUmAa//z2Q56nRG5mhnkFb3unrcWs2M77JFBfLnwbw3FFdU7ImTAxypZeyz5WvV
vHdlUyYZZ5KFPuZ430i1WVL2VMIosKo2NS8cjouYrDZ7JKHuCJIASI3Uo0fuumw+
DbdqKix7/JNCwaGC9f8j7P5whJy00DFnQIYl/zi0k4hRqx+nvsl47OI+is5Iz6p1
+3f513tKz4Bt9kzanAscEC9rQ+EscxrpIWR9rcxnHVKxEftA+T4M/NW7qPY3zxGc
oV/9aMq6NGUAQ7rBC5XKXTxi/+9uK5A7pIQelykgswoNqiAioN/JE4v2yR9wXudW
p/HuSDlQTOHR0JuvbbwHLeAGo5TB47XcbI7Qq+5t+ibESF+k/M+va6Ijn0d+AvZr
2GEtyErv/WZLNO2CyUuDQjmuoqOX7jXWwHZTzaQqF/qwLsB+rCinv33cU5kePGpp
uryyLZl9tk9OxUYpOswLRl/q3YlguNrdlCi1aRSKWm+aoip5kmZCAAbwRt/QF7bd
RWR7XLX7Uv49QGylLBm9pEb9TO9haIqCYWKU1gHO2Al0V34fTU0bIHtmaALVnM22
Sbl8xgYfsRAmn3vlXXGzRBc11+5vp1CvVQOUIPfHQvSRt6UJNyMVV8iljmsqlOMd
B5NtUv7C0wIDAQABo3IwcDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR3HI5V
KtwJIrH/HzzawGRVtVG2WDALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
MB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQEMBQAD
ggQBAHi5v1j5Ik/fAebrO1+xIo1mVfsuocyZdJkwC2lo9w8822vtc0yfbZCE4Zo6
ZhWePal99A+2CtE+t9Inv4/fUzr9ZsDTPLEoBhmMBY19Eqbylzw60MmeJSDZwyQY
uaaR5fx0BsJUH3Tuk7D412w7p+E/zp7GVLhuhImzM1wxG/XWMqgJuPEUAwOesf02
1iD+JBmki3ba1S75/sUxv38agRIAozQfuDPxsagAbaPuT8CQLXfCuE374Nzn5SF3
6ocRcphnIxTcn7fxnMi1HgCSNQfyogx+l8UdrBVdIiZKHB5XIe4ATZk/tJmIIaNv
aihKdsv+TAW8ogQjQgMZu7O+Hdb8V+bqdoMcRrVA7fLDlNYuhQxyQIqeAOfgp9oB
5kslS8oSNfnEvc8Dwv/R/3daYDPwQFuJISgfclUa3077AdpEK6g3TkkOBbJ9FlwD
gIosfUYMB9OVnTSDwxE6nXx9w2V1hXaQ50n/plWwDcn1VhdTtExsbSOkUm3W5Ks/
GnkmaIgDvgvyhLRQA95+l6CUWU6jM4iGivzvVm+8nk++iPrt3i7c6CSy5o7F//Ot
1k+EoInd/2OBy0xprJrJDUJFQ4xnzyVdfrApDJaqaz1wJVDaus3XJbmcxj1Dx9Yl
Ht0TDu6domp12/iYSzWXh+8+UC4N5saVaAA87Am3OwjZa+keY6eMYPdb16eaor0L
NtejK1meLgTSuIA9rJE8p31S5WwuJdZcPr2o5sjnb7dbWhtpBlzccqcrGFCJPP+Y
tmliYRgnLROdidYZWhj4jd0kEKXhoQ+VDW7FDE8DgiYP+feDvHPzg19r3I/VWkDX
FyibNKBPLTk/fByr0f6qehanAOlYRI3VMx3y43Oepbi0G+EIopbKt+SBCRUdLndE
tDVVU/bB5b8kWFIlfAspTWTOFPxjuxxrbP+/txkrZbKQNilVXJFYVuO4OgWlxiVm
0vEmCqasXYiZacv8SYWM0/Vw4DhJDMxn0DZOu10EY4XR0n+Aq1hOBtPtAMA5vfsL
wzXtgreIWhjKGqeJ3p58cFjO/nNOfgxGBd8SVkO/PwASR+a+7vnUmGqeOK8xY0HW
AxkpJmrUaNMu+ilExpGsIDRH4CMoJ604jZEQZ5PUWaRWNeEzpjKvxELKd02SqOuG
6xwjBJ909iDMNFjt/tvH6kFj9D14R70K9u+EsdRaxJ8Av62ehYAFhQD2iDH0aDyL
2ZafXLLHctEuBqer74Csl7vXgtNNighXnTycSJBOM9gWv4K42eTdgVdbWKTZ1xro
w/OvU4DJWop3WxS1zVWhAN2slMMRR4sSDUMSm2i/4A8xUEaT7J5QLyRg3Zu5uC4V
FdhUnLUJ665dzfb6nhFBu4xidiA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIJXDCCBUSgAwIBAgIITezjqmYLRP0wDQYJKoZIhvcNAQEMBQAwMzEPMA0GA1UE
ChMGUmVNb29uMQ8wDQYDVQQLEwZSZU1vb24xDzANBgNVBAMTBlJlTW9vbjAgFw0y
MzAyMTQwMDAwMDBaGA8yMTIzMDIxMzIzNTk1OVowMzEPMA0GA1UEChMGUmVNb29u
MQ8wDQYDVQQLEwZSZU1vb24xDzANBgNVBAMTBlJlTW9vbjCCBCIwDQYJKoZIhvcN
AQEBBQADggQPADCCBAoCggQBAL9hiU++mkc9rPGexGKH5vRmUq9KFoH++CWJX9y9
p+NwfVRpc6cQ7vxjc0RHqfMo125wtnsikut25xYT9RLGAmoQ882LjpVyn4gSEqYh
flF9kgnZxsP9sH3CPahzg3+/CoET++Ar0Any4qorpRX7Ihgp/rgN7TM4elPnfo8l
XyAi0nkpuGR5JR/FcF4sdSBBoUVprK0MQZdoLjVU4sQFQ+uqrI/TwBHXkx1wn4nf
fOS9Ro9F8FQqz5MCt24jo/wZQohvoG0ZVqMNcpRXqEuM6BJVIQOegqiqiB6LVNk2
bI+7Ghb8lkZVEwQOrHsVvXYJ//rbmx1LAFHqlXnZKECd5gtl4ZcfwVXFqFmVM+zD
GVb1Uxz166NywseK/dBY81TxURLkPREsGvvGmYoNEMa2mYhfCK2H6tDJsg/dM0pG
0x19/7HPm72nKEDnAuunbXRaSbl5NuPM3FS6+cjIKfY3rDChasym0NP9D46J4MnC
YgFsaBw9L0WA0FNmBa571qJNvs31puqk+GLm/h1+/2UuS+ItOdOAmtc4WgiwhCXu
wYQIT3kj+EiwWFZQeyzoswIkn2VE5D+Acm2KsgCoEP4f1WK13VWEFdf96268UN9/
mHwMPUYfgHPbdxL3BGhBp8NNtwTCjWMgo1ss+Bb5dLwxte6WagAEjLVnNBqdmsYI
YjjaT8iDYMDUMc7083PNZNeDqi+qN4Ez1/2C+lMYgWc7sl3lEPqx6B5enP5t6MAz
bJBGUVn5Q8QBQ2tWRWZpcp3ksZN1f2NtVeIqrhiXQlfnNWj3fcEpnOtCOPjYqR23
bsd4+BvyirctP/7TpoIk1d9MYENDjJU8VvdzNH+e5FVvW/iMDw7ijsaSMa7Nsqth
5oZHiM1oMcgvp/iYyZ++20+vLWSncL0/zL/Xl0Oz/Cx5rHMRqcMuKe/iMzndITWh
GlKCEguEkVXogQ+J1bOwMiqRe24l85pO1c7YEk6SGfyk/qwZzOoTLx2lXTIUGewz
/goSfCbZS/1R29vUNC2FxjIQbJ8Azc1KEM88/afolzrXo/eiTROmyWEUU4AbfuIK
SxAnm2tRnuRO1Fc0o5hRXkbZDsDjlC1N5L/jnWXEQP3IPBhWdWnbd1tX2t8iJpyX
dYdoLPCZjRJstvfTt7CVR8PE/u8u4y5kckWUQoY3rCqO7wbXzXqOxboqPJERxypv
qIFHGYWUS1XmSsBCEjpOMlF4vk0x8Xm+ngokYqbYLyB0UZmS1VLmDXSNKkkLILTP
oTXJOec3ZsnIVRToQiYh5YX+pfBh3iy/rlz0ETh0gtstbblB0wmYehBqxP6i7V0r
3bpS0cd7BIdJTpMy/l6A1gtaYmutMrP1CW07wIAMCoHorOECAwEAAaNyMHAwDwYD
VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUdeVSyCgRksB3TK47fG17+/3OMdUwCwYD
VR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAeBglghkgBhvhCAQ0EERYPeGNh
IGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBDAUAA4IEAQA8QBVjhEInwRGtjdVM45qp
uCdmvS3r2sPA+E6yDsNzSIU/11t3nCMSgQXXdPF06wKpumUkX7aYOyHGiOBqPpF0
IfiyHaHAsXdbRL5vLWG/ZBpKfQ3NHd/RVlq+5mv5047aP1MmUXpUbmZN9aNRJMlq
JtB1fdKl22FLgPWHemEL5q8OOf9Bz8s9tn0KVppsbot5jivPod315cJLqynVxAp7
/pZ56zG7u6lFlezG5QtCORILz+a8XGbxMGxQ8bCRD7ON1bQlSo+2gFUj+RQ7S/fR
mHzKFgfZxN7fky3ZTRzKv6Q4cRgSMWu0Zz+srCMI8jIEK9ZQJh7YNKOdaaZxS7Gc
eZ/8QxwOyYQ3K7ZEduwFK5+AxkPWddMdEsP3opYXmn0V6hsAZIg+i1me8iDkMW0Z
Vrdgh5B2AHDPgiWm1HDAiXclnJq6b9ATV4jAkKMtogTkCHyrA43gwuwNRO4jgsIW
IF4BOE0DbJhh3A9rL30Svxo4guF/CxiFPG8DtVW1Pzg9zlBvqubCEDQ6hzGSdSZA
JMOYKhg3qdqy+7LX5xOiC+H9dlKtnf0cNt1GA2b1UYjQtcy6CXtMncJypI+VgR3w
l+oOuhRcsHrMCDDVjADzTnjj3HjItwFwQ3Bl/qG3xUz9LWQLNik8QqZdtE5BmEsF
2mmDKol5U8XU01mP7Sk48cTgYA1iVoIsrHAPlqO+RHoiWFNjMHNNut7DYrwnM8V1
HAvS8Lv3BROGMMaAGtvoz0fuXkY/Fxq2gnu2jF6nTvlmYUJGbaoCuWzbCc++3hc8
VC723HKB0XbaBlfWMZLiBB0ZAYakvy4NHoWEmuztsr/wBB0Xw/QvBYxowmZZgRnM
G3074Nx2+llCPKG/DU6CozCDV7PmHIKYU3y3hYoX1RSqnUa7537I8TWeJlB6Rso5
eNROY+jOPSfjJh+1T+dZtyNWdWsiJb3fVDjXCnHAp4HFUOilNpybYp1q86SDlnFg
+Qe3X9CLk4w1wGLdNdztxcGmsPgQBhLvGTmC6VS8r9OMZZhLdrwqgpvCIy0U2tBF
X4qXgw5lWC/fc54tZGG3Qz95Oy3XxJjJg6s68NJR0EuNrEDUBP4uhr94KwHdnviy
vC7gtqEucqDvH1DnMaSGX9TgvX1QHBOgMeImXtoEomsaB9jsiI5oCxUScnD01jCQ
GKEJLMBxTYwMc8TmHSUim7H/N5hp/9gnaUykOAtExOXaAddAEtvWsdW1FQUZnKiF
q4D6HgecXMUxWK9hiWss7xGLY4t2rfO+NG6IuMK3yefGP/n7+2/bqUnUNPuSwXn1
mGaYxvqovADz7+20TxO/32YYy2oWRZXUpD6w6o2EhXI2zj1jOa0JwqTlig74PooP
-----END CERTIFICATE-----
`;

import {
  X509Certificate,
  cryptoProvider,
  X509ChainBuilder,
} from "@peculiar/x509";
import { Crypto } from "@peculiar/webcrypto";

const crypto = new Crypto();
cryptoProvider.set(crypto);

const caa = pem2
  .match(/\-+BEGIN CERTIFICATE\-+[^-]+\-+END CERTIFICATE\-+/g)
  .map((s) => {
    return new X509Certificate(s);
  });

const c = new X509ChainBuilder({
  certificates: caa.slice(1),
});

const chains = await c.build(caa[0]);
debugger;
if (chains.length !== 3) {
  throw new Error("export pubkey verify failed");
}
microshine commented 10 months ago

I found what the problem was. When building the chain, the public key was exported without considering the certificate's signature algorithm. In your example, the certificate was signed with RSASSA-PKCS1-v1_5+SHA-384, but the application exported the key with the algorithm RSASSA-PKCS1-v1_5+SHA-256.

This is an implementation error. I will try to fix it as soon as possible.

microshine commented 10 months ago

I've released a new version of @peculiar/webcrypto@1.9.5, addressing the current issue with certificate chain construction. Could you please check the latest version? Thank you for your cooperation.

shynome commented 10 months ago

It is working.