Open apowers313 opened 6 years ago
Apple's new notification system is using x5c as well. This post is from 2018, but the docs have X.509 support listed under TODO; any idea when that might happen?
+1
You can do this with Node 15+ -
import {X509Certificate} from 'node:crypto';
// create an x509 Certficate
const x509 = new X509Certificate(`-----BEGIN CERTIFICATE-----
${x5c[0]}
-----END CERTIFICATE-----`);
let verified = await jwt.verify(encodedToken, x509.publicKey);
If you need to verify a chain -
import {X509Certificate} from 'node:crypto';
// create an x509 Certficate
const x5091 = new X509Certificate(`-----BEGIN CERTIFICATE-----
${x5c[1]}
-----END CERTIFICATE-----`);
// create the second x509 Certificate
const x5090 = new X509Certificate(`-----BEGIN CERTIFICATE-----
${x5[0]}
-----END CERTIFICATE-----`);
if (x5090.verify(x5091.publicKey) === true) {
let verified = await jwt.verify(response.signedTransactionInfo, x5090.publicKey);
}
I have a couple JWTs that use x5c in the headers (Android SafetyNet attestation, FIDO Metadata Service). Would it be possible to add validation of JWS that's using x5c?
Here's the Android SafetyNet JWS:
And the FIDO MDS JWT:
See also: auth0/node-jsonwebtoken#314