From c5449d0cb8500240d5b5177e08c6649a96150ba1 Mon Sep 17 00:00:00 2001 From: Adhiraj Singh Date: Thu, 24 Jul 2025 10:38:28 +0530 Subject: [PATCH 1/2] feat: allow loading root cas from global var --- package.json | 2 +- src/scripts/ca-template.ts | 191 +---------------- src/scripts/update-ca-certs.ts | 2 +- src/types/index.ts | 6 +- src/utils/additional-root-cas.js | 185 +++++++++++++++++ src/utils/index.ts | 2 +- src/utils/{root-ca.ts => mozilla-root-cas.ts} | 193 +----------------- src/utils/parse-certificate.ts | 23 ++- tsconfig.json | 3 +- 9 files changed, 217 insertions(+), 390 deletions(-) create mode 100644 src/utils/additional-root-cas.js rename src/utils/{root-ca.ts => mozilla-root-cas.ts} (95%) diff --git a/package.json b/package.json index 6f3367e..e7e49dd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@reclaimprotocol/tls", - "version": "0.0.5", + "version": "0.0.6", "description": "WebCrypto Based Cross Platform TLS", "main": "lib/index", "scripts": { diff --git a/src/scripts/ca-template.ts b/src/scripts/ca-template.ts index f10f10a..1340671 100644 --- a/src/scripts/ca-template.ts +++ b/src/scripts/ca-template.ts @@ -1,195 +1,6 @@ /* eslint indent: 0 */ -import { loadX509FromPem } from './x509' -const ADDITIONAL_ROOT_CA_LIST = [ - `-----BEGIN CERTIFICATE----- -MIIFjDCCA3SgAwIBAgIQfx8skC6D0OO2+zvuR4tegDANBgkqhkiG9w0BAQsFADBM -MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xv -YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMzA3MTkwMzQzMjVaFw0y -NjA3MTkwMDAwMDBaMFUxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu -IG52LXNhMSswKQYDVQQDEyJHbG9iYWxTaWduIEdDQyBSNiBBbHBoYVNTTCBDQSAy -MDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00Jvk5ADppO0rgDn -j1M14XIb032Aas409JJFAb8cUjipFOth7ySLdaWLe3s63oSs5x3eWwzTpX4BFkzZ -bxT1eoJSHfT2M0wZ5QOPcCIjsr+YB8TAvV2yJSyq+emRrN/FtgCSTaWXSJ5jipW8 -SJ/VAuXPMzuAP2yYpuPcjjQ5GyrssDXgu+FhtYxqyFP7BSvx9jQhh5QV5zhLycua -n8n+J0Uw09WRQK6JGQ5HzDZQinkNel+fZZNRG1gE9Qeh+tHBplrkalB1g85qJkPO -J7SoEvKsmDkajggk/sSq7NPyzFaa/VBGZiRRG+FkxCBniGD5618PQ4trcwHyMojS -FObOHQIDAQABo4IBXzCCAVswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS9 -BbfzipM8c8t5+g+FEqF3lhiRdDAfBgNVHSMEGDAWgBSubAWjkxPioufi1xzWx/B/ -yGdToDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwMi5n -bG9iYWxzaWduLmNvbS9yb290cjYwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUu -Z2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjYuY3J0MDYGA1UdHwQvMC0wK6Ap -oCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yNi5jcmwwIQYDVR0g -BBowGDAIBgZngQwBAgEwDAYKKwYBBAGgMgoBAzANBgkqhkiG9w0BAQsFAAOCAgEA -fMkkMo5g4mn1ft4d4xR2kHzYpDukhC1XYPwfSZN3A9nEBadjdKZMH7iuS1vF8uSc -g26/30DRPen2fFRsr662ECyUCR4OfeiiGNdoQvcesM9Xpew3HLQP4qHg+s774hNL -vGRD4aKSKwFqLMrcqCw6tEAfX99tFWsD4jzbC6k8tjSLzEl0fTUlfkJaWpvLVkpg -9et8tD8d51bymCg5J6J6wcXpmsSGnksBobac1+nXmgB7jQC9edU8Z41FFo87BV3k -CtrWWsdkQavObMsXUPl/AO8y/jOuAWz0wyvPnKom+o6W4vKDY6/6XPypNdebOJ6m -jyaILp0quoQvhjx87BzENh5s57AIOyIGpS0sDEChVDPzLEfRsH2FJ8/W5woF0nvs -BTqfYSCqblQbHeDDtCj7Mlf8JfqaMuqcbE4rMSyfeHyCdZQwnc/r9ujnth691AJh -xyYeCM04metJIe7cB6d4dFm+Pd5ervY4x32r0uQ1Q0spy1VjNqUJjussYuXNyMmF -HSuLQQ6PrePmH5lcSMQpYKzPoD/RiNVD/PK0O3vuO5vh3o7oKb1FfzoanDsFFTrw -0aLOdRW/tmLPWVNVlAb8ad+B80YJsL4HXYnQG8wYAFb8LhwSDyT9v+C1C1lcIHE7 -nE0AAp9JSHxDYsma9pi4g0Phg3BgOm2euTRzw7R0SzU= ------END CERTIFICATE-----`, // GlobalSign GCC R6 AlphaSSL CA 2023 intermediate till 2026 - `-----BEGIN CERTIFICATE----- -MIIGGTCCBAGgAwIBAgIQE31TnKp8MamkM3AZaIR6jTANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx -MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBlTELMAkGA1UEBhMCR0IxGzAZBgNV -BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE -ChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6 -YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAnJMCRkVKUkiS/FeN+S3qU76zLNXYqKXsW2kDwB0Q -9lkz3v4HSKjojHpnSvH1jcM3ZtAykffEnQRgxLVK4oOLp64m1F06XvjRFnG7ir1x -on3IzqJgJLBSoDpFUd54k2xiYPHkVpy3O/c8Vdjf1XoxfDV/ElFw4Sy+BKzL+k/h -fGVqwECn2XylY4QZ4ffK76q06Fha2ZnjJt+OErK43DOyNtoUHZZYQkBuCyKFHFEi -rsTIBkVtkuZntxkj5Ng2a4XQf8dS48+wdQHgibSov4o2TqPgbOuEQc6lL0giE5dQ -YkUeCaXMn2xXcEAG2yDoG9bzk4unMp63RBUJ16/9fAEc2wIDAQABo4IBbjCCAWow -HwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFBfZ1iUn -Z/kxwklD2TA2RIxsqU/rMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/ -AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYG -BFUdIAAwCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl -cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy -bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy -dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ -aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAThNA -lsnD5m5bwOO69Bfhrgkfyb/LDCUW8nNTs3Yat6tIBtbNAHwgRUNFbBZaGxNh10m6 -pAKkrOjOzi3JKnSj3N6uq9BoNviRrzwB93fVC8+Xq+uH5xWo+jBaYXEgscBDxLmP -bYox6xU2JPti1Qucj+lmveZhUZeTth2HvbC1bP6mESkGYTQxMD0gJ3NR0N6Fg9N3 -OSBGltqnxloWJ4Wyz04PToxcvr44APhL+XJ71PJ616IphdAEutNCLFGIUi7RPSRn -R+xVzBv0yjTqJsHe3cQhifa6ezIejpZehEU4z4CqN2mLYBd0FUiRnG3wTqN3yhsc -SPr5z0noX0+FCuKPkBurcEya67emP7SsXaRfz+bYipaQ908mgWB2XQ8kd5GzKjGf -FlqyXYwcKapInI5v03hAcNt37N3j0VcFcC3mSZiIBYRiBXBWdoY5TtMibx3+bfEO -s2LEPMvAhblhHrrhFYBZlAyuBbuMf1a+HNJav5fyakywxnB2sJCNwQs2uRHY1ihc -6k/+JLcYCpsM0MF8XPtpvcyiTcaQvKZN8rG61ppnW5YCUtCC+cQKXA0o4D/I+pWV -idWkvklsQLI+qGu41SWyxP7x09fn1txDAXYw+zuLXfdKiXyaNb78yvBXAfCNP6CH -MntHWpdLgtJmwsQt6j8k9Kf5qLnjatkYYaA7jBU= ------END CERTIFICATE-----`, //Sectigo RSA Organization Validation Secure Server CA - `-----BEGIN CERTIFICATE----- -MIII+DCCB+CgAwIBAgIQbAP9+jGpC4MAqlBK9HsanzANBgkqhkiG9w0BAQsFADCB -lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD -EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy -dmVyIENBMB4XDTI0MDgyNjAwMDAwMFoXDTI1MDgyNjIzNTk1OVowXTELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHDAaBgNVBAoTE1N0YXRlIG9mIENh -bGlmb3JuaWExGzAZBgNVBAMTEmNvbm5lY3QuZGNhLmNhLmdvdjCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBALqonPJQIJB5rqVt3lFhVCAWVDaUiHINR/0a -BtHeqP2Ue5EsLGwdCNCRrj8ge0bCqQh25UBEmIOrTWU3HcmyBYPG51TPp+T5GER2 -r8daV5oqSFpVIThArZF58Omwsbv38hkNn1LCdZher/yqbuZJNHZd2Z/h3Xv410us -y2EnrALnoKkRUvJ/hfX3Wpn9H+gYILEjwS3Bz4RZbMNnZCmaKFvKdk4hL/5Nyfgi -ysHgJIM1jTitd24gilbA9RTLpak7naSxevb0SVa48hywpN8zoeDnOE/QIPGZ3CDJ -70zHpZ9/T+soTtnTOAkVR3gCq6ZNshfizV6hqQTIvk6w8Ce7AoHv47EIRDwpb6RD -gODEyZJFxR27/lZrXq3yvaiE0ZXkBFjJ6B4N+IuxpKrflRuddv5ObOm9AxunUsCM -bhSf+7M8ECKk9j/IPYoKChfhxOyDQPKZSUtHx94+L5Z+7ri01S5ahkVlIY9O7VRz -PU3YoqNslBUpAIrRYfjN1ej5FGgo867i5RUB9deFgJ/DMwbT0WN9e5DkVDcREbl4 -mJDRife0nZW88GgLDgFvvw3aFna+MtvE9BKgnTnPUUB9yiRJryj0i0qkIV30XF62 -CuNYEn8V24VvRv95wnsT6W758DGY7BspK18XVwL+LiA+GvkMFehhIRW6BBw1Txv9 -+NYVTTm1AgMBAAGjggR5MIIEdTAfBgNVHSMEGDAWgBQX2dYlJ2f5McJJQ9kwNkSM -bKlP6zAdBgNVHQ4EFgQUYXACOqlHJoJQcEG3L0ICy9gYsV4wDgYDVR0PAQH/BAQD -AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC -MEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUHAgEWF2h0dHBz -Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklo -dHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxp -ZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+MHwwVQYIKwYB -BQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXph -dGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0 -dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA -dQDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZGPYefYAAAEAwBG -MEQCIC3PuRJmsoXOdITZPFofbx+GkT9JlXYA4rFD66SEzQYNAiBFdkL0000FzUHJ -A11IglFWjubgpuCz7ct1NqW7nDwxFQB2AA3h8jAr0w3BQGISCepVLvxHdHyx1+kw -7w5CHrR+Tqo0AAABkY9h57UAAAQDAEcwRQIhAKN6rHqqCeFQKpBS36UE+z/kTXru -A7bI/NrW6k+vZXNBAiBJ1mayfSQJPX3LVpPBNK1kHIXI612M9Tpmrt9prraFlgB3 -ABLxTjS9U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkY9h57UAAAQDAEgw -RgIhALJAVx2+PVTOBjKeEkYLyTChpUyITMx2yJoZ8Zxe4C1nAiEAyKSU0BY4Wu/e -du3YZFHbBymWlfsDCPtkUYUXuaZPqrMwggE9BgNVHREEggE0MIIBMIISY29ubmVj -dC5kY2EuY2EuZ292ghVjb25uZWN0LXdzLmNhYi5jYS5nb3aCFWNvbm5lY3Qtd3Mu -Y2ZiLmNhLmdvdoIlY29ubmVjdC13cy5jb3VydHJlcG9ydGVyc2JvYXJkLmNhLmdv -doIVY29ubmVjdC13cy5kY2EuY2EuZ292ghZjb25uZWN0LXdzLmxhdGMuY2EuZ292 -ghtjb25uZWN0LXdzLnBlc3Rib2FyZC5jYS5nb3aCEmNvbm5lY3QuY2FiLmNhLmdv -doISY29ubmVjdC5jZmIuY2EuZ292giJjb25uZWN0LmNvdXJ0cmVwb3J0ZXJzYm9h -cmQuY2EuZ292ghNjb25uZWN0LmxhdGMuY2EuZ292ghhjb25uZWN0LnBlc3Rib2Fy -ZC5jYS5nb3YwDQYJKoZIhvcNAQELBQADggEBAH8SsgW//ibqOZhMifgDLy2z4srI -OwYMaWi0mxRO/6fgCO9BcpvT22vrMZYo3JuaEHtKT0joh5mdsfm/3tttEgnFYV5h -gK4xgkZ/BbXoKWi+lmZPvxQJJFoRRg1WPnTvH+S7hUS0JAi4Wzmt7GGKhKnr5Fp3 -qTMIS9g0NQNGrV9pYqK1AQFzk0BBdemBqzUHLQjJ1k176AlvXP7xjW9Fi/Fdasat -dfOtR3XILf1FTAjKGeGS9q2e4h6aZvLmdsDlCiG+YocUpTIOtdiF00zA4MybExyZ -pfy9x5+dKWTyekk5jr54LEFQ5kUDJaGZ0KnDuOxhDSpAO/Yb/Z/3ZAk2G0s= ------END CERTIFICATE-----`, //connect.dca.ca.gov -`-----BEGIN CERTIFICATE----- -MIIEjTCCA3WgAwIBAgIQDQd4KhM/xvmlcpbhMf/ReTANBgkqhkiG9w0BAQsFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH -MjAeFw0xNzExMDIxMjIzMzdaFw0yNzExMDIxMjIzMzdaMGAxCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xHzAdBgNVBAMTFkdlb1RydXN0IFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC+F+jsvikKy/65LWEx/TMkCDIuWegh1Ngwvm4Q -yISgP7oU5d79eoySG3vOhC3w/3jEMuipoH1fBtp7m0tTpsYbAhch4XA7rfuD6whU -gajeErLVxoiWMPkC/DnUvbgi74BJmdBiuGHQSd7LwsuXpTEGG9fYXcbTVN5SATYq -DfbexbYxTMwVJWoVb6lrBEgM3gBBqiiAiy800xu1Nq07JdCIQkBsNpFtZbIZhsDS -fzlGWP4wEmBQ3O67c+ZXkFr2DcrXBEtHam80Gp2SNhou2U5U7UesDL/xgLK6/0d7 -6TnEVMSUVJkZ8VeZr+IUIlvoLrtjLbqugb0T3OYXW+CQU0kBAgMBAAGjggFAMIIB -PDAdBgNVHQ4EFgQUlE/UXYvkpOKmgP792PkA76O+AlcwHwYDVR0jBBgwFoAUTiJU -IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB -BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud -HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds -b2JhbFJvb3RHMi5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEW -HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEB -AIIcBDqC6cWpyGUSXAjjAcYwsK4iiGF7KweG97i1RJz1kwZhRoo6orU1JtBYnjzB -c4+/sXmnHJk3mlPyL1xuIAt9sMeC7+vreRIF5wFBC0MCN5sbHwhNN1JzKbifNeP5 -ozpZdQFmkCo+neBiKR6HqIA+LMTMCMMuv2khGGuPHmtDze4GmEGZtYLyF8EQpa5Y -jPuV6k2Cr/N3XxFpT3hRpt/3usU/Zb9wfKPtWpoznZ4/44c1p9rzFcZYrWkj3A+7 -TNBJE0GmP2fhXhP1D/XVfIW/h0yCJGEiV9Glm/uGOa3DXHlmbAcxSyCRraG+ZBkA -7h4SeM6Y8l/7MBRpPCz6l8Y= ------END CERTIFICATE-----`, //GeoTrust TLS RSA CA G1 - `-----BEGIN CERTIFICATE----- -MIIGTDCCBDSgAwIBAgIQOXpmzCdWNi4NqofKbqvjsTANBgkqhkiG9w0BAQwFADBf -MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD -Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw -HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEY -MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1Ymxp -YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRFYgUjM2MIIBojANBgkqhkiG9w0B -AQEFAAOCAY8AMIIBigKCAYEAljZf2HIz7+SPUPQCQObZYcrxLTHYdf1ZtMRe7Yeq -RPSwygz16qJ9cAWtWNTcuICc++p8Dct7zNGxCpqmEtqifO7NvuB5dEVexXn9RFFH -12Hm+NtPRQgXIFjx6MSJcNWuVO3XGE57L1mHlcQYj+g4hny90aFh2SCZCDEVkAja -EMMfYPKuCjHuuF+bzHFb/9gV8P9+ekcHENF2nR1efGWSKwnfG5RawlkaQDpRtZTm -M64TIsv/r7cyFO4nSjs1jLdXYdz5q3a4L0NoabZfbdxVb+CUEHfB0bpulZQtH1Rv -38e/lIdP7OTTIlZh6OYL6NhxP8So0/sht/4J9mqIGxRFc0/pC8suja+wcIUna0HB -pXKfXTKpzgis+zmXDL06ASJf5E4A2/m+Hp6b84sfPAwQ766rI65mh50S0Di9E3Pn -2WcaJc+PILsBmYpgtmgWTR9eV9otfKRUBfzHUHcVgarub/XluEpRlTtZudU5xbFN -xx/DgMrXLUAPaI60fZ6wA+PTAgMBAAGjggGBMIIBfTAfBgNVHSMEGDAWgBRWc1hk -lfmSGrASKgRieaFAFYghSTAdBgNVHQ4EFgQUaMASFhgOr872h6YyV6NGUV3LBycw -DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYI -KwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEw -VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdv -UHVibGljU2VydmVyQXV0aGVudGljYXRpb25Sb290UjQ2LmNybDCBhAYIKwYBBQUH -AQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp -Z29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvblJvb3RSNDYucDdjMCMGCCsGAQUF -BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEA -YtOC9Fy+TqECFw40IospI92kLGgoSZGPOSQXMBqmsGWZUQ7rux7cj1du6d9rD6C8 -ze1B2eQjkrGkIL/OF1s7vSmgYVafsRoZd/IHUrkoQvX8FZwUsmPu7amgBfaY3g+d -q1x0jNGKb6I6Bzdl6LgMD9qxp+3i7GQOnd9J8LFSietY6Z4jUBzVoOoz8iAU84OF -h2HhAuiPw1ai0VnY38RTI+8kepGWVfGxfBWzwH9uIjeooIeaosVFvE8cmYUB4TSH -5dUyD0jHct2+8ceKEtIoFU/FfHq/mDaVnvcDCZXtIgitdMFQdMZaVehmObyhRdDD -4NQCs0gaI9AAgFj4L9QtkARzhQLNyRf87Kln+YU0lgCGr9HLg3rGO8q+Y4ppLsOd -unQZ6ZxPNGIfOApbPVf5hCe58EZwiWdHIMn9lPP6+F404y8NNugbQixBber+x536 -WrZhFZLjEkhp7fFXf9r32rNPfb74X/U90Bdy4lzp3+X1ukh1BuMxA/EEhDoTOS3l -7ABvc7BYSQubQ2490OcdkIzUh3ZwDrakMVrbaTxUM2p24N6dB+ns2zptWCva6jzW -r8IWKIMxzxLPv5Kt3ePKcUdvkBU/smqujSczTzzSjIoR5QqQA6lN1ZRSnuHIWCvh -JEltkYnTAH41QJ6SAWO66GrrUESwN/cgZzL4JLEqz1Y= ------END CERTIFICATE-----` // Sectigo Public Server Authentication CA DV R36 -] /** * Mozilla Root CA List * downloaded from: https://wiki.mozilla.org/CA/Included_Certificates */ -const ROOT_CA_LIST = ['<>'] -ROOT_CA_LIST.push(...ADDITIONAL_ROOT_CA_LIST) -/** - * Reclaim root CA store - */ -export const ROOT_CAS = ROOT_CA_LIST - .map(loadX509FromPem) \ No newline at end of file +export const MOZILLA_ROOT_CA_LIST = ['<>'] \ No newline at end of file diff --git a/src/scripts/update-ca-certs.ts b/src/scripts/update-ca-certs.ts index 4cee92f..2d1f8e1 100644 --- a/src/scripts/update-ca-certs.ts +++ b/src/scripts/update-ca-certs.ts @@ -33,7 +33,7 @@ async function main() { } const newData = data.replace('\'<>\'', certs) - fs.writeFileSync('src/utils/root-ca.ts', Buffer.from(newData)) + fs.writeFileSync('src/utils/mozilla-root-cas.ts', Buffer.from(newData)) } main().then() \ No newline at end of file diff --git a/src/types/index.ts b/src/types/index.ts index 639b879..fcaf92a 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -1,4 +1,8 @@ export * from './x509' export * from './tls' export * from './crypto' -export * from './logger' \ No newline at end of file +export * from './logger' + +declare global { + const TLS_ADDITIONAL_ROOT_CA_LIST: string[] +} \ No newline at end of file diff --git a/src/utils/additional-root-cas.js b/src/utils/additional-root-cas.js new file mode 100644 index 0000000..d497ecd --- /dev/null +++ b/src/utils/additional-root-cas.js @@ -0,0 +1,185 @@ +/* eslint indent: 0 */ +global.TLS_ADDITIONAL_ROOT_CA_LIST ||= [] + +TLS_ADDITIONAL_ROOT_CA_LIST.push([ + `-----BEGIN CERTIFICATE----- +MIIFjDCCA3SgAwIBAgIQfx8skC6D0OO2+zvuR4tegDANBgkqhkiG9w0BAQsFADBM +MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xv +YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMzA3MTkwMzQzMjVaFw0y +NjA3MTkwMDAwMDBaMFUxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu +IG52LXNhMSswKQYDVQQDEyJHbG9iYWxTaWduIEdDQyBSNiBBbHBoYVNTTCBDQSAy +MDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00Jvk5ADppO0rgDn +j1M14XIb032Aas409JJFAb8cUjipFOth7ySLdaWLe3s63oSs5x3eWwzTpX4BFkzZ +bxT1eoJSHfT2M0wZ5QOPcCIjsr+YB8TAvV2yJSyq+emRrN/FtgCSTaWXSJ5jipW8 +SJ/VAuXPMzuAP2yYpuPcjjQ5GyrssDXgu+FhtYxqyFP7BSvx9jQhh5QV5zhLycua +n8n+J0Uw09WRQK6JGQ5HzDZQinkNel+fZZNRG1gE9Qeh+tHBplrkalB1g85qJkPO +J7SoEvKsmDkajggk/sSq7NPyzFaa/VBGZiRRG+FkxCBniGD5618PQ4trcwHyMojS +FObOHQIDAQABo4IBXzCCAVswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS9 +BbfzipM8c8t5+g+FEqF3lhiRdDAfBgNVHSMEGDAWgBSubAWjkxPioufi1xzWx/B/ +yGdToDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwMi5n +bG9iYWxzaWduLmNvbS9yb290cjYwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUu +Z2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjYuY3J0MDYGA1UdHwQvMC0wK6Ap +oCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yNi5jcmwwIQYDVR0g +BBowGDAIBgZngQwBAgEwDAYKKwYBBAGgMgoBAzANBgkqhkiG9w0BAQsFAAOCAgEA +fMkkMo5g4mn1ft4d4xR2kHzYpDukhC1XYPwfSZN3A9nEBadjdKZMH7iuS1vF8uSc +g26/30DRPen2fFRsr662ECyUCR4OfeiiGNdoQvcesM9Xpew3HLQP4qHg+s774hNL +vGRD4aKSKwFqLMrcqCw6tEAfX99tFWsD4jzbC6k8tjSLzEl0fTUlfkJaWpvLVkpg +9et8tD8d51bymCg5J6J6wcXpmsSGnksBobac1+nXmgB7jQC9edU8Z41FFo87BV3k +CtrWWsdkQavObMsXUPl/AO8y/jOuAWz0wyvPnKom+o6W4vKDY6/6XPypNdebOJ6m +jyaILp0quoQvhjx87BzENh5s57AIOyIGpS0sDEChVDPzLEfRsH2FJ8/W5woF0nvs +BTqfYSCqblQbHeDDtCj7Mlf8JfqaMuqcbE4rMSyfeHyCdZQwnc/r9ujnth691AJh +xyYeCM04metJIe7cB6d4dFm+Pd5ervY4x32r0uQ1Q0spy1VjNqUJjussYuXNyMmF +HSuLQQ6PrePmH5lcSMQpYKzPoD/RiNVD/PK0O3vuO5vh3o7oKb1FfzoanDsFFTrw +0aLOdRW/tmLPWVNVlAb8ad+B80YJsL4HXYnQG8wYAFb8LhwSDyT9v+C1C1lcIHE7 +nE0AAp9JSHxDYsma9pi4g0Phg3BgOm2euTRzw7R0SzU= +-----END CERTIFICATE-----`, // GlobalSign GCC R6 AlphaSSL CA 2023 intermediate till 2026 + `-----BEGIN CERTIFICATE----- +MIIGGTCCBAGgAwIBAgIQE31TnKp8MamkM3AZaIR6jTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx +MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBlTELMAkGA1UEBhMCR0IxGzAZBgNV +BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE +ChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6 +YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAnJMCRkVKUkiS/FeN+S3qU76zLNXYqKXsW2kDwB0Q +9lkz3v4HSKjojHpnSvH1jcM3ZtAykffEnQRgxLVK4oOLp64m1F06XvjRFnG7ir1x +on3IzqJgJLBSoDpFUd54k2xiYPHkVpy3O/c8Vdjf1XoxfDV/ElFw4Sy+BKzL+k/h +fGVqwECn2XylY4QZ4ffK76q06Fha2ZnjJt+OErK43DOyNtoUHZZYQkBuCyKFHFEi +rsTIBkVtkuZntxkj5Ng2a4XQf8dS48+wdQHgibSov4o2TqPgbOuEQc6lL0giE5dQ +YkUeCaXMn2xXcEAG2yDoG9bzk4unMp63RBUJ16/9fAEc2wIDAQABo4IBbjCCAWow +HwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFBfZ1iUn +Z/kxwklD2TA2RIxsqU/rMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/ +AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYG +BFUdIAAwCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl +cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy +bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy +dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ +aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAThNA +lsnD5m5bwOO69Bfhrgkfyb/LDCUW8nNTs3Yat6tIBtbNAHwgRUNFbBZaGxNh10m6 +pAKkrOjOzi3JKnSj3N6uq9BoNviRrzwB93fVC8+Xq+uH5xWo+jBaYXEgscBDxLmP +bYox6xU2JPti1Qucj+lmveZhUZeTth2HvbC1bP6mESkGYTQxMD0gJ3NR0N6Fg9N3 +OSBGltqnxloWJ4Wyz04PToxcvr44APhL+XJ71PJ616IphdAEutNCLFGIUi7RPSRn +R+xVzBv0yjTqJsHe3cQhifa6ezIejpZehEU4z4CqN2mLYBd0FUiRnG3wTqN3yhsc +SPr5z0noX0+FCuKPkBurcEya67emP7SsXaRfz+bYipaQ908mgWB2XQ8kd5GzKjGf +FlqyXYwcKapInI5v03hAcNt37N3j0VcFcC3mSZiIBYRiBXBWdoY5TtMibx3+bfEO +s2LEPMvAhblhHrrhFYBZlAyuBbuMf1a+HNJav5fyakywxnB2sJCNwQs2uRHY1ihc +6k/+JLcYCpsM0MF8XPtpvcyiTcaQvKZN8rG61ppnW5YCUtCC+cQKXA0o4D/I+pWV +idWkvklsQLI+qGu41SWyxP7x09fn1txDAXYw+zuLXfdKiXyaNb78yvBXAfCNP6CH +MntHWpdLgtJmwsQt6j8k9Kf5qLnjatkYYaA7jBU= +-----END CERTIFICATE-----`, //Sectigo RSA Organization Validation Secure Server CA + `-----BEGIN CERTIFICATE----- +MIII+DCCB+CgAwIBAgIQbAP9+jGpC4MAqlBK9HsanzANBgkqhkiG9w0BAQsFADCB +lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD +EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy +dmVyIENBMB4XDTI0MDgyNjAwMDAwMFoXDTI1MDgyNjIzNTk1OVowXTELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHDAaBgNVBAoTE1N0YXRlIG9mIENh +bGlmb3JuaWExGzAZBgNVBAMTEmNvbm5lY3QuZGNhLmNhLmdvdjCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBALqonPJQIJB5rqVt3lFhVCAWVDaUiHINR/0a +BtHeqP2Ue5EsLGwdCNCRrj8ge0bCqQh25UBEmIOrTWU3HcmyBYPG51TPp+T5GER2 +r8daV5oqSFpVIThArZF58Omwsbv38hkNn1LCdZher/yqbuZJNHZd2Z/h3Xv410us +y2EnrALnoKkRUvJ/hfX3Wpn9H+gYILEjwS3Bz4RZbMNnZCmaKFvKdk4hL/5Nyfgi +ysHgJIM1jTitd24gilbA9RTLpak7naSxevb0SVa48hywpN8zoeDnOE/QIPGZ3CDJ +70zHpZ9/T+soTtnTOAkVR3gCq6ZNshfizV6hqQTIvk6w8Ce7AoHv47EIRDwpb6RD +gODEyZJFxR27/lZrXq3yvaiE0ZXkBFjJ6B4N+IuxpKrflRuddv5ObOm9AxunUsCM +bhSf+7M8ECKk9j/IPYoKChfhxOyDQPKZSUtHx94+L5Z+7ri01S5ahkVlIY9O7VRz +PU3YoqNslBUpAIrRYfjN1ej5FGgo867i5RUB9deFgJ/DMwbT0WN9e5DkVDcREbl4 +mJDRife0nZW88GgLDgFvvw3aFna+MtvE9BKgnTnPUUB9yiRJryj0i0qkIV30XF62 +CuNYEn8V24VvRv95wnsT6W758DGY7BspK18XVwL+LiA+GvkMFehhIRW6BBw1Txv9 ++NYVTTm1AgMBAAGjggR5MIIEdTAfBgNVHSMEGDAWgBQX2dYlJ2f5McJJQ9kwNkSM +bKlP6zAdBgNVHQ4EFgQUYXACOqlHJoJQcEG3L0ICy9gYsV4wDgYDVR0PAQH/BAQD +AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC +MEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUHAgEWF2h0dHBz +Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklo +dHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxp +ZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+MHwwVQYIKwYB +BQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXph +dGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0 +dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA +dQDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZGPYefYAAAEAwBG +MEQCIC3PuRJmsoXOdITZPFofbx+GkT9JlXYA4rFD66SEzQYNAiBFdkL0000FzUHJ +A11IglFWjubgpuCz7ct1NqW7nDwxFQB2AA3h8jAr0w3BQGISCepVLvxHdHyx1+kw +7w5CHrR+Tqo0AAABkY9h57UAAAQDAEcwRQIhAKN6rHqqCeFQKpBS36UE+z/kTXru +A7bI/NrW6k+vZXNBAiBJ1mayfSQJPX3LVpPBNK1kHIXI612M9Tpmrt9prraFlgB3 +ABLxTjS9U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkY9h57UAAAQDAEgw +RgIhALJAVx2+PVTOBjKeEkYLyTChpUyITMx2yJoZ8Zxe4C1nAiEAyKSU0BY4Wu/e +du3YZFHbBymWlfsDCPtkUYUXuaZPqrMwggE9BgNVHREEggE0MIIBMIISY29ubmVj +dC5kY2EuY2EuZ292ghVjb25uZWN0LXdzLmNhYi5jYS5nb3aCFWNvbm5lY3Qtd3Mu +Y2ZiLmNhLmdvdoIlY29ubmVjdC13cy5jb3VydHJlcG9ydGVyc2JvYXJkLmNhLmdv +doIVY29ubmVjdC13cy5kY2EuY2EuZ292ghZjb25uZWN0LXdzLmxhdGMuY2EuZ292 +ghtjb25uZWN0LXdzLnBlc3Rib2FyZC5jYS5nb3aCEmNvbm5lY3QuY2FiLmNhLmdv +doISY29ubmVjdC5jZmIuY2EuZ292giJjb25uZWN0LmNvdXJ0cmVwb3J0ZXJzYm9h +cmQuY2EuZ292ghNjb25uZWN0LmxhdGMuY2EuZ292ghhjb25uZWN0LnBlc3Rib2Fy +ZC5jYS5nb3YwDQYJKoZIhvcNAQELBQADggEBAH8SsgW//ibqOZhMifgDLy2z4srI +OwYMaWi0mxRO/6fgCO9BcpvT22vrMZYo3JuaEHtKT0joh5mdsfm/3tttEgnFYV5h +gK4xgkZ/BbXoKWi+lmZPvxQJJFoRRg1WPnTvH+S7hUS0JAi4Wzmt7GGKhKnr5Fp3 +qTMIS9g0NQNGrV9pYqK1AQFzk0BBdemBqzUHLQjJ1k176AlvXP7xjW9Fi/Fdasat +dfOtR3XILf1FTAjKGeGS9q2e4h6aZvLmdsDlCiG+YocUpTIOtdiF00zA4MybExyZ +pfy9x5+dKWTyekk5jr54LEFQ5kUDJaGZ0KnDuOxhDSpAO/Yb/Z/3ZAk2G0s= +-----END CERTIFICATE-----`, //connect.dca.ca.gov +`-----BEGIN CERTIFICATE----- +MIIEjTCCA3WgAwIBAgIQDQd4KhM/xvmlcpbhMf/ReTANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xNzExMDIxMjIzMzdaFw0yNzExMDIxMjIzMzdaMGAxCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xHzAdBgNVBAMTFkdlb1RydXN0IFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC+F+jsvikKy/65LWEx/TMkCDIuWegh1Ngwvm4Q +yISgP7oU5d79eoySG3vOhC3w/3jEMuipoH1fBtp7m0tTpsYbAhch4XA7rfuD6whU +gajeErLVxoiWMPkC/DnUvbgi74BJmdBiuGHQSd7LwsuXpTEGG9fYXcbTVN5SATYq +DfbexbYxTMwVJWoVb6lrBEgM3gBBqiiAiy800xu1Nq07JdCIQkBsNpFtZbIZhsDS +fzlGWP4wEmBQ3O67c+ZXkFr2DcrXBEtHam80Gp2SNhou2U5U7UesDL/xgLK6/0d7 +6TnEVMSUVJkZ8VeZr+IUIlvoLrtjLbqugb0T3OYXW+CQU0kBAgMBAAGjggFAMIIB +PDAdBgNVHQ4EFgQUlE/UXYvkpOKmgP792PkA76O+AlcwHwYDVR0jBBgwFoAUTiJU +IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB +BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud +HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds +b2JhbFJvb3RHMi5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEW +HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEB +AIIcBDqC6cWpyGUSXAjjAcYwsK4iiGF7KweG97i1RJz1kwZhRoo6orU1JtBYnjzB +c4+/sXmnHJk3mlPyL1xuIAt9sMeC7+vreRIF5wFBC0MCN5sbHwhNN1JzKbifNeP5 +ozpZdQFmkCo+neBiKR6HqIA+LMTMCMMuv2khGGuPHmtDze4GmEGZtYLyF8EQpa5Y +jPuV6k2Cr/N3XxFpT3hRpt/3usU/Zb9wfKPtWpoznZ4/44c1p9rzFcZYrWkj3A+7 +TNBJE0GmP2fhXhP1D/XVfIW/h0yCJGEiV9Glm/uGOa3DXHlmbAcxSyCRraG+ZBkA +7h4SeM6Y8l/7MBRpPCz6l8Y= +-----END CERTIFICATE-----`, //GeoTrust TLS RSA CA G1 + `-----BEGIN CERTIFICATE----- +MIIGTDCCBDSgAwIBAgIQOXpmzCdWNi4NqofKbqvjsTANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRFYgUjM2MIIBojANBgkqhkiG9w0B +AQEFAAOCAY8AMIIBigKCAYEAljZf2HIz7+SPUPQCQObZYcrxLTHYdf1ZtMRe7Yeq +RPSwygz16qJ9cAWtWNTcuICc++p8Dct7zNGxCpqmEtqifO7NvuB5dEVexXn9RFFH +12Hm+NtPRQgXIFjx6MSJcNWuVO3XGE57L1mHlcQYj+g4hny90aFh2SCZCDEVkAja +EMMfYPKuCjHuuF+bzHFb/9gV8P9+ekcHENF2nR1efGWSKwnfG5RawlkaQDpRtZTm +M64TIsv/r7cyFO4nSjs1jLdXYdz5q3a4L0NoabZfbdxVb+CUEHfB0bpulZQtH1Rv +38e/lIdP7OTTIlZh6OYL6NhxP8So0/sht/4J9mqIGxRFc0/pC8suja+wcIUna0HB +pXKfXTKpzgis+zmXDL06ASJf5E4A2/m+Hp6b84sfPAwQ766rI65mh50S0Di9E3Pn +2WcaJc+PILsBmYpgtmgWTR9eV9otfKRUBfzHUHcVgarub/XluEpRlTtZudU5xbFN +xx/DgMrXLUAPaI60fZ6wA+PTAgMBAAGjggGBMIIBfTAfBgNVHSMEGDAWgBRWc1hk +lfmSGrASKgRieaFAFYghSTAdBgNVHQ4EFgQUaMASFhgOr872h6YyV6NGUV3LBycw +DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEw +VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdv +UHVibGljU2VydmVyQXV0aGVudGljYXRpb25Sb290UjQ2LmNybDCBhAYIKwYBBQUH +AQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp +Z29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvblJvb3RSNDYucDdjMCMGCCsGAQUF +BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEA +YtOC9Fy+TqECFw40IospI92kLGgoSZGPOSQXMBqmsGWZUQ7rux7cj1du6d9rD6C8 +ze1B2eQjkrGkIL/OF1s7vSmgYVafsRoZd/IHUrkoQvX8FZwUsmPu7amgBfaY3g+d +q1x0jNGKb6I6Bzdl6LgMD9qxp+3i7GQOnd9J8LFSietY6Z4jUBzVoOoz8iAU84OF +h2HhAuiPw1ai0VnY38RTI+8kepGWVfGxfBWzwH9uIjeooIeaosVFvE8cmYUB4TSH +5dUyD0jHct2+8ceKEtIoFU/FfHq/mDaVnvcDCZXtIgitdMFQdMZaVehmObyhRdDD +4NQCs0gaI9AAgFj4L9QtkARzhQLNyRf87Kln+YU0lgCGr9HLg3rGO8q+Y4ppLsOd +unQZ6ZxPNGIfOApbPVf5hCe58EZwiWdHIMn9lPP6+F404y8NNugbQixBber+x536 +WrZhFZLjEkhp7fFXf9r32rNPfb74X/U90Bdy4lzp3+X1ukh1BuMxA/EEhDoTOS3l +7ABvc7BYSQubQ2490OcdkIzUh3ZwDrakMVrbaTxUM2p24N6dB+ns2zptWCva6jzW +r8IWKIMxzxLPv5Kt3ePKcUdvkBU/smqujSczTzzSjIoR5QqQA6lN1ZRSnuHIWCvh +JEltkYnTAH41QJ6SAWO66GrrUESwN/cgZzL4JLEqz1Y= +-----END CERTIFICATE-----` // Sectigo Public Server Authentication CA DV R36 +]) \ No newline at end of file diff --git a/src/utils/index.ts b/src/utils/index.ts index e69f461..55b8c95 100644 --- a/src/utils/index.ts +++ b/src/utils/index.ts @@ -11,7 +11,7 @@ export * from './packets' export * from './parse-alert' export * from './parse-certificate' export * from './parse-server-hello' -export * from './root-ca' +export * from './mozilla-root-cas' export * from './session-ticket' export * from './webcrypto' export * from './wrapped-record' diff --git a/src/utils/root-ca.ts b/src/utils/mozilla-root-cas.ts similarity index 95% rename from src/utils/root-ca.ts rename to src/utils/mozilla-root-cas.ts index 83e66d3..c3a5b64 100644 --- a/src/utils/root-ca.ts +++ b/src/utils/mozilla-root-cas.ts @@ -1,192 +1,9 @@ /* eslint indent: 0 */ -import { loadX509FromPem } from './x509' -const ADDITIONAL_ROOT_CA_LIST = [ - `-----BEGIN CERTIFICATE----- -MIIFjDCCA3SgAwIBAgIQfx8skC6D0OO2+zvuR4tegDANBgkqhkiG9w0BAQsFADBM -MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xv -YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMzA3MTkwMzQzMjVaFw0y -NjA3MTkwMDAwMDBaMFUxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu -IG52LXNhMSswKQYDVQQDEyJHbG9iYWxTaWduIEdDQyBSNiBBbHBoYVNTTCBDQSAy -MDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00Jvk5ADppO0rgDn -j1M14XIb032Aas409JJFAb8cUjipFOth7ySLdaWLe3s63oSs5x3eWwzTpX4BFkzZ -bxT1eoJSHfT2M0wZ5QOPcCIjsr+YB8TAvV2yJSyq+emRrN/FtgCSTaWXSJ5jipW8 -SJ/VAuXPMzuAP2yYpuPcjjQ5GyrssDXgu+FhtYxqyFP7BSvx9jQhh5QV5zhLycua -n8n+J0Uw09WRQK6JGQ5HzDZQinkNel+fZZNRG1gE9Qeh+tHBplrkalB1g85qJkPO -J7SoEvKsmDkajggk/sSq7NPyzFaa/VBGZiRRG+FkxCBniGD5618PQ4trcwHyMojS -FObOHQIDAQABo4IBXzCCAVswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS9 -BbfzipM8c8t5+g+FEqF3lhiRdDAfBgNVHSMEGDAWgBSubAWjkxPioufi1xzWx/B/ -yGdToDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwMi5n -bG9iYWxzaWduLmNvbS9yb290cjYwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUu -Z2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjYuY3J0MDYGA1UdHwQvMC0wK6Ap -oCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yNi5jcmwwIQYDVR0g -BBowGDAIBgZngQwBAgEwDAYKKwYBBAGgMgoBAzANBgkqhkiG9w0BAQsFAAOCAgEA -fMkkMo5g4mn1ft4d4xR2kHzYpDukhC1XYPwfSZN3A9nEBadjdKZMH7iuS1vF8uSc -g26/30DRPen2fFRsr662ECyUCR4OfeiiGNdoQvcesM9Xpew3HLQP4qHg+s774hNL -vGRD4aKSKwFqLMrcqCw6tEAfX99tFWsD4jzbC6k8tjSLzEl0fTUlfkJaWpvLVkpg -9et8tD8d51bymCg5J6J6wcXpmsSGnksBobac1+nXmgB7jQC9edU8Z41FFo87BV3k -CtrWWsdkQavObMsXUPl/AO8y/jOuAWz0wyvPnKom+o6W4vKDY6/6XPypNdebOJ6m -jyaILp0quoQvhjx87BzENh5s57AIOyIGpS0sDEChVDPzLEfRsH2FJ8/W5woF0nvs -BTqfYSCqblQbHeDDtCj7Mlf8JfqaMuqcbE4rMSyfeHyCdZQwnc/r9ujnth691AJh -xyYeCM04metJIe7cB6d4dFm+Pd5ervY4x32r0uQ1Q0spy1VjNqUJjussYuXNyMmF -HSuLQQ6PrePmH5lcSMQpYKzPoD/RiNVD/PK0O3vuO5vh3o7oKb1FfzoanDsFFTrw -0aLOdRW/tmLPWVNVlAb8ad+B80YJsL4HXYnQG8wYAFb8LhwSDyT9v+C1C1lcIHE7 -nE0AAp9JSHxDYsma9pi4g0Phg3BgOm2euTRzw7R0SzU= ------END CERTIFICATE-----`, // GlobalSign GCC R6 AlphaSSL CA 2023 intermediate till 2026 - `-----BEGIN CERTIFICATE----- -MIIGGTCCBAGgAwIBAgIQE31TnKp8MamkM3AZaIR6jTANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx -MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBlTELMAkGA1UEBhMCR0IxGzAZBgNV -BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE -ChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQDEzRTZWN0aWdvIFJTQSBPcmdhbml6 -YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAnJMCRkVKUkiS/FeN+S3qU76zLNXYqKXsW2kDwB0Q -9lkz3v4HSKjojHpnSvH1jcM3ZtAykffEnQRgxLVK4oOLp64m1F06XvjRFnG7ir1x -on3IzqJgJLBSoDpFUd54k2xiYPHkVpy3O/c8Vdjf1XoxfDV/ElFw4Sy+BKzL+k/h -fGVqwECn2XylY4QZ4ffK76q06Fha2ZnjJt+OErK43DOyNtoUHZZYQkBuCyKFHFEi -rsTIBkVtkuZntxkj5Ng2a4XQf8dS48+wdQHgibSov4o2TqPgbOuEQc6lL0giE5dQ -YkUeCaXMn2xXcEAG2yDoG9bzk4unMp63RBUJ16/9fAEc2wIDAQABo4IBbjCCAWow -HwYDVR0jBBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFBfZ1iUn -Z/kxwklD2TA2RIxsqU/rMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/ -AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYG -BFUdIAAwCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl -cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy -bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy -dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ -aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAThNA -lsnD5m5bwOO69Bfhrgkfyb/LDCUW8nNTs3Yat6tIBtbNAHwgRUNFbBZaGxNh10m6 -pAKkrOjOzi3JKnSj3N6uq9BoNviRrzwB93fVC8+Xq+uH5xWo+jBaYXEgscBDxLmP -bYox6xU2JPti1Qucj+lmveZhUZeTth2HvbC1bP6mESkGYTQxMD0gJ3NR0N6Fg9N3 -OSBGltqnxloWJ4Wyz04PToxcvr44APhL+XJ71PJ616IphdAEutNCLFGIUi7RPSRn -R+xVzBv0yjTqJsHe3cQhifa6ezIejpZehEU4z4CqN2mLYBd0FUiRnG3wTqN3yhsc -SPr5z0noX0+FCuKPkBurcEya67emP7SsXaRfz+bYipaQ908mgWB2XQ8kd5GzKjGf -FlqyXYwcKapInI5v03hAcNt37N3j0VcFcC3mSZiIBYRiBXBWdoY5TtMibx3+bfEO -s2LEPMvAhblhHrrhFYBZlAyuBbuMf1a+HNJav5fyakywxnB2sJCNwQs2uRHY1ihc -6k/+JLcYCpsM0MF8XPtpvcyiTcaQvKZN8rG61ppnW5YCUtCC+cQKXA0o4D/I+pWV -idWkvklsQLI+qGu41SWyxP7x09fn1txDAXYw+zuLXfdKiXyaNb78yvBXAfCNP6CH -MntHWpdLgtJmwsQt6j8k9Kf5qLnjatkYYaA7jBU= ------END CERTIFICATE-----`, //Sectigo RSA Organization Validation Secure Server CA - `-----BEGIN CERTIFICATE----- -MIII+DCCB+CgAwIBAgIQbAP9+jGpC4MAqlBK9HsanzANBgkqhkiG9w0BAQsFADCB -lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD -EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy -dmVyIENBMB4XDTI0MDgyNjAwMDAwMFoXDTI1MDgyNjIzNTk1OVowXTELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHDAaBgNVBAoTE1N0YXRlIG9mIENh -bGlmb3JuaWExGzAZBgNVBAMTEmNvbm5lY3QuZGNhLmNhLmdvdjCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBALqonPJQIJB5rqVt3lFhVCAWVDaUiHINR/0a -BtHeqP2Ue5EsLGwdCNCRrj8ge0bCqQh25UBEmIOrTWU3HcmyBYPG51TPp+T5GER2 -r8daV5oqSFpVIThArZF58Omwsbv38hkNn1LCdZher/yqbuZJNHZd2Z/h3Xv410us -y2EnrALnoKkRUvJ/hfX3Wpn9H+gYILEjwS3Bz4RZbMNnZCmaKFvKdk4hL/5Nyfgi -ysHgJIM1jTitd24gilbA9RTLpak7naSxevb0SVa48hywpN8zoeDnOE/QIPGZ3CDJ -70zHpZ9/T+soTtnTOAkVR3gCq6ZNshfizV6hqQTIvk6w8Ce7AoHv47EIRDwpb6RD -gODEyZJFxR27/lZrXq3yvaiE0ZXkBFjJ6B4N+IuxpKrflRuddv5ObOm9AxunUsCM -bhSf+7M8ECKk9j/IPYoKChfhxOyDQPKZSUtHx94+L5Z+7ri01S5ahkVlIY9O7VRz -PU3YoqNslBUpAIrRYfjN1ej5FGgo867i5RUB9deFgJ/DMwbT0WN9e5DkVDcREbl4 -mJDRife0nZW88GgLDgFvvw3aFna+MtvE9BKgnTnPUUB9yiRJryj0i0qkIV30XF62 -CuNYEn8V24VvRv95wnsT6W758DGY7BspK18XVwL+LiA+GvkMFehhIRW6BBw1Txv9 -+NYVTTm1AgMBAAGjggR5MIIEdTAfBgNVHSMEGDAWgBQX2dYlJ2f5McJJQ9kwNkSM -bKlP6zAdBgNVHQ4EFgQUYXACOqlHJoJQcEG3L0ICy9gYsV4wDgYDVR0PAQH/BAQD -AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC -MEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUHAgEWF2h0dHBz -Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklo -dHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxp -ZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+MHwwVQYIKwYB -BQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXph -dGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0 -dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA -dQDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZGPYefYAAAEAwBG -MEQCIC3PuRJmsoXOdITZPFofbx+GkT9JlXYA4rFD66SEzQYNAiBFdkL0000FzUHJ -A11IglFWjubgpuCz7ct1NqW7nDwxFQB2AA3h8jAr0w3BQGISCepVLvxHdHyx1+kw -7w5CHrR+Tqo0AAABkY9h57UAAAQDAEcwRQIhAKN6rHqqCeFQKpBS36UE+z/kTXru -A7bI/NrW6k+vZXNBAiBJ1mayfSQJPX3LVpPBNK1kHIXI612M9Tpmrt9prraFlgB3 -ABLxTjS9U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkY9h57UAAAQDAEgw -RgIhALJAVx2+PVTOBjKeEkYLyTChpUyITMx2yJoZ8Zxe4C1nAiEAyKSU0BY4Wu/e -du3YZFHbBymWlfsDCPtkUYUXuaZPqrMwggE9BgNVHREEggE0MIIBMIISY29ubmVj -dC5kY2EuY2EuZ292ghVjb25uZWN0LXdzLmNhYi5jYS5nb3aCFWNvbm5lY3Qtd3Mu -Y2ZiLmNhLmdvdoIlY29ubmVjdC13cy5jb3VydHJlcG9ydGVyc2JvYXJkLmNhLmdv -doIVY29ubmVjdC13cy5kY2EuY2EuZ292ghZjb25uZWN0LXdzLmxhdGMuY2EuZ292 -ghtjb25uZWN0LXdzLnBlc3Rib2FyZC5jYS5nb3aCEmNvbm5lY3QuY2FiLmNhLmdv -doISY29ubmVjdC5jZmIuY2EuZ292giJjb25uZWN0LmNvdXJ0cmVwb3J0ZXJzYm9h -cmQuY2EuZ292ghNjb25uZWN0LmxhdGMuY2EuZ292ghhjb25uZWN0LnBlc3Rib2Fy -ZC5jYS5nb3YwDQYJKoZIhvcNAQELBQADggEBAH8SsgW//ibqOZhMifgDLy2z4srI -OwYMaWi0mxRO/6fgCO9BcpvT22vrMZYo3JuaEHtKT0joh5mdsfm/3tttEgnFYV5h -gK4xgkZ/BbXoKWi+lmZPvxQJJFoRRg1WPnTvH+S7hUS0JAi4Wzmt7GGKhKnr5Fp3 -qTMIS9g0NQNGrV9pYqK1AQFzk0BBdemBqzUHLQjJ1k176AlvXP7xjW9Fi/Fdasat -dfOtR3XILf1FTAjKGeGS9q2e4h6aZvLmdsDlCiG+YocUpTIOtdiF00zA4MybExyZ -pfy9x5+dKWTyekk5jr54LEFQ5kUDJaGZ0KnDuOxhDSpAO/Yb/Z/3ZAk2G0s= ------END CERTIFICATE-----`, //connect.dca.ca.gov -`-----BEGIN CERTIFICATE----- -MIIEjTCCA3WgAwIBAgIQDQd4KhM/xvmlcpbhMf/ReTANBgkqhkiG9w0BAQsFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH -MjAeFw0xNzExMDIxMjIzMzdaFw0yNzExMDIxMjIzMzdaMGAxCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xHzAdBgNVBAMTFkdlb1RydXN0IFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC+F+jsvikKy/65LWEx/TMkCDIuWegh1Ngwvm4Q -yISgP7oU5d79eoySG3vOhC3w/3jEMuipoH1fBtp7m0tTpsYbAhch4XA7rfuD6whU -gajeErLVxoiWMPkC/DnUvbgi74BJmdBiuGHQSd7LwsuXpTEGG9fYXcbTVN5SATYq -DfbexbYxTMwVJWoVb6lrBEgM3gBBqiiAiy800xu1Nq07JdCIQkBsNpFtZbIZhsDS -fzlGWP4wEmBQ3O67c+ZXkFr2DcrXBEtHam80Gp2SNhou2U5U7UesDL/xgLK6/0d7 -6TnEVMSUVJkZ8VeZr+IUIlvoLrtjLbqugb0T3OYXW+CQU0kBAgMBAAGjggFAMIIB -PDAdBgNVHQ4EFgQUlE/UXYvkpOKmgP792PkA76O+AlcwHwYDVR0jBBgwFoAUTiJU -IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB -BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud -HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds -b2JhbFJvb3RHMi5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEW -HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEB -AIIcBDqC6cWpyGUSXAjjAcYwsK4iiGF7KweG97i1RJz1kwZhRoo6orU1JtBYnjzB -c4+/sXmnHJk3mlPyL1xuIAt9sMeC7+vreRIF5wFBC0MCN5sbHwhNN1JzKbifNeP5 -ozpZdQFmkCo+neBiKR6HqIA+LMTMCMMuv2khGGuPHmtDze4GmEGZtYLyF8EQpa5Y -jPuV6k2Cr/N3XxFpT3hRpt/3usU/Zb9wfKPtWpoznZ4/44c1p9rzFcZYrWkj3A+7 -TNBJE0GmP2fhXhP1D/XVfIW/h0yCJGEiV9Glm/uGOa3DXHlmbAcxSyCRraG+ZBkA -7h4SeM6Y8l/7MBRpPCz6l8Y= ------END CERTIFICATE-----`, //GeoTrust TLS RSA CA G1 - `-----BEGIN CERTIFICATE----- -MIIGTDCCBDSgAwIBAgIQOXpmzCdWNi4NqofKbqvjsTANBgkqhkiG9w0BAQwFADBf -MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD -Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw -HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEY -MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1Ymxp -YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRFYgUjM2MIIBojANBgkqhkiG9w0B -AQEFAAOCAY8AMIIBigKCAYEAljZf2HIz7+SPUPQCQObZYcrxLTHYdf1ZtMRe7Yeq -RPSwygz16qJ9cAWtWNTcuICc++p8Dct7zNGxCpqmEtqifO7NvuB5dEVexXn9RFFH -12Hm+NtPRQgXIFjx6MSJcNWuVO3XGE57L1mHlcQYj+g4hny90aFh2SCZCDEVkAja -EMMfYPKuCjHuuF+bzHFb/9gV8P9+ekcHENF2nR1efGWSKwnfG5RawlkaQDpRtZTm -M64TIsv/r7cyFO4nSjs1jLdXYdz5q3a4L0NoabZfbdxVb+CUEHfB0bpulZQtH1Rv -38e/lIdP7OTTIlZh6OYL6NhxP8So0/sht/4J9mqIGxRFc0/pC8suja+wcIUna0HB -pXKfXTKpzgis+zmXDL06ASJf5E4A2/m+Hp6b84sfPAwQ766rI65mh50S0Di9E3Pn -2WcaJc+PILsBmYpgtmgWTR9eV9otfKRUBfzHUHcVgarub/XluEpRlTtZudU5xbFN -xx/DgMrXLUAPaI60fZ6wA+PTAgMBAAGjggGBMIIBfTAfBgNVHSMEGDAWgBRWc1hk -lfmSGrASKgRieaFAFYghSTAdBgNVHQ4EFgQUaMASFhgOr872h6YyV6NGUV3LBycw -DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYI -KwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEw -VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdv -UHVibGljU2VydmVyQXV0aGVudGljYXRpb25Sb290UjQ2LmNybDCBhAYIKwYBBQUH -AQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp -Z29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvblJvb3RSNDYucDdjMCMGCCsGAQUF -BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEA -YtOC9Fy+TqECFw40IospI92kLGgoSZGPOSQXMBqmsGWZUQ7rux7cj1du6d9rD6C8 -ze1B2eQjkrGkIL/OF1s7vSmgYVafsRoZd/IHUrkoQvX8FZwUsmPu7amgBfaY3g+d -q1x0jNGKb6I6Bzdl6LgMD9qxp+3i7GQOnd9J8LFSietY6Z4jUBzVoOoz8iAU84OF -h2HhAuiPw1ai0VnY38RTI+8kepGWVfGxfBWzwH9uIjeooIeaosVFvE8cmYUB4TSH -5dUyD0jHct2+8ceKEtIoFU/FfHq/mDaVnvcDCZXtIgitdMFQdMZaVehmObyhRdDD -4NQCs0gaI9AAgFj4L9QtkARzhQLNyRf87Kln+YU0lgCGr9HLg3rGO8q+Y4ppLsOd -unQZ6ZxPNGIfOApbPVf5hCe58EZwiWdHIMn9lPP6+F404y8NNugbQixBber+x536 -WrZhFZLjEkhp7fFXf9r32rNPfb74X/U90Bdy4lzp3+X1ukh1BuMxA/EEhDoTOS3l -7ABvc7BYSQubQ2490OcdkIzUh3ZwDrakMVrbaTxUM2p24N6dB+ns2zptWCva6jzW -r8IWKIMxzxLPv5Kt3ePKcUdvkBU/smqujSczTzzSjIoR5QqQA6lN1ZRSnuHIWCvh -JEltkYnTAH41QJ6SAWO66GrrUESwN/cgZzL4JLEqz1Y= ------END CERTIFICATE-----` // Sectigo Public Server Authentication CA DV R36 -] /** * Mozilla Root CA List * downloaded from: https://wiki.mozilla.org/CA/Included_Certificates */ -const ROOT_CA_LIST = [`-----BEGIN CERTIFICATE----- +export const MOZILLA_ROOT_CA_LIST = [`-----BEGIN CERTIFICATE----- MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 @@ -4639,10 +4456,4 @@ IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ O+7ETPTsJ3xCwnR8gooJybQDJbw= -----END CERTIFICATE-----`, //XRamp Global Certification Authority -] -ROOT_CA_LIST.push(...ADDITIONAL_ROOT_CA_LIST) -/** - * Reclaim root CA store - */ -export const ROOT_CAS = ROOT_CA_LIST - .map(loadX509FromPem) \ No newline at end of file +] \ No newline at end of file diff --git a/src/utils/parse-certificate.ts b/src/utils/parse-certificate.ts index 83a28c5..3526aab 100644 --- a/src/utils/parse-certificate.ts +++ b/src/utils/parse-certificate.ts @@ -1,11 +1,12 @@ +import './additional-root-cas' import { crypto } from '../crypto' import type { CertificatePublicKey, CipherSuite, Key, TLSProcessContext, X509Certificate } from '../types' import { SUPPORTED_NAMED_CURVE_MAP, SUPPORTED_SIGNATURE_ALGS, SUPPORTED_SIGNATURE_ALGS_MAP } from './constants' import { getHash } from './decryption-utils' import { areUint8ArraysEqual, concatenateUint8Arrays, strToUint8Array } from './generics' +import { MOZILLA_ROOT_CA_LIST } from './mozilla-root-cas' import { expectReadWithLength, packWithLength } from './packets' -import { ROOT_CAS } from './root-ca' -import { loadX509FromDer } from './x509' +import { loadX509FromDer, loadX509FromPem } from './x509' type VerifySignatureOptions = { signature: Uint8Array @@ -15,6 +16,7 @@ type VerifySignatureOptions = { } const CERT_VERIFY_TXT = strToUint8Array('TLS 1.3, server CertificateVerify') +let ROOT_CAS: X509Certificate[] | undefined export function parseCertificates( data: Uint8Array, @@ -160,8 +162,8 @@ export async function verifyCertificateChain( additionalRootCAs?: X509Certificate[] ) { const rootCAs = [ - ...ROOT_CAS, - ...additionalRootCAs || [] + ...loadRootCAs(), + ...(additionalRootCAs || []) ] const commonNames = [ @@ -256,4 +258,17 @@ function matchHostname(host: string, commonName: string) { comp === cnComps[i] || cnComps[i] === '*' )) +} + +function loadRootCAs() { + if(ROOT_CAS) { + return ROOT_CAS + } + + ROOT_CAS = MOZILLA_ROOT_CA_LIST.map(loadX509FromPem) + if(typeof TLS_ADDITIONAL_ROOT_CA_LIST !== 'undefined') { + ROOT_CAS.push(...TLS_ADDITIONAL_ROOT_CA_LIST.map(loadX509FromPem)) + } + + return ROOT_CAS } \ No newline at end of file diff --git a/tsconfig.json b/tsconfig.json index 294794e..53fff31 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -17,7 +17,8 @@ }, "include": [ "src/*.ts", - "src/*/*.ts" + "src/**/*.ts", + "src/**/*.js" ], "exclude": [ "node_modules", From 639c779e0993a86a53cf2dd3778044946fcf60f7 Mon Sep 17 00:00:00 2001 From: Adhiraj Singh Date: Thu, 24 Jul 2025 10:44:57 +0530 Subject: [PATCH 2/2] fix: push to TLS_ADDITIONAL_ROOT_CA_LIST --- src/utils/additional-root-cas.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/utils/additional-root-cas.js b/src/utils/additional-root-cas.js index d497ecd..cf52db7 100644 --- a/src/utils/additional-root-cas.js +++ b/src/utils/additional-root-cas.js @@ -1,7 +1,7 @@ /* eslint indent: 0 */ global.TLS_ADDITIONAL_ROOT_CA_LIST ||= [] -TLS_ADDITIONAL_ROOT_CA_LIST.push([ +TLS_ADDITIONAL_ROOT_CA_LIST.push( `-----BEGIN CERTIFICATE----- MIIFjDCCA3SgAwIBAgIQfx8skC6D0OO2+zvuR4tegDANBgkqhkiG9w0BAQsFADBM MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xv @@ -182,4 +182,4 @@ WrZhFZLjEkhp7fFXf9r32rNPfb74X/U90Bdy4lzp3+X1ukh1BuMxA/EEhDoTOS3l r8IWKIMxzxLPv5Kt3ePKcUdvkBU/smqujSczTzzSjIoR5QqQA6lN1ZRSnuHIWCvh JEltkYnTAH41QJ6SAWO66GrrUESwN/cgZzL4JLEqz1Y= -----END CERTIFICATE-----` // Sectigo Public Server Authentication CA DV R36 -]) \ No newline at end of file +) \ No newline at end of file