ssl 尝试使用pkijs验证CMS签名时出错

hmtdttj4  于 12个月前  发布在  其他
关注(0)|答案(1)|浏览(137)

我试图veryfy一个CMS签名创建与开放的SSL像这样:
第一个月
下面是我使用pkijs的代码:

import * as pkijs from "../src/shared/vendor/pkijs/index.es.js";
import * as pvtsutils from "../src/shared/vendor/pvtsutils/index.es.js";

function decodePEM(pem: string, tag = "[A-Z0-9 ]+"): ArrayBuffer[] {
  const pattern = new RegExp(
    `-{5}BEGIN ${tag}-{5}([a-zA-Z0-9=+\\/\\n\\r]+)-{5}END ${tag}-{5}`,
    "g",
  );

  const res: ArrayBuffer[] = [];
  let matches: RegExpExecArray | null = null;
  // eslint-disable-next-line no-cond-assign
  while ((matches = pattern.exec(pem))) {
    const base64 = matches[1]
      .replace(/\r/g, "")
      .replace(/\n/g, "");
    res.push(pvtsutils.Convert.FromBase64(base64));
  }

  return res;
}

const buffer = pvtsutils.BufferSourceConverter.toArrayBuffer(await Deno.readFile("./domain.pem"));
const pem = pvtsutils.Convert.ToBinary(buffer);
const certificate = pkijs.Certificate.fromBER(decodePEM(pem, "CERTIFICATE")[0]) as pkijs.Certificate;

//const publicKey = await certificate.getPublicKey();

//console.log(publicKey);
//console.log(certificate.signatureAlgorithm);

const cms = pkijs.ContentInfo.fromBER(await Deno.readFile("./signature"));
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
  throw new Error("CMS is not Signed Data");
}

const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [certificate],
});

console.log(ok);

字符串
证书被正确读取和解析,以及SignedData,但它在signedData.verify失败,并出现以下错误:

error: Uncaught (in promise) SignedDataVerifyError: Missed detached data input array
                    throw new SignedDataVerifyError({


我哪里做错了?

yx2lnoni

yx2lnoni1#

好吧,我的错......我只是忘了提供数据来验证签名......

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [certificate],
  data: await Deno.readFile("./README.md")
});

字符串

相关问题