@super-protocol/certs library v1.0.0#1
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds a new npm package implementing X.509/CSR generation and parsing, key conversion utilities, OCSP and CRL handling, certificate chain construction and validation, TypeScript build configs, CI workflows, tests, and packaging metadata. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant Validator
participant CertHelper as CertificatesHelper
participant OCSP as OCSPHelper
participant CRL as CRLHelper
participant Remote as Remote_Servers
participant ChainEngine as CertificateChainValidationEngine
Client->>Validator: validateCertChain(certsPem, caPem, options)
Validator->>CertHelper: sortCertsFromLeafToRoot(certsPem)
CertHelper-->>Validator: sortedCerts
alt options.checkOcsp
Validator->>OCSP: getOCSPResponseFromCerts(sortedCerts, caCerts, oids)
OCSP->>CertHelper: getExtensionValue(AIA_OID)
CertHelper-->>OCSP: ocspUrls
OCSP->>Remote: POST ocspRequest
Remote-->>OCSP: ocspResponse
OCSP->>OCSP: verify response, nonce, signer chain
OCSP-->>Validator: basicOcspResponses
end
alt options.checkCrl
Validator->>CRL: getCRLFromCerts(sortedCerts)
CRL->>CertHelper: getExtensionValue(CRL_DP_OID)
CertHelper-->>CRL: crlUrls
CRL->>Remote: GET crlUrl
Remote-->>CRL: crlBinary
CRL->>CRL: parse CRL
CRL-->>Validator: crlList
end
Validator->>ChainEngine: verify(chain=sortedCerts, trusted=caCerts, ocspResponses, crls)
ChainEngine-->>Validator: verificationResult
alt valid
Validator-->>Client: { isValid: true }
else invalid
Validator-->>Client: { isValid: false, errorMessage }
end
sequenceDiagram
participant Dev as Developer
participant Generator as CertificateGenerator
participant Crypto as WebCrypto
participant X509Gen as X509CertificateGenerator
participant PEM as PEM_Encoder
Dev->>Generator: generateCert(params)
Generator->>Crypto: normalize/import keys
Crypto-->>Generator: CryptoKey(s)
Generator->>X509Gen: build X.509 object with extensions
X509Gen-->>Generator: unsignedCert
Generator->>X509Gen: sign(unsignedCert, privateKey)
X509Gen-->>Generator: signedCert
Generator->>PEM: encode signedCert -> PEM
PEM-->>Dev: certificate PEM
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes Poem
Note 🎁 Summarized by CodeRabbit FreeYour organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login. Comment |
…ions, and set peer dependencies for various packages
Stop building on every npm ci/install; prepack still runs for npm pack, npm publish, and git installs so dist stays correct for release.
PR job builds once after lint; publish job relies on prepack during npm publish instead of a separate prepare step.
Summary by CodeRabbit
New Features
Chores
Tests