-
Notifications
You must be signed in to change notification settings - Fork 0
/
hsts-check.js
48 lines (42 loc) · 1.16 KB
/
hsts-check.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
function parentDomain(subdomain) {
var segments = subdomain.split('.')
segments.shift()
return segments.join('.')
}
function matchHSTS(domain, entry, recursive) {
if (domain.length === 0) return {}
var name = entry.name
if ((entry.include_subdomains || recursive) && domain === name) {
return entry
}
if (domain.endsWith('.' + name)) {
return matchHSTS(parentDomain(domain), entry, false)
}
return {}
}
function checkHSTS(domain, hstsData, pinData) {
var hstsMatch = {}
for (var entry in hstsData.entries) {
var match = matchHSTS(domain, hstsData.entries[entry], true)
if ('name' in match) {
if (!('name' in hstsMatch) || match.name.length < hstsMatch.name.length) {
hstsMatch = match
}
}
}
if ('pins' in hstsMatch) for (var pinset in hstsData.pinsets) {
if (hstsMatch.pins === hstsData.pinsets[pinset].name) {
hstsMatch.pins = hstsData.pinsets[pinset]
var static_spki_hashes = {}
for(var p in pinData) {
if (hstsMatch.pins.static_spki_hashes.indexOf(p) !== -1) {
static_spki_hashes[p] = pinData[p]
}
}
hstsMatch.pins.static_spki_hashes = static_spki_hashes
break
}
}
return hstsMatch
}
module.exports = checkHSTS