Skip to content

Commit

Permalink
reset, merge and address feedback
Browse files Browse the repository at this point in the history
Signed-off-by: Vinayak Kukreja <[email protected]>
  • Loading branch information
vinayak-kukreja committed Nov 3, 2022
1 parent c331d13 commit 0a5caa8
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions packages/@aws-cdk/aws-iam/lib/oidc-provider/external.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ function defaultLogger(fmt: string, ...args: any[]) {
* Downloads the CA thumbprint from the issuer URL
*/
export async function downloadThumbprint(issuerUrl: string) {

external.log(`Downloading certificate authority thumbprint for ${issuerUrl}`);

return new Promise<string>((ok, ko) => {
Expand All @@ -37,7 +36,7 @@ export async function downloadThumbprint(issuerUrl: string) {
socket.once('error', ko);

socket.once('secureConnect', () => {
// This set to `true` would return the entire chain of certificates as a circular reference object
// This set to `true` will return the entire chain of certificates as a nested object
let cert = socket.getPeerCertificate(true);

const unqiueCerts = new Set<DetailedPeerCertificate>();
Expand All @@ -46,6 +45,10 @@ export async function downloadThumbprint(issuerUrl: string) {
cert = cert.issuerCertificate;
} while ( cert && typeof cert === 'object' && !unqiueCerts.has(cert));

if (unqiueCerts.size == 0) {
return ko(new Error(`No certificates were returned for the mentioned url: ${issuerUrl}`));
}

// The last `cert` obtained must be the root certificate in the certificate chain
const rootCert = [...unqiueCerts].pop()!;

Expand Down

0 comments on commit 0a5caa8

Please sign in to comment.