fix: Handle error when exporting keys in computeID method

This method iterates over and exports all public keys to compute the certificate identifier. If the key export method fails, the `computeID` method throws an exception. It should instead skip this key and continue processing. This update fixes the issue.
PeculiarVentures · Sep 30, 2024 · f7bfc7e · f7bfc7e
1 parent ab1eb12
commit f7bfc7e
Showing 1 changed file with 21 additions and 7 deletions.
diff --git a/src/certs/cert.ts b/src/certs/cert.ts
@@ -86,21 +86,35 @@ export abstract class CryptoCertificate extends Pkcs11Object implements Pkcs11Cr
     const indexes = await this.crypto.keyStorage.keys();
     if (!indexes.some(o => o.split("-")[2] === id.toString("hex"))) {
       // If the key is not found, look for it on the token
-      const certKeyRaw = await this.crypto.subtle.exportKey("spki", this.publicKey);
+      let certKeyRaw: ArrayBuffer;
+      try {
+        certKeyRaw = await this.crypto.subtle.exportKey("spki", this.publicKey);
+      } catch {
+        return id;
+      }
+
       for (const index of indexes) {
         const [type] = index.split("-");
         if (type !== "public") {
           continue;
         }
 
         // Export the key and compare it to the public key
-        const key = await this.crypto.keyStorage.getItem(index);
-        const keyRaw = await this.crypto.subtle.exportKey("spki", key);
-        if (pvtsutils.BufferSourceConverter.isEqual(keyRaw, certKeyRaw)) {
-          // found
-          id = key.p11Object.id;
-          break;
+        let keyRaw: ArrayBuffer;
+        try {
+          const key = await this.crypto.keyStorage.getItem(index);
+          keyRaw = await this.crypto.subtle.exportKey("spki", key);
+
+          if (pvtsutils.BufferSourceConverter.isEqual(keyRaw, certKeyRaw)) {
+            // found
+            id = key.p11Object.id;
+            break;
+          }
+        } catch {
+          // Skip the key if it cannot be exported
+          continue;
         }
+
       }
     }