micro509 / verify

verify

Canonical advanced verification domain surface. Owns chain validation, service identity, policy, and name-constraint APIs.

Interfaces

ConstrainedPolicy

Defined in: src/verify/policy.ts:33

One policy OID that survives RFC 5280 / RFC 9618 processing.

Properties

policyIdentifier

readonly policyIdentifier: string

Defined in: src/verify/policy.ts:35

Dotted-decimal OID of the surviving policy.

policyQualifiers?

readonly optional policyQualifiers?: readonly PolicyQualifierInfo[]

Defined in: src/verify/policy.ts:37

Qualifier info (CPS URIs, user notices) attached to this policy, if any.

---

MatchServiceIdentityFailureDetails

Defined in: src/verify/identity.ts:77

Diagnostic context attached to an identity-matching failure.

Properties

actual?

readonly optional actual?: string

Defined in: src/verify/identity.ts:83

Comma-joined presented identifiers (from SAN) that were compared.

commonNameFallbackReason?

readonly optional commonNameFallbackReason?: "disabled" | "suppressed_by_presented_identifier" | "common_name_missing" | "common_name_mismatch"

Defined in: src/verify/identity.ts:87

Explains why CN fallback was not used or failed.

expected?

readonly optional expected?: string

Defined in: src/verify/identity.ts:81

The reference identifier the caller asked to verify.

presentedIdentifierTypes?

readonly optional presentedIdentifierTypes?: readonly ("uri" | "dns" | "srv")[]

Defined in: src/verify/identity.ts:85

SAN types that were present, relevant to CN-fallback suppression logic.

subjectCommonName?

readonly optional subjectCommonName?: string

Defined in: src/verify/identity.ts:79

CN of the certificate that was being matched, if present.

---

PolicyValidationOutcome

Defined in: src/verify/policy.ts:41

Final policy outputs exposed by successful path-validation APIs.

Properties

authorityConstrainedPolicies

readonly authorityConstrainedPolicies: readonly ConstrainedPolicy[]

Defined in: src/verify/policy.ts:43

Policies valid under the authority's (CA chain) constraints alone.

userConstrainedPolicies

readonly userConstrainedPolicies: readonly ConstrainedPolicy[]

Defined in: src/verify/policy.ts:45

Policies that also satisfy the caller's PolicyValidationInput.initialPolicySet.

Type Aliases

MatchableServiceIdentityInput

MatchableServiceIdentityInput = ServiceIdentityInput

Defined in: src/verify/identity.ts:65

Alias for the full identity union accepted by matching functions.

---

MatchServiceIdentityEvaluation

MatchServiceIdentityEvaluation = Result<void, MatchServiceIdentityFailure>

Defined in: src/verify/identity.ts:126

Void-valued result type used internally during identity evaluation.

---

MatchServiceIdentityFailureResult

MatchServiceIdentityFailureResult = ErrorResult<MatchServiceIdentityErrorCode, MatchServiceIdentityFailureDetails, MatchServiceIdentityFailure>

Defined in: src/verify/identity.ts:110

Failure branch of MatchServiceIdentityResult with structured error details.