refactor: simplify codebase for clarity and consistency

- Extract helper functions to reduce complexity and nesting
- Use modern JS patterns (startsWith, endsWith, optional chaining, spread)
- Rename constants to UPPER_CASE convention
- Use filter(Boolean) for cleaner array filtering
- Replace switch with Set lookup in vmc.js
- Simplify conditional logic with early returns

Author: andris9

build-root-store.js

@@ -2,24 +2,25 @@
 
 // Root certificates from https://bimigroup.org/vmc-issuers/
 
-const Path = require('path');
+const path = require('path');
 const fs = require('fs').promises;
 const { parsePemBundle } = require('./lib/tools');
 
-async function main() {
-    const rootStoreFilesPath = Path.join(__dirname, 'data', 'root-store');
+const ROOT_STORE_DIR = path.join(__dirname, 'data', 'root-store');
+const OUTPUT_FILE = path.join(__dirname, 'data', 'root-store.json');
 
-    let rootCerts = [];
+async function main() {
+    const files = await fs.readdir(ROOT_STORE_DIR);
+    const pemFiles = files.filter(file => file.endsWith('.pem'));
 
-    let files = (await fs.readdir(rootStoreFilesPath)).filter(file => /\.pem$/.test(file));
-    for (let file of files) {
-        let certs = parsePemBundle(await fs.readFile(Path.join(rootStoreFilesPath, file)));
-        for (let cert of certs) {
-            rootCerts.push(cert);
-        }
+    const rootCerts = [];
+    for (const file of pemFiles) {
+        const content = await fs.readFile(path.join(ROOT_STORE_DIR, file));
+        const certs = parsePemBundle(content);
+        rootCerts.push(...certs);
     }
 
-    await fs.writeFile(Path.join(__dirname, 'data', 'root-store.json'), JSON.stringify(rootCerts, false, 2));
+    await fs.writeFile(OUTPUT_FILE, JSON.stringify(rootCerts, null, 2));
 }
 
 main().catch(err => {

lib/cert-info.js

@@ -2,17 +2,17 @@
 
 const { getDateString, parseSubject } = require('./tools');
 
-function certInfo(cert) {
-    let subject = parseSubject(cert.subject);
-
-    let subjectAltName = (cert.subjectAltName || '')
+function parseSubjectAltName(subjectAltName) {
+    return (subjectAltName || '')
         .split(/^DNS:|,\s*DNS:/g)
-        .map(subject => subject.trim())
-        .filter(subject => subject);
+        .map(name => name.trim())
+        .filter(Boolean);
+}
 
+function certInfo(cert) {
     return {
-        subject,
-        subjectAltName,
+        subject: parseSubject(cert.subject),
+        subjectAltName: parseSubjectAltName(cert.subjectAltName),
         fingerprint: cert.fingerprint,
         serialNumber: cert.serialNumber,
         validFrom: getDateString(cert.validFrom),

lib/parse-vmc.js

@@ -1,14 +1,15 @@
 'use strict';
 
 const crypto = require('crypto');
+const zlib = require('zlib');
+const { promisify } = require('util');
 const { AsnParser } = require('@peculiar/asn1-schema');
 const { LogotypeExtn } = require('@peculiar/asn1-x509-logotype');
 const { Certificate } = require('@peculiar/asn1-x509');
-const zlib = require('zlib');
-const util = require('util');
-const gunzip = util.promisify(zlib.gunzip);
 
-const hashAlgos = {
+const gunzip = promisify(zlib.gunzip);
+
+const HASH_ALGORITHMS = {
     '1.3.14.3.2.26': 'sha1',
     '2.16.840.1.101.3.4.2.4': 'sha224',
     '2.16.840.1.101.3.4.2.1': 'sha256',
@@ -19,93 +20,95 @@ const hashAlgos = {
 };
 
 function parseDataUrl(url) {
-    if (url.indexOf('data:') !== 0) {
+    if (!url.startsWith('data:')) {
         return {};
     }
 
-    let commaPos = url.indexOf(',');
+    const commaPos = url.indexOf(',');
     if (commaPos < 0) {
         return {};
     }
 
-    let header = url.substring('data:'.length, commaPos);
-    let content = url.substring(commaPos + 1);
-
-    let parts = header.split(';');
-    let mediaType = parts.shift() || '';
-    let base64 = parts.shift() === 'base64';
+    const header = url.substring(5, commaPos);
+    const content = url.substring(commaPos + 1);
+    const parts = header.split(';');
+    const mediaType = parts.shift() || '';
+    const base64 = parts.shift() === 'base64';
 
     return { header, content, mediaType, base64 };
 }
 
+function extractHashInfo(imageDetails) {
+    const hashObject = imageDetails.logotypeHash?.[0];
+    if (!hashObject) {
+        return { hashAlgo: undefined, hashValue: undefined };
+    }
+
+    const hashAlgoOid = hashObject.hashAlg?.algorithm;
+    const hashAlgo = hashAlgoOid ? HASH_ALGORITHMS[hashAlgoOid] : undefined;
+    const hashValue = hashObject.hashValue?.buffer ? Buffer.from(hashObject.hashValue.buffer) : undefined;
+
+    return { hashAlgo, hashValue };
+}
+
+async function extractLogoFile(imageDetails) {
+    const logotypeURI = imageDetails.logotypeURI?.[0];
+    if (!logotypeURI) {
+        return undefined;
+    }
+
+    const { content, base64 } = parseDataUrl(logotypeURI);
+    if (!content) {
+        return undefined;
+    }
+
+    const data = base64 ? Buffer.from(content, 'base64') : content;
+    return gunzip(data);
+}
+
+function validateHash(logoFile, hashAlgo, hashValue) {
+    if (!logoFile || !hashAlgo || !hashValue) {
+        return undefined;
+    }
+
+    try {
+        const hasher = crypto.createHash(hashAlgo);
+        return hashValue.equals(hasher.update(logoFile).digest());
+    } catch {
+        return undefined;
+    }
+}
+
 async function parseVMC(buf) {
     const cert = AsnParser.parse(buf, Certificate);
     const logoExtension = cert.tbsCertificate.extensions.find(ext => ext.extnID === '1.3.6.1.5.5.7.1.12');
 
-    if (logoExtension && logoExtension.extnValue) {
-        let logo = AsnParser.parse(logoExtension.extnValue, LogotypeExtn);
-
-        let imageDetails =
-            logo.subjectLogo &&
-            logo.subjectLogo.direct &&
-            logo.subjectLogo.direct.image &&
-            logo.subjectLogo.direct.image[0] &&
-            logo.subjectLogo.direct.image[0].imageDetails;
-
-        if (imageDetails) {
-            let hashAlgo, hashValue, hashAlgoOid;
-
-            let hashObject = imageDetails.logotypeHash && imageDetails.logotypeHash[0] && imageDetails.logotypeHash[0];
-
-            if (hashObject) {
-                hashAlgoOid = hashObject.hashAlg && hashObject.hashAlg.algorithm;
-                if (hashAlgoOid && hashAlgos[hashAlgoOid]) {
-                    hashAlgo = hashAlgos[hashAlgoOid];
-                }
-
-                if (hashObject.hashValue && hashObject.hashValue.buffer) {
-                    hashValue = Buffer.from(hashObject.hashValue.buffer);
-                }
-            }
-
-            let logotypeURI = imageDetails.logotypeURI && imageDetails.logotypeURI[0];
-            let logoFile;
-            if (logotypeURI) {
-                let { content, base64 } = parseDataUrl(logotypeURI);
-                if (content) {
-                    if (base64) {
-                        content = Buffer.from(content, 'base64');
-                    }
-                    logoFile = await gunzip(content);
-                }
-            }
-
-            let data = {
-                mediaType: imageDetails.mediaType,
-                hashAlgo,
-                hashValue,
-                logoFile
-            };
-
-            if (data.logoFile && (data.hashAlgo || data.hashAlgoOid) && data.hashValue) {
-                let hasher;
-                try {
-                    hasher = crypto.createHash(data.hashAlgo || data.hashAlgoOid);
-                } catch {
-                    // invalid hash
-                }
-                if (hasher) {
-                    data.validHash = hashValue.equals(hasher.update(logoFile).digest());
-                }
-            }
-
-            return data;
-        }
+    if (!logoExtension?.extnValue) {
+        const error = new Error('Invalid or missing logotype extension in the certificate');
+        error.code = 'INVALID_LOGOTYPE_EXT';
+        throw error;
+    }
+
+    const logo = AsnParser.parse(logoExtension.extnValue, LogotypeExtn);
+    const imageDetails = logo.subjectLogo?.direct?.image?.[0]?.imageDetails;
+
+    if (!imageDetails) {
+        const error = new Error('Invalid or missing logotype extension in the certificate');
+        error.code = 'INVALID_LOGOTYPE_EXT';
+        throw error;
     }
 
-    let error = new Error('Invalid or missing logotype extension in the certificate');
-    error.code = 'INVALID_LOGOTYPE_EXT';
-    throw error;
+    const { hashAlgo, hashValue } = extractHashInfo(imageDetails);
+    const logoFile = await extractLogoFile(imageDetails);
+    const validHash = validateHash(logoFile, hashAlgo, hashValue);
+
+    return {
+        mediaType: imageDetails.mediaType,
+        hashAlgo,
+        hashValue,
+        logoFile,
+        validHash
+    };
 }
 
 module.exports = { parseVMC };

lib/root-store.js

@@ -1,7 +1,18 @@
 'use strict';
 
 const { X509Certificate } = require('crypto');
-const rootCerts = require('../data/root-store.json');
+const rootCertPems = require('../data/root-store.json');
+
+function parseRootCert(pem) {
+    try {
+        return new X509Certificate(pem);
+    } catch (err) {
+        console.error('Failed to parse root cert');
+        console.error(err);
+        console.error(pem);
+        return null;
+    }
+}
 
 class RootStore {
     static create(config = {}) {
@@ -10,31 +21,20 @@ class RootStore {
 
     constructor(config) {
         this.config = config;
-        this.rootCerts = rootCerts
-            .map(pem => {
-                try {
-                    return new X509Certificate(pem);
-                } catch (err) {
-                    console.error(`Failed to parse root cert`);
-                    console.error(err);
-                    console.error(pem);
-                }
-            })
-            .filter(cert => cert);
+        this.rootCerts = rootCertPems.map(parseRootCert).filter(Boolean);
     }
 
     addCert(pem) {
-        let cert = new X509Certificate(pem);
-        for (let rootCert of this.rootCerts) {
-            if (rootCert.fingerprint256 === cert.fingerprint256) {
-                return false;
-            }
+        const cert = new X509Certificate(pem);
+        const isDuplicate = this.rootCerts.some(rootCert => rootCert.fingerprint256 === cert.fingerprint256);
+
+        if (isDuplicate) {
+            return false;
         }
+
         this.rootCerts.push(cert);
         return true;
     }
 }
 
-module.exports = {
-    RootStore
-};
+module.exports = { RootStore };