"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifySigningCertificate = void 0;
const chain_1 = require("./chain");
const sct_1 = require("./sct");
const signer_1 = require("./signer");
function verifySigningCertificate(bundle, trustedRoot, options) {
    // Check that a trusted certificate chain can be found for the signing
    // certificate in the bundle. Only the first certificate in the bundle's
    // chain is used -- everything else must come from the trusted root.
    const trustedChain = (0, chain_1.verifyChain)(bundle.verificationMaterial.content.x509CertificateChain.certificates[0], trustedRoot.certificateAuthorities);
    // Unless disabled, verify the SCTs in the signing certificate
    if (options.ctlogOptions.disable === false) {
        (0, sct_1.verifySCTs)(trustedChain, trustedRoot.ctlogs, options.ctlogOptions);
    }
    // Verify the signing certificate against the provided identities
    // if provided
    if (options.signers) {
        (0, signer_1.verifySignerIdentity)(trustedChain[0], options.signers.certificateIdentities);
    }
}
exports.verifySigningCertificate = verifySigningCertificate;