# TrustedForm Cert ID

This library handles decrypting TrustedForm certificate IDs, which contain metadata about the certificate.
Generally speaking, this library can extract the certificate type and the certificate creation date.

## Certificate ID Types

There are several different formats of certificate IDs, depending on the certificate type.  

### Web Certificate ID

This is the most common form of certificate identifier. It looks like a SHA1 hash (40 character hexidecimal string).
Web certificate IDs contain two properties:

 * `type: 'web'` &mdash; The type of these certificates will always be "web"
 * `createdAt` &mdash; The `Date` the certificate was created

Example: `eb9fc4dd9bed9ad451a5648946cf4bf09b5bb947`

## Mobile Certificate ID

Mobile certificates are created by the TrustedForm Mobile SDK, which supports collecting certs from mobile
platform applications built on iOS and Android. Mobile certificates IDs contain two properties:

 * `type: 'mobile'` &mdash; The type of these certificates will always be "mobile"
 * `createdAt` &mdash; The `Date` the certificate was created

Example: `11NgkzK_mroUbOD1-x66NigDliU1kdvbaCtLGvyja1K80vU1sKh9grlwP78vzKSp4ncwAfJAlNPNVY8f`

## Facebook Certificate ID

Certificates generated for Facebook Lead Ads contain extra metadata:

 * `type: 'facebook'` &mdash; The type of these certificates will always be "facebook"
 * `createdAt` &mdash; The `Date` the certificate was created
 * `accountId` &mdash; The ActiveProspect account ID for the account that generated the certificate
 * `pageId` &mdash; the Facebook page identifier where the certificate was generated
 * `leadId` &mdash; the Facebook lead identifier associated with the certificate

Example: `0.rpM21ddljS9BNNUOm6FZVVqb5C5JMk1cofI4nDGdwy5ezucyxjok9qLyUXMu9diW62Xac8xNMpomBf1B-XDpfbYvaFMr0YC-54TzHcLrni4.OHOMoMFXaX9YW9DoX_xeng.1vnf6DTWU7sJo6XAxlRP_w`

## Ping ID

TrustedForm implements ping URLs to be used during the ping phase of a ping/post lead auction. Ping IDs are
really just a pointer to the real certificate ID. The properties of these IDs are: 

* `type` &mdash; The type of the real certificate
* `createdAt` &mdash; The `Date` the real certificate was created

Example: `0.1JT7QUPI1sOFZxpr72ZK45K0ck75kEBO9H3jNJuX8NkqMTv4UF-zrapBUlsefTP3lkXWh6qM.fF0DNrov0zNUNVRCqDV5dw.E2eYOJ5-dnAgiX02-96FNQ`

## Masked ID

TrustedForm supports certificate masking. A masked certificate hides important details like the session replay.
Currently, masked certificate IDs do not contain any metadata beyond the `type` property:

 * `type: 'masked'` &mdash; The type of these certificates will always be "masked"

# Usage

This library requires that two seperate private decryption keys be set in environment variables. These variables
are named the same as in the TrustedForm platform, for consistency.

 * `CERT_IDS_SECRET_KEY` &mdash; The private key used to decrypt web and mobile certificate IDs
 * `TF_CONFIG_CERT_ID_SECRET` &mdash; The private key used to decrypt all certificate IDs starting with `0.`


To decrypt a certificate ID, call the `decrypt()` function:

```javascript
const { decrypt } = require('@activeprospect/trustedform-cert-id');
const decrypted = decrypt('eb9fc4dd9bed9ad451a5648946cf4bf09b5bb947');
console.log(decrypted);
// { 
//   type: 'web',
//   createdAt: 2022-03-08T20:20:16.000Z
// }
```

To build a ping ID for a given certificate ID, call the `ping()` function:
```javascript
const { ping } = require('@activeprospect/trustedform-cert-id');
const certId = 'a1028cbb41b876744fa752eec276bec0e4c48b33';
const pingId = ping(certId);
console.log(pingId);
// 0.1JT7QUPI1sOFZxpr72ZK45K0ck75kEBO9H3jNJuX8NkqMTv4UF-zrapBUlsefTP3lkXWh6qM.fF0DNrov0zNUNVRCqDV5dw.E2eYOJ5-dnAgiX02-96FNQ
```