RanchiMall/fcoin
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bip70: fix signing.

Browse Source
This commit is contained in:
Christopher Jeffrey 2016-07-22 21:57:42 -07:00
parent ac601e3675
commit 46969c6f3a
No known key found for this signature in database
GPG Key ID: 8962AB9DE6666BBD
2 changed files with 42 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
lib/bcoin/bip70/index.js
View File

@ -55,7 +55,7 @@ PaymentRequest.prototype.fromOptions = function fromOptions(options) {
}
if (options.chain)
this.setChain(this.pkiType, options.chain);
this.setChain(options.chain);
return this;
};
@ -122,7 +122,7 @@ PaymentRequest.prototype.getAlgorithm = function getAlgorithm() {
if (parts[1] !== 'sha1' && parts[1] !== 'sha256')
return;
return { key: 'rsa', hash: parts[1] };
return { key: parts[0], hash: parts[1] };
};
PaymentRequest.prototype.signatureData = function signatureData() {
@ -144,20 +144,21 @@ PaymentRequest.prototype.signatureHash = function signatureHash() {
return utils.hash(alg.hash, this.signatureData());
};
PaymentRequest.prototype.setChain = function setChain(pkiType, chain) {
PaymentRequest.prototype.setChain = function setChain(chain) {
var p = new ProtoWriter();
var i, cert;
var i, cert, pem;
assert(pkiType === 'x509+sha1' || pkiType === 'x509+sha256');
assert(Array.isArray(chain));
this.pkiType = pkiType;
if (!Array.isArray(chain))
chain = [chain];
for (i = 0; i < chain.length; i++) {
cert = chain[i];
if (typeof cert === 'string')
cert = asn1.fromPEM(cert).data;
assert(Buffer.isBuffer(cert), 'Bad cert format.');
if (typeof cert === 'string') {
pem = asn1.fromPEM(cert);
assert(pem.type === 'certificate', 'Bad certificate PEM.');
cert = pem.data;
}
assert(Buffer.isBuffer(cert), 'Certificates must be PEM or DER.');
p.writeFieldBytes(1, cert);
}
@ -179,24 +180,26 @@ PaymentRequest.prototype.getChain = function getChain() {
return chain;
};
PaymentRequest.prototype.sign = function sign(key) {
var alg, msg;
PaymentRequest.prototype.sign = function sign(key, chain) {
var alg, msg, chain;
if (!this.pkiType || this.pkiType === 'none') {
this.signature = null;
return;
}
if (chain)
this.setChain(chain);
if (!this.pkiType)
this.pkiType = 'x509+sha256';
alg = this.getAlgorithm();
assert(alg, 'No hash algorithm available.');
msg = this.signatureData();
chain = this.getChain();
this.signature = x509.sign(alg.hash, msg, key);
this.signature = x509.signSubject(alg.hash, msg, key, chain);
};
PaymentRequest.prototype.verify = function verify() {
var alg, msg, ver, der, pem;
var alg, msg, sig, chain;
if (!this.pkiType || this.pkiType === 'none')
return true;
@ -210,8 +213,10 @@ PaymentRequest.prototype.verify = function verify() {
return false;
msg = this.signatureData();
sig = this.signature;
chain = this.getChain();
return x509.verifySubject(alg.hash, msg, this.signature, this.getChain());
return x509.verifySubject(alg.hash, msg, sig, chain);
};
PaymentRequest.prototype.verifyChain = function verifyChain(ignoreTime) {

17
lib/bcoin/bip70/x509.js
View File

@ -126,6 +126,23 @@ x509.verifyTime = function verifyTime(cert) {
return now > time.notBefore && now < time.notAfter;
};
x509.signSubject = function signSubject(hash, msg, key, chain) {
var cert, alg;
assert(chain.length !== 0, 'No chain available.');
cert = x509.parse(chain[0]);
assert(cert, 'Could not parse certificate.');
alg = x509.getKeyAlgorithm(cert);
assert(alg, 'Certificate uses an unknown algorithm.');
if (Buffer.isBuffer(key))
key = asn1.toPEM(key, alg.key + ' PRIVATE KEY');
return x509.sign(alg.key, hash, msg, key);
};
x509.verifySubject = function verifySubject(hash, msg, sig, chain) {
var cert, key, alg;