RanchiMall/flocore
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

paypro: check validity time - cert expiration.

Browse Source
This commit is contained in:
Christopher Jeffrey 2014-08-25 11:27:16 -07:00
parent b52eb6f922
commit 1dff1d6a9f
1 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
lib/PayPro.js
View File

@ -107,6 +107,19 @@ PayPro.prototype.x509Verify = function() {
var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1); var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1);
var sig = c.signature.data; var sig = c.signature.data;
//
// Check Validity of Certificates
//
var validityVerified = true;
var now = Date.now();
var cBefore = c.tbsCertificate.validity.notBefore.value;
var cAfter = c.tbsCertificate.validity.notAfter.value;
var nBefore = nc.tbsCertificate.validity.notBefore.value;
var nAfter = nc.tbsCertificate.validity.notAfter.value;
if (cBefore > now || cAfter < now || nBefore > now || nAfter < now) {
validityVerified = false;
}
// //
// Check the Issuer matches the Subject of the next certificate: // Check the Issuer matches the Subject of the next certificate:
// //
@ -132,7 +145,6 @@ PayPro.prototype.x509Verify = function() {
// Handle Cert Extensions // Handle Cert Extensions
// http://tools.ietf.org/html/rfc5280#section-4.2 // http://tools.ietf.org/html/rfc5280#section-4.2
// //
var ext; var ext;
var eid; var eid;
var extensions = { var extensions = {
@ -153,30 +165,31 @@ PayPro.prototype.x509Verify = function() {
switch (eid[3]) { switch (eid[3]) {
// Basic Constraints // Basic Constraints
case 19: case 19:
extensions.basicConstraints = ext; extensions.basicConstraints = ext.extnValue;
break; break;
// Key Usage // Key Usage
case 15: case 15:
extensions.keyUsage = ext; extensions.keyUsage = ext.extnValue;
break; break;
// Subject Key Identifier // Subject Key Identifier
case 14: case 14:
extensions.subjectKeyIdentifier = ext; extensions.subjectKeyIdentifier = ext.extnValue;
break; break;
// Authority Key Identifier // Authority Key Identifier
case 35: case 35:
extensions.authKeyIdentifier = ext; extensions.authKeyIdentifier = ext.extnValue;
break; break;
// CRL Distribution Points // CRL Distribution Points
case 31: case 31:
extensions.CRLDistributionPoints = ext; extensions.CRLDistributionPoints = ext.extnValue;
break; break;
// Certificate Policies // Certificate Policies
case 32: case 32:
extensions.certificatePolicies = ext; extensions.certificatePolicies = ext.extnValue;
break; break;
// Unknown Extension (not documented anywhere, probably non-standard) // Unknown Extension (not documented anywhere, probably non-standard)
default: default:
extensions.unknown.push(ext);
extensions.standardUnknown.push(ext); extensions.standardUnknown.push(ext);
break; break;
} }
@ -185,10 +198,16 @@ PayPro.prototype.x509Verify = function() {
} }
} }
var rejectUnknown = !!extensions.unknown.filter(function(ext) {
return ext.critical;
}).length;
print(c); print(c);
print(nc); print(nc);
print('issuerVerified: %s', issuerVerified);
print(extensions); print(extensions);
print('issuerVerified: %s', issuerVerified);
print('rejectUnknown: %s', rejectUnknown);
print('validityVerified: %s', validityVerified);
// //
// Create a To-Be-Signed Certificate to verify using asn1.js: // Create a To-Be-Signed Certificate to verify using asn1.js: