paypro: more extension debugging.

2014-08-26 16:26:34 -07:00 · 2014-08-26 16:26:34 -07:00 · 60b266a0db
commit 60b266a0db
parent 7115dc97a4
1 changed files with 108 additions and 22 deletions
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@ -150,6 +150,87 @@ PayPro.prototype.x509Verify = function() {
    var extensions = rfc5280.decodeExtensions(c, { partial: false });
    var extensionsVerified = extensions.verified;

+    // The two most important extensions:
+    // "The keyIdentifier field of the authorityKeyIdentifier extension MUST be
+    // included in all certificates generated by conforming CAs to facilitate
+    // certification path construction."
+    var aki = extensions.authorityKeyIdentifier;
+    aki.sha1Key = aki.raw.slice(4, 24);
+    var ski = extensions.subjectKeyIdentifier;
+    ski.sha1Key = ski.decoded;
+    var ku = extensions.keyUsage;
+
+    // Next Extensions:
+    var nextensions = rfc5280.decodeExtensions(nc, { partial: false });
+    var nextensionsVerified = nextensions.verified;
+    var naki = nextensions.authorityKeyIdentifier;
+    naki.sha1Key = naki.raw.slice(4, 24);
+    var nski = nextensions.subjectKeyIdentifier;
+    nski.sha1Key = nski.decoded;
+    var nku = nextensions.keyUsage;
+
+    // Subject Key was derived from Next Public Key
+
+    // Authority Key Identifier:
+    // { decoded: { _unknown: <Buffer 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> },
+    //   raw: <Buffer 30 16 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> }
+
+    // ~/work/node_modules/asn1.js/lib/asn1/decoders/der.js
+    // ~/work/node_modules/asn1.js/lib/asn1/constants/der.js
+
+    // 0x30 - SEQ
+    // 0x16 - Octet Len = 22 - the sha is 20 bytes
+    // 0x80 - ??
+    // 0x14 - ??
+    // 0xd2 -
+    // 0xc4 -
+    // 0xb0 -
+    // 0xd2 -
+    // 0x91 -
+    // 0xd4 -
+    // 0x4c -
+    // 0x11 -
+    // 0x71 -
+    // 0xb3 -
+    // 0x61 -
+    // 0xcb -
+    // 0x3d -
+    // 0xa1 -
+    // 0xfe -
+    // 0xdd -
+    // 0xa8 -
+    // 0x6a -
+    // 0xd4 -
+    // 0xe3 -
+
+    // Subject Key Identifier
+    // { decoded: <Buffer 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de>,
+    //   raw: <Buffer 04 14 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de> }
+
+    // 0x04 - octet string
+    // 0x14 = 20 bytes
+    // rest: sha1 (20 bytes)
+
+    // if (extensions.subjectDirectoryAttributes.decoded.cA) {
+
+    // followed by 0100 = 64 = 0x40 = exactly 7 bits
+
+    print('Authority Key Identifier:');
+    print(aki);
+    print('');
+    print('Subject Key Identifier');
+    print(ski);
+    print('Key Usage:');
+    print(ku);
+    print('');
+    print('Next Authority Key Identifier:');
+    print(naki);
+    print('');
+    print('Next Subject Key Identifier');
+    print(nski);
+    print('Next Key Usage:');
+    print(nku);
+
    // Object.keys(extensions).forEach(function(key) {
    //   if (extensions[key].execute) {
    //     c = extensions[key].execute(c);
@ -558,7 +639,7 @@ rfc5280.DirectoryString = asn1.define('DirectoryString', function() {

 /**
 * 2
- * # SubjectKeyIdentifier
+ * # Subject Key Identifier
 */

 var SubjectKeyIdentifier =
@ -568,7 +649,7 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() {

 /**
 * 3
- * # KeyUsage
+ * # Key Usage
 */

 var KeyUsage =
@ -976,14 +1057,15 @@ rfc5280.extensions = {
    31: {
      name: 'CRL Distribution Points',
      parse: function(decoded, cert, ext, edata) {
-        return decoded;
        // XXX Find the bitstr: ReasonFlags
-        print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
-        print(decoded);
-        print(cert);
-        print(ext);
-        print(edata);
-        print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
+        if (process.env.NODE_DEBUG) {
+          print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
+          print(decoded);
+          print(cert);
+          print(ext);
+          print(edata);
+          print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
+        }
        return decoded;
        // For bitstr: ReasonFlags
        var data = decoded.CRLDistributionPoints.DistributionPoint.reasons;
@ -1100,18 +1182,18 @@ rfc5280.decodeExtensions = function(cert, options) {
      }

      // If the Extension needs extra parsing (i.e. bitstrs)
-      data = ext.parse
-        ? ext.parse(decoded, cert, ext, edata)
-        : decoded;
+      data = {
+        decoded: ext.parse
+          ? ext.parse(decoded, cert, ext, edata)
+          : decoded,
+        raw: edata.extnValue
+      };

      // Tack on some useful info

      // Comment for debugging:
      // data.edata = edata;
      // data.ext = ext;
-      if (ext.parse) {
-        data.decoded = decoded;
-      }

      // Execute Behavior for Cert
      if (ext.execute) {
@ -1127,18 +1209,22 @@ rfc5280.decodeExtensions = function(cert, options) {
      output[ext.prop] = data;

      // XXX Debug
-      print('------------');
-      print('%s (%s):', ext.name, ext.id);
-      print('Buffer:');
-      print(edata.extnValue);
-      print('Extension:');
-      print(data);
+      if (process.env.NODE_DEBUG) {
+        print('------------');
+        print('%s (%s):', ext.name, ext.id);
+        print('Buffer:');
+        print(edata.extnValue);
+        print('Extension:');
+        print(data);
+      }
    } else {
      // Add unknown extension:
      output.unknown.push(edata);

      // XXX Debug
-      print('Unknown extension: %s', eid);
+      if (process.env.NODE_DEBUG) {
+        print('Unknown extension: %s', eid);
+      }
    }
  }