paypro: move tbs parsing into common.

2014-08-28 17:13:02 -07:00 · 2014-08-28 17:13:02 -07:00 · a39aeeb446
commit a39aeeb446
parent 12c56854b9
2 changed files with 45 additions and 41 deletions
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@ -134,47 +134,12 @@ PayPro.prototype.x509Verify = function() {
    });

    //
-    // Verify current certificate signature
+    // Verify current Certificate signature
    //

-    // Grab the raw DER To-Be-Signed Certificate to verify:
-    // First 10 bytes usually look like:
-    // [ 48, 130, 5, 32, 48, 130, 4, 8, 160, 3 ]
-    var start = 0;
-    var starts = 0;
-    for (var start = 0; start < data.length; start++) {
-      if (starts === 1 && data[start] === 48) {
-        break;
-      }
-      if (starts < 1 && data[start] === 48) {
-        starts++;
-      }
-    }
-
-    // The bytes *after* the TBS (including the last TBS byte) will look like
-    // (note the 48 - the start of the sig, and the 122 - the end of the TBS):
-    // [ 122, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, ... ]
-
-    // The certificate in these examples has a `start` of 4, and an `end` of
-    // 1040. The 4 bytes is the DER SEQ of the Certificate, right before the
-    // SEQ of the TBSCertificate.
-
-    var end = 0;
-    var ends = 0;
-    for (var end = data.length - 1; end > 0; end--) {
-      if (ends === 2 && data[end] === 48) {
-        break;
-      }
-      if (ends < 2 && data[end] === 0) {
-        ends++;
-      }
-    }
-
-    console.log(Array.prototype.slice.call(data.slice(end - 1)));
-    console.log(Array.prototype.slice.call(data.slice(0, start + 6)));
-    console.log('start=%d, end=%d', start, end);
-
-    var tbs = data.slice(start, end);
+    // Get the raw DER TBSCertificate
+    // from the DER Certificate:
+    var tbs = PayPro.getTBSCertificate(data);

    var verifier = crypto.createVerify('RSA-' + sigAlg);
    verifier.update(tbs);
@ -185,8 +150,6 @@ PayPro.prototype.x509Verify = function() {
      && sigVerified;
  });

-  console.log('verified && chainVerified:', verified && chainVerified);
-
  return verified && chainVerified;
 };

--- a/lib/common/PayPro.js
+++ b/lib/common/PayPro.js
@ -52,6 +52,47 @@ PayPro.getAlgorithm = function(value, index) {
  return value;
 };

+// Grab the raw DER To-Be-Signed Certificate
+// from a DER Certificate to verify
+PayPro.getTBSCertificate = function(data) {
+  // We start by slicing off the first SEQ of the
+  // Certificate (TBSCertificate is its own SEQ).
+
+  // The first 10 bytes usually look like:
+  // [ 48, 130, 5, 32, 48, 130, 4, 8, 160, 3 ]
+  var start = 0;
+  var starts = 0;
+  for (var start = 0; start < data.length; start++) {
+    if (starts === 1 && data[start] === 48) {
+      break;
+    }
+    if (starts < 1 && data[start] === 48) {
+      starts++;
+    }
+  }
+
+  // The bytes *after* the TBS (including the last TBS byte) will look like
+  // (note the 48 - the start of the sig, and the 122 - the end of the TBS):
+  // [ 122, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, ... ]
+
+  // The certificate in these examples has a `start` of 4, and an `end` of
+  // 1040. The 4 bytes is the DER SEQ of the Certificate, right before the
+  // SEQ of the TBSCertificate.
+  var end = 0;
+  var ends = 0;
+  for (var end = data.length - 1; end > 0; end--) {
+    if (ends === 2 && data[end] === 48) {
+      break;
+    }
+    if (ends < 2 && data[end] === 0) {
+      ends++;
+    }
+  }
+
+  // Return our raw DER TBSCertificate:
+  return data.slice(start, end);
+};
+
 PayPro.RootCerts = RootCerts;

 PayPro.proto = {};