paypro: implement "none" pki_type.
This commit is contained in:
Christopher Jeffrey
parent
a73699ba64
commit
a50b9ed3a3
@ -17,12 +17,19 @@ PayPro.prototype.x509Sign = function(key, returnTrust) {
|
|||||||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||||
pki_data = pki_data.certificate;
|
pki_data = pki_data.certificate;
|
||||||
var details = this.get('serialized_payment_details');
|
var details = this.get('serialized_payment_details');
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type !== 'none'
|
||||||
|
? pki_type.split('+')[1].toUpperCase()
|
||||||
|
: pki_type;
|
||||||
|
|
||||||
var signature = crypto.createSign('RSA-' + type);
|
if (type !== 'none') {
|
||||||
var buf = this.serializeForSig();
|
var signature = crypto.createSign('RSA-' + type);
|
||||||
signature.update(buf);
|
var buf = this.serializeForSig();
|
||||||
var sig = signature.sign(key);
|
signature.update(buf);
|
||||||
|
var sig = signature.sign(key);
|
||||||
|
} else {
|
||||||
|
var buf = this.serializeForSig();
|
||||||
|
var sig = '';
|
||||||
|
}
|
||||||
|
|
||||||
if (returnTrust) {
|
if (returnTrust) {
|
||||||
var cert = pki_data[pki_data.length - 1];
|
var cert = pki_data[pki_data.length - 1];
|
||||||
@ -57,15 +64,20 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
|||||||
pki_data = pki_data.certificate;
|
pki_data = pki_data.certificate;
|
||||||
var details = this.get('serialized_payment_details');
|
var details = this.get('serialized_payment_details');
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type !== 'none'
|
||||||
|
? pki_type.split('+')[1].toUpperCase()
|
||||||
|
: pki_type;
|
||||||
|
|
||||||
var verifier = crypto.createVerify('RSA-' + type);
|
if (type !== 'none') {
|
||||||
verifier.update(buf);
|
var verifier = crypto.createVerify('RSA-' + type);
|
||||||
|
verifier.update(buf);
|
||||||
var signedCert = pki_data[0];
|
var signedCert = pki_data[0];
|
||||||
var der = signedCert.toString('hex');
|
var der = signedCert.toString('hex');
|
||||||
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
||||||
var verified = verifier.verify(pem, sig);
|
var verified = verifier.verify(pem, sig);
|
||||||
|
} else {
|
||||||
|
var verified = true;
|
||||||
|
}
|
||||||
|
|
||||||
var chain = pki_data;
|
var chain = pki_data;
|
||||||
|
|
||||||
@ -177,7 +189,7 @@ PayPro.verifyCertChain = function(chain, type) {
|
|||||||
// from the DER Certificate:
|
// from the DER Certificate:
|
||||||
var tbs = PayPro.getTBSCertificate(data);
|
var tbs = PayPro.getTBSCertificate(data);
|
||||||
|
|
||||||
var verifier = crypto.createVerify('RSA-' + sigAlg);
|
var verifier = crypto.createVerify(type ? 'RSA-' + type : 'RSA');
|
||||||
verifier.update(tbs);
|
verifier.update(tbs);
|
||||||
var sigVerified = verifier.verify(npubKey, sig);
|
var sigVerified = verifier.verify(npubKey, sig);
|
||||||
|
|
||||||
|
|||||||
@ -18,23 +18,29 @@ PayPro.prototype.x509Sign = function(key, returnTrust) {
|
|||||||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
||||||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||||
pki_data = pki_data.certificate;
|
pki_data = pki_data.certificate;
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type !== 'none'
|
||||||
|
? pki_type.split('+')[1].toUpperCase()
|
||||||
|
: pki_type;
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
|
|
||||||
var rsa = new KJUR.RSAKey();
|
var rsa = new KJUR.RSAKey();
|
||||||
rsa.readPrivateKeyFromPEMString(key.toString());
|
rsa.readPrivateKeyFromPEMString(key.toString());
|
||||||
key = rsa;
|
key = rsa;
|
||||||
|
|
||||||
var jsrsaSig = new KJUR.crypto.Signature({
|
if (type !== 'none') {
|
||||||
alg: type + 'withRSA',
|
var jsrsaSig = new KJUR.crypto.Signature({
|
||||||
prov: 'cryptojs/jsrsa'
|
alg: type + 'withRSA',
|
||||||
});
|
prov: 'cryptojs/jsrsa'
|
||||||
|
});
|
||||||
|
|
||||||
jsrsaSig.init(key);
|
jsrsaSig.init(key);
|
||||||
|
|
||||||
jsrsaSig.updateHex(buf.toString('hex'));
|
jsrsaSig.updateHex(buf.toString('hex'));
|
||||||
|
|
||||||
var sig = new Buffer(jsrsaSig.sign(), 'hex');
|
var sig = new Buffer(jsrsaSig.sign(), 'hex');
|
||||||
|
} else {
|
||||||
|
var sig = '';
|
||||||
|
}
|
||||||
|
|
||||||
if (returnTrust) {
|
if (returnTrust) {
|
||||||
var cert = pki_data[pki_data.length - 1];
|
var cert = pki_data[pki_data.length - 1];
|
||||||
@ -66,20 +72,25 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
|||||||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||||
pki_data = pki_data.certificate;
|
pki_data = pki_data.certificate;
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type !== 'none'
|
||||||
|
? pki_type.split('+')[1].toUpperCase()
|
||||||
|
: pki_type;
|
||||||
|
|
||||||
var jsrsaSig = new KJUR.crypto.Signature({
|
if (type !== 'none') {
|
||||||
alg: type + 'withRSA',
|
var jsrsaSig = new KJUR.crypto.Signature({
|
||||||
prov: 'cryptojs/jsrsa'
|
alg: type + 'withRSA',
|
||||||
});
|
prov: 'cryptojs/jsrsa'
|
||||||
|
});
|
||||||
var signedCert = pki_data[0];
|
var signedCert = pki_data[0];
|
||||||
var der = signedCert.toString('hex');
|
var der = signedCert.toString('hex');
|
||||||
// var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
// var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
jsrsaSig.initVerifyByCertificatePEM(pem);
|
jsrsaSig.initVerifyByCertificatePEM(pem);
|
||||||
jsrsaSig.updateHex(buf.toString('hex'));
|
jsrsaSig.updateHex(buf.toString('hex'));
|
||||||
var verified = jsrsaSig.verify(sig.toString('hex'));
|
var verified = jsrsaSig.verify(sig.toString('hex'));
|
||||||
|
} else {
|
||||||
|
var verified = true;
|
||||||
|
}
|
||||||
|
|
||||||
var chain = pki_data;
|
var chain = pki_data;
|
||||||
|
|
||||||
@ -169,12 +180,14 @@ PayPro.verifyCertChain = function(chain, type) {
|
|||||||
//
|
//
|
||||||
// Get Public Key from next certificate (via KJUR because it's a mess):
|
// Get Public Key from next certificate (via KJUR because it's a mess):
|
||||||
//
|
//
|
||||||
var js = new KJUR.crypto.Signature({
|
if (type !== 'none') {
|
||||||
alg: type + 'withRSA',
|
var js = new KJUR.crypto.Signature({
|
||||||
prov: 'cryptojs/jsrsa'
|
alg: type + 'withRSA',
|
||||||
});
|
prov: 'cryptojs/jsrsa'
|
||||||
js.initVerifyByCertificatePEM(npem);
|
});
|
||||||
var npubKey = js.pubKey;
|
js.initVerifyByCertificatePEM(npem);
|
||||||
|
var npubKey = js.pubKey;
|
||||||
|
}
|
||||||
// XXX Somehow change the pubKey format to npubKeyAlg.
|
// XXX Somehow change the pubKey format to npubKeyAlg.
|
||||||
|
|
||||||
//
|
//
|
||||||
@ -199,19 +212,23 @@ PayPro.verifyCertChain = function(chain, type) {
|
|||||||
// Verify current Certificate signature
|
// Verify current Certificate signature
|
||||||
//
|
//
|
||||||
|
|
||||||
var jsrsaSig = new KJUR.crypto.Signature({
|
if (type !== 'none') {
|
||||||
alg: type + 'withRSA',
|
var jsrsaSig = new KJUR.crypto.Signature({
|
||||||
prov: 'cryptojs/jsrsa'
|
alg: type + 'withRSA',
|
||||||
});
|
prov: 'cryptojs/jsrsa'
|
||||||
jsrsaSig.initVerifyByPublicKey(npubKey);
|
});
|
||||||
|
jsrsaSig.initVerifyByPublicKey(npubKey);
|
||||||
|
|
||||||
// Get the raw DER TBSCertificate
|
// Get the raw DER TBSCertificate
|
||||||
// from the DER Certificate:
|
// from the DER Certificate:
|
||||||
var tbs = PayPro.getTBSCertificate(data);
|
var tbs = PayPro.getTBSCertificate(data);
|
||||||
|
|
||||||
jsrsaSig.updateHex(tbs.toString('hex'));
|
jsrsaSig.updateHex(tbs.toString('hex'));
|
||||||
|
|
||||||
var sigVerified = jsrsaSig.verify(sig.toString('hex'));
|
var sigVerified = jsrsaSig.verify(sig.toString('hex'));
|
||||||
|
} else {
|
||||||
|
var sigVerified = true;
|
||||||
|
}
|
||||||
|
|
||||||
return validityVerified
|
return validityVerified
|
||||||
&& issuerVerified
|
&& issuerVerified
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user