paypro: use asn1.js in browser paypro.
This commit is contained in:
parent
4a12d5a491
commit
f0757498b6
@ -10,7 +10,6 @@ var KJUR = require('jsrsasign');
|
|||||||
|
|
||||||
var asn1 = require('asn1.js');
|
var asn1 = require('asn1.js');
|
||||||
var rfc3280 = require('asn1.js/rfc/3280');
|
var rfc3280 = require('asn1.js/rfc/3280');
|
||||||
var Certificate = rfc3280.Certificate;
|
|
||||||
|
|
||||||
PayPro.prototype.x509Sign = function(key) {
|
PayPro.prototype.x509Sign = function(key) {
|
||||||
var self = this;
|
var self = this;
|
||||||
@ -89,13 +88,13 @@ PayPro.prototype.x509Verify = function() {
|
|||||||
|
|
||||||
// Get public key from next certificate:
|
// Get public key from next certificate:
|
||||||
var data = new Buffer(nder, 'hex');
|
var data = new Buffer(nder, 'hex');
|
||||||
var nc = Certificate.decode(data, 'der');
|
var nc = rfc3280.Certificate.decode(data, 'der');
|
||||||
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
||||||
npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');
|
npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');
|
||||||
|
|
||||||
// Get signature from current certificate:
|
// Get signature from current certificate:
|
||||||
var data = new Buffer(der, 'hex');
|
var data = new Buffer(der, 'hex');
|
||||||
var c = Certificate.decode(data, 'der');
|
var c = rfc3280.Certificate.decode(data, 'der');
|
||||||
var sig = c.signature.data;
|
var sig = c.signature.data;
|
||||||
|
|
||||||
var verifier = crypto.createVerify('RSA-' + type);
|
var verifier = crypto.createVerify('RSA-' + type);
|
||||||
|
|||||||
@ -5,6 +5,8 @@ var KJUR = require('jsrsasign');
|
|||||||
var assert = require('assert');
|
var assert = require('assert');
|
||||||
var PayPro = require('../common/PayPro');
|
var PayPro = require('../common/PayPro');
|
||||||
var RootCerts = require('../common/RootCerts');
|
var RootCerts = require('../common/RootCerts');
|
||||||
|
var asn1 = require('asn1.js');
|
||||||
|
var rfc3280 = require('asn1.js/rfc/3280');
|
||||||
|
|
||||||
// Documentation:
|
// Documentation:
|
||||||
// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign
|
// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign
|
||||||
@ -78,13 +80,9 @@ PayPro.prototype.x509Verify = function(key) {
|
|||||||
// 2. Extract signature from current certificate.
|
// 2. Extract signature from current certificate.
|
||||||
// 3. If current cert is not trusted, verify that the current cert is signed
|
// 3. If current cert is not trusted, verify that the current cert is signed
|
||||||
// by NEXT by the certificate.
|
// by NEXT by the certificate.
|
||||||
// 4. XXX What to do when the certificate is revoked?
|
// NOTE: XXX What to do when the certificate is revoked?
|
||||||
|
|
||||||
var blen = +type.replace(/[^\d]+/g, '');
|
var chainVerified = chain.every(function(cert, i) {
|
||||||
if (blen === 1) blen = 20;
|
|
||||||
if (blen === 256) blen = 32;
|
|
||||||
|
|
||||||
chain.forEach(function(cert, i) {
|
|
||||||
var der = cert.toString('hex');
|
var der = cert.toString('hex');
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
var name = RootCerts.getTrusted(pem);
|
var name = RootCerts.getTrusted(pem);
|
||||||
@ -92,50 +90,38 @@ PayPro.prototype.x509Verify = function(key) {
|
|||||||
var ncert = chain[i + 1];
|
var ncert = chain[i + 1];
|
||||||
// The root cert, check if it's trusted:
|
// The root cert, check if it's trusted:
|
||||||
if (!ncert || name) {
|
if (!ncert || name) {
|
||||||
if (!name) {
|
chain.length = 0;
|
||||||
// console.log('Untrusted certificate.');
|
return true;
|
||||||
} else {
|
|
||||||
// console.log('Certificate: %s', name);
|
|
||||||
}
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
var nder = ncert.toString('hex');
|
var nder = ncert.toString('hex');
|
||||||
var npem = KJUR.asn1.ASN1Util.getPEMStringFromHex(nder, 'CERTIFICATE');
|
var npem = KJUR.asn1.ASN1Util.getPEMStringFromHex(nder, 'CERTIFICATE');
|
||||||
|
|
||||||
// get sig from current cert - BAD
|
// Get public key from next certificate:
|
||||||
var sig = der.slice(-(blen * 2));
|
var data = new Buffer(nder, 'hex');
|
||||||
|
var nc = rfc3280.Certificate.decode(data, 'der');
|
||||||
|
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
||||||
|
npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');
|
||||||
|
|
||||||
// Should work but doesn't:
|
// Get signature from current certificate:
|
||||||
// get sig from current cert
|
var data = new Buffer(der, 'hex');
|
||||||
// var o = new KJUR.asn1.cms.SignerInfo();
|
var c = rfc3280.Certificate.decode(data, 'der');
|
||||||
// o.setSignerIdentifier(pem);
|
var sig = c.signature.data;
|
||||||
// var sig = new Buffer(o.getEncodedHex(), 'hex');
|
|
||||||
|
|
||||||
// get public key from next cert
|
|
||||||
var js = new KJUR.crypto.Signature({
|
|
||||||
alg: type + 'withRSA',
|
|
||||||
prov: 'cryptojs/jsrsa'
|
|
||||||
});
|
|
||||||
js.initVerifyByCertificatePEM(npem);
|
|
||||||
var npubKey = KJUR.KEYUTIL.getPEM(js.pubKey);
|
|
||||||
|
|
||||||
var jsrsaSig = new KJUR.crypto.Signature({
|
var jsrsaSig = new KJUR.crypto.Signature({
|
||||||
alg: type + 'withRSA',
|
alg: type + 'withRSA',
|
||||||
prov: 'cryptojs/jsrsa'
|
prov: 'cryptojs/jsrsa'
|
||||||
});
|
});
|
||||||
jsrsaSig.initVerifyByPublicKey(npubKey);
|
jsrsaSig.initVerifyByPublicKey(npubKey);
|
||||||
// NOTE: We need to slice off the signatureAlgorithm and signatureValue -
|
|
||||||
// consult the x509 spec:
|
// Create a To-Be-Signed Certificate to verify using asn1.js:
|
||||||
// https://www.ietf.org/rfc/rfc2459
|
// Fails at Issuer:
|
||||||
jsrsaSig.updateHex(der);
|
var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
|
||||||
var v = jsrsaSig.verify(sig);
|
jsrsaSig.updateHex(tbs);
|
||||||
if (!v) {
|
|
||||||
// console.log(i + ' not verified.');
|
return jsrsaSig.verify(sig);
|
||||||
verified = false;
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
|
|
||||||
return verified;
|
return verified && chainVerified;
|
||||||
};
|
};
|
||||||
|
|
||||||
module.exports = PayPro;
|
module.exports = PayPro;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user