paypro: check validity time - cert expiration.

2014-08-25 11:27:16 -07:00 · 2014-08-25 11:27:16 -07:00 · 1dff1d6a9f
parent b52eb6f922
commit 1dff1d6a9f
1 changed files with 27 additions and 8 deletions
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@ -107,6 +107,19 @@ PayPro.prototype.x509Verify = function() {
    var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1);
    var sig = c.signature.data;

+    //
+    // Check Validity of Certificates
+    //
+    var validityVerified = true;
+    var now = Date.now();
+    var cBefore = c.tbsCertificate.validity.notBefore.value;
+    var cAfter = c.tbsCertificate.validity.notAfter.value;
+    var nBefore = nc.tbsCertificate.validity.notBefore.value;
+    var nAfter = nc.tbsCertificate.validity.notAfter.value;
+    if (cBefore > now || cAfter < now || nBefore > now || nAfter < now) {
+      validityVerified = false;
+    }
+
    //
    // Check the Issuer matches the Subject of the next certificate:
    //
@ -132,7 +145,6 @@ PayPro.prototype.x509Verify = function() {
    // Handle Cert Extensions
    // http://tools.ietf.org/html/rfc5280#section-4.2
    //
-
    var ext;
    var eid;
    var extensions = {
@ -153,30 +165,31 @@ PayPro.prototype.x509Verify = function() {
        switch (eid[3]) {
          // Basic Constraints
          case 19:
-            extensions.basicConstraints = ext;
+            extensions.basicConstraints = ext.extnValue;
            break;
          // Key Usage
          case 15:
-            extensions.keyUsage = ext;
+            extensions.keyUsage = ext.extnValue;
            break;
          // Subject Key Identifier
          case 14:
-            extensions.subjectKeyIdentifier = ext;
+            extensions.subjectKeyIdentifier = ext.extnValue;
            break;
          // Authority Key Identifier
          case 35:
-            extensions.authKeyIdentifier = ext;
+            extensions.authKeyIdentifier = ext.extnValue;
            break;
          // CRL Distribution Points
          case 31:
-            extensions.CRLDistributionPoints = ext;
+            extensions.CRLDistributionPoints = ext.extnValue;
            break;
          // Certificate Policies
          case 32:
-            extensions.certificatePolicies = ext;
+            extensions.certificatePolicies = ext.extnValue;
            break;
          // Unknown Extension (not documented anywhere, probably non-standard)
          default:
+            extensions.unknown.push(ext);
            extensions.standardUnknown.push(ext);
            break;
        }
@ -185,10 +198,16 @@ PayPro.prototype.x509Verify = function() {
      }
    }

+    var rejectUnknown = !!extensions.unknown.filter(function(ext) {
+      return ext.critical;
+    }).length;
+
    print(c);
    print(nc);
-    print('issuerVerified: %s', issuerVerified);
    print(extensions);
+    print('issuerVerified: %s', issuerVerified);
+    print('rejectUnknown: %s', rejectUnknown);
+    print('validityVerified: %s', validityVerified);

    //
    // Create a To-Be-Signed Certificate to verify using asn1.js: