paypro: use fedor's asn1.js to deal with DER certificates.
This commit is contained in:
parent
569e60065a
commit
5085880bd0
|
@ -8,6 +8,10 @@ var PayPro = require('./common/PayPro');
|
|||
|
||||
var KJUR = require('jsrsasign');
|
||||
|
||||
var asn1 = require('asn1.js');
|
||||
var rfc3280 = require('asn1.js/rfc/3280');
|
||||
var Certificate = rfc3280.Certificate;
|
||||
|
||||
PayPro.prototype.x509Sign = function(key) {
|
||||
var self = this;
|
||||
var crypto = require('crypto');
|
||||
|
@ -91,25 +95,71 @@ PayPro.prototype.x509Verify = function() {
|
|||
var nder = ncert.toString('hex');
|
||||
var npem = self._DERtoPEM(nder, 'CERTIFICATE');
|
||||
|
||||
// get sig from current cert - BAD
|
||||
var sig = new Buffer(der.slice(-(blen * 2)), 'hex');
|
||||
/*
|
||||
https://www.ietf.org/rfc/rfc2459
|
||||
https://en.wikipedia.org/wiki/X509
|
||||
https://github.com/indutny/asn1.js
|
||||
https://github.com/indutny/asn1.js/blob/master/rfc/3280/index.js
|
||||
~/work/node_modules/bitcore/node_modules/asn1.js/rfc/3280/index.js
|
||||
Error: Failed to match tag: "objid" at:
|
||||
["tbsCertificate"]["issuerUniqueID"]["subjectUniqueID"]["extensions"]["extnID"]
|
||||
PR: https://github.com/indutny/asn1.js/pull/22
|
||||
*/
|
||||
|
||||
// Should work but doesn't:
|
||||
// get sig from current cert
|
||||
// var o = new KJUR.asn1.cms.SignerInfo();
|
||||
// o.setSignerIdentifier(pem);
|
||||
// var sig = o.getEncodedHex();
|
||||
// Get public key from next certificate.
|
||||
var data = new Buffer(nder, 'hex');
|
||||
var nc = Certificate.decode(data, 'der');
|
||||
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
||||
// Need to convert this to PEM:
|
||||
// Doesn't work because KJUR is terrible:
|
||||
// npubKey = KJUR.KEYUTIL.getPEM(npubKey.toString('hex'));
|
||||
npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');
|
||||
|
||||
// get public key from next cert
|
||||
var js = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
js.initVerifyByCertificatePEM(npem);
|
||||
var npubKey = KJUR.KEYUTIL.getPEM(js.pubKey);
|
||||
// Get signature from current certificate.
|
||||
var data = new Buffer(der, 'hex');
|
||||
//var c = Certificate.decode(data, 'der', { partial: true });
|
||||
var c = Certificate.decode(data, 'der');
|
||||
var sig = c.signature.data;
|
||||
|
||||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
|
||||
var t = c.tbsCertificate;
|
||||
|
||||
// Messy work:
|
||||
// Fails on Issuer:
|
||||
/*
|
||||
var cur = Certificate.encode({
|
||||
tbsCertificate: {
|
||||
version: t.version,
|
||||
serialNumber: t.serialNumber,
|
||||
signature: t.signature,
|
||||
// Fails on issuer:
|
||||
//issuer: t.issuer,
|
||||
//issuer: t.issuer.value,
|
||||
//issuer: t.issuer.value.map(function(obj) {
|
||||
// return obj.value;
|
||||
//}),
|
||||
//issuer: t.issuer.type,
|
||||
//issuer: 'rdh',
|
||||
//issuer: rfc3280.Name.decode(t.issuer, 'der'),
|
||||
validity: t.validity,
|
||||
subject: t.subject,
|
||||
subjectPublicKeyInfo: t.subjectPublicKeyInfo,
|
||||
extensions: t.extensions
|
||||
},
|
||||
signatureAlgorithm: '',
|
||||
signature: ''
|
||||
}, 'der');
|
||||
*/
|
||||
|
||||
var cur = Certificate.encode({
|
||||
tbsCertificate: c.tbsCertificate,
|
||||
signatureAlgorithm: '',
|
||||
signature: ''
|
||||
}, 'der');
|
||||
|
||||
// console.log(cur);
|
||||
|
||||
// NOTE: We need to slice off the signatureAlgorithm and signatureValue.
|
||||
// consult the x509 spec:
|
||||
// https://www.ietf.org/rfc/rfc2459
|
||||
|
|
|
@ -85,7 +85,8 @@
|
|||
"event-stream": "~3.1.5",
|
||||
"gulp-concat": "~2.2.0",
|
||||
"gulp": "~3.8.2",
|
||||
"preconditions": "^1.0.7"
|
||||
"preconditions": "^1.0.7",
|
||||
"asn1.js": "git://github.com/chjj/asn1.js.git"
|
||||
},
|
||||
"testling": {
|
||||
"harness": "mocha-bdd",
|
||||
|
|
Loading…
Reference in New Issue