paypro: get root cert names.
This commit is contained in:
parent
0020e289d8
commit
5b4c4f3894
|
@ -45,7 +45,7 @@ function getRootCerts(callback) {
|
||||||
+ ' return trusted;\n'
|
+ ' return trusted;\n'
|
||||||
+ '}, {});\n'
|
+ '}, {});\n'
|
||||||
+ '\n'
|
+ '\n'
|
||||||
+ 'function isTrusted(pem) {\n'
|
+ 'function getTrusted(pem) {\n'
|
||||||
+ ' pem = pem + "";\n'
|
+ ' pem = pem + "";\n'
|
||||||
+ ' pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");\n'
|
+ ' pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");\n'
|
||||||
+ ' pem = pem.replace(/-----END CERTIFICATE-----/g, "");\n'
|
+ ' pem = pem.replace(/-----END CERTIFICATE-----/g, "");\n'
|
||||||
|
@ -59,8 +59,8 @@ function getRootCerts(callback) {
|
||||||
+ '\n'
|
+ '\n'
|
||||||
+ 'exports.certs = certs;\n'
|
+ 'exports.certs = certs;\n'
|
||||||
+ 'exports.trusted = trusted;\n'
|
+ 'exports.trusted = trusted;\n'
|
||||||
+ 'exports.isTrusted = isTrusted;\n'
|
+ 'exports.getCert = getCert;\n'
|
||||||
+ 'exports.getCert = getCert;\n';
|
+ 'exports.getTrusted = getTrusted;\n';
|
||||||
return callback(null, body);
|
return callback(null, body);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,15 +16,19 @@ PayPro.prototype.x509Sign = function(key) {
|
||||||
var details = this.get('serialized_payment_details');
|
var details = this.get('serialized_payment_details');
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type.split('+')[1].toUpperCase();
|
||||||
|
|
||||||
var trusted = [].concat(pki_data).every(function(cert) {
|
var trusted = pki_data.map(function(cert) {
|
||||||
var der = cert.toString('hex');
|
var der = cert.toString('hex');
|
||||||
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
||||||
return RootCerts.isTrusted(pem);
|
return RootCerts.getTrusted(pem);
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!trusted) {
|
// XXX Figure out what to do here
|
||||||
// XXX Figure out what to do here
|
if (!trusted.length) {
|
||||||
// throw new Error('Unstrusted certificate.');
|
// throw new Error('Unstrusted certificate.');
|
||||||
|
} else {
|
||||||
|
trusted.forEach(function(name) {
|
||||||
|
// console.log('Certificate: %s', name);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
var signature = crypto.createSign('RSA-' + type);
|
var signature = crypto.createSign('RSA-' + type);
|
||||||
|
@ -49,13 +53,16 @@ PayPro.prototype.x509Verify = function() {
|
||||||
var verifier = crypto.createVerify('RSA-' + type);
|
var verifier = crypto.createVerify('RSA-' + type);
|
||||||
verifier.update(buf);
|
verifier.update(buf);
|
||||||
|
|
||||||
return [].concat(pki_data).every(function(cert) {
|
return pki_data.every(function(cert) {
|
||||||
var der = cert.toString('hex');
|
var der = cert.toString('hex');
|
||||||
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
||||||
|
|
||||||
if (!RootCerts.isTrusted(pem)) {
|
var name = RootCerts.getTrusted(pem);
|
||||||
// XXX Figure out what to do here
|
// XXX Figure out what to do here
|
||||||
|
if (!name) {
|
||||||
// throw new Error('Unstrusted certificate.');
|
// throw new Error('Unstrusted certificate.');
|
||||||
|
} else {
|
||||||
|
// console.log('Certificate: %s', name);
|
||||||
}
|
}
|
||||||
|
|
||||||
return verifier.verify(pem, sig);
|
return verifier.verify(pem, sig);
|
||||||
|
|
|
@ -18,15 +18,19 @@ PayPro.prototype.x509Sign = function(key) {
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type.split('+')[1].toUpperCase();
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
|
|
||||||
var trusted = [].concat(pki_data).every(function(cert) {
|
var trusted = pki_data.map(function(cert) {
|
||||||
var der = cert.toString('hex');
|
var der = cert.toString('hex');
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
return RootCerts.isTrusted(pem);
|
return RootCerts.getTrusted(pem);
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!trusted) {
|
// XXX Figure out what to do here
|
||||||
// XXX Figure out what to do here
|
if (!trusted.length) {
|
||||||
// throw new Error('Unstrusted certificate.');
|
// throw new Error('Unstrusted certificate.');
|
||||||
|
} else {
|
||||||
|
trusted.forEach(function(name) {
|
||||||
|
// console.log('Certificate: %s', name);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
var rsa = new KJUR.RSAKey();
|
var rsa = new KJUR.RSAKey();
|
||||||
|
@ -38,9 +42,6 @@ PayPro.prototype.x509Sign = function(key) {
|
||||||
prov: 'cryptojs/jsrsa'
|
prov: 'cryptojs/jsrsa'
|
||||||
});
|
});
|
||||||
|
|
||||||
// XXX Could use this?
|
|
||||||
//jsrsaSig.initSign(key);
|
|
||||||
|
|
||||||
jsrsaSig.init(key);
|
jsrsaSig.init(key);
|
||||||
|
|
||||||
jsrsaSig.updateHex(buf.toString('hex'));
|
jsrsaSig.updateHex(buf.toString('hex'));
|
||||||
|
@ -63,13 +64,16 @@ PayPro.prototype.x509Verify = function(key) {
|
||||||
prov: 'cryptojs/jsrsa'
|
prov: 'cryptojs/jsrsa'
|
||||||
});
|
});
|
||||||
|
|
||||||
return [].concat(pki_data).every(function(cert) {
|
return pki_data.every(function(cert) {
|
||||||
var der = cert.toString('hex');
|
var der = cert.toString('hex');
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
|
|
||||||
if (!RootCerts.isTrusted(pem)) {
|
// XXX Figure out what to do here
|
||||||
// XXX Figure out what to do here
|
var name = RootCerts.getTrusted(pem);
|
||||||
|
if (!name) {
|
||||||
// throw new Error('Unstrusted certificate.');
|
// throw new Error('Unstrusted certificate.');
|
||||||
|
} else {
|
||||||
|
// console.log('Certificate: %s', name);
|
||||||
}
|
}
|
||||||
|
|
||||||
jsrsaSig.initVerifyByCertificatePEM(pem);
|
jsrsaSig.initVerifyByCertificatePEM(pem);
|
||||||
|
|
|
@ -3714,7 +3714,7 @@ var trusted = Object.keys(certs).reduce(function(trusted, key) {
|
||||||
return trusted;
|
return trusted;
|
||||||
}, {});
|
}, {});
|
||||||
|
|
||||||
function isTrusted(pem) {
|
function getTrusted(pem) {
|
||||||
pem = pem + "";
|
pem = pem + "";
|
||||||
pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");
|
pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");
|
||||||
pem = pem.replace(/-----END CERTIFICATE-----/g, "");
|
pem = pem.replace(/-----END CERTIFICATE-----/g, "");
|
||||||
|
@ -3728,5 +3728,5 @@ function getCert(name) {
|
||||||
|
|
||||||
exports.certs = certs;
|
exports.certs = certs;
|
||||||
exports.trusted = trusted;
|
exports.trusted = trusted;
|
||||||
exports.isTrusted = isTrusted;
|
|
||||||
exports.getCert = getCert;
|
exports.getCert = getCert;
|
||||||
|
exports.getTrusted = getTrusted;
|
||||||
|
|
Loading…
Reference in New Issue