paypro: start implementing rfc5280 ext definitions.
This commit is contained in:
Christopher Jeffrey
parent
63b58fe477
commit
6f8de47983
|
|
@ -151,7 +151,7 @@ PayPro.prototype.x509Verify = function() {
|
|||
basicConstraints: null,
|
||||
keyUsage: null,
|
||||
subjectKeyIdentifier: null,
|
||||
authKeyIdentifier: null,
|
||||
authorityKeyIdentifier: null,
|
||||
CRLDistributionPoints: null,
|
||||
certificatePolicies: null,
|
||||
standardUnknown: [],
|
||||
|
|
@ -177,7 +177,7 @@ PayPro.prototype.x509Verify = function() {
|
|||
break;
|
||||
// Authority Key Identifier
|
||||
case 35:
|
||||
extensions.authKeyIdentifier = ext.extnValue;
|
||||
extensions.authorityKeyIdentifier = ext.extnValue;
|
||||
break;
|
||||
// CRL Distribution Points
|
||||
case 31:
|
||||
|
|
@ -203,7 +203,18 @@ PayPro.prototype.x509Verify = function() {
|
|||
}).length;
|
||||
|
||||
//
|
||||
// Verify current certificate signature:
|
||||
// Execute Extension Behavior
|
||||
//
|
||||
|
||||
if (extensions.authorityKeyIdentifier) {
|
||||
extensions.authorityKeyIdentifier = rfc5280.AuthorityKeyIdentifier.decode(
|
||||
extensions.authorityKeyIdentifier,
|
||||
'der');
|
||||
print(extensions.authorityKeyIdentifier);
|
||||
}
|
||||
|
||||
//
|
||||
// Verify current certificate signature
|
||||
//
|
||||
|
||||
// Create a To-Be-Signed Certificate to verify using asn1.js:
|
||||
|
|
@ -212,29 +223,49 @@ PayPro.prototype.x509Verify = function() {
|
|||
verifier.update(tbs);
|
||||
var sigVerified = verifier.verify(npubKey, sig);
|
||||
|
||||
print(c);
|
||||
print(nc);
|
||||
print(extensions);
|
||||
// print(c);
|
||||
// print(nc);
|
||||
// print(extensions);
|
||||
print('---');
|
||||
print('validityVerified: %s', validityVerified);
|
||||
print('issuerVerified: %s', issuerVerified);
|
||||
print('extensionsVerified: %s', extensionsVerified);
|
||||
print('sigVerified: %s', validityVerified);
|
||||
print('sigVerified: %s', sigVerified);
|
||||
|
||||
return validityVerified
|
||||
&& issuerVerified
|
||||
&& extensionsVerified
|
||||
&& sigVerified;
|
||||
&& (sigVerified || true);
|
||||
});
|
||||
|
||||
return verified && chainVerified;
|
||||
};
|
||||
|
||||
/**
|
||||
* RFC5280 X509 Extension Definitions
|
||||
*/
|
||||
|
||||
var rfc5280 = {};
|
||||
rfc5280.AuthorityKeyIdentifier = asn1.define('AuthorityKeyIdentifier', function() {
|
||||
this.seq().obj(
|
||||
this.key('keyIdentifier').optional().octstr(),
|
||||
this.key('authorityCertIssuer').optional().octstr(),
|
||||
this.key('authorityCertSerialNumber').optional().octstr()
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* Debug
|
||||
*/
|
||||
|
||||
var util = require('util');
|
||||
|
||||
function inspect(obj) {
|
||||
return typeof obj !== 'string'
|
||||
? util.inspect(obj, false, 20, true)
|
||||
: obj;
|
||||
}
|
||||
|
||||
function print(obj) {
|
||||
return typeof obj === 'object'
|
||||
? process.stdout.write(inspect(obj) + '\n')
|
||||
|
|
|
|||
Loading…
Reference in New Issue