diff --git a/lib/PayPro.js b/lib/PayPro.js index 22894916d..9d3f5d34e 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -17,12 +17,19 @@ PayPro.prototype.x509Sign = function(key, returnTrust) { pki_data = PayPro.X509Certificates.decode(pki_data); pki_data = pki_data.certificate; var details = this.get('serialized_payment_details'); - var type = pki_type.split('+')[1].toUpperCase(); + var type = pki_type !== 'none' + ? pki_type.split('+')[1].toUpperCase() + : pki_type; - var signature = crypto.createSign('RSA-' + type); - var buf = this.serializeForSig(); - signature.update(buf); - var sig = signature.sign(key); + if (type !== 'none') { + var signature = crypto.createSign('RSA-' + type); + var buf = this.serializeForSig(); + signature.update(buf); + var sig = signature.sign(key); + } else { + var buf = this.serializeForSig(); + var sig = ''; + } if (returnTrust) { var cert = pki_data[pki_data.length - 1]; @@ -57,15 +64,20 @@ PayPro.prototype.x509Verify = function(returnTrust) { pki_data = pki_data.certificate; var details = this.get('serialized_payment_details'); var buf = this.serializeForSig(); - var type = pki_type.split('+')[1].toUpperCase(); + var type = pki_type !== 'none' + ? pki_type.split('+')[1].toUpperCase() + : pki_type; - var verifier = crypto.createVerify('RSA-' + type); - verifier.update(buf); - - var signedCert = pki_data[0]; - var der = signedCert.toString('hex'); - var pem = PayPro.DERtoPEM(der, 'CERTIFICATE'); - var verified = verifier.verify(pem, sig); + if (type !== 'none') { + var verifier = crypto.createVerify('RSA-' + type); + verifier.update(buf); + var signedCert = pki_data[0]; + var der = signedCert.toString('hex'); + var pem = PayPro.DERtoPEM(der, 'CERTIFICATE'); + var verified = verifier.verify(pem, sig); + } else { + var verified = true; + } var chain = pki_data; @@ -177,7 +189,7 @@ PayPro.verifyCertChain = function(chain, type) { // from the DER Certificate: var tbs = PayPro.getTBSCertificate(data); - var verifier = crypto.createVerify('RSA-' + sigAlg); + var verifier = crypto.createVerify(type ? 'RSA-' + type : 'RSA'); verifier.update(tbs); var sigVerified = verifier.verify(npubKey, sig); diff --git a/lib/browser/PayPro.js b/lib/browser/PayPro.js index 44aa42416..f62e125cc 100644 --- a/lib/browser/PayPro.js +++ b/lib/browser/PayPro.js @@ -18,23 +18,29 @@ PayPro.prototype.x509Sign = function(key, returnTrust) { var pki_data = this.get('pki_data'); // contains one or more x509 certs pki_data = PayPro.X509Certificates.decode(pki_data); pki_data = pki_data.certificate; - var type = pki_type.split('+')[1].toUpperCase(); + var type = pki_type !== 'none' + ? pki_type.split('+')[1].toUpperCase() + : pki_type; var buf = this.serializeForSig(); var rsa = new KJUR.RSAKey(); rsa.readPrivateKeyFromPEMString(key.toString()); key = rsa; - var jsrsaSig = new KJUR.crypto.Signature({ - alg: type + 'withRSA', - prov: 'cryptojs/jsrsa' - }); + if (type !== 'none') { + var jsrsaSig = new KJUR.crypto.Signature({ + alg: type + 'withRSA', + prov: 'cryptojs/jsrsa' + }); - jsrsaSig.init(key); + jsrsaSig.init(key); - jsrsaSig.updateHex(buf.toString('hex')); + jsrsaSig.updateHex(buf.toString('hex')); - var sig = new Buffer(jsrsaSig.sign(), 'hex'); + var sig = new Buffer(jsrsaSig.sign(), 'hex'); + } else { + var sig = ''; + } if (returnTrust) { var cert = pki_data[pki_data.length - 1]; @@ -66,20 +72,25 @@ PayPro.prototype.x509Verify = function(returnTrust) { pki_data = PayPro.X509Certificates.decode(pki_data); pki_data = pki_data.certificate; var buf = this.serializeForSig(); - var type = pki_type.split('+')[1].toUpperCase(); + var type = pki_type !== 'none' + ? pki_type.split('+')[1].toUpperCase() + : pki_type; - var jsrsaSig = new KJUR.crypto.Signature({ - alg: type + 'withRSA', - prov: 'cryptojs/jsrsa' - }); - - var signedCert = pki_data[0]; - var der = signedCert.toString('hex'); - // var pem = self._DERtoPEM(der, 'CERTIFICATE'); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - jsrsaSig.initVerifyByCertificatePEM(pem); - jsrsaSig.updateHex(buf.toString('hex')); - var verified = jsrsaSig.verify(sig.toString('hex')); + if (type !== 'none') { + var jsrsaSig = new KJUR.crypto.Signature({ + alg: type + 'withRSA', + prov: 'cryptojs/jsrsa' + }); + var signedCert = pki_data[0]; + var der = signedCert.toString('hex'); + // var pem = self._DERtoPEM(der, 'CERTIFICATE'); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); + jsrsaSig.initVerifyByCertificatePEM(pem); + jsrsaSig.updateHex(buf.toString('hex')); + var verified = jsrsaSig.verify(sig.toString('hex')); + } else { + var verified = true; + } var chain = pki_data; @@ -169,12 +180,14 @@ PayPro.verifyCertChain = function(chain, type) { // // Get Public Key from next certificate (via KJUR because it's a mess): // - var js = new KJUR.crypto.Signature({ - alg: type + 'withRSA', - prov: 'cryptojs/jsrsa' - }); - js.initVerifyByCertificatePEM(npem); - var npubKey = js.pubKey; + if (type !== 'none') { + var js = new KJUR.crypto.Signature({ + alg: type + 'withRSA', + prov: 'cryptojs/jsrsa' + }); + js.initVerifyByCertificatePEM(npem); + var npubKey = js.pubKey; + } // XXX Somehow change the pubKey format to npubKeyAlg. // @@ -199,19 +212,23 @@ PayPro.verifyCertChain = function(chain, type) { // Verify current Certificate signature // - var jsrsaSig = new KJUR.crypto.Signature({ - alg: type + 'withRSA', - prov: 'cryptojs/jsrsa' - }); - jsrsaSig.initVerifyByPublicKey(npubKey); + if (type !== 'none') { + var jsrsaSig = new KJUR.crypto.Signature({ + alg: type + 'withRSA', + prov: 'cryptojs/jsrsa' + }); + jsrsaSig.initVerifyByPublicKey(npubKey); - // Get the raw DER TBSCertificate - // from the DER Certificate: - var tbs = PayPro.getTBSCertificate(data); + // Get the raw DER TBSCertificate + // from the DER Certificate: + var tbs = PayPro.getTBSCertificate(data); - jsrsaSig.updateHex(tbs.toString('hex')); + jsrsaSig.updateHex(tbs.toString('hex')); - var sigVerified = jsrsaSig.verify(sig.toString('hex')); + var sigVerified = jsrsaSig.verify(sig.toString('hex')); + } else { + var sigVerified = true; + } return validityVerified && issuerVerified