paypro: move x509 sign and verify to their own methods.
This commit is contained in:
parent
2bb8b520a2
commit
aafbca46d9
|
@ -212,26 +212,7 @@ PayPro.prototype.sign = function(key) {
|
|||
if (pki_type === 'SIN') {
|
||||
var sig = this.sinSign(key);
|
||||
} else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') {
|
||||
var crypto = require('crypto');
|
||||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
||||
var details = this.get('serialized_payment_details');
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
var trusted = [].concat(pki_data).every(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pem = DERtoPEM(der, 'CERTIFICATE');
|
||||
return !!RootCerts[pem.replace(/\s+/g, '')];
|
||||
});
|
||||
|
||||
if (!trusted) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
var signature = crypto.createSign('RSA-' + type);
|
||||
var buf = this.serializeForSig();
|
||||
signature.update(buf);
|
||||
var sig = signature.sign(key);
|
||||
var sig = this.x509Sign(key);
|
||||
} else if (pki_type === 'none') {
|
||||
return this;
|
||||
} else {
|
||||
|
@ -252,27 +233,7 @@ PayPro.prototype.verify = function() {
|
|||
if (pki_type === 'SIN') {
|
||||
return this.sinVerify();
|
||||
} else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') {
|
||||
var crypto = require('crypto');
|
||||
var sig = this.get('signature');
|
||||
var pki_data = this.get('pki_data');
|
||||
var details = this.get('serialized_payment_details');
|
||||
var buf = this.serializeForSig();
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
verifier.update(buf);
|
||||
|
||||
return [].concat(pki_data).every(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pem = DERtoPEM(der, 'CERTIFICATE');
|
||||
|
||||
if (!RootCerts[pem.replace(/\s+/g, '')]) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
return verifier.verify(pem, sig);
|
||||
});
|
||||
return this.x509Verify();
|
||||
} else if (pki_type === 'none') {
|
||||
return true;
|
||||
}
|
||||
|
@ -280,6 +241,54 @@ PayPro.prototype.verify = function() {
|
|||
throw new Error('Unsupported pki_type');
|
||||
};
|
||||
|
||||
PayPro.prototype.x509Sign = function(key) {
|
||||
var crypto = require('crypto');
|
||||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
||||
var details = this.get('serialized_payment_details');
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
var trusted = [].concat(pki_data).every(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pem = DERtoPEM(der, 'CERTIFICATE');
|
||||
return !!RootCerts[pem.replace(/\s+/g, '')];
|
||||
});
|
||||
|
||||
if (!trusted) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
var signature = crypto.createSign('RSA-' + type);
|
||||
var buf = this.serializeForSig();
|
||||
signature.update(buf);
|
||||
var sig = signature.sign(key);
|
||||
return sig;
|
||||
};
|
||||
|
||||
PayPro.prototype.x509Verify = function() {
|
||||
var crypto = require('crypto');
|
||||
var sig = this.get('signature');
|
||||
var pki_data = this.get('pki_data');
|
||||
var details = this.get('serialized_payment_details');
|
||||
var buf = this.serializeForSig();
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
verifier.update(buf);
|
||||
|
||||
return [].concat(pki_data).every(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pem = DERtoPEM(der, 'CERTIFICATE');
|
||||
|
||||
if (!RootCerts[pem.replace(/\s+/g, '')]) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
return verifier.verify(pem, sig);
|
||||
});
|
||||
};
|
||||
|
||||
//default signing function for prototype.sign
|
||||
PayPro.prototype.sinSign = function(key) {
|
||||
this.set('pki_data', key.public)
|
||||
|
|
Loading…
Reference in New Issue