From cec71a51fd4612ae37da79afdb87575de236c9e3 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Mon, 21 Jul 2014 13:59:55 -0700 Subject: [PATCH] paypro: add isTrusted function to RootCerts. --- browser/root-certs | 12 +++++++++++- lib/PayPro.js | 4 ++-- lib/browser/PayPro.js | 4 ++-- lib/common/RootCerts.js | 12 +++++++++++- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/browser/root-certs b/browser/root-certs index d3d2dbbab..364cdd008 100755 --- a/browser/root-certs +++ b/browser/root-certs @@ -29,13 +29,23 @@ function getRootCerts(callback) { body = body.replace(/^"/gm, '+ "'); body = body.replace(/^\+ "-----B/gm, '"-----B'); body += '' + + '\n' + '// Use hash table for efficiency:\n' + 'RootCerts = RootCerts.reduce(function(trusted, cert) {\n' + ' cert = cert.replace(/\\s+/g, "");\n' + ' trusted[cert] = true;\n' + ' return trusted;\n' + '}, {});\n' - + 'module.exports = RootCerts;\n'; + + '\n' + + 'function isTrusted(pem) {\n' + + ' pem = pem + "";\n' + + ' pem = pem.replace(/\\s+/g, "");\n' + + ' return !!RootCerts[pem];\n' + + '}\n' + + '\n' + + 'exports = RootCerts;\n' + + 'exports.isTrusted = isTrusted;\n' + + 'module.exports = exports;\n'; return callback(null, body); }); } diff --git a/lib/PayPro.js b/lib/PayPro.js index 4b5850b27..7397c1848 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -251,7 +251,7 @@ PayPro.prototype.x509Sign = function(key) { var trusted = [].concat(pki_data).every(function(cert) { var der = cert.toString('hex'); var pem = self._DERtoPEM(der, 'CERTIFICATE'); - return !!RootCerts[pem.replace(/\s+/g, '')]; + return RootCerts.isTrusted(pem); }); if (!trusted) { @@ -282,7 +282,7 @@ PayPro.prototype.x509Verify = function() { var der = cert.toString('hex'); var pem = self._DERtoPEM(der, 'CERTIFICATE'); - if (!RootCerts[pem.replace(/\s+/g, '')]) { + if (!RootCerts.isTrusted(pem)) { // throw new Error('Unstrusted certificate.'); } diff --git a/lib/browser/PayPro.js b/lib/browser/PayPro.js index 5e1a12220..0f296af5e 100644 --- a/lib/browser/PayPro.js +++ b/lib/browser/PayPro.js @@ -25,7 +25,7 @@ PayPro.sign = function(key) { var trusted = [].concat(pki_data).every(function(cert) { var der = cert.toString('hex'); var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - return !!RootCerts[pem.replace(/\s+/g, '')]; + return RootCerts.isTrusted(pem); }); if (!trusted) { @@ -75,7 +75,7 @@ PayPro.verify = function() { var der = cert.toString('hex'); var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - if (!RootCerts[pem.replace(/\s+/g, '')]) { + if (!RootCerts.isTrusted(pem)) { // throw new Error('Unstrusted certificate.'); } diff --git a/lib/common/RootCerts.js b/lib/common/RootCerts.js index e3526dad4..ac08b82b3 100644 --- a/lib/common/RootCerts.js +++ b/lib/common/RootCerts.js @@ -3560,10 +3560,20 @@ var RootCerts = [ + "-----END CERTIFICATE-----\n", ]; + // Use hash table for efficiency: RootCerts = RootCerts.reduce(function(trusted, cert) { cert = cert.replace(/\s+/g, ""); trusted[cert] = true; return trusted; }, {}); -module.exports = RootCerts; + +function isTrusted(pem) { + pem = pem + ""; + pem = pem.replace(/\s+/g, ""); + return !!RootCerts[pem]; +} + +exports = RootCerts; +exports.isTrusted = isTrusted; +module.exports = exports;