paypro: handle untrusted certs on browser and node.
This commit is contained in:
parent
f79a31ff3c
commit
f7e89b6a58
|
@ -3,6 +3,14 @@ var protobufjs = protobufjs || require('protobufjs/dist/ProtoBuf');
|
|||
var Message = Message || require('./Message');
|
||||
|
||||
var KJUR = require('jsrsasign');
|
||||
var Trusted = require('./RootCerts');
|
||||
|
||||
// Use hash table for efficiency:
|
||||
Trusted = Trusted.reduce(function(out, cert) {
|
||||
cert = cert.replace(/\s+/g, '');
|
||||
trusted[cert] = true;
|
||||
return trusted;
|
||||
}, {});
|
||||
|
||||
// BIP 70 - payment protocol
|
||||
function PayPro() {
|
||||
|
@ -215,6 +223,19 @@ PayPro.prototype.sign = function(key) {
|
|||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
||||
var details = this.get('serialized_payment_details');
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
pki_data = pki_data && Array.isArray(pki_data)
|
||||
? pki_data[0]
|
||||
: pki_data;
|
||||
|
||||
var der = pki_data.toString('hex');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||
|
||||
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||
throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
var signature = crypto.createSign('RSA-' + type);
|
||||
var buf = this.serializeForSig();
|
||||
signature.update(buf);
|
||||
|
@ -245,10 +266,11 @@ PayPro.prototype.verify = function() {
|
|||
var details = this.get('serialized_payment_details');
|
||||
var buf = this.serializeForSig();
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
verifier.update(buf);
|
||||
|
||||
pki_data = pki_data && pki_data.unshift
|
||||
pki_data = Array.isArray(pki_data)
|
||||
? pki_data[0]
|
||||
: pki_data;
|
||||
|
||||
|
@ -256,6 +278,10 @@ PayPro.prototype.verify = function() {
|
|||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||
|
||||
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||
throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
// return verifier.verify(pub, sig);
|
||||
return verifier.verify(pem, sig);
|
||||
} else if (pki_type === 'none') {
|
||||
|
|
|
@ -37,6 +37,10 @@ PayPro.sign = function(key) {
|
|||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||
|
||||
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||
throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
|
@ -84,6 +88,10 @@ PayPro.verify = function() {
|
|||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||
|
||||
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||
throw new Error('Unstrusted certificate.');
|
||||
}
|
||||
|
||||
jsrsaSig.initVerifyByCertificatePEM(pem);
|
||||
|
||||
jsrsaSig.updateHex(buf.toString('hex'));
|
||||
|
|
Loading…
Reference in New Issue