paypro: handle untrusted certs on browser and node.
This commit is contained in:
parent
f79a31ff3c
commit
f7e89b6a58
|
@ -3,6 +3,14 @@ var protobufjs = protobufjs || require('protobufjs/dist/ProtoBuf');
|
||||||
var Message = Message || require('./Message');
|
var Message = Message || require('./Message');
|
||||||
|
|
||||||
var KJUR = require('jsrsasign');
|
var KJUR = require('jsrsasign');
|
||||||
|
var Trusted = require('./RootCerts');
|
||||||
|
|
||||||
|
// Use hash table for efficiency:
|
||||||
|
Trusted = Trusted.reduce(function(out, cert) {
|
||||||
|
cert = cert.replace(/\s+/g, '');
|
||||||
|
trusted[cert] = true;
|
||||||
|
return trusted;
|
||||||
|
}, {});
|
||||||
|
|
||||||
// BIP 70 - payment protocol
|
// BIP 70 - payment protocol
|
||||||
function PayPro() {
|
function PayPro() {
|
||||||
|
@ -215,6 +223,19 @@ PayPro.prototype.sign = function(key) {
|
||||||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
||||||
var details = this.get('serialized_payment_details');
|
var details = this.get('serialized_payment_details');
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type.split('+')[1].toUpperCase();
|
||||||
|
|
||||||
|
pki_data = pki_data && Array.isArray(pki_data)
|
||||||
|
? pki_data[0]
|
||||||
|
: pki_data;
|
||||||
|
|
||||||
|
var der = pki_data.toString('hex');
|
||||||
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
|
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||||
|
|
||||||
|
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||||
|
throw new Error('Unstrusted certificate.');
|
||||||
|
}
|
||||||
|
|
||||||
var signature = crypto.createSign('RSA-' + type);
|
var signature = crypto.createSign('RSA-' + type);
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
signature.update(buf);
|
signature.update(buf);
|
||||||
|
@ -245,10 +266,11 @@ PayPro.prototype.verify = function() {
|
||||||
var details = this.get('serialized_payment_details');
|
var details = this.get('serialized_payment_details');
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type.split('+')[1].toUpperCase();
|
||||||
|
|
||||||
var verifier = crypto.createVerify('RSA-' + type);
|
var verifier = crypto.createVerify('RSA-' + type);
|
||||||
verifier.update(buf);
|
verifier.update(buf);
|
||||||
|
|
||||||
pki_data = pki_data && pki_data.unshift
|
pki_data = Array.isArray(pki_data)
|
||||||
? pki_data[0]
|
? pki_data[0]
|
||||||
: pki_data;
|
: pki_data;
|
||||||
|
|
||||||
|
@ -256,6 +278,10 @@ PayPro.prototype.verify = function() {
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||||
|
|
||||||
|
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||||
|
throw new Error('Unstrusted certificate.');
|
||||||
|
}
|
||||||
|
|
||||||
// return verifier.verify(pub, sig);
|
// return verifier.verify(pub, sig);
|
||||||
return verifier.verify(pem, sig);
|
return verifier.verify(pem, sig);
|
||||||
} else if (pki_type === 'none') {
|
} else if (pki_type === 'none') {
|
||||||
|
|
|
@ -37,6 +37,10 @@ PayPro.sign = function(key) {
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||||
|
|
||||||
|
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||||
|
throw new Error('Unstrusted certificate.');
|
||||||
|
}
|
||||||
|
|
||||||
var jsrsaSig = new KJUR.crypto.Signature({
|
var jsrsaSig = new KJUR.crypto.Signature({
|
||||||
alg: type + 'withRSA',
|
alg: type + 'withRSA',
|
||||||
prov: 'cryptojs/jsrsa'
|
prov: 'cryptojs/jsrsa'
|
||||||
|
@ -84,6 +88,10 @@ PayPro.verify = function() {
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
|
||||||
|
|
||||||
|
if (!Trusted[pem.replace(/\s+/g, '')]) {
|
||||||
|
throw new Error('Unstrusted certificate.');
|
||||||
|
}
|
||||||
|
|
||||||
jsrsaSig.initVerifyByCertificatePEM(pem);
|
jsrsaSig.initVerifyByCertificatePEM(pem);
|
||||||
|
|
||||||
jsrsaSig.updateHex(buf.toString('hex'));
|
jsrsaSig.updateHex(buf.toString('hex'));
|
||||||
|
|
Loading…
Reference in New Issue