bitcore-lib-zcash/lib/browser/PayPro.js

"use strict";

var Key = require('./Key');
var KJUR = require('jsrsasign');
var assert = require('assert');
var PayPro = require('../common/PayPro');
var RootCerts = require('../common/RootCerts');
var asn1 = require('asn1.js');
var rfc3280 = require('asn1.js/rfc/3280');

// Documentation:
// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign
// http://kjur.github.io/jsrsasign/api/symbols/RSAKey.html

PayPro.prototype.x509Sign = function(key) {
  var pki_type = this.get('pki_type');
  var pki_data = this.get('pki_data'); // contains one or more x509 certs
  pki_data = PayPro.X509Certificates.decode(pki_data);
  pki_data = pki_data.certificate;
  var type = pki_type.split('+')[1].toUpperCase();
  var buf = this.serializeForSig();

  var trusted = pki_data.map(function(cert) {
    var der = cert.toString('hex');
    var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
    return RootCerts.getTrusted(pem);
  });

  // XXX Figure out what to do here
  if (!trusted.length) {
    // throw new Error('Unstrusted certificate.');
  } else {
    trusted.forEach(function(name) {
      // console.log('Certificate: %s', name);
    });
  }

  var rsa = new KJUR.RSAKey();
  rsa.readPrivateKeyFromPEMString(key.toString());
  key = rsa;

  var jsrsaSig = new KJUR.crypto.Signature({
    alg: type + 'withRSA',
    prov: 'cryptojs/jsrsa'
  });

  jsrsaSig.init(key);

  jsrsaSig.updateHex(buf.toString('hex'));

  var sig = new Buffer(jsrsaSig.sign(), 'hex');
  return sig;
};

PayPro.prototype.x509Verify = function(key) {
  var sig = this.get('signature');
  var pki_type = this.get('pki_type');
  var pki_data = this.get('pki_data');
  pki_data = PayPro.X509Certificates.decode(pki_data);
  pki_data = pki_data.certificate;
  var buf = this.serializeForSig();
  var type = pki_type.split('+')[1].toUpperCase();

  var jsrsaSig = new KJUR.crypto.Signature({
    alg: type + 'withRSA',
    prov: 'cryptojs/jsrsa'
  });

  var signedCert = pki_data[0];
  var der = signedCert.toString('hex');
  var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
  jsrsaSig.initVerifyByCertificatePEM(pem);
  jsrsaSig.updateHex(buf.toString('hex'));
  var verified = jsrsaSig.verify(sig.toString('hex'));

  var chain = pki_data;

  // Verifying the cert chain:
  // 1. Extract public key from next certificate.
  // 2. Extract signature from current certificate.
  // 3. If current cert is not trusted, verify that the current cert is signed
  //    by NEXT by the certificate.
  // NOTE: XXX What to do when the certificate is revoked?

  var chainVerified = chain.every(function(cert, i) {
    var der = cert.toString('hex');
    var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
    var name = RootCerts.getTrusted(pem);

    var ncert = chain[i + 1];
    // The root cert, check if it's trusted:
    if (!ncert || name) {
      if (!ncert && !name) {
        return false;
      }
      chain.length = 0;
      return true;
    }
    var nder = ncert.toString('hex');
    var npem = KJUR.asn1.ASN1Util.getPEMStringFromHex(nder, 'CERTIFICATE');

    // Get public key from next certificate:
    var data = new Buffer(nder, 'hex');
    var nc = rfc3280.Certificate.decode(data, 'der');
    var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
    npubKey = KJUR.asn1.ASN1Util.getPEMStringFromHex(npubKey, 'RSA PUBLIC KEY');

    // Get signature from current certificate:
    var data = new Buffer(der, 'hex');
    var c = rfc3280.Certificate.decode(data, 'der');
    var sig = c.signature.data;

    var jsrsaSig = new KJUR.crypto.Signature({
      alg: type + 'withRSA',
      prov: 'cryptojs/jsrsa'
    });
    jsrsaSig.initVerifyByPublicKey(npubKey);

    // Create a To-Be-Signed Certificate to verify using asn1.js:
    // Fails at Issuer:
    var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
    jsrsaSig.updateHex(tbs.toString('hex'));

    return jsrsaSig.verify(sig);
  });

  return verified && chainVerified;
};

module.exports = PayPro;
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00			`"use strict";`

			`var Key = require('./Key');`
paypro: remove x509.js 2014-07-21 13:53:01 -07:00			`var KJUR = require('jsrsasign');`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00			`var assert = require('assert');`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var PayPro = require('../common/PayPro');`
paypro: move root certs to common. 2014-07-21 13:52:09 -07:00			`var RootCerts = require('../common/RootCerts');`
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00			`var asn1 = require('asn1.js');`
			`var rfc3280 = require('asn1.js/rfc/3280');`
paypro: begin checking trusted certs. 2014-07-16 16:38:00 -07:00
paypro: fix browser signatures with KJUR. move pem/der functions to common. 2014-07-21 19:52:43 -07:00			`// Documentation:`
			`// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign`
			`// http://kjur.github.io/jsrsasign/api/symbols/RSAKey.html`

paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`PayPro.prototype.x509Sign = function(key) {`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00			`var pki_type = this.get('pki_type');`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var pki_data = this.get('pki_data'); // contains one or more x509 certs`
paypro: fix handling of pki_data - cert arrays. 2014-07-23 14:22:56 -07:00			`pki_data = PayPro.X509Certificates.decode(pki_data);`
			`pki_data = pki_data.certificate;`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var type = pki_type.split('+')[1].toUpperCase();`
			`var buf = this.serializeForSig();`

paypro: get root cert names. 2014-07-24 17:40:56 -07:00			`var trusted = pki_data.map(function(cert) {`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var der = cert.toString('hex');`
			`var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');`
paypro: get root cert names. 2014-07-24 17:40:56 -07:00			`return RootCerts.getTrusted(pem);`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`});`

paypro: get root cert names. 2014-07-24 17:40:56 -07:00			`// XXX Figure out what to do here`
			`if (!trusted.length) {`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`// throw new Error('Unstrusted certificate.');`
paypro: get root cert names. 2014-07-24 17:40:56 -07:00			`} else {`
			`trusted.forEach(function(name) {`
			`// console.log('Certificate: %s', name);`
			`});`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`}`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00
paypro: fix browser signatures with KJUR. move pem/der functions to common. 2014-07-21 19:52:43 -07:00			`var rsa = new KJUR.RSAKey();`
			`rsa.readPrivateKeyFromPEMString(key.toString());`
			`key = rsa;`

paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var jsrsaSig = new KJUR.crypto.Signature({`
minor: remove redundant toUpperCase calls. 2014-07-24 17:51:22 -07:00			`alg: type + 'withRSA',`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`prov: 'cryptojs/jsrsa'`
			`});`
paypro: fix payment protocol for DER certs. 2014-07-16 17:16:03 -07:00
paypro: fix browser signatures with KJUR. move pem/der functions to common. 2014-07-21 19:52:43 -07:00			`jsrsaSig.init(key);`
paypro: fix payment protocol for DER certs. 2014-07-16 17:16:03 -07:00
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`jsrsaSig.updateHex(buf.toString('hex'));`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00
paypro: fix browser signatures with KJUR. move pem/der functions to common. 2014-07-21 19:52:43 -07:00			`var sig = new Buffer(jsrsaSig.sign(), 'hex');`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`return sig;`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00			`};`

paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`PayPro.prototype.x509Verify = function(key) {`
			`var sig = this.get('signature');`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00			`var pki_type = this.get('pki_type');`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var pki_data = this.get('pki_data');`
paypro: fix handling of pki_data - cert arrays. 2014-07-23 14:22:56 -07:00			`pki_data = PayPro.X509Certificates.decode(pki_data);`
			`pki_data = pki_data.certificate;`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var buf = this.serializeForSig();`
			`var type = pki_type.split('+')[1].toUpperCase();`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var jsrsaSig = new KJUR.crypto.Signature({`
minor: remove redundant toUpperCase calls. 2014-07-24 17:51:22 -07:00			`alg: type + 'withRSA',`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`prov: 'cryptojs/jsrsa'`
			`});`
paypro: clientside. start using jsrsasign api correctly. 2014-07-16 15:05:01 -07:00
paypro: verify the certificate chain. 2014-08-21 16:13:34 -07:00			`var signedCert = pki_data[0];`
			`var der = signedCert.toString('hex');`
			`var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');`
			`jsrsaSig.initVerifyByCertificatePEM(pem);`
			`jsrsaSig.updateHex(buf.toString('hex'));`
			`var verified = jsrsaSig.verify(sig.toString('hex'));`

			`var chain = pki_data;`

			`// Verifying the cert chain:`
			`// 1. Extract public key from next certificate.`
			`// 2. Extract signature from current certificate.`
			`// 3. If current cert is not trusted, verify that the current cert is signed`
			`// by NEXT by the certificate.`
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00			`// NOTE: XXX What to do when the certificate is revoked?`
paypro: verify the certificate chain. 2014-08-21 16:13:34 -07:00
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00			`var chainVerified = chain.every(function(cert, i) {`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`var der = cert.toString('hex');`
			`var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');`
paypro: get root cert names. 2014-07-24 17:40:56 -07:00			`var name = RootCerts.getTrusted(pem);`
paypro: clientside. start using jsrsasign api correctly. 2014-07-16 15:05:01 -07:00
paypro: verify the certificate chain. 2014-08-21 16:13:34 -07:00			`var ncert = chain[i + 1];`
			`// The root cert, check if it's trusted:`
			`if (!ncert \|\| name) {`
paypro: fix root cert check. 2014-08-22 09:05:05 -07:00			`if (!ncert && !name) {`
			`return false;`
			`}`
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00			`chain.length = 0;`
			`return true;`
paypro: verify the certificate chain. 2014-08-21 16:13:34 -07:00			`}`
			`var nder = ncert.toString('hex');`
			`var npem = KJUR.asn1.ASN1Util.getPEMStringFromHex(nder, 'CERTIFICATE');`

paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00			`// Get public key from next certificate:`
			`var data = new Buffer(nder, 'hex');`
			`var nc = rfc3280.Certificate.decode(data, 'der');`
			`var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;`
paypro: fix chain validation for browser. 2014-08-22 12:18:58 -07:00			`npubKey = KJUR.asn1.ASN1Util.getPEMStringFromHex(npubKey, 'RSA PUBLIC KEY');`
paypro: verify the certificate chain. 2014-08-21 16:13:34 -07:00
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00			`// Get signature from current certificate:`
			`var data = new Buffer(der, 'hex');`
			`var c = rfc3280.Certificate.decode(data, 'der');`
			`var sig = c.signature.data;`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00
paypro: verify the certificate chain. 2014-08-21 16:13:34 -07:00			`var jsrsaSig = new KJUR.crypto.Signature({`
			`alg: type + 'withRSA',`
			`prov: 'cryptojs/jsrsa'`
			`});`
			`jsrsaSig.initVerifyByPublicKey(npubKey);`
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00
			`// Create a To-Be-Signed Certificate to verify using asn1.js:`
			`// Fails at Issuer:`
			`var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');`
paypro: fix browser kjur usage. 2014-08-22 13:21:02 -07:00			`jsrsaSig.updateHex(tbs.toString('hex'));`
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00
			`return jsrsaSig.verify(sig);`
paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`});`
paypro: verify the certificate chain. 2014-08-21 16:13:34 -07:00
paypro: use asn1.js in browser paypro. 2014-08-22 08:56:08 -07:00			`return verified && chainVerified;`
paypro: first pass at clientside x509. 2014-07-16 09:03:51 -07:00			`};`

paypro: split up paypro into node/browser/common. 2014-07-21 14:34:56 -07:00			`module.exports = PayPro;`