paypro: asn1.js - cleanup.

2014-08-22 00:34:41 -07:00 · 2014-08-22 00:34:41 -07:00 · 16b646d0e7
parent 5085880bd0
commit 16b646d0e7
1 changed files with 4 additions and 62 deletions
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@ -85,89 +85,31 @@ PayPro.prototype.x509Verify = function() {
    var ncert = chain[i + 1];
    // The root cert, check if it's trusted:
    if (!ncert || name) {
-      if (!name) {
-        // console.log('Untrusted certificate.');
-      } else {
-        // console.log('Certificate: %s', name);
-      }
      return;
    }
    var nder = ncert.toString('hex');
    var npem = self._DERtoPEM(nder, 'CERTIFICATE');

-    /*
-    https://www.ietf.org/rfc/rfc2459
-    https://en.wikipedia.org/wiki/X509
-    https://github.com/indutny/asn1.js
-    https://github.com/indutny/asn1.js/blob/master/rfc/3280/index.js
-    ~/work/node_modules/bitcore/node_modules/asn1.js/rfc/3280/index.js
-    Error: Failed to match tag: "objid" at:
-    ["tbsCertificate"]["issuerUniqueID"]["subjectUniqueID"]["extensions"]["extnID"]
-    PR: https://github.com/indutny/asn1.js/pull/22
-    */
-
    // Get public key from next certificate.
    var data = new Buffer(nder, 'hex');
    var nc = Certificate.decode(data, 'der');
    var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
-    // Need to convert this to PEM:
-    //   Doesn't work because KJUR is terrible:
-    //   npubKey = KJUR.KEYUTIL.getPEM(npubKey.toString('hex'));
    npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');

    // Get signature from current certificate.
    var data = new Buffer(der, 'hex');
-    //var c = Certificate.decode(data, 'der', { partial: true });
    var c = Certificate.decode(data, 'der');
    var sig = c.signature.data;

    var verifier = crypto.createVerify('RSA-' + type);

-    var t = c.tbsCertificate;
-
-    // Messy work:
-    // Fails on Issuer:
-    /*
-    var cur = Certificate.encode({
-      tbsCertificate: {
-        version: t.version,
-        serialNumber: t.serialNumber,
-        signature: t.signature,
-        // Fails on issuer:
-        //issuer: t.issuer,
-        //issuer: t.issuer.value,
-        //issuer: t.issuer.value.map(function(obj) {
-        //  return obj.value;
-        //}),
-        //issuer: t.issuer.type,
-        //issuer: 'rdh',
-        //issuer: rfc3280.Name.decode(t.issuer, 'der'),
-        validity: t.validity,
-        subject: t.subject,
-        subjectPublicKeyInfo: t.subjectPublicKeyInfo,
-        extensions: t.extensions
-      },
-      signatureAlgorithm: '',
-      signature: ''
-    }, 'der');
-    */
-
-    var cur = Certificate.encode({
-      tbsCertificate: c.tbsCertificate,
-      signatureAlgorithm: '',
-      signature: ''
-    }, 'der');
-
-    // console.log(cur);
-
-    // NOTE: We need to slice off the signatureAlgorithm and signatureValue.
-    // consult the x509 spec:
-    // https://www.ietf.org/rfc/rfc2459
-    verifier.update(new Buffer(der, 'hex'));
+    // Create a To-Be-Signed Certificate using asn1.js:
+    // Fails at Issuer:
+    var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
+    verifier.update(tbs);

    var v = verifier.verify(npubKey, sig);
    if (!v) {
-      // console.log(i + ' not verified.');
      verified = false;
    }
  });