paypro: asn1.js - cleanup.
This commit is contained in:
parent
5085880bd0
commit
16b646d0e7
|
@ -85,89 +85,31 @@ PayPro.prototype.x509Verify = function() {
|
|||
var ncert = chain[i + 1];
|
||||
// The root cert, check if it's trusted:
|
||||
if (!ncert || name) {
|
||||
if (!name) {
|
||||
// console.log('Untrusted certificate.');
|
||||
} else {
|
||||
// console.log('Certificate: %s', name);
|
||||
}
|
||||
return;
|
||||
}
|
||||
var nder = ncert.toString('hex');
|
||||
var npem = self._DERtoPEM(nder, 'CERTIFICATE');
|
||||
|
||||
/*
|
||||
https://www.ietf.org/rfc/rfc2459
|
||||
https://en.wikipedia.org/wiki/X509
|
||||
https://github.com/indutny/asn1.js
|
||||
https://github.com/indutny/asn1.js/blob/master/rfc/3280/index.js
|
||||
~/work/node_modules/bitcore/node_modules/asn1.js/rfc/3280/index.js
|
||||
Error: Failed to match tag: "objid" at:
|
||||
["tbsCertificate"]["issuerUniqueID"]["subjectUniqueID"]["extensions"]["extnID"]
|
||||
PR: https://github.com/indutny/asn1.js/pull/22
|
||||
*/
|
||||
|
||||
// Get public key from next certificate.
|
||||
var data = new Buffer(nder, 'hex');
|
||||
var nc = Certificate.decode(data, 'der');
|
||||
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
||||
// Need to convert this to PEM:
|
||||
// Doesn't work because KJUR is terrible:
|
||||
// npubKey = KJUR.KEYUTIL.getPEM(npubKey.toString('hex'));
|
||||
npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');
|
||||
|
||||
// Get signature from current certificate.
|
||||
var data = new Buffer(der, 'hex');
|
||||
//var c = Certificate.decode(data, 'der', { partial: true });
|
||||
var c = Certificate.decode(data, 'der');
|
||||
var sig = c.signature.data;
|
||||
|
||||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
|
||||
var t = c.tbsCertificate;
|
||||
|
||||
// Messy work:
|
||||
// Fails on Issuer:
|
||||
/*
|
||||
var cur = Certificate.encode({
|
||||
tbsCertificate: {
|
||||
version: t.version,
|
||||
serialNumber: t.serialNumber,
|
||||
signature: t.signature,
|
||||
// Fails on issuer:
|
||||
//issuer: t.issuer,
|
||||
//issuer: t.issuer.value,
|
||||
//issuer: t.issuer.value.map(function(obj) {
|
||||
// return obj.value;
|
||||
//}),
|
||||
//issuer: t.issuer.type,
|
||||
//issuer: 'rdh',
|
||||
//issuer: rfc3280.Name.decode(t.issuer, 'der'),
|
||||
validity: t.validity,
|
||||
subject: t.subject,
|
||||
subjectPublicKeyInfo: t.subjectPublicKeyInfo,
|
||||
extensions: t.extensions
|
||||
},
|
||||
signatureAlgorithm: '',
|
||||
signature: ''
|
||||
}, 'der');
|
||||
*/
|
||||
|
||||
var cur = Certificate.encode({
|
||||
tbsCertificate: c.tbsCertificate,
|
||||
signatureAlgorithm: '',
|
||||
signature: ''
|
||||
}, 'der');
|
||||
|
||||
// console.log(cur);
|
||||
|
||||
// NOTE: We need to slice off the signatureAlgorithm and signatureValue.
|
||||
// consult the x509 spec:
|
||||
// https://www.ietf.org/rfc/rfc2459
|
||||
verifier.update(new Buffer(der, 'hex'));
|
||||
// Create a To-Be-Signed Certificate using asn1.js:
|
||||
// Fails at Issuer:
|
||||
var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
|
||||
verifier.update(tbs);
|
||||
|
||||
var v = verifier.verify(npubKey, sig);
|
||||
if (!v) {
|
||||
// console.log(i + ' not verified.');
|
||||
verified = false;
|
||||
}
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue