paypro: add returnTrust to sign(). minor improvements.
This commit is contained in:
parent
dea39d1c72
commit
18c38ae67a
|
@ -9,35 +9,41 @@ var PayPro = require('./common/PayPro');
|
||||||
var asn1 = require('asn1.js');
|
var asn1 = require('asn1.js');
|
||||||
var rfc3280 = require('asn1.js/rfc/3280');
|
var rfc3280 = require('asn1.js/rfc/3280');
|
||||||
|
|
||||||
PayPro.prototype.x509Sign = function(key) {
|
PayPro.prototype.x509Sign = function(key, returnTrust) {
|
||||||
var self = this;
|
var self = this;
|
||||||
var crypto = require('crypto');
|
var crypto = require('crypto');
|
||||||
var pki_type = this.get('pki_type');
|
var pki_type = this.get('pki_type');
|
||||||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
var pki_data = this.get('pki_data');
|
||||||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||||
pki_data = pki_data.certificate;
|
pki_data = pki_data.certificate;
|
||||||
var details = this.get('serialized_payment_details');
|
var details = this.get('serialized_payment_details');
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type.split('+')[1].toUpperCase();
|
||||||
|
|
||||||
var trusted = pki_data.map(function(cert) {
|
|
||||||
var der = cert.toString('hex');
|
|
||||||
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
|
||||||
return RootCerts.getTrusted(pem);
|
|
||||||
});
|
|
||||||
|
|
||||||
// XXX Figure out what to do here
|
|
||||||
if (!trusted.length) {
|
|
||||||
// throw new Error('Unstrusted certificate.');
|
|
||||||
} else {
|
|
||||||
trusted.forEach(function(name) {
|
|
||||||
// console.log('Certificate: %s', name);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
var signature = crypto.createSign('RSA-' + type);
|
var signature = crypto.createSign('RSA-' + type);
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
signature.update(buf);
|
signature.update(buf);
|
||||||
var sig = signature.sign(key);
|
var sig = signature.sign(key);
|
||||||
|
|
||||||
|
if (returnTrust) {
|
||||||
|
var cert = pki_data[pki_data.length - 1];
|
||||||
|
var der = cert.toString('hex');
|
||||||
|
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
||||||
|
var caName = RootCerts.getTrusted(pem);
|
||||||
|
var selfSigned = 0;
|
||||||
|
if (!caName) {
|
||||||
|
selfSigned = pki_data.length > 1
|
||||||
|
? -1
|
||||||
|
: 1;
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
selfSigned: selfSigned,
|
||||||
|
isChain: pki_data.length > 1,
|
||||||
|
signature: sig,
|
||||||
|
caTrusted: !!caName,
|
||||||
|
caName: caName || null
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
return sig;
|
return sig;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -58,7 +64,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
||||||
|
|
||||||
var signedCert = pki_data[0];
|
var signedCert = pki_data[0];
|
||||||
var der = signedCert.toString('hex');
|
var der = signedCert.toString('hex');
|
||||||
var pem = this._DERtoPEM(der, 'CERTIFICATE');
|
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
||||||
var verified = verifier.verify(pem, sig);
|
var verified = verifier.verify(pem, sig);
|
||||||
|
|
||||||
var chain = pki_data;
|
var chain = pki_data;
|
||||||
|
@ -68,7 +74,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
||||||
//
|
//
|
||||||
var issuer = chain[chain.length - 1];
|
var issuer = chain[chain.length - 1];
|
||||||
der = issuer.toString('hex');
|
der = issuer.toString('hex');
|
||||||
pem = this._DERtoPEM(der, 'CERTIFICATE');
|
pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
||||||
var caName = RootCerts.getTrusted(pem);
|
var caName = RootCerts.getTrusted(pem);
|
||||||
|
|
||||||
if (chain.length === 1 && !caName) {
|
if (chain.length === 1 && !caName) {
|
||||||
|
@ -103,7 +109,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
||||||
|
|
||||||
var chainVerified = chain.every(function(cert, i) {
|
var chainVerified = chain.every(function(cert, i) {
|
||||||
var der = cert.toString('hex');
|
var der = cert.toString('hex');
|
||||||
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
||||||
var name = RootCerts.getTrusted(pem);
|
var name = RootCerts.getTrusted(pem);
|
||||||
|
|
||||||
var ncert = chain[i + 1];
|
var ncert = chain[i + 1];
|
||||||
|
@ -116,7 +122,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
var nder = ncert.toString('hex');
|
var nder = ncert.toString('hex');
|
||||||
var npem = self._DERtoPEM(nder, 'CERTIFICATE');
|
var npem = PayPro.DERtoPEM(nder, 'CERTIFICATE');
|
||||||
|
|
||||||
//
|
//
|
||||||
// Get Public Key from next certificate:
|
// Get Public Key from next certificate:
|
||||||
|
@ -126,7 +132,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
||||||
var npubKeyAlg = PayPro.getAlgorithm(
|
var npubKeyAlg = PayPro.getAlgorithm(
|
||||||
nc.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm);
|
nc.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm);
|
||||||
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
|
||||||
npubKey = self._DERtoPEM(npubKey, npubKeyAlg + ' PUBLIC KEY');
|
npubKey = PayPro.DERtoPEM(npubKey, npubKeyAlg + ' PUBLIC KEY');
|
||||||
|
|
||||||
//
|
//
|
||||||
// Get Signature Value from current certificate:
|
// Get Signature Value from current certificate:
|
||||||
|
|
|
@ -13,7 +13,7 @@ var rfc3280 = require('asn1.js/rfc/3280');
|
||||||
// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign
|
// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign
|
||||||
// http://kjur.github.io/jsrsasign/api/symbols/RSAKey.html
|
// http://kjur.github.io/jsrsasign/api/symbols/RSAKey.html
|
||||||
|
|
||||||
PayPro.prototype.x509Sign = function(key) {
|
PayPro.prototype.x509Sign = function(key, returnTrust) {
|
||||||
var pki_type = this.get('pki_type');
|
var pki_type = this.get('pki_type');
|
||||||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
||||||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||||
|
@ -21,21 +21,6 @@ PayPro.prototype.x509Sign = function(key) {
|
||||||
var type = pki_type.split('+')[1].toUpperCase();
|
var type = pki_type.split('+')[1].toUpperCase();
|
||||||
var buf = this.serializeForSig();
|
var buf = this.serializeForSig();
|
||||||
|
|
||||||
var trusted = pki_data.map(function(cert) {
|
|
||||||
var der = cert.toString('hex');
|
|
||||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
|
||||||
return RootCerts.getTrusted(pem);
|
|
||||||
});
|
|
||||||
|
|
||||||
// XXX Figure out what to do here
|
|
||||||
if (!trusted.length) {
|
|
||||||
// throw new Error('Unstrusted certificate.');
|
|
||||||
} else {
|
|
||||||
trusted.forEach(function(name) {
|
|
||||||
// console.log('Certificate: %s', name);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
var rsa = new KJUR.RSAKey();
|
var rsa = new KJUR.RSAKey();
|
||||||
rsa.readPrivateKeyFromPEMString(key.toString());
|
rsa.readPrivateKeyFromPEMString(key.toString());
|
||||||
key = rsa;
|
key = rsa;
|
||||||
|
@ -50,6 +35,27 @@ PayPro.prototype.x509Sign = function(key) {
|
||||||
jsrsaSig.updateHex(buf.toString('hex'));
|
jsrsaSig.updateHex(buf.toString('hex'));
|
||||||
|
|
||||||
var sig = new Buffer(jsrsaSig.sign(), 'hex');
|
var sig = new Buffer(jsrsaSig.sign(), 'hex');
|
||||||
|
|
||||||
|
if (returnTrust) {
|
||||||
|
var cert = pki_data[pki_data.length - 1];
|
||||||
|
var der = cert.toString('hex');
|
||||||
|
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||||
|
var caName = RootCerts.getTrusted(pem);
|
||||||
|
var selfSigned = 0;
|
||||||
|
if (!caName) {
|
||||||
|
selfSigned = pki_data.length > 1
|
||||||
|
? -1
|
||||||
|
: 1;
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
selfSigned: selfSigned,
|
||||||
|
isChain: pki_data.length > 1,
|
||||||
|
signature: sig,
|
||||||
|
caTrusted: !!caName,
|
||||||
|
caName: caName || null
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
return sig;
|
return sig;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -316,7 +316,7 @@ PayPro.prototype.deserialize = function(buf, messageType) {
|
||||||
return this;
|
return this;
|
||||||
};
|
};
|
||||||
|
|
||||||
PayPro.prototype.sign = function(key) {
|
PayPro.prototype.sign = function(key, returnTrust) {
|
||||||
if (this.messageType !== 'PaymentRequest')
|
if (this.messageType !== 'PaymentRequest')
|
||||||
throw new Error('Signing can only be performed on a PaymentRequest');
|
throw new Error('Signing can only be performed on a PaymentRequest');
|
||||||
|
|
||||||
|
@ -325,7 +325,7 @@ PayPro.prototype.sign = function(key) {
|
||||||
if (pki_type === 'SIN') {
|
if (pki_type === 'SIN') {
|
||||||
var sig = this.sinSign(key);
|
var sig = this.sinSign(key);
|
||||||
} else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') {
|
} else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') {
|
||||||
var sig = this.x509Sign(key);
|
var sig = this.x509Sign(key, returnTrust);
|
||||||
} else if (pki_type === 'none') {
|
} else if (pki_type === 'none') {
|
||||||
return this;
|
return this;
|
||||||
} else {
|
} else {
|
||||||
|
@ -371,10 +371,12 @@ PayPro.prototype.sinVerify = function() {
|
||||||
|
|
||||||
// Helpers
|
// Helpers
|
||||||
|
|
||||||
|
PayPro.PEMtoDER =
|
||||||
PayPro.prototype._PEMtoDER = function(pem) {
|
PayPro.prototype._PEMtoDER = function(pem) {
|
||||||
return this._PEMtoDERParam(pem);
|
return this._PEMtoDERParam(pem);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
PayPro.PEMtoDERParam =
|
||||||
PayPro.prototype._PEMtoDERParam = function(pem, param) {
|
PayPro.prototype._PEMtoDERParam = function(pem, param) {
|
||||||
if (Buffer.isBuffer(pem)) {
|
if (Buffer.isBuffer(pem)) {
|
||||||
pem = pem.toString();
|
pem = pem.toString();
|
||||||
|
@ -392,6 +394,7 @@ PayPro.prototype._PEMtoDERParam = function(pem, param) {
|
||||||
}).filter(Boolean);
|
}).filter(Boolean);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
PayPro.DERtoPEM =
|
||||||
PayPro.prototype._DERtoPEM = function(der, type) {
|
PayPro.prototype._DERtoPEM = function(der, type) {
|
||||||
if (typeof der === 'string') {
|
if (typeof der === 'string') {
|
||||||
der = new Buffer(der, 'hex');
|
der = new Buffer(der, 'hex');
|
||||||
|
|
Loading…
Reference in New Issue