paypro: check issuer. ignore fixed asn1.js bug.
This commit is contained in:
parent
203b605ebf
commit
18d72309eb
|
@ -107,33 +107,38 @@ PayPro.prototype.x509Verify = function() {
|
|||
var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1);
|
||||
var sig = c.signature.data;
|
||||
|
||||
// NOTE - check this in the future:
|
||||
// c.tbsCertificate.issuer === nc.tbsCertificate.subject;
|
||||
//
|
||||
// Check the Issuer matches the Subject of the next certificate:
|
||||
//
|
||||
var issuer = c.tbsCertificate.issuer;
|
||||
var subject = nc.tbsCertificate.subject;
|
||||
var issuerVerified = issuer.type === subject.type && issuer.value.every(function(issuerArray, i) {
|
||||
var subjectArray = subject.value[i];
|
||||
return issuerArray.every(function(issuerObject, i) {
|
||||
var subjectObject = subjectArray[i];
|
||||
|
||||
var issuerObjectType = issuerObject.type.join('.');
|
||||
var subjectObjectType = subjectObject.type.join('.');
|
||||
|
||||
var issuerObjectValue = issuerObject.value.toString('hex');
|
||||
var subjectObjectValue = subjectObject.value.toString('hex');
|
||||
|
||||
return issuerObjectType === subjectObjectType
|
||||
&& issuerObjectValue === subjectObjectValue;
|
||||
});
|
||||
});
|
||||
|
||||
//
|
||||
// Create a To-Be-Signed Certificate to verify using asn1.js:
|
||||
// XXX The signature algorithm seems to get mangled here.
|
||||
//
|
||||
// var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
|
||||
var tbs = rfc3280.TBSCertificate.encode({
|
||||
version: c.tbsCertificate.version,
|
||||
serialNumber: c.tbsCertificate.serialNumber,
|
||||
// XXX signature algorithm is different for some reason.
|
||||
signature: { algorithm: [ 1, 2, 840, 113549, 1, 1, 11 ] },
|
||||
//signature: c.tbsCertificate.signature,
|
||||
issuer: c.tbsCertificate.issuer,
|
||||
validity: c.tbsCertificate.validity,
|
||||
subject: c.tbsCertificate.subject,
|
||||
subjectPublicKeyInfo: c.tbsCertificate.subjectPublicKeyInfo,
|
||||
extensions: c.tbsCertificate.extensions
|
||||
}, 'der');
|
||||
var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
|
||||
|
||||
//
|
||||
// Verify current certificate signature:
|
||||
//
|
||||
var verifier = crypto.createVerify('RSA-' + sigAlg);
|
||||
verifier.update(tbs);
|
||||
return verifier.verify(npubKey, sig);
|
||||
return verifier.verify(npubKey, sig) && issuerVerified;
|
||||
});
|
||||
|
||||
return verified && chainVerified;
|
||||
|
|
Loading…
Reference in New Issue