paypro: check validity time - cert expiration.
This commit is contained in:
parent
b52eb6f922
commit
1dff1d6a9f
|
@ -107,6 +107,19 @@ PayPro.prototype.x509Verify = function() {
|
|||
var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1);
|
||||
var sig = c.signature.data;
|
||||
|
||||
//
|
||||
// Check Validity of Certificates
|
||||
//
|
||||
var validityVerified = true;
|
||||
var now = Date.now();
|
||||
var cBefore = c.tbsCertificate.validity.notBefore.value;
|
||||
var cAfter = c.tbsCertificate.validity.notAfter.value;
|
||||
var nBefore = nc.tbsCertificate.validity.notBefore.value;
|
||||
var nAfter = nc.tbsCertificate.validity.notAfter.value;
|
||||
if (cBefore > now || cAfter < now || nBefore > now || nAfter < now) {
|
||||
validityVerified = false;
|
||||
}
|
||||
|
||||
//
|
||||
// Check the Issuer matches the Subject of the next certificate:
|
||||
//
|
||||
|
@ -132,7 +145,6 @@ PayPro.prototype.x509Verify = function() {
|
|||
// Handle Cert Extensions
|
||||
// http://tools.ietf.org/html/rfc5280#section-4.2
|
||||
//
|
||||
|
||||
var ext;
|
||||
var eid;
|
||||
var extensions = {
|
||||
|
@ -153,30 +165,31 @@ PayPro.prototype.x509Verify = function() {
|
|||
switch (eid[3]) {
|
||||
// Basic Constraints
|
||||
case 19:
|
||||
extensions.basicConstraints = ext;
|
||||
extensions.basicConstraints = ext.extnValue;
|
||||
break;
|
||||
// Key Usage
|
||||
case 15:
|
||||
extensions.keyUsage = ext;
|
||||
extensions.keyUsage = ext.extnValue;
|
||||
break;
|
||||
// Subject Key Identifier
|
||||
case 14:
|
||||
extensions.subjectKeyIdentifier = ext;
|
||||
extensions.subjectKeyIdentifier = ext.extnValue;
|
||||
break;
|
||||
// Authority Key Identifier
|
||||
case 35:
|
||||
extensions.authKeyIdentifier = ext;
|
||||
extensions.authKeyIdentifier = ext.extnValue;
|
||||
break;
|
||||
// CRL Distribution Points
|
||||
case 31:
|
||||
extensions.CRLDistributionPoints = ext;
|
||||
extensions.CRLDistributionPoints = ext.extnValue;
|
||||
break;
|
||||
// Certificate Policies
|
||||
case 32:
|
||||
extensions.certificatePolicies = ext;
|
||||
extensions.certificatePolicies = ext.extnValue;
|
||||
break;
|
||||
// Unknown Extension (not documented anywhere, probably non-standard)
|
||||
default:
|
||||
extensions.unknown.push(ext);
|
||||
extensions.standardUnknown.push(ext);
|
||||
break;
|
||||
}
|
||||
|
@ -185,10 +198,16 @@ PayPro.prototype.x509Verify = function() {
|
|||
}
|
||||
}
|
||||
|
||||
var rejectUnknown = !!extensions.unknown.filter(function(ext) {
|
||||
return ext.critical;
|
||||
}).length;
|
||||
|
||||
print(c);
|
||||
print(nc);
|
||||
print('issuerVerified: %s', issuerVerified);
|
||||
print(extensions);
|
||||
print('issuerVerified: %s', issuerVerified);
|
||||
print('rejectUnknown: %s', rejectUnknown);
|
||||
print('validityVerified: %s', validityVerified);
|
||||
|
||||
//
|
||||
// Create a To-Be-Signed Certificate to verify using asn1.js:
|
||||
|
|
Loading…
Reference in New Issue