From 24ae03247f8218d77e3491de3d047c98f7ac5b20 Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Wed, 16 Jul 2014 17:58:47 -0700
Subject: [PATCH] paypro: stat using jsrsasign to convert DER to PEM and derive
 public keys for sig verification.

---
 lib/PayPro.js         | 14 +++++++++++++-
 lib/browser/PayPro.js | 24 ++++++++++++++++++------
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/lib/PayPro.js b/lib/PayPro.js
index 8927241..da7a631 100644
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@@ -2,6 +2,8 @@
 var protobufjs = protobufjs || require('protobufjs/dist/ProtoBuf');
 var Message = Message || require('./Message');
 
+var KJUR = require('jsrsasign');
+
 // BIP 70 - payment protocol
 function PayPro() {
   this.messageType = null;
@@ -245,7 +247,17 @@ PayPro.prototype.verify = function() {
     var type = pki_type.split('+').toUpperCase();
     var verifier = crypto.createVerify('RSA-' + type);
     verifier.update(buf);
-    return verifier.verify(pki_data, sig);
+
+    pki_data = pki_data && pki_data.unshift
+      ? pki_data[0]
+      : pki_data;
+
+    var der = pki_data.toString('hex');
+    var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
+    var pub = KJUR.KEYUTIL.getHexKeyFromPEM(pem, 'PUBLIC KEY')
+    // var pub = KJUR.X509.getPublicKeyFromCertPEM(pem);
+
+    return verifier.verify(pub, sig);
   } else if (pki_type === 'none') {
     return true;
   }
diff --git a/lib/browser/PayPro.js b/lib/browser/PayPro.js
index 866068c..7c651b5 100644
--- a/lib/browser/PayPro.js
+++ b/lib/browser/PayPro.js
@@ -29,11 +29,14 @@ PayPro.sign = function(key) {
     var type = pki_type.split('+').toUpperCase();
     var buf = this.serializeForSig();
 
-    // TODO: parse all certs
-    // var cert = pki_data.split(/-----BEGIN[^\n]*KEY-----/)[0].replace(/\s+/g, '');
-    // if (!Trusted[cert])) {
-    //   ; // untrusted cert
-    // }
+    pki_data = pki_data && pki_data.unshift
+      ? pki_data[0]
+      : pki_data;
+
+    var der = pki_data.toString('hex');
+    var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
+    var pub = KJUR.KEYUTIL.getHexKeyFromPEM(pem, 'PUBLIC KEY')
+    // var pub = KJUR.X509.getPublicKeyFromCertPEM(pem);
 
     var jsrsaSig = new KJUR.crypto.Signature({
       alg: type + 'withRSA',
@@ -74,7 +77,16 @@ PayPro.verify = function() {
       prov: 'cryptojs/jsrsa'
     });
 
-    jsrsaSig.initVerifyByCertificatePEM(pki_data);
+    pki_data = pki_data && pki_data.unshift
+      ? pki_data[0]
+      : pki_data;
+
+    var der = pki_data.toString('hex');
+    var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
+    var pub = KJUR.KEYUTIL.getHexKeyFromPEM(pem, 'PUBLIC KEY')
+    // var pub = KJUR.X509.getPublicKeyFromCertPEM(pem);
+
+    jsrsaSig.initVerifyByCertificatePEM(pem);
 
     jsrsaSig.updateHex(buf.toString('hex'));