From 379578aa15241678a361a625313d97e4a8a0572f Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Tue, 26 Aug 2014 11:57:15 -0700
Subject: [PATCH] paypro: refactoring. handle unkown extension.

---
 lib/PayPro.js | 94 +++++++++++++++++++++------------------------------
 1 file changed, 39 insertions(+), 55 deletions(-)

diff --git a/lib/PayPro.js b/lib/PayPro.js
index 1668e80..3daed36 100644
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@@ -143,9 +143,11 @@ PayPro.prototype.x509Verify = function() {
 
     //
     // Handle Cert Extensions
+    // http://www.ietf.org/rfc/rfc3280.txt
+    // http://www.ietf.org/rfc/rfc5280.txt
     // http://tools.ietf.org/html/rfc5280#section-4.2
     //
-    var extensions = rfc5280.decodeExtensions(c, { partial: false });
+    var extensions = rfc5280.decodeExtensions(c, { partial: true });
     var extensionsVerified = extensions.verified;
 
     // Object.keys(extensions).forEach(function(key) {
@@ -535,13 +537,6 @@ rfc5280.EDIPartyName = asn1.define('EDIPartyName', function() {
   );
 });
 
-// https://www.google.com/search?q=IA5String
-// https://en.wikipedia.org/wiki/IA5STRING
-// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540805(v=vs.85).aspx
-
-// https://www.google.com/search?q=TeletexString
-// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540814(v=vs.85).aspx
-
 /**
  * ##### DirectoryString
  */
@@ -575,19 +570,6 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() {
 var KeyUsage =
 rfc5280.KeyUsage = asn1.define('KeyUsage', function() {
   this.bitstr();
-  // keyUsage = {
-  //   digitalSignature: !!((data >> 0) & 1),
-  //   nonRepudiation: !!((data >> 1) & 1),
-  //   // nonRepudiation renamed to contentCommitment:
-  //   contentCommitment: !!((data >> 1) & 1),
-  //   keyEncipherment: !!((data >> 2) & 1),
-  //   dataEncipherment: !!((data >> 3) & 1),
-  //   keyAgreement: !!((data >> 4) & 1),
-  //   keyCertSign: !!((data >> 5) & 1),
-  //   cRLSign: !!((data >> 6) & 1),
-  //   encipherOnly: !!((data >> 7) & 1),
-  //   decipherOnly: !!((data >> 8) & 1)
-  // };
 });
 
 /**
@@ -860,16 +842,6 @@ rfc5280.RelativeDistinguishedName = asn1.define('RelativeDistinguishedName', fun
 var ReasonFlags =
 rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() {
   this.bitstr();
-  // ReasonFlags ::= BIT STRING {
-  //   unused                  (0),
-  //   keyCompromise           (1),
-  //   cACompromise            (2),
-  //   affiliationChanged      (3),
-  //   superseded              (4),
-  //   cessationOfOperation    (5),
-  //   certificateHold         (6),
-  //   privilegeWithdrawn      (7),
-  //   aACompromise            (8) }
 });
 
 /**
@@ -928,6 +900,17 @@ rfc5280.SubjectInformationAccess = asn1.define('SubjectInformationAccess', funct
   this.seqof(AccessDescription);
 });
 
+/**
+ * XXX
+ * # Unknown Extension
+ */
+
+var UnknownExtension =
+rfc5280.UnknownExtension = asn1.define('UnknownExtension', function() {
+  this.any();
+});
+
+
 rfc5280.extensions = {
   standard: {
     // id-ce extensions - Standard Extensions
@@ -938,6 +921,7 @@ rfc5280.extensions = {
     15: {
       name: 'Key Usage',
       parse: function(decoded, cert, ext, edata) {
+        // For bitstr: KeyUsage
         var data = decoded.data[0];
         return {
           digitalSignature: !!((data >> 0) & 1),
@@ -970,43 +954,43 @@ rfc5280.extensions = {
       name: 'CRL Distribution Points',
       parse: function(decoded, cert, ext, edata) {
         // XXX Find the bitstr: ReasonFlags
-        console.log('###########################');
-        console.log(decoded);
-        console.log(cert);
-        console.log(ext);
-        console.log(edata);
-        console.log('###########################');
-        // XXX Find the bitstr: ReasonFlags
-        // var data = CRLDistributionPoints.DistributionPoint.reasons;
-        // return {
-        //   unused: !!((data >> 0) & 1),
-        //   keyCompromise: !!((data >> 1) & 1),
-        //   cACompromise: !!((data >> 2) & 1),
-        //   affiliationChanged: !!((data >> 3) & 1),
-        //   superseded: !!((data >> 4) & 1),
-        //   cessationOfOperation: !!((data >> 5) & 1),
-        //   certificateHold: !!((data >> 6) & 1),
-        //   privilegeWithdrawn: !!((data >> 7) & 1),
-        //   aACompromise: !!((data >> 8) & 1)
-        // };
+        print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
+        print(decoded);
+        print(cert);
+        print(ext);
+        print(edata);
+        print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
         return decoded;
+        // For bitstr: ReasonFlags
+        var data = decoded.CRLDistributionPoints.DistributionPoint.reasons;
+        return {
+          unused: !!((data >> 0) & 1),
+          keyCompromise: !!((data >> 1) & 1),
+          cACompromise: !!((data >> 2) & 1),
+          affiliationChanged: !!((data >> 3) & 1),
+          superseded: !!((data >> 4) & 1),
+          cessationOfOperation: !!((data >> 5) & 1),
+          certificateHold: !!((data >> 6) & 1),
+          privilegeWithdrawn: !!((data >> 7) & 1),
+          aACompromise: !!((data >> 8) & 1)
+        };
       },
       execute: function(cert) {
         return cert;
       }
     },
     54: 'Inhibit anyPolicy',
-    46: 'Freshest CRL',
-    // Unknown Extension (not documented anywhere, probably non-standard)
-    _: 'Unknown Extension'
+    46: 'Freshest CRL'
   },
+
   // id-pe extensions - Private Internet Extensions
   priv: {
+    // Unknown extension: 1.3.6.1.5.5.7.1.1
     prefix: [1, 3, 6, 1, 5, 5, 7],
      1: 'Authority Information Access',
     11: 'Subject Information Access',
     // Unknown Extension (not documented anywhere, probably non-standard)
-    _: 'Unknown Extension'
+     '1.1': 'Unknown Extension'
   }
 };
 
@@ -1134,7 +1118,7 @@ rfc5280.decodeExtensions = function(cert, options) {
     }
   }
 
-  extensions.verified = !extensions.unknown.filter(function(ext) {
+  output.verified = !output.unknown.filter(function(ext) {
     return ext.critical;
   }).length;