paypro: refactoring. handle unkown extension.
This commit is contained in:
parent
dde64fbb87
commit
379578aa15
|
@ -143,9 +143,11 @@ PayPro.prototype.x509Verify = function() {
|
||||||
|
|
||||||
//
|
//
|
||||||
// Handle Cert Extensions
|
// Handle Cert Extensions
|
||||||
|
// http://www.ietf.org/rfc/rfc3280.txt
|
||||||
|
// http://www.ietf.org/rfc/rfc5280.txt
|
||||||
// http://tools.ietf.org/html/rfc5280#section-4.2
|
// http://tools.ietf.org/html/rfc5280#section-4.2
|
||||||
//
|
//
|
||||||
var extensions = rfc5280.decodeExtensions(c, { partial: false });
|
var extensions = rfc5280.decodeExtensions(c, { partial: true });
|
||||||
var extensionsVerified = extensions.verified;
|
var extensionsVerified = extensions.verified;
|
||||||
|
|
||||||
// Object.keys(extensions).forEach(function(key) {
|
// Object.keys(extensions).forEach(function(key) {
|
||||||
|
@ -535,13 +537,6 @@ rfc5280.EDIPartyName = asn1.define('EDIPartyName', function() {
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
// https://www.google.com/search?q=IA5String
|
|
||||||
// https://en.wikipedia.org/wiki/IA5STRING
|
|
||||||
// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540805(v=vs.85).aspx
|
|
||||||
|
|
||||||
// https://www.google.com/search?q=TeletexString
|
|
||||||
// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540814(v=vs.85).aspx
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ##### DirectoryString
|
* ##### DirectoryString
|
||||||
*/
|
*/
|
||||||
|
@ -575,19 +570,6 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() {
|
||||||
var KeyUsage =
|
var KeyUsage =
|
||||||
rfc5280.KeyUsage = asn1.define('KeyUsage', function() {
|
rfc5280.KeyUsage = asn1.define('KeyUsage', function() {
|
||||||
this.bitstr();
|
this.bitstr();
|
||||||
// keyUsage = {
|
|
||||||
// digitalSignature: !!((data >> 0) & 1),
|
|
||||||
// nonRepudiation: !!((data >> 1) & 1),
|
|
||||||
// // nonRepudiation renamed to contentCommitment:
|
|
||||||
// contentCommitment: !!((data >> 1) & 1),
|
|
||||||
// keyEncipherment: !!((data >> 2) & 1),
|
|
||||||
// dataEncipherment: !!((data >> 3) & 1),
|
|
||||||
// keyAgreement: !!((data >> 4) & 1),
|
|
||||||
// keyCertSign: !!((data >> 5) & 1),
|
|
||||||
// cRLSign: !!((data >> 6) & 1),
|
|
||||||
// encipherOnly: !!((data >> 7) & 1),
|
|
||||||
// decipherOnly: !!((data >> 8) & 1)
|
|
||||||
// };
|
|
||||||
});
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -860,16 +842,6 @@ rfc5280.RelativeDistinguishedName = asn1.define('RelativeDistinguishedName', fun
|
||||||
var ReasonFlags =
|
var ReasonFlags =
|
||||||
rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() {
|
rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() {
|
||||||
this.bitstr();
|
this.bitstr();
|
||||||
// ReasonFlags ::= BIT STRING {
|
|
||||||
// unused (0),
|
|
||||||
// keyCompromise (1),
|
|
||||||
// cACompromise (2),
|
|
||||||
// affiliationChanged (3),
|
|
||||||
// superseded (4),
|
|
||||||
// cessationOfOperation (5),
|
|
||||||
// certificateHold (6),
|
|
||||||
// privilegeWithdrawn (7),
|
|
||||||
// aACompromise (8) }
|
|
||||||
});
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -928,6 +900,17 @@ rfc5280.SubjectInformationAccess = asn1.define('SubjectInformationAccess', funct
|
||||||
this.seqof(AccessDescription);
|
this.seqof(AccessDescription);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* XXX
|
||||||
|
* # Unknown Extension
|
||||||
|
*/
|
||||||
|
|
||||||
|
var UnknownExtension =
|
||||||
|
rfc5280.UnknownExtension = asn1.define('UnknownExtension', function() {
|
||||||
|
this.any();
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
rfc5280.extensions = {
|
rfc5280.extensions = {
|
||||||
standard: {
|
standard: {
|
||||||
// id-ce extensions - Standard Extensions
|
// id-ce extensions - Standard Extensions
|
||||||
|
@ -938,6 +921,7 @@ rfc5280.extensions = {
|
||||||
15: {
|
15: {
|
||||||
name: 'Key Usage',
|
name: 'Key Usage',
|
||||||
parse: function(decoded, cert, ext, edata) {
|
parse: function(decoded, cert, ext, edata) {
|
||||||
|
// For bitstr: KeyUsage
|
||||||
var data = decoded.data[0];
|
var data = decoded.data[0];
|
||||||
return {
|
return {
|
||||||
digitalSignature: !!((data >> 0) & 1),
|
digitalSignature: !!((data >> 0) & 1),
|
||||||
|
@ -970,43 +954,43 @@ rfc5280.extensions = {
|
||||||
name: 'CRL Distribution Points',
|
name: 'CRL Distribution Points',
|
||||||
parse: function(decoded, cert, ext, edata) {
|
parse: function(decoded, cert, ext, edata) {
|
||||||
// XXX Find the bitstr: ReasonFlags
|
// XXX Find the bitstr: ReasonFlags
|
||||||
console.log('###########################');
|
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
|
||||||
console.log(decoded);
|
print(decoded);
|
||||||
console.log(cert);
|
print(cert);
|
||||||
console.log(ext);
|
print(ext);
|
||||||
console.log(edata);
|
print(edata);
|
||||||
console.log('###########################');
|
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
|
||||||
// XXX Find the bitstr: ReasonFlags
|
|
||||||
// var data = CRLDistributionPoints.DistributionPoint.reasons;
|
|
||||||
// return {
|
|
||||||
// unused: !!((data >> 0) & 1),
|
|
||||||
// keyCompromise: !!((data >> 1) & 1),
|
|
||||||
// cACompromise: !!((data >> 2) & 1),
|
|
||||||
// affiliationChanged: !!((data >> 3) & 1),
|
|
||||||
// superseded: !!((data >> 4) & 1),
|
|
||||||
// cessationOfOperation: !!((data >> 5) & 1),
|
|
||||||
// certificateHold: !!((data >> 6) & 1),
|
|
||||||
// privilegeWithdrawn: !!((data >> 7) & 1),
|
|
||||||
// aACompromise: !!((data >> 8) & 1)
|
|
||||||
// };
|
|
||||||
return decoded;
|
return decoded;
|
||||||
|
// For bitstr: ReasonFlags
|
||||||
|
var data = decoded.CRLDistributionPoints.DistributionPoint.reasons;
|
||||||
|
return {
|
||||||
|
unused: !!((data >> 0) & 1),
|
||||||
|
keyCompromise: !!((data >> 1) & 1),
|
||||||
|
cACompromise: !!((data >> 2) & 1),
|
||||||
|
affiliationChanged: !!((data >> 3) & 1),
|
||||||
|
superseded: !!((data >> 4) & 1),
|
||||||
|
cessationOfOperation: !!((data >> 5) & 1),
|
||||||
|
certificateHold: !!((data >> 6) & 1),
|
||||||
|
privilegeWithdrawn: !!((data >> 7) & 1),
|
||||||
|
aACompromise: !!((data >> 8) & 1)
|
||||||
|
};
|
||||||
},
|
},
|
||||||
execute: function(cert) {
|
execute: function(cert) {
|
||||||
return cert;
|
return cert;
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
54: 'Inhibit anyPolicy',
|
54: 'Inhibit anyPolicy',
|
||||||
46: 'Freshest CRL',
|
46: 'Freshest CRL'
|
||||||
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
||||||
_: 'Unknown Extension'
|
|
||||||
},
|
},
|
||||||
|
|
||||||
// id-pe extensions - Private Internet Extensions
|
// id-pe extensions - Private Internet Extensions
|
||||||
priv: {
|
priv: {
|
||||||
|
// Unknown extension: 1.3.6.1.5.5.7.1.1
|
||||||
prefix: [1, 3, 6, 1, 5, 5, 7],
|
prefix: [1, 3, 6, 1, 5, 5, 7],
|
||||||
1: 'Authority Information Access',
|
1: 'Authority Information Access',
|
||||||
11: 'Subject Information Access',
|
11: 'Subject Information Access',
|
||||||
// Unknown Extension (not documented anywhere, probably non-standard)
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
||||||
_: 'Unknown Extension'
|
'1.1': 'Unknown Extension'
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1134,7 +1118,7 @@ rfc5280.decodeExtensions = function(cert, options) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
extensions.verified = !extensions.unknown.filter(function(ext) {
|
output.verified = !output.unknown.filter(function(ext) {
|
||||||
return ext.critical;
|
return ext.critical;
|
||||||
}).length;
|
}).length;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue