paypro: implement "none" pki_type.
This commit is contained in:
parent
a73699ba64
commit
a50b9ed3a3
|
@ -17,12 +17,19 @@ PayPro.prototype.x509Sign = function(key, returnTrust) {
|
|||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||
pki_data = pki_data.certificate;
|
||||
var details = this.get('serialized_payment_details');
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
var type = pki_type !== 'none'
|
||||
? pki_type.split('+')[1].toUpperCase()
|
||||
: pki_type;
|
||||
|
||||
var signature = crypto.createSign('RSA-' + type);
|
||||
var buf = this.serializeForSig();
|
||||
signature.update(buf);
|
||||
var sig = signature.sign(key);
|
||||
if (type !== 'none') {
|
||||
var signature = crypto.createSign('RSA-' + type);
|
||||
var buf = this.serializeForSig();
|
||||
signature.update(buf);
|
||||
var sig = signature.sign(key);
|
||||
} else {
|
||||
var buf = this.serializeForSig();
|
||||
var sig = '';
|
||||
}
|
||||
|
||||
if (returnTrust) {
|
||||
var cert = pki_data[pki_data.length - 1];
|
||||
|
@ -57,15 +64,20 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
|||
pki_data = pki_data.certificate;
|
||||
var details = this.get('serialized_payment_details');
|
||||
var buf = this.serializeForSig();
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
var type = pki_type !== 'none'
|
||||
? pki_type.split('+')[1].toUpperCase()
|
||||
: pki_type;
|
||||
|
||||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
verifier.update(buf);
|
||||
|
||||
var signedCert = pki_data[0];
|
||||
var der = signedCert.toString('hex');
|
||||
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
||||
var verified = verifier.verify(pem, sig);
|
||||
if (type !== 'none') {
|
||||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
verifier.update(buf);
|
||||
var signedCert = pki_data[0];
|
||||
var der = signedCert.toString('hex');
|
||||
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
|
||||
var verified = verifier.verify(pem, sig);
|
||||
} else {
|
||||
var verified = true;
|
||||
}
|
||||
|
||||
var chain = pki_data;
|
||||
|
||||
|
@ -177,7 +189,7 @@ PayPro.verifyCertChain = function(chain, type) {
|
|||
// from the DER Certificate:
|
||||
var tbs = PayPro.getTBSCertificate(data);
|
||||
|
||||
var verifier = crypto.createVerify('RSA-' + sigAlg);
|
||||
var verifier = crypto.createVerify(type ? 'RSA-' + type : 'RSA');
|
||||
verifier.update(tbs);
|
||||
var sigVerified = verifier.verify(npubKey, sig);
|
||||
|
||||
|
|
|
@ -18,23 +18,29 @@ PayPro.prototype.x509Sign = function(key, returnTrust) {
|
|||
var pki_data = this.get('pki_data'); // contains one or more x509 certs
|
||||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||
pki_data = pki_data.certificate;
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
var type = pki_type !== 'none'
|
||||
? pki_type.split('+')[1].toUpperCase()
|
||||
: pki_type;
|
||||
var buf = this.serializeForSig();
|
||||
|
||||
var rsa = new KJUR.RSAKey();
|
||||
rsa.readPrivateKeyFromPEMString(key.toString());
|
||||
key = rsa;
|
||||
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
if (type !== 'none') {
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
|
||||
jsrsaSig.init(key);
|
||||
jsrsaSig.init(key);
|
||||
|
||||
jsrsaSig.updateHex(buf.toString('hex'));
|
||||
jsrsaSig.updateHex(buf.toString('hex'));
|
||||
|
||||
var sig = new Buffer(jsrsaSig.sign(), 'hex');
|
||||
var sig = new Buffer(jsrsaSig.sign(), 'hex');
|
||||
} else {
|
||||
var sig = '';
|
||||
}
|
||||
|
||||
if (returnTrust) {
|
||||
var cert = pki_data[pki_data.length - 1];
|
||||
|
@ -66,20 +72,25 @@ PayPro.prototype.x509Verify = function(returnTrust) {
|
|||
pki_data = PayPro.X509Certificates.decode(pki_data);
|
||||
pki_data = pki_data.certificate;
|
||||
var buf = this.serializeForSig();
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
var type = pki_type !== 'none'
|
||||
? pki_type.split('+')[1].toUpperCase()
|
||||
: pki_type;
|
||||
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
|
||||
var signedCert = pki_data[0];
|
||||
var der = signedCert.toString('hex');
|
||||
// var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
jsrsaSig.initVerifyByCertificatePEM(pem);
|
||||
jsrsaSig.updateHex(buf.toString('hex'));
|
||||
var verified = jsrsaSig.verify(sig.toString('hex'));
|
||||
if (type !== 'none') {
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
var signedCert = pki_data[0];
|
||||
var der = signedCert.toString('hex');
|
||||
// var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
jsrsaSig.initVerifyByCertificatePEM(pem);
|
||||
jsrsaSig.updateHex(buf.toString('hex'));
|
||||
var verified = jsrsaSig.verify(sig.toString('hex'));
|
||||
} else {
|
||||
var verified = true;
|
||||
}
|
||||
|
||||
var chain = pki_data;
|
||||
|
||||
|
@ -169,12 +180,14 @@ PayPro.verifyCertChain = function(chain, type) {
|
|||
//
|
||||
// Get Public Key from next certificate (via KJUR because it's a mess):
|
||||
//
|
||||
var js = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
js.initVerifyByCertificatePEM(npem);
|
||||
var npubKey = js.pubKey;
|
||||
if (type !== 'none') {
|
||||
var js = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
js.initVerifyByCertificatePEM(npem);
|
||||
var npubKey = js.pubKey;
|
||||
}
|
||||
// XXX Somehow change the pubKey format to npubKeyAlg.
|
||||
|
||||
//
|
||||
|
@ -199,19 +212,23 @@ PayPro.verifyCertChain = function(chain, type) {
|
|||
// Verify current Certificate signature
|
||||
//
|
||||
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
jsrsaSig.initVerifyByPublicKey(npubKey);
|
||||
if (type !== 'none') {
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
jsrsaSig.initVerifyByPublicKey(npubKey);
|
||||
|
||||
// Get the raw DER TBSCertificate
|
||||
// from the DER Certificate:
|
||||
var tbs = PayPro.getTBSCertificate(data);
|
||||
// Get the raw DER TBSCertificate
|
||||
// from the DER Certificate:
|
||||
var tbs = PayPro.getTBSCertificate(data);
|
||||
|
||||
jsrsaSig.updateHex(tbs.toString('hex'));
|
||||
jsrsaSig.updateHex(tbs.toString('hex'));
|
||||
|
||||
var sigVerified = jsrsaSig.verify(sig.toString('hex'));
|
||||
var sigVerified = jsrsaSig.verify(sig.toString('hex'));
|
||||
} else {
|
||||
var sigVerified = true;
|
||||
}
|
||||
|
||||
return validityVerified
|
||||
&& issuerVerified
|
||||
|
|
Loading…
Reference in New Issue