From aafbca46d9cacb05f388083db9a2e045a9de8828 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Mon, 21 Jul 2014 11:17:38 -0700 Subject: [PATCH] paypro: move x509 sign and verify to their own methods. --- lib/PayPro.js | 91 ++++++++++++++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 41 deletions(-) diff --git a/lib/PayPro.js b/lib/PayPro.js index 0b235d4..7edd863 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -212,26 +212,7 @@ PayPro.prototype.sign = function(key) { if (pki_type === 'SIN') { var sig = this.sinSign(key); } else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') { - var crypto = require('crypto'); - var pki_data = this.get('pki_data'); // contains one or more x509 certs - var details = this.get('serialized_payment_details'); - var type = pki_type.split('+')[1].toUpperCase(); - - var trusted = [].concat(pki_data).every(function(cert) { - var der = cert.toString('hex'); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - // var pem = DERtoPEM(der, 'CERTIFICATE'); - return !!RootCerts[pem.replace(/\s+/g, '')]; - }); - - if (!trusted) { - // throw new Error('Unstrusted certificate.'); - } - - var signature = crypto.createSign('RSA-' + type); - var buf = this.serializeForSig(); - signature.update(buf); - var sig = signature.sign(key); + var sig = this.x509Sign(key); } else if (pki_type === 'none') { return this; } else { @@ -252,27 +233,7 @@ PayPro.prototype.verify = function() { if (pki_type === 'SIN') { return this.sinVerify(); } else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') { - var crypto = require('crypto'); - var sig = this.get('signature'); - var pki_data = this.get('pki_data'); - var details = this.get('serialized_payment_details'); - var buf = this.serializeForSig(); - var type = pki_type.split('+')[1].toUpperCase(); - - var verifier = crypto.createVerify('RSA-' + type); - verifier.update(buf); - - return [].concat(pki_data).every(function(cert) { - var der = cert.toString('hex'); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - // var pem = DERtoPEM(der, 'CERTIFICATE'); - - if (!RootCerts[pem.replace(/\s+/g, '')]) { - // throw new Error('Unstrusted certificate.'); - } - - return verifier.verify(pem, sig); - }); + return this.x509Verify(); } else if (pki_type === 'none') { return true; } @@ -280,6 +241,54 @@ PayPro.prototype.verify = function() { throw new Error('Unsupported pki_type'); }; +PayPro.prototype.x509Sign = function(key) { + var crypto = require('crypto'); + var pki_data = this.get('pki_data'); // contains one or more x509 certs + var details = this.get('serialized_payment_details'); + var type = pki_type.split('+')[1].toUpperCase(); + + var trusted = [].concat(pki_data).every(function(cert) { + var der = cert.toString('hex'); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); + // var pem = DERtoPEM(der, 'CERTIFICATE'); + return !!RootCerts[pem.replace(/\s+/g, '')]; + }); + + if (!trusted) { + // throw new Error('Unstrusted certificate.'); + } + + var signature = crypto.createSign('RSA-' + type); + var buf = this.serializeForSig(); + signature.update(buf); + var sig = signature.sign(key); + return sig; +}; + +PayPro.prototype.x509Verify = function() { + var crypto = require('crypto'); + var sig = this.get('signature'); + var pki_data = this.get('pki_data'); + var details = this.get('serialized_payment_details'); + var buf = this.serializeForSig(); + var type = pki_type.split('+')[1].toUpperCase(); + + var verifier = crypto.createVerify('RSA-' + type); + verifier.update(buf); + + return [].concat(pki_data).every(function(cert) { + var der = cert.toString('hex'); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); + // var pem = DERtoPEM(der, 'CERTIFICATE'); + + if (!RootCerts[pem.replace(/\s+/g, '')]) { + // throw new Error('Unstrusted certificate.'); + } + + return verifier.verify(pem, sig); + }); +}; + //default signing function for prototype.sign PayPro.prototype.sinSign = function(key) { this.set('pki_data', key.public)