paypro: 17 x509 extensions implemented.
This commit is contained in:
parent
bfd6dceee5
commit
b6c8941368
431
lib/PayPro.js
431
lib/PayPro.js
|
@ -148,12 +148,23 @@ PayPro.prototype.x509Verify = function() {
|
|||
var ext;
|
||||
var eid;
|
||||
var extensions = {
|
||||
basicConstraints: null,
|
||||
keyUsage: null,
|
||||
subjectKeyIdentifier: null,
|
||||
authorityKeyIdentifier: null,
|
||||
CRLDistributionPoints: null,
|
||||
subjectKeyIdentifier: null,
|
||||
keyUsage: null,
|
||||
certificatePolicies: null,
|
||||
policyMappings: null,
|
||||
subjectAlternativeName: null,
|
||||
issuerAlternativeName: null,
|
||||
subjectDirectoryAttributes: null,
|
||||
basicConstraints: null,
|
||||
nameConstraints: null,
|
||||
policyConstraints: null,
|
||||
extendedKeyUsage: null,
|
||||
CRLDistributionPoints: null,
|
||||
inhibitAnyPolicy: null,
|
||||
freshestCRL: null,
|
||||
authorityInformationAccess: null,
|
||||
subjectInformationAccess: null,
|
||||
standardUnknown: [],
|
||||
unknown: [],
|
||||
};
|
||||
|
@ -171,21 +182,65 @@ PayPro.prototype.x509Verify = function() {
|
|||
case 14:
|
||||
extensions.subjectKeyIdentifier = ext.extnValue;
|
||||
break;
|
||||
// Key Usage
|
||||
case 15:
|
||||
extensions.keyUsage = ext.extnValue;
|
||||
break;
|
||||
// Certificate Policies
|
||||
case 32:
|
||||
extensions.certificatePolicies = ext.extnValue;
|
||||
break;
|
||||
// Policy Mappings
|
||||
case 0:
|
||||
extensions.policyMappings = ext.extnValue;
|
||||
break;
|
||||
// Subject Alternative Name
|
||||
case 0:
|
||||
extensions.subjectAlternativeName = ext.extnValue;
|
||||
break;
|
||||
// Issuer Alternative Name
|
||||
case 0:
|
||||
extensions.issuerAlternativeName = ext.extnValue;
|
||||
break;
|
||||
// Subject Directory Attributes
|
||||
case 0:
|
||||
extensions.subjectDirectoryAttributes = ext.extnValue;
|
||||
break;
|
||||
// Basic Constraints
|
||||
case 19:
|
||||
extensions.basicConstraints = ext.extnValue;
|
||||
break;
|
||||
// Key Usage
|
||||
case 15:
|
||||
extensions.keyUsage = ext.extnValue;
|
||||
// Name Constraints
|
||||
case 0:
|
||||
extensions.nameConstraints = ext.extnValue;
|
||||
break;
|
||||
// Policy Constraints
|
||||
case 0:
|
||||
extensions.policyConstraints = ext.extnValue;
|
||||
break;
|
||||
// Extended Key Usage
|
||||
case 0:
|
||||
extensions.extendedKeyUsage = ext.extnValue;
|
||||
break;
|
||||
// CRL Distribution Points
|
||||
case 31:
|
||||
extensions.CRLDistributionPoints = ext.extnValue;
|
||||
break;
|
||||
// Certificate Policies
|
||||
case 32:
|
||||
extensions.certificatePolicies = ext.extnValue;
|
||||
// Inhibit anyPolicy
|
||||
case 0:
|
||||
extensions.inhibitAnyPolicy = ext.extnValue;
|
||||
break;
|
||||
// Freshest CRL
|
||||
case 0:
|
||||
extensions.freshestCRL = ext.extnValue;
|
||||
break;
|
||||
// Authority Information Access
|
||||
case 0:
|
||||
extensions.authorityInformationAccess = ext.extnValue;
|
||||
break;
|
||||
// Subject Information Access
|
||||
case 0:
|
||||
extensions.subjectInformationAccess = ext.extnValue;
|
||||
break;
|
||||
// Unknown Extension (not documented anywhere, probably non-standard)
|
||||
default:
|
||||
|
@ -275,7 +330,8 @@ PayPro.prototype.x509Verify = function() {
|
|||
var rfc5280 = {};
|
||||
|
||||
/**
|
||||
* # AuthorityKeyIdentifier
|
||||
* 1
|
||||
* # Authority Key Identifier
|
||||
*/
|
||||
|
||||
var AuthorityKeyIdentifier =
|
||||
|
@ -512,7 +568,7 @@ rfc5280.BuiltInDomainDefinedAttribute = asn1.define('BuiltInDomainDefinedAttribu
|
|||
});
|
||||
|
||||
/**
|
||||
* # ExtensionAttributes
|
||||
* ## ExtensionAttributes
|
||||
*/
|
||||
|
||||
var ExtensionAttributes =
|
||||
|
@ -521,7 +577,7 @@ rfc5280.ExtensionAttributes = asn1.define('ExtensionAttributes', function() {
|
|||
});
|
||||
|
||||
/**
|
||||
* ## ExtensionAttribute
|
||||
* ### ExtensionAttribute
|
||||
*/
|
||||
|
||||
var ExtensionAttribute =
|
||||
|
@ -567,6 +623,17 @@ rfc5280.DirectoryString = asn1.define('DirectoryString', function() {
|
|||
});
|
||||
|
||||
/**
|
||||
* 2
|
||||
* # SubjectKeyIdentifier
|
||||
*/
|
||||
|
||||
var SubjectKeyIdentifier =
|
||||
rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() {
|
||||
this.use(KeyIdentifier);
|
||||
});
|
||||
|
||||
/**
|
||||
* 3
|
||||
* # KeyUsage
|
||||
*/
|
||||
|
||||
|
@ -575,6 +642,344 @@ rfc5280.KeyUsage = asn1.define('KeyUsage', function() {
|
|||
this.bitstr();
|
||||
});
|
||||
|
||||
/**
|
||||
* 4
|
||||
* # Certificate Policies
|
||||
*/
|
||||
|
||||
var CertificatePolicies =
|
||||
rfc5280.CertificatePolicies = asn1.define('CertificatePolicies', function() {
|
||||
this.seqof(PolicyInformation);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Policy Information
|
||||
*/
|
||||
|
||||
var PolicyInformation =
|
||||
rfc5280.PolicyInformation = asn1.define('PolicyInformation', function() {
|
||||
this.seq().obj(
|
||||
this.key('policyIdentifier').use(CertPolicyId),
|
||||
this.key('policyQualifiers').use(PolicyQualifiers)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Cert Policy Id
|
||||
*/
|
||||
|
||||
var CertPolicyId =
|
||||
rfc5280.CertPolicyId = asn1.define('CertPolicyId', function() {
|
||||
this.objid();
|
||||
});
|
||||
|
||||
|
||||
/**
|
||||
* ### Policy Qualifiers
|
||||
*/
|
||||
|
||||
var PolicyQualifiers =
|
||||
rfc5280.PolicyQualifiers = asn1.define('PolicyQualifiers', function() {
|
||||
this.seqof(PolicyQualifierInfo);
|
||||
});
|
||||
|
||||
/**
|
||||
* #### Policy Qualifier Info
|
||||
*/
|
||||
|
||||
var PolicyQualifierInfo =
|
||||
rfc5280.PolicyQualifierInfo = asn1.define('PolicyQualifierInfo', function() {
|
||||
this.seq().obj(
|
||||
this.key('policyQualifierId').use(PolicyQualifierId),
|
||||
this.key('qualifier').any().use(PolicyQualifierId)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* ##### Policy Qualifier Id
|
||||
*/
|
||||
|
||||
var PolicyQualifierId =
|
||||
rfc5280.PolicyQualifierId = asn1.define('PolicyQualifierId', function() {
|
||||
this.objid();
|
||||
});
|
||||
|
||||
/**
|
||||
* 5
|
||||
* # Policy Mappings
|
||||
*/
|
||||
|
||||
var PolicyMappings =
|
||||
rfc5280.PolicyMappings = asn1.define('PolicyMappings', function() {
|
||||
this.seqof(PolicyMapping);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Policy Mapping
|
||||
*/
|
||||
|
||||
var PolicyMapping =
|
||||
rfc5280.PolicyMapping = asn1.define('PolicyMapping', function() {
|
||||
this.seq().obj(
|
||||
this.key('issuerDomainPolicy').use(CertPolicyId),
|
||||
this.key('subjectDomainPolicy').use(CertPolicyId)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* 6
|
||||
* # Subject Alternative Name
|
||||
*/
|
||||
|
||||
var SubjectAlternativeName =
|
||||
rfc5280.SubjectAlternativeName = asn1.define('SubjectAlternativeName', function() {
|
||||
this.use(GeneralNames);
|
||||
});
|
||||
|
||||
/**
|
||||
* 7
|
||||
* # Issuer Alternative Name
|
||||
*/
|
||||
|
||||
var IssuerAlternativeName =
|
||||
rfc5280.IssuerAlternativeName = asn1.define('IssuerAlternativeName', function() {
|
||||
this.use(GeneralNames);
|
||||
});
|
||||
|
||||
/**
|
||||
* 8
|
||||
* # Subject Directory Attributes
|
||||
*/
|
||||
|
||||
var SubjectDirectoryAttributes =
|
||||
rfc5280.SubjectDirectoryAttributes = asn1.define('SubjectDirectoryAttributes', function() {
|
||||
this.seqof(Attribute);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Attribute
|
||||
*/
|
||||
|
||||
var AttributeTypeAndValue = rfc5280.AttributeTypeAndValue = rfc3280.AttributeTypeAndValue;
|
||||
var Attribute = rfc5280.AttributeTypeAndValue = AttributeTypeAndValue;
|
||||
|
||||
/**
|
||||
* 9
|
||||
* # Basic Constraints
|
||||
*/
|
||||
|
||||
var BasicConstraints =
|
||||
rfc5280.BasicConstraints = asn1.define('BasicConstraints', function() {
|
||||
this.seq().obj(
|
||||
this.key('cA').default(false).bool(),
|
||||
this.key('pathLenConstraint').optional().int()
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* 10
|
||||
* # Name Constraints
|
||||
*/
|
||||
|
||||
var NameConstraints =
|
||||
rfc5280.NameConstraints = asn1.define('NameConstraints', function() {
|
||||
this.seq().obj(
|
||||
this.key('permittedSubtrees').optiona().use(GeneralSubtrees),
|
||||
this.key('excludedSubtrees').optional().use(GeneralSubtrees)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## General Subtrees
|
||||
*/
|
||||
|
||||
var GeneralSubtrees =
|
||||
rfc5280.GeneralSubtrees = asn1.define('GeneralSubtrees', function() {
|
||||
this.seqof(GeneralSubtree);
|
||||
});
|
||||
|
||||
/**
|
||||
* ### General Subtree
|
||||
*/
|
||||
|
||||
var GeneralSubtree =
|
||||
rfc5280.GeneralSubtree = asn1.define('GeneralSubtree', function() {
|
||||
this.seq().obj(
|
||||
this.key('base').use(GeneralName),
|
||||
this.key('minimum').default(0).use(BaseDistance),
|
||||
this.key('maximum').optional().use(BaseDistance)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* #### Base Distance
|
||||
*/
|
||||
|
||||
var BaseDistance =
|
||||
rfc5280.BaseDistance = asn1.define('BaseDistance', function() {
|
||||
this.int();
|
||||
});
|
||||
|
||||
/**
|
||||
* 11
|
||||
* # Policy Constraints
|
||||
*/
|
||||
|
||||
var PolicyConstraints =
|
||||
rfc5280.PolicyConstraints = asn1.define('PolicyConstraints', function() {
|
||||
this.seq().obj(
|
||||
this.key('requireExplicitPolicy').optional().use(SkipCerts),
|
||||
this.key('inhibitPolicyMapping').optional().use(SkipCerts)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Skip Certs
|
||||
*/
|
||||
|
||||
var SkipCerts =
|
||||
rfc5280.SkipCerts = asn1.define('SkipCerts', function() {
|
||||
this.int();
|
||||
});
|
||||
|
||||
/**
|
||||
* 12
|
||||
* # Extended Key Usage
|
||||
*/
|
||||
|
||||
var ExtendedKeyUsage =
|
||||
rfc5280.ExtendedKeyUsage = asn1.define('ExtendedKeyUsage', function() {
|
||||
this.seqof(KeyPurposeId);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Key Purpose Id
|
||||
*/
|
||||
|
||||
var KeyPurposeId =
|
||||
rfc5280.KeyPurposeId = asn1.define('KeyPurposeId', function() {
|
||||
this.objid();
|
||||
});
|
||||
|
||||
/**
|
||||
* 13
|
||||
* # CRL Distribution Points
|
||||
*/
|
||||
|
||||
var CRLDistributionPoints =
|
||||
rfc5280.CRLDistributionPoints = asn1.define('CRLDistributionPoints', function() {
|
||||
this.seqof(DistributionPoint);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Distribution Point
|
||||
*/
|
||||
|
||||
var DistributionPoint =
|
||||
rfc5280.DistributionPoint = asn1.define('DistributionPoint', function() {
|
||||
this.seq().obj(
|
||||
this.key('distributionPoint').optional().use(DistributionPointName),
|
||||
this.key('reasons').optional().use(ReasonFlags),
|
||||
this.key('cRLIssuer').optional().use(GeneralNames)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* ### Distribution Point Name
|
||||
*/
|
||||
|
||||
var DistributionPointName =
|
||||
rfc5280.DistributionPointName = asn1.define('DistributionPointName', function() {
|
||||
this.choice({
|
||||
fullName: this.use(GeneralNames),
|
||||
nameRelativeToCRLIssuer: this.use(RelativeDistinguishedName)
|
||||
});
|
||||
});
|
||||
|
||||
/**
|
||||
* #### Relative Distinguished Name
|
||||
*/
|
||||
|
||||
var RelativeDistinguishedName =
|
||||
rfc5280.RelativeDistinguishedName = asn1.define('RelativeDistinguishedName', function() {
|
||||
this.setof(AttributeTypeAndValue);
|
||||
});
|
||||
|
||||
/**
|
||||
* ### Reason Flags
|
||||
*/
|
||||
|
||||
var ReasonFlags =
|
||||
rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() {
|
||||
this.bitstr();
|
||||
// ReasonFlags ::= BIT STRING {
|
||||
// unused (0),
|
||||
// keyCompromise (1),
|
||||
// cACompromise (2),
|
||||
// affiliationChanged (3),
|
||||
// superseded (4),
|
||||
// cessationOfOperation (5),
|
||||
// certificateHold (6),
|
||||
// privilegeWithdrawn (7),
|
||||
// aACompromise (8) }
|
||||
});
|
||||
|
||||
/**
|
||||
* 14
|
||||
* # Inhibit anyPolicy
|
||||
*/
|
||||
|
||||
var InhibitAnyPolicy =
|
||||
rfc5280.InhibitAnyPolicy = asn1.define('InhibitAnyPolicy', function() {
|
||||
this.use(SkipCerts);
|
||||
});
|
||||
|
||||
/**
|
||||
* 15
|
||||
* # Freshest CRL
|
||||
*/
|
||||
|
||||
var FreshestCRL =
|
||||
rfc5280.FreshestCRL = asn1.define('FreshestCRL', function() {
|
||||
this.use(CRLDistributionPoints);
|
||||
});
|
||||
|
||||
/**
|
||||
* Private Internet Extensions
|
||||
*/
|
||||
|
||||
/**
|
||||
* 16
|
||||
* # Authority Information Access
|
||||
*/
|
||||
|
||||
var AuthorityInformationAccess =
|
||||
rfc5280.AuthorityInformationAccess = asn1.define('AuthorityInformationAccess', function() {
|
||||
this.seqof(AccessDescription);
|
||||
});
|
||||
|
||||
/**
|
||||
* ## Access Description
|
||||
*/
|
||||
|
||||
var AccessDescription =
|
||||
rfc5280.AccessDescription = asn1.define('AccessDescription', function() {
|
||||
this.seq().obj(
|
||||
this.key('accessMethod').objid(),
|
||||
this.key('accessLocation').use(GeneralName)
|
||||
);
|
||||
});
|
||||
|
||||
/**
|
||||
* 17
|
||||
* # Subject Information Access
|
||||
*/
|
||||
|
||||
var SubjectInformationAccess =
|
||||
rfc5280.SubjectInformationAccess = asn1.define('SubjectInformationAccess', function() {
|
||||
this.seqof(AccessDescription);
|
||||
});
|
||||
|
||||
/**
|
||||
* Debug
|
||||
*/
|
||||
|
|
Loading…
Reference in New Issue