commit
b9f3479b12
|
@ -24,28 +24,46 @@ var certUrl = 'https://raw.githubusercontent.com/joyent/node/master/src/node_roo
|
|||
function getRootCerts(callback) {
|
||||
return request(certUrl, function(err, res, body) {
|
||||
if (err) return callback(err);
|
||||
body = body.replace(/,$/, '');
|
||||
body = 'var RootCerts = [\n' + body + '\n];\n';
|
||||
body = body.replace(/,\s*$/, '');
|
||||
body = 'var certs = {\n' + body + '\n};\n';
|
||||
body = body.replace(/^"/gm, '+ "');
|
||||
body = body.replace(/^\+ "-----B/gm, '"-----B');
|
||||
body = body.replace(/\/\*([^*]+)\*\/\n(?=")/g, function(_, name) {
|
||||
var key = name.trim();
|
||||
return '// ' + key + '\n'
|
||||
+ '"' + key + '":\n';
|
||||
});
|
||||
body += ''
|
||||
+ '\n'
|
||||
+ '// Use hash table for efficiency:\n'
|
||||
+ 'RootCerts = RootCerts.reduce(function(trusted, cert) {\n'
|
||||
+ ' cert = cert.replace(/\\s+/g, "");\n'
|
||||
+ ' trusted[cert] = true;\n'
|
||||
+ 'var trusted = Object.keys(certs).reduce(function(trusted, key) {\n'
|
||||
+ ' var pem = certs[key];\n'
|
||||
+ ' pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");\n'
|
||||
+ ' pem = pem.replace(/-----END CERTIFICATE-----/g, "");\n'
|
||||
+ ' pem = pem.replace(/\\s+/g, "");\n'
|
||||
+ ' trusted[pem] = key;\n'
|
||||
+ ' return trusted;\n'
|
||||
+ '}, {});\n'
|
||||
+ '\n'
|
||||
+ 'function isTrusted(pem) {\n'
|
||||
+ 'function getTrusted(pem) {\n'
|
||||
+ ' pem = pem + "";\n'
|
||||
+ ' pem = pem.replace(/-----BEGIN CERTIFICATE-----/g, "");\n'
|
||||
+ ' pem = pem.replace(/-----END CERTIFICATE-----/g, "");\n'
|
||||
+ ' pem = pem.replace(/\\s+/g, "");\n'
|
||||
+ ' return !!RootCerts[pem];\n'
|
||||
+ ' if (!Object.prototype.hasOwnProperty.call(certs, pem)) return;\n'
|
||||
+ ' return certs[pem];\n'
|
||||
+ '}\n'
|
||||
+ '\n'
|
||||
+ 'exports = RootCerts;\n'
|
||||
+ 'exports.isTrusted = isTrusted;\n'
|
||||
+ 'module.exports = exports;\n';
|
||||
+ 'function getCert(name) {\n'
|
||||
+ ' name = name.replace(/^\s+|\s+$/g, "");\n'
|
||||
+ ' if (!Object.prototype.hasOwnProperty.call(trusted, name)) return;\n'
|
||||
+ ' return trusted[name];\n'
|
||||
+ '}\n'
|
||||
+ '\n'
|
||||
+ 'exports.certs = certs;\n'
|
||||
+ 'exports.trusted = trusted;\n'
|
||||
+ 'exports.getCert = getCert;\n'
|
||||
+ 'exports.getTrusted = getTrusted;\n';
|
||||
return callback(null, body);
|
||||
});
|
||||
}
|
||||
|
@ -181,9 +199,14 @@ function main(argv, callback) {
|
|||
callback = argv;
|
||||
argv = null;
|
||||
}
|
||||
console.log('Retrieving root certs from: %s', certUrl);
|
||||
return getRootCerts(function(err, certs) {
|
||||
var file = path.resolve(__dirname, '..', 'lib', 'common', 'RootCerts.js');
|
||||
return fs.writeFile(file, certs, callback);
|
||||
return fs.writeFile(file, certs, function(err) {
|
||||
if (err) return callback(err);
|
||||
console.log('Root cert code generated at: %s.', file);
|
||||
return callback();
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
@ -16,15 +16,19 @@ PayPro.prototype.x509Sign = function(key) {
|
|||
var details = this.get('serialized_payment_details');
|
||||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
var trusted = [].concat(pki_data).every(function(cert) {
|
||||
var trusted = pki_data.map(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
||||
return RootCerts.isTrusted(pem);
|
||||
return RootCerts.getTrusted(pem);
|
||||
});
|
||||
|
||||
if (!trusted) {
|
||||
// XXX Figure out what to do here
|
||||
// XXX Figure out what to do here
|
||||
if (!trusted.length) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
} else {
|
||||
trusted.forEach(function(name) {
|
||||
// console.log('Certificate: %s', name);
|
||||
});
|
||||
}
|
||||
|
||||
var signature = crypto.createSign('RSA-' + type);
|
||||
|
@ -49,13 +53,16 @@ PayPro.prototype.x509Verify = function() {
|
|||
var verifier = crypto.createVerify('RSA-' + type);
|
||||
verifier.update(buf);
|
||||
|
||||
return [].concat(pki_data).every(function(cert) {
|
||||
return pki_data.every(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = self._DERtoPEM(der, 'CERTIFICATE');
|
||||
|
||||
if (!RootCerts.isTrusted(pem)) {
|
||||
// XXX Figure out what to do here
|
||||
var name = RootCerts.getTrusted(pem);
|
||||
// XXX Figure out what to do here
|
||||
if (!name) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
} else {
|
||||
// console.log('Certificate: %s', name);
|
||||
}
|
||||
|
||||
return verifier.verify(pem, sig);
|
||||
|
|
|
@ -18,15 +18,19 @@ PayPro.prototype.x509Sign = function(key) {
|
|||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
var buf = this.serializeForSig();
|
||||
|
||||
var trusted = [].concat(pki_data).every(function(cert) {
|
||||
var trusted = pki_data.map(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
return RootCerts.isTrusted(pem);
|
||||
return RootCerts.getTrusted(pem);
|
||||
});
|
||||
|
||||
if (!trusted) {
|
||||
// XXX Figure out what to do here
|
||||
// XXX Figure out what to do here
|
||||
if (!trusted.length) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
} else {
|
||||
trusted.forEach(function(name) {
|
||||
// console.log('Certificate: %s', name);
|
||||
});
|
||||
}
|
||||
|
||||
var rsa = new KJUR.RSAKey();
|
||||
|
@ -34,13 +38,10 @@ PayPro.prototype.x509Sign = function(key) {
|
|||
key = rsa;
|
||||
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type.toUpperCase() + 'withRSA',
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
|
||||
// XXX Could use this?
|
||||
//jsrsaSig.initSign(key);
|
||||
|
||||
jsrsaSig.init(key);
|
||||
|
||||
jsrsaSig.updateHex(buf.toString('hex'));
|
||||
|
@ -59,17 +60,20 @@ PayPro.prototype.x509Verify = function(key) {
|
|||
var type = pki_type.split('+')[1].toUpperCase();
|
||||
|
||||
var jsrsaSig = new KJUR.crypto.Signature({
|
||||
alg: type.toUpperCase() + 'withRSA',
|
||||
alg: type + 'withRSA',
|
||||
prov: 'cryptojs/jsrsa'
|
||||
});
|
||||
|
||||
return [].concat(pki_data).every(function(cert) {
|
||||
return pki_data.every(function(cert) {
|
||||
var der = cert.toString('hex');
|
||||
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
|
||||
|
||||
if (!RootCerts.isTrusted(pem)) {
|
||||
// XXX Figure out what to do here
|
||||
// XXX Figure out what to do here
|
||||
var name = RootCerts.getTrusted(pem);
|
||||
if (!name) {
|
||||
// throw new Error('Unstrusted certificate.');
|
||||
} else {
|
||||
// console.log('Certificate: %s', name);
|
||||
}
|
||||
|
||||
jsrsaSig.initVerifyByCertificatePEM(pem);
|
||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue