zcash-hackworks
/
bitcore-lib-zcash
mirror of https://github.com/zcash-hackworks/bitcore-lib-zcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

paypro: immediately detect self signed certs and untrusted CAs.

This commit is contained in:
Christopher Jeffrey 2014-08-28 18:13:56 -07:00
parent f34b98d253
commit dea39d1c72
2 changed files with 87 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
lib/PayPro.js
View File

@ -63,6 +63,44 @@ PayPro.prototype.x509Verify = function(returnTrust) {
var chain = pki_data;
//
// Get the CA cert's name
//
var issuer = chain[chain.length - 1];
der = issuer.toString('hex');
pem = this._DERtoPEM(der, 'CERTIFICATE');
var caName = RootCerts.getTrusted(pem);
if (chain.length === 1 && !caName) {
if (returnTrust) {
return {
selfSigned: 1, // yes
isChain: false,
verified: verified,
caTrusted: false,
caName: null,
chainVerified: false
};
}
return verified;
}
// If there's no trusted root cert, don't
// bother validating the cert chain.
if (!caName) {
if (returnTrust) {
return {
selfSigned: -1, // unknown
isChain: chain.length > 1,
verified: verified,
caTrusted: false,
caName: null,
chainVerified: false
};
}
return verified;
}
var chainVerified = chain.every(function(cert, i) {
var der = cert.toString('hex');
var pem = self._DERtoPEM(der, 'CERTIFICATE');
@ -71,7 +109,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
var ncert = chain[i + 1];
// The root cert, check if it's trusted:
if (!ncert || name) {
if (!ncert && !name) {
if (!name) {
return false;
}
chain.length = 0;
@ -127,7 +165,11 @@ PayPro.prototype.x509Verify = function(returnTrust) {
if (returnTrust) {
return {
selfSigned: 0, // no
isChain: true,
verified: verified,
caTrusted: !!caName,
caName: caName || null,
chainVerified: chainVerified
};
}

45
lib/browser/PayPro.js
View File

@ -77,6 +77,45 @@ PayPro.prototype.x509Verify = function(returnTrust) {
var chain = pki_data;
//
// Get the CA cert's name
//
var issuer = chain[chain.length - 1];
der = issuer.toString('hex');
// pem = this._DERtoPEM(der, 'CERTIFICATE');
pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
var caName = RootCerts.getTrusted(pem);
if (chain.length === 1 && !caName) {
if (returnTrust) {
return {
selfSigned: 1, // yes
isChain: false,
verified: verified,
caTrusted: false,
caName: null,
chainVerified: false
};
}
return verified;
}
// If there's no trusted root cert, don't
// bother validating the cert chain.
if (!caName) {
if (returnTrust) {
return {
selfSigned: -1, // unknown
isChain: chain.length > 1,
verified: verified,
caTrusted: false,
caName: null,
chainVerified: false
};
}
return verified;
}
var chainVerified = chain.every(function(cert, i) {
var der = cert.toString('hex');
// var pem = self._DERtoPEM(der, 'CERTIFICATE');
@ -86,7 +125,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
var ncert = chain[i + 1];
// The root cert, check if it's trusted:
if (!ncert || name) {
if (!ncert && !name) {
if (!name) {
return false;
}
chain.length = 0;
@ -149,7 +188,11 @@ PayPro.prototype.x509Verify = function(returnTrust) {
if (returnTrust) {
return {
selfSigned: 0, // no
isChain: true,
verified: verified,
caTrusted: !!caName,
caName: caName || null,
chainVerified: chainVerified
};
}