zcash-hackworks
/
bitcore-lib-zcash
mirror of https://github.com/zcash-hackworks/bitcore-lib-zcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

paypro: handle untrusted certs on browser and node.

This commit is contained in:
Christopher Jeffrey 2014-07-16 18:23:37 -07:00
parent f79a31ff3c
commit f7e89b6a58
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/PayPro.js
View File

@ -3,6 +3,14 @@ var protobufjs = protobufjs || require('protobufjs/dist/ProtoBuf');
var Message = Message || require('./Message');
var KJUR = require('jsrsasign');
var Trusted = require('./RootCerts');
// Use hash table for efficiency:
Trusted = Trusted.reduce(function(out, cert) {
cert = cert.replace(/\s+/g, '');
trusted[cert] = true;
return trusted;
}, {});
// BIP 70 - payment protocol
function PayPro() {
@ -215,6 +223,19 @@ PayPro.prototype.sign = function(key) {
var pki_data = this.get('pki_data'); // contains one or more x509 certs
var details = this.get('serialized_payment_details');
var type = pki_type.split('+')[1].toUpperCase();
pki_data = pki_data && Array.isArray(pki_data)
? pki_data[0]
: pki_data;
var der = pki_data.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
if (!Trusted[pem.replace(/\s+/g, '')]) {
throw new Error('Unstrusted certificate.');
}
var signature = crypto.createSign('RSA-' + type);
var buf = this.serializeForSig();
signature.update(buf);
@ -245,10 +266,11 @@ PayPro.prototype.verify = function() {
var details = this.get('serialized_payment_details');
var buf = this.serializeForSig();
var type = pki_type.split('+')[1].toUpperCase();
var verifier = crypto.createVerify('RSA-' + type);
verifier.update(buf);
pki_data = pki_data && pki_data.unshift
pki_data = Array.isArray(pki_data)
? pki_data[0]
: pki_data;
@ -256,6 +278,10 @@ PayPro.prototype.verify = function() {
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
if (!Trusted[pem.replace(/\s+/g, '')]) {
throw new Error('Unstrusted certificate.');
}
// return verifier.verify(pub, sig);
return verifier.verify(pem, sig);
} else if (pki_type === 'none') {

8
lib/browser/PayPro.js
View File

@ -37,6 +37,10 @@ PayPro.sign = function(key) {
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
if (!Trusted[pem.replace(/\s+/g, '')]) {
throw new Error('Unstrusted certificate.');
}
var jsrsaSig = new KJUR.crypto.Signature({
alg: type + 'withRSA',
prov: 'cryptojs/jsrsa'
@ -84,6 +88,10 @@ PayPro.verify = function() {
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pub = KJUR.KEYUTIL.getHexFromPEM(pem, 'PUBLIC KEY')
if (!Trusted[pem.replace(/\s+/g, '')]) {
throw new Error('Unstrusted certificate.');
}
jsrsaSig.initVerifyByCertificatePEM(pem);
jsrsaSig.updateHex(buf.toString('hex'));