lukechilds
/
bitcoincashjs
mirror of https://github.com/lukechilds/bitcoincashjs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

paypro: more comments. debug.

patch-2
Christopher Jeffrey 11 years ago
parent
852ee54e36
commit
12c56854b9
1 changed files with 14 additions and 78 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 92
      lib/PayPro.js

92
lib/PayPro.js
View File

@ -64,28 +64,6 @@ PayPro.prototype.x509Verify = function() {
var chain = pki_data; var chain = pki_data;
/*
var anchor = rfc3280.Certificate.decode(
new Buffer(chain[0].toString('hex'), 'hex'), 'der');
var anSigAlg = PayPro.getAlgorithm(anchor.signatureAlgorithm.algorithm, 1);
var anSig = anchor.signature.data;
var ca = rfc3280.Certificate.decode(
new Buffer(chain[chain.length - 1].toString('hex'), 'hex'), 'der');
var caPubKeyAlg = PayPro.getAlgorithm(
ca.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm);
var caPubKey = ca.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
caPubKey = self._DERtoPEM(caPubKey, caPubKeyAlg + ' PUBLIC KEY');
*/
// Verifying the cert chain:
// 1. Extract public key from next certificate.
// 2. Extract signature from current certificate.
// 3. If current cert is not trusted, verify that the current cert is signed
// by NEXT by the certificate.
// NOTE: What to do when the certificate is
// revoked -> Hit CRL Distribution Points URL
var chainVerified = chain.every(function(cert, i) { var chainVerified = chain.every(function(cert, i) {
var der = cert.toString('hex'); var der = cert.toString('hex');
var pem = self._DERtoPEM(der, 'CERTIFICATE'); var pem = self._DERtoPEM(der, 'CERTIFICATE');
@ -155,43 +133,13 @@ PayPro.prototype.x509Verify = function() {
}); });
}); });
//
// Handle Cert Extensions
//
var extensions = rfc5280.decodeExtensions(c, 'der', { partial: false });
var extensionsVerified = extensions.verified;
// The two most important extensions:
// "The keyIdentifier field of the authorityKeyIdentifier extension MUST be
// included in all certificates generated by conforming CAs to facilitate
// certification path construction."
// var aki = extensions.authorityKeyIdentifier;
// aki.sha1Key = aki.raw.slice(4, 24);
// var ski = extensions.subjectKeyIdentifier;
// ski.sha1Key = ski.decoded;
// var ku = extensions.keyUsage;
// Next Extensions:
// var nextensions = rfc5280.decodeExtensions(nc, 'der', { partial: false });
// var nextensionsVerified = nextensions.verified;
// var naki = nextensions.authorityKeyIdentifier;
// naki.sha1Key = naki.raw.slice(4, 24);
// var nski = nextensions.subjectKeyIdentifier;
// nski.sha1Key = nski.decoded;
// var nku = nextensions.keyUsage;
// Object.keys(extensions).forEach(function(key) {
// if (extensions[key].execute) {
// c = extensions[key].execute(c);
// }
// });
// //
// Verify current certificate signature // Verify current certificate signature
// //
// Create a To-Be-Signed Certificate to verify using asn1.js: // Grab the raw DER To-Be-Signed Certificate to verify:
//var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der'); // First 10 bytes usually look like:
// [ 48, 130, 5, 32, 48, 130, 4, 8, 160, 3 ]
var start = 0; var start = 0;
var starts = 0; var starts = 0;
for (var start = 0; start < data.length; start++) { for (var start = 0; start < data.length; start++) {
@ -203,6 +151,14 @@ PayPro.prototype.x509Verify = function() {
} }
} }
// The bytes *after* the TBS (including the last TBS byte) will look like
// (note the 48 - the start of the sig, and the 122 - the end of the TBS):
// [ 122, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, ... ]
// The certificate in these examples has a `start` of 4, and an `end` of
// 1040. The 4 bytes is the DER SEQ of the Certificate, right before the
// SEQ of the TBSCertificate.
var end = 0; var end = 0;
var ends = 0; var ends = 0;
for (var end = data.length - 1; end > 0; end--) { for (var end = data.length - 1; end > 0; end--) {
@ -214,26 +170,9 @@ PayPro.prototype.x509Verify = function() {
} }
} }
console.log(Array.prototype.slice.call(data.slice(1040))); console.log(Array.prototype.slice.call(data.slice(end - 1)));
console.log(Array.prototype.slice.call(data.slice(0, 10))); console.log(Array.prototype.slice.call(data.slice(0, start + 6)));
console.log(data[1039]); console.log('start=%d, end=%d', start, end);
// start: 4
// end: 1040
/*
for (var start = 0; start < data.length; start++) {
for (var end = 0; end < data.length + 1; end++) {
var tbs = data.slice(start, end);
var verifier = crypto.createVerify('RSA-' + sigAlg);
verifier.update(tbs);
var sigVerified = verifier.verify(npubKey, sig);
if (sigVerified) {
console.log('start: %d', start);
console.log('end: %d', end);
}
}
}
*/
var tbs = data.slice(start, end); var tbs = data.slice(start, end);
@ -241,11 +180,8 @@ PayPro.prototype.x509Verify = function() {
verifier.update(tbs); verifier.update(tbs);
var sigVerified = verifier.verify(npubKey, sig); var sigVerified = verifier.verify(npubKey, sig);
console.log('sigVerified: %s', sigVerified);
return validityVerified return validityVerified
&& issuerVerified && issuerVerified
&& extensionsVerified
&& sigVerified; && sigVerified;
}); });

Write Preview
Loading…
Cancel
Save