From 189dcb1b6f95ca2c102a96b53f70a61cf7c0b930 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Mon, 25 Aug 2014 15:42:27 -0700 Subject: [PATCH] paypro: implement id parsing properly. --- lib/PayPro.js | 67 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 54 insertions(+), 13 deletions(-) diff --git a/lib/PayPro.js b/lib/PayPro.js index 6d4c366..fcb4409 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -172,6 +172,8 @@ PayPro.prototype.x509Verify = function() { for (var i = 0; i < nc.tbsCertificate.extensions.length; i++) { ext = nc.tbsCertificate.extensions[i]; eid = ext.extnID; + + // id-ce extensions - Standard Extensions if (eid.length === 4 && eid[0] === 2 && eid[1] === 5 && eid[2] === 29) { switch (eid[3]) { // Authority Key Identifier @@ -191,19 +193,19 @@ PayPro.prototype.x509Verify = function() { extensions.certificatePolicies = ext.extnValue; break; // Policy Mappings - case 0: + case 33: extensions.policyMappings = ext.extnValue; break; // Subject Alternative Name - case 0: + case 17: extensions.subjectAlternativeName = ext.extnValue; break; // Issuer Alternative Name - case 0: + case 18: extensions.issuerAlternativeName = ext.extnValue; break; // Subject Directory Attributes - case 0: + case 9: extensions.subjectDirectoryAttributes = ext.extnValue; break; // Basic Constraints @@ -211,15 +213,15 @@ PayPro.prototype.x509Verify = function() { extensions.basicConstraints = ext.extnValue; break; // Name Constraints - case 0: + case 30: extensions.nameConstraints = ext.extnValue; break; // Policy Constraints - case 0: + case 36: extensions.policyConstraints = ext.extnValue; break; // Extended Key Usage - case 0: + case 37: extensions.extendedKeyUsage = ext.extnValue; break; // CRL Distribution Points @@ -227,19 +229,40 @@ PayPro.prototype.x509Verify = function() { extensions.CRLDistributionPoints = ext.extnValue; break; // Inhibit anyPolicy - case 0: + case 54: extensions.inhibitAnyPolicy = ext.extnValue; break; // Freshest CRL - case 0: + case 46: extensions.freshestCRL = ext.extnValue; break; + // Unknown Extension (not documented anywhere, probably non-standard) + default: + extensions.unknown.push(ext); + extensions.standardUnknown.push(ext); + break; + } + continue; + } + + // id-pe extensions - Private Internet Extensions + if (eid.length === 8 + && eid[0] === 1 + && eid[1] === 3 + && eid[2] === 6 + && eid[3] === 1 + && eid[4] === 5 + && eid[5] === 5 + && eid[6] === 7) { + switch (eid[3]) { // Authority Information Access - case 0: + // id-pe: + case 1: extensions.authorityInformationAccess = ext.extnValue; break; // Subject Information Access - case 0: + // id-pe: + case 11: extensions.subjectInformationAccess = ext.extnValue; break; // Unknown Extension (not documented anywhere, probably non-standard) @@ -248,9 +271,10 @@ PayPro.prototype.x509Verify = function() { extensions.standardUnknown.push(ext); break; } - } else { - extensions.unknown.push(ext); + continue; } + + extensions.unknown.push(ext); } var extensionsVerified = !extensions.unknown.filter(function(ext) { @@ -329,6 +353,10 @@ PayPro.prototype.x509Verify = function() { var rfc5280 = {}; +/** + * Standard Extensions + */ + /** * 1 * # Authority Key Identifier @@ -640,6 +668,19 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() { var KeyUsage = rfc5280.KeyUsage = asn1.define('KeyUsage', function() { this.bitstr(); + // keyUsage = { + // digitalSignature: !!((data >> 0) & 1), + // nonRepudiation: !!((data >> 1) & 1), + // // nonRepudiation renamed to contentCommitment: + // contentCommitment: !!((data >> 1) & 1), + // keyEncipherment: !!((data >> 2) & 1), + // dataEncipherment: !!((data >> 3) & 1), + // keyAgreement: !!((data >> 4) & 1), + // keyCertSign: !!((data >> 5) & 1), + // cRLSign: !!((data >> 6) & 1), + // encipherOnly: !!((data >> 7) & 1), + // decipherOnly: !!((data >> 8) & 1) + // }; }); /**