lukechilds
/
bitcoincashjs
mirror of https://github.com/lukechilds/bitcoincashjs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

paypro: add returnTrust to sign(). minor improvements.

patch-2
Christopher Jeffrey 11 years ago
parent
dea39d1c72
commit
18c38ae67a
3 changed files with 55 additions and 40 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 50
      lib/PayPro.js
  2. 38
      lib/browser/PayPro.js
  3. 7
      lib/common/PayPro.js

50
lib/PayPro.js
View File

@ -9,35 +9,41 @@ var PayPro = require('./common/PayPro');
var asn1 = require('asn1.js'); var asn1 = require('asn1.js');
var rfc3280 = require('asn1.js/rfc/3280'); var rfc3280 = require('asn1.js/rfc/3280');
PayPro.prototype.x509Sign = function(key) { PayPro.prototype.x509Sign = function(key, returnTrust) {
var self = this; var self = this;
var crypto = require('crypto'); var crypto = require('crypto');
var pki_type = this.get('pki_type'); var pki_type = this.get('pki_type');
var pki_data = this.get('pki_data'); // contains one or more x509 certs var pki_data = this.get('pki_data');
pki_data = PayPro.X509Certificates.decode(pki_data); pki_data = PayPro.X509Certificates.decode(pki_data);
pki_data = pki_data.certificate; pki_data = pki_data.certificate;
var details = this.get('serialized_payment_details'); var details = this.get('serialized_payment_details');
var type = pki_type.split('+')[1].toUpperCase(); var type = pki_type.split('+')[1].toUpperCase();
var trusted = pki_data.map(function(cert) {
var der = cert.toString('hex');
var pem = self._DERtoPEM(der, 'CERTIFICATE');
return RootCerts.getTrusted(pem);
});
// XXX Figure out what to do here
if (!trusted.length) {
// throw new Error('Unstrusted certificate.');
} else {
trusted.forEach(function(name) {
// console.log('Certificate: %s', name);
});
}
var signature = crypto.createSign('RSA-' + type); var signature = crypto.createSign('RSA-' + type);
var buf = this.serializeForSig(); var buf = this.serializeForSig();
signature.update(buf); signature.update(buf);
var sig = signature.sign(key); var sig = signature.sign(key);
if (returnTrust) {
var cert = pki_data[pki_data.length - 1];
var der = cert.toString('hex');
var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
var caName = RootCerts.getTrusted(pem);
var selfSigned = 0;
if (!caName) {
selfSigned = pki_data.length > 1
? -1
: 1;
}
return {
selfSigned: selfSigned,
isChain: pki_data.length > 1,
signature: sig,
caTrusted: !!caName,
caName: caName || null
};
}
return sig; return sig;
}; };
@ -58,7 +64,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
var signedCert = pki_data[0]; var signedCert = pki_data[0];
var der = signedCert.toString('hex'); var der = signedCert.toString('hex');
var pem = this._DERtoPEM(der, 'CERTIFICATE'); var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
var verified = verifier.verify(pem, sig); var verified = verifier.verify(pem, sig);
var chain = pki_data; var chain = pki_data;
@ -68,7 +74,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
// //
var issuer = chain[chain.length - 1]; var issuer = chain[chain.length - 1];
der = issuer.toString('hex'); der = issuer.toString('hex');
pem = this._DERtoPEM(der, 'CERTIFICATE'); pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
var caName = RootCerts.getTrusted(pem); var caName = RootCerts.getTrusted(pem);
if (chain.length === 1 && !caName) { if (chain.length === 1 && !caName) {
@ -103,7 +109,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
var chainVerified = chain.every(function(cert, i) { var chainVerified = chain.every(function(cert, i) {
var der = cert.toString('hex'); var der = cert.toString('hex');
var pem = self._DERtoPEM(der, 'CERTIFICATE'); var pem = PayPro.DERtoPEM(der, 'CERTIFICATE');
var name = RootCerts.getTrusted(pem); var name = RootCerts.getTrusted(pem);
var ncert = chain[i + 1]; var ncert = chain[i + 1];
@ -116,7 +122,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
return true; return true;
} }
var nder = ncert.toString('hex'); var nder = ncert.toString('hex');
var npem = self._DERtoPEM(nder, 'CERTIFICATE'); var npem = PayPro.DERtoPEM(nder, 'CERTIFICATE');
// //
// Get Public Key from next certificate: // Get Public Key from next certificate:
@ -126,7 +132,7 @@ PayPro.prototype.x509Verify = function(returnTrust) {
var npubKeyAlg = PayPro.getAlgorithm( var npubKeyAlg = PayPro.getAlgorithm(
nc.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm); nc.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm);
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
npubKey = self._DERtoPEM(npubKey, npubKeyAlg + ' PUBLIC KEY'); npubKey = PayPro.DERtoPEM(npubKey, npubKeyAlg + ' PUBLIC KEY');
// //
// Get Signature Value from current certificate: // Get Signature Value from current certificate:

38
lib/browser/PayPro.js
View File

@ -13,7 +13,7 @@ var rfc3280 = require('asn1.js/rfc/3280');
// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign // http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign
// http://kjur.github.io/jsrsasign/api/symbols/RSAKey.html // http://kjur.github.io/jsrsasign/api/symbols/RSAKey.html
PayPro.prototype.x509Sign = function(key) { PayPro.prototype.x509Sign = function(key, returnTrust) {
var pki_type = this.get('pki_type'); var pki_type = this.get('pki_type');
var pki_data = this.get('pki_data'); // contains one or more x509 certs var pki_data = this.get('pki_data'); // contains one or more x509 certs
pki_data = PayPro.X509Certificates.decode(pki_data); pki_data = PayPro.X509Certificates.decode(pki_data);
@ -21,21 +21,6 @@ PayPro.prototype.x509Sign = function(key) {
var type = pki_type.split('+')[1].toUpperCase(); var type = pki_type.split('+')[1].toUpperCase();
var buf = this.serializeForSig(); var buf = this.serializeForSig();
var trusted = pki_data.map(function(cert) {
var der = cert.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
return RootCerts.getTrusted(pem);
});
// XXX Figure out what to do here
if (!trusted.length) {
// throw new Error('Unstrusted certificate.');
} else {
trusted.forEach(function(name) {
// console.log('Certificate: %s', name);
});
}
var rsa = new KJUR.RSAKey(); var rsa = new KJUR.RSAKey();
rsa.readPrivateKeyFromPEMString(key.toString()); rsa.readPrivateKeyFromPEMString(key.toString());
key = rsa; key = rsa;
@ -50,6 +35,27 @@ PayPro.prototype.x509Sign = function(key) {
jsrsaSig.updateHex(buf.toString('hex')); jsrsaSig.updateHex(buf.toString('hex'));
var sig = new Buffer(jsrsaSig.sign(), 'hex'); var sig = new Buffer(jsrsaSig.sign(), 'hex');
if (returnTrust) {
var cert = pki_data[pki_data.length - 1];
var der = cert.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
var caName = RootCerts.getTrusted(pem);
var selfSigned = 0;
if (!caName) {
selfSigned = pki_data.length > 1
? -1
: 1;
}
return {
selfSigned: selfSigned,
isChain: pki_data.length > 1,
signature: sig,
caTrusted: !!caName,
caName: caName || null
};
}
return sig; return sig;
}; };

7
lib/common/PayPro.js
View File

@ -316,7 +316,7 @@ PayPro.prototype.deserialize = function(buf, messageType) {
return this; return this;
}; };
PayPro.prototype.sign = function(key) { PayPro.prototype.sign = function(key, returnTrust) {
if (this.messageType !== 'PaymentRequest') if (this.messageType !== 'PaymentRequest')
throw new Error('Signing can only be performed on a PaymentRequest'); throw new Error('Signing can only be performed on a PaymentRequest');
@ -325,7 +325,7 @@ PayPro.prototype.sign = function(key) {
if (pki_type === 'SIN') { if (pki_type === 'SIN') {
var sig = this.sinSign(key); var sig = this.sinSign(key);
} else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') { } else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') {
var sig = this.x509Sign(key); var sig = this.x509Sign(key, returnTrust);
} else if (pki_type === 'none') { } else if (pki_type === 'none') {
return this; return this;
} else { } else {
@ -371,10 +371,12 @@ PayPro.prototype.sinVerify = function() {
// Helpers // Helpers
PayPro.PEMtoDER =
PayPro.prototype._PEMtoDER = function(pem) { PayPro.prototype._PEMtoDER = function(pem) {
return this._PEMtoDERParam(pem); return this._PEMtoDERParam(pem);
}; };
PayPro.PEMtoDERParam =
PayPro.prototype._PEMtoDERParam = function(pem, param) { PayPro.prototype._PEMtoDERParam = function(pem, param) {
if (Buffer.isBuffer(pem)) { if (Buffer.isBuffer(pem)) {
pem = pem.toString(); pem = pem.toString();
@ -392,6 +394,7 @@ PayPro.prototype._PEMtoDERParam = function(pem, param) {
}).filter(Boolean); }).filter(Boolean);
}; };
PayPro.DERtoPEM =
PayPro.prototype._DERtoPEM = function(der, type) { PayPro.prototype._DERtoPEM = function(der, type) {
if (typeof der === 'string') { if (typeof der === 'string') {
der = new Buffer(der, 'hex'); der = new Buffer(der, 'hex');

Write Preview
Loading…
Cancel
Save