lukechilds
/
bitcoincashjs
mirror of https://github.com/lukechilds/bitcoincashjs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

paypro: check issuer. ignore fixed asn1.js bug.

patch-2
Christopher Jeffrey 11 years ago
parent
203b605ebf
commit
18d72309eb
1 changed files with 22 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 39
      lib/PayPro.js

39
lib/PayPro.js
View File

@ -107,33 +107,38 @@ PayPro.prototype.x509Verify = function() {
var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1); var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1);
var sig = c.signature.data; var sig = c.signature.data;
// NOTE - check this in the future: //
// c.tbsCertificate.issuer === nc.tbsCertificate.subject; // Check the Issuer matches the Subject of the next certificate:
//
var issuer = c.tbsCertificate.issuer;
var subject = nc.tbsCertificate.subject;
var issuerVerified = issuer.type === subject.type && issuer.value.every(function(issuerArray, i) {
var subjectArray = subject.value[i];
return issuerArray.every(function(issuerObject, i) {
var subjectObject = subjectArray[i];
var issuerObjectType = issuerObject.type.join('.');
var subjectObjectType = subjectObject.type.join('.');
var issuerObjectValue = issuerObject.value.toString('hex');
var subjectObjectValue = subjectObject.value.toString('hex');
return issuerObjectType === subjectObjectType
&& issuerObjectValue === subjectObjectValue;
});
});
// //
// Create a To-Be-Signed Certificate to verify using asn1.js: // Create a To-Be-Signed Certificate to verify using asn1.js:
// XXX The signature algorithm seems to get mangled here.
// //
// var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der'); var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
var tbs = rfc3280.TBSCertificate.encode({
version: c.tbsCertificate.version,
serialNumber: c.tbsCertificate.serialNumber,
// XXX signature algorithm is different for some reason.
signature: { algorithm: [ 1, 2, 840, 113549, 1, 1, 11 ] },
//signature: c.tbsCertificate.signature,
issuer: c.tbsCertificate.issuer,
validity: c.tbsCertificate.validity,
subject: c.tbsCertificate.subject,
subjectPublicKeyInfo: c.tbsCertificate.subjectPublicKeyInfo,
extensions: c.tbsCertificate.extensions
}, 'der');
// //
// Verify current certificate signature: // Verify current certificate signature:
// //
var verifier = crypto.createVerify('RSA-' + sigAlg); var verifier = crypto.createVerify('RSA-' + sigAlg);
verifier.update(tbs); verifier.update(tbs);
return verifier.verify(npubKey, sig); return verifier.verify(npubKey, sig) && issuerVerified;
}); });
return verified && chainVerified; return verified && chainVerified;

Write Preview
Loading…
Cancel
Save