|
|
@ -107,6 +107,19 @@ PayPro.prototype.x509Verify = function() { |
|
|
|
var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1); |
|
|
|
var sig = c.signature.data; |
|
|
|
|
|
|
|
//
|
|
|
|
// Check Validity of Certificates
|
|
|
|
//
|
|
|
|
var validityVerified = true; |
|
|
|
var now = Date.now(); |
|
|
|
var cBefore = c.tbsCertificate.validity.notBefore.value; |
|
|
|
var cAfter = c.tbsCertificate.validity.notAfter.value; |
|
|
|
var nBefore = nc.tbsCertificate.validity.notBefore.value; |
|
|
|
var nAfter = nc.tbsCertificate.validity.notAfter.value; |
|
|
|
if (cBefore > now || cAfter < now || nBefore > now || nAfter < now) { |
|
|
|
validityVerified = false; |
|
|
|
} |
|
|
|
|
|
|
|
//
|
|
|
|
// Check the Issuer matches the Subject of the next certificate:
|
|
|
|
//
|
|
|
@ -132,7 +145,6 @@ PayPro.prototype.x509Verify = function() { |
|
|
|
// Handle Cert Extensions
|
|
|
|
// http://tools.ietf.org/html/rfc5280#section-4.2
|
|
|
|
//
|
|
|
|
|
|
|
|
var ext; |
|
|
|
var eid; |
|
|
|
var extensions = { |
|
|
@ -153,30 +165,31 @@ PayPro.prototype.x509Verify = function() { |
|
|
|
switch (eid[3]) { |
|
|
|
// Basic Constraints
|
|
|
|
case 19: |
|
|
|
extensions.basicConstraints = ext; |
|
|
|
extensions.basicConstraints = ext.extnValue; |
|
|
|
break; |
|
|
|
// Key Usage
|
|
|
|
case 15: |
|
|
|
extensions.keyUsage = ext; |
|
|
|
extensions.keyUsage = ext.extnValue; |
|
|
|
break; |
|
|
|
// Subject Key Identifier
|
|
|
|
case 14: |
|
|
|
extensions.subjectKeyIdentifier = ext; |
|
|
|
extensions.subjectKeyIdentifier = ext.extnValue; |
|
|
|
break; |
|
|
|
// Authority Key Identifier
|
|
|
|
case 35: |
|
|
|
extensions.authKeyIdentifier = ext; |
|
|
|
extensions.authKeyIdentifier = ext.extnValue; |
|
|
|
break; |
|
|
|
// CRL Distribution Points
|
|
|
|
case 31: |
|
|
|
extensions.CRLDistributionPoints = ext; |
|
|
|
extensions.CRLDistributionPoints = ext.extnValue; |
|
|
|
break; |
|
|
|
// Certificate Policies
|
|
|
|
case 32: |
|
|
|
extensions.certificatePolicies = ext; |
|
|
|
extensions.certificatePolicies = ext.extnValue; |
|
|
|
break; |
|
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
|
default: |
|
|
|
extensions.unknown.push(ext); |
|
|
|
extensions.standardUnknown.push(ext); |
|
|
|
break; |
|
|
|
} |
|
|
@ -185,10 +198,16 @@ PayPro.prototype.x509Verify = function() { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
var rejectUnknown = !!extensions.unknown.filter(function(ext) { |
|
|
|
return ext.critical; |
|
|
|
}).length; |
|
|
|
|
|
|
|
print(c); |
|
|
|
print(nc); |
|
|
|
print('issuerVerified: %s', issuerVerified); |
|
|
|
print(extensions); |
|
|
|
print('issuerVerified: %s', issuerVerified); |
|
|
|
print('rejectUnknown: %s', rejectUnknown); |
|
|
|
print('validityVerified: %s', validityVerified); |
|
|
|
|
|
|
|
//
|
|
|
|
// Create a To-Be-Signed Certificate to verify using asn1.js:
|
|
|
|