Browse Source

paypro: refactoring. handle unkown extension.

patch-2
Christopher Jeffrey 11 years ago
parent
commit
379578aa15
  1. 94
      lib/PayPro.js

94
lib/PayPro.js

@ -143,9 +143,11 @@ PayPro.prototype.x509Verify = function() {
//
// Handle Cert Extensions
// http://www.ietf.org/rfc/rfc3280.txt
// http://www.ietf.org/rfc/rfc5280.txt
// http://tools.ietf.org/html/rfc5280#section-4.2
//
var extensions = rfc5280.decodeExtensions(c, { partial: false });
var extensions = rfc5280.decodeExtensions(c, { partial: true });
var extensionsVerified = extensions.verified;
// Object.keys(extensions).forEach(function(key) {
@ -535,13 +537,6 @@ rfc5280.EDIPartyName = asn1.define('EDIPartyName', function() {
);
});
// https://www.google.com/search?q=IA5String
// https://en.wikipedia.org/wiki/IA5STRING
// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540805(v=vs.85).aspx
// https://www.google.com/search?q=TeletexString
// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540814(v=vs.85).aspx
/**
* ##### DirectoryString
*/
@ -575,19 +570,6 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() {
var KeyUsage =
rfc5280.KeyUsage = asn1.define('KeyUsage', function() {
this.bitstr();
// keyUsage = {
// digitalSignature: !!((data >> 0) & 1),
// nonRepudiation: !!((data >> 1) & 1),
// // nonRepudiation renamed to contentCommitment:
// contentCommitment: !!((data >> 1) & 1),
// keyEncipherment: !!((data >> 2) & 1),
// dataEncipherment: !!((data >> 3) & 1),
// keyAgreement: !!((data >> 4) & 1),
// keyCertSign: !!((data >> 5) & 1),
// cRLSign: !!((data >> 6) & 1),
// encipherOnly: !!((data >> 7) & 1),
// decipherOnly: !!((data >> 8) & 1)
// };
});
/**
@ -860,16 +842,6 @@ rfc5280.RelativeDistinguishedName = asn1.define('RelativeDistinguishedName', fun
var ReasonFlags =
rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() {
this.bitstr();
// ReasonFlags ::= BIT STRING {
// unused (0),
// keyCompromise (1),
// cACompromise (2),
// affiliationChanged (3),
// superseded (4),
// cessationOfOperation (5),
// certificateHold (6),
// privilegeWithdrawn (7),
// aACompromise (8) }
});
/**
@ -928,6 +900,17 @@ rfc5280.SubjectInformationAccess = asn1.define('SubjectInformationAccess', funct
this.seqof(AccessDescription);
});
/**
* XXX
* # Unknown Extension
*/
var UnknownExtension =
rfc5280.UnknownExtension = asn1.define('UnknownExtension', function() {
this.any();
});
rfc5280.extensions = {
standard: {
// id-ce extensions - Standard Extensions
@ -938,6 +921,7 @@ rfc5280.extensions = {
15: {
name: 'Key Usage',
parse: function(decoded, cert, ext, edata) {
// For bitstr: KeyUsage
var data = decoded.data[0];
return {
digitalSignature: !!((data >> 0) & 1),
@ -970,43 +954,43 @@ rfc5280.extensions = {
name: 'CRL Distribution Points',
parse: function(decoded, cert, ext, edata) {
// XXX Find the bitstr: ReasonFlags
console.log('###########################');
console.log(decoded);
console.log(cert);
console.log(ext);
console.log(edata);
console.log('###########################');
// XXX Find the bitstr: ReasonFlags
// var data = CRLDistributionPoints.DistributionPoint.reasons;
// return {
// unused: !!((data >> 0) & 1),
// keyCompromise: !!((data >> 1) & 1),
// cACompromise: !!((data >> 2) & 1),
// affiliationChanged: !!((data >> 3) & 1),
// superseded: !!((data >> 4) & 1),
// cessationOfOperation: !!((data >> 5) & 1),
// certificateHold: !!((data >> 6) & 1),
// privilegeWithdrawn: !!((data >> 7) & 1),
// aACompromise: !!((data >> 8) & 1)
// };
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
print(decoded);
print(cert);
print(ext);
print(edata);
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
return decoded;
// For bitstr: ReasonFlags
var data = decoded.CRLDistributionPoints.DistributionPoint.reasons;
return {
unused: !!((data >> 0) & 1),
keyCompromise: !!((data >> 1) & 1),
cACompromise: !!((data >> 2) & 1),
affiliationChanged: !!((data >> 3) & 1),
superseded: !!((data >> 4) & 1),
cessationOfOperation: !!((data >> 5) & 1),
certificateHold: !!((data >> 6) & 1),
privilegeWithdrawn: !!((data >> 7) & 1),
aACompromise: !!((data >> 8) & 1)
};
},
execute: function(cert) {
return cert;
}
},
54: 'Inhibit anyPolicy',
46: 'Freshest CRL',
// Unknown Extension (not documented anywhere, probably non-standard)
_: 'Unknown Extension'
46: 'Freshest CRL'
},
// id-pe extensions - Private Internet Extensions
priv: {
// Unknown extension: 1.3.6.1.5.5.7.1.1
prefix: [1, 3, 6, 1, 5, 5, 7],
1: 'Authority Information Access',
11: 'Subject Information Access',
// Unknown Extension (not documented anywhere, probably non-standard)
_: 'Unknown Extension'
'1.1': 'Unknown Extension'
}
};
@ -1134,7 +1118,7 @@ rfc5280.decodeExtensions = function(cert, options) {
}
}
extensions.verified = !extensions.unknown.filter(function(ext) {
output.verified = !output.unknown.filter(function(ext) {
return ext.critical;
}).length;

Loading…
Cancel
Save