|
|
@ -143,9 +143,11 @@ PayPro.prototype.x509Verify = function() { |
|
|
|
|
|
|
|
|
//
|
|
|
//
|
|
|
// Handle Cert Extensions
|
|
|
// Handle Cert Extensions
|
|
|
|
|
|
// http://www.ietf.org/rfc/rfc3280.txt
|
|
|
|
|
|
// http://www.ietf.org/rfc/rfc5280.txt
|
|
|
// http://tools.ietf.org/html/rfc5280#section-4.2
|
|
|
// http://tools.ietf.org/html/rfc5280#section-4.2
|
|
|
//
|
|
|
//
|
|
|
var extensions = rfc5280.decodeExtensions(c, { partial: false }); |
|
|
var extensions = rfc5280.decodeExtensions(c, { partial: true }); |
|
|
var extensionsVerified = extensions.verified; |
|
|
var extensionsVerified = extensions.verified; |
|
|
|
|
|
|
|
|
// Object.keys(extensions).forEach(function(key) {
|
|
|
// Object.keys(extensions).forEach(function(key) {
|
|
|
@ -535,13 +537,6 @@ rfc5280.EDIPartyName = asn1.define('EDIPartyName', function() { |
|
|
); |
|
|
); |
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
// https://www.google.com/search?q=IA5String
|
|
|
|
|
|
// https://en.wikipedia.org/wiki/IA5STRING
|
|
|
|
|
|
// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540805(v=vs.85).aspx
|
|
|
|
|
|
|
|
|
|
|
|
// https://www.google.com/search?q=TeletexString
|
|
|
|
|
|
// http://msdn.microsoft.com/en-us/library/windows/desktop/bb540814(v=vs.85).aspx
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
* ##### DirectoryString |
|
|
* ##### DirectoryString |
|
|
*/ |
|
|
*/ |
|
|
@ -575,19 +570,6 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() { |
|
|
var KeyUsage = |
|
|
var KeyUsage = |
|
|
rfc5280.KeyUsage = asn1.define('KeyUsage', function() { |
|
|
rfc5280.KeyUsage = asn1.define('KeyUsage', function() { |
|
|
this.bitstr(); |
|
|
this.bitstr(); |
|
|
// keyUsage = {
|
|
|
|
|
|
// digitalSignature: !!((data >> 0) & 1),
|
|
|
|
|
|
// nonRepudiation: !!((data >> 1) & 1),
|
|
|
|
|
|
// // nonRepudiation renamed to contentCommitment:
|
|
|
|
|
|
// contentCommitment: !!((data >> 1) & 1),
|
|
|
|
|
|
// keyEncipherment: !!((data >> 2) & 1),
|
|
|
|
|
|
// dataEncipherment: !!((data >> 3) & 1),
|
|
|
|
|
|
// keyAgreement: !!((data >> 4) & 1),
|
|
|
|
|
|
// keyCertSign: !!((data >> 5) & 1),
|
|
|
|
|
|
// cRLSign: !!((data >> 6) & 1),
|
|
|
|
|
|
// encipherOnly: !!((data >> 7) & 1),
|
|
|
|
|
|
// decipherOnly: !!((data >> 8) & 1)
|
|
|
|
|
|
// };
|
|
|
|
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
@ -860,16 +842,6 @@ rfc5280.RelativeDistinguishedName = asn1.define('RelativeDistinguishedName', fun |
|
|
var ReasonFlags = |
|
|
var ReasonFlags = |
|
|
rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() { |
|
|
rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() { |
|
|
this.bitstr(); |
|
|
this.bitstr(); |
|
|
// ReasonFlags ::= BIT STRING {
|
|
|
|
|
|
// unused (0),
|
|
|
|
|
|
// keyCompromise (1),
|
|
|
|
|
|
// cACompromise (2),
|
|
|
|
|
|
// affiliationChanged (3),
|
|
|
|
|
|
// superseded (4),
|
|
|
|
|
|
// cessationOfOperation (5),
|
|
|
|
|
|
// certificateHold (6),
|
|
|
|
|
|
// privilegeWithdrawn (7),
|
|
|
|
|
|
// aACompromise (8) }
|
|
|
|
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
@ -928,6 +900,17 @@ rfc5280.SubjectInformationAccess = asn1.define('SubjectInformationAccess', funct |
|
|
this.seqof(AccessDescription); |
|
|
this.seqof(AccessDescription); |
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
* XXX |
|
|
|
|
|
* # Unknown Extension |
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
|
|
var UnknownExtension = |
|
|
|
|
|
rfc5280.UnknownExtension = asn1.define('UnknownExtension', function() { |
|
|
|
|
|
this.any(); |
|
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rfc5280.extensions = { |
|
|
rfc5280.extensions = { |
|
|
standard: { |
|
|
standard: { |
|
|
// id-ce extensions - Standard Extensions
|
|
|
// id-ce extensions - Standard Extensions
|
|
|
@ -938,6 +921,7 @@ rfc5280.extensions = { |
|
|
15: { |
|
|
15: { |
|
|
name: 'Key Usage', |
|
|
name: 'Key Usage', |
|
|
parse: function(decoded, cert, ext, edata) { |
|
|
parse: function(decoded, cert, ext, edata) { |
|
|
|
|
|
// For bitstr: KeyUsage
|
|
|
var data = decoded.data[0]; |
|
|
var data = decoded.data[0]; |
|
|
return { |
|
|
return { |
|
|
digitalSignature: !!((data >> 0) & 1), |
|
|
digitalSignature: !!((data >> 0) & 1), |
|
|
@ -970,43 +954,43 @@ rfc5280.extensions = { |
|
|
name: 'CRL Distribution Points', |
|
|
name: 'CRL Distribution Points', |
|
|
parse: function(decoded, cert, ext, edata) { |
|
|
parse: function(decoded, cert, ext, edata) { |
|
|
// XXX Find the bitstr: ReasonFlags
|
|
|
// XXX Find the bitstr: ReasonFlags
|
|
|
console.log('###########################'); |
|
|
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@'); |
|
|
console.log(decoded); |
|
|
print(decoded); |
|
|
console.log(cert); |
|
|
print(cert); |
|
|
console.log(ext); |
|
|
print(ext); |
|
|
console.log(edata); |
|
|
print(edata); |
|
|
console.log('###########################'); |
|
|
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@'); |
|
|
// XXX Find the bitstr: ReasonFlags
|
|
|
|
|
|
// var data = CRLDistributionPoints.DistributionPoint.reasons;
|
|
|
|
|
|
// return {
|
|
|
|
|
|
// unused: !!((data >> 0) & 1),
|
|
|
|
|
|
// keyCompromise: !!((data >> 1) & 1),
|
|
|
|
|
|
// cACompromise: !!((data >> 2) & 1),
|
|
|
|
|
|
// affiliationChanged: !!((data >> 3) & 1),
|
|
|
|
|
|
// superseded: !!((data >> 4) & 1),
|
|
|
|
|
|
// cessationOfOperation: !!((data >> 5) & 1),
|
|
|
|
|
|
// certificateHold: !!((data >> 6) & 1),
|
|
|
|
|
|
// privilegeWithdrawn: !!((data >> 7) & 1),
|
|
|
|
|
|
// aACompromise: !!((data >> 8) & 1)
|
|
|
|
|
|
// };
|
|
|
|
|
|
return decoded; |
|
|
return decoded; |
|
|
|
|
|
// For bitstr: ReasonFlags
|
|
|
|
|
|
var data = decoded.CRLDistributionPoints.DistributionPoint.reasons; |
|
|
|
|
|
return { |
|
|
|
|
|
unused: !!((data >> 0) & 1), |
|
|
|
|
|
keyCompromise: !!((data >> 1) & 1), |
|
|
|
|
|
cACompromise: !!((data >> 2) & 1), |
|
|
|
|
|
affiliationChanged: !!((data >> 3) & 1), |
|
|
|
|
|
superseded: !!((data >> 4) & 1), |
|
|
|
|
|
cessationOfOperation: !!((data >> 5) & 1), |
|
|
|
|
|
certificateHold: !!((data >> 6) & 1), |
|
|
|
|
|
privilegeWithdrawn: !!((data >> 7) & 1), |
|
|
|
|
|
aACompromise: !!((data >> 8) & 1) |
|
|
|
|
|
}; |
|
|
}, |
|
|
}, |
|
|
execute: function(cert) { |
|
|
execute: function(cert) { |
|
|
return cert; |
|
|
return cert; |
|
|
} |
|
|
} |
|
|
}, |
|
|
}, |
|
|
54: 'Inhibit anyPolicy', |
|
|
54: 'Inhibit anyPolicy', |
|
|
46: 'Freshest CRL', |
|
|
46: 'Freshest CRL' |
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
|
|
|
_: 'Unknown Extension' |
|
|
|
|
|
}, |
|
|
}, |
|
|
|
|
|
|
|
|
// id-pe extensions - Private Internet Extensions
|
|
|
// id-pe extensions - Private Internet Extensions
|
|
|
priv: { |
|
|
priv: { |
|
|
|
|
|
// Unknown extension: 1.3.6.1.5.5.7.1.1
|
|
|
prefix: [1, 3, 6, 1, 5, 5, 7], |
|
|
prefix: [1, 3, 6, 1, 5, 5, 7], |
|
|
1: 'Authority Information Access', |
|
|
1: 'Authority Information Access', |
|
|
11: 'Subject Information Access', |
|
|
11: 'Subject Information Access', |
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
_: 'Unknown Extension' |
|
|
'1.1': 'Unknown Extension' |
|
|
} |
|
|
} |
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
@ -1134,7 +1118,7 @@ rfc5280.decodeExtensions = function(cert, options) { |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
extensions.verified = !extensions.unknown.filter(function(ext) { |
|
|
output.verified = !output.unknown.filter(function(ext) { |
|
|
return ext.critical; |
|
|
return ext.critical; |
|
|
}).length; |
|
|
}).length; |
|
|
|
|
|
|
|
|
|
Christopher Jeffrey
11 years ago