From 60b266a0db62b3b8864d2569a1fcae77b7353206 Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Tue, 26 Aug 2014 16:26:34 -0700
Subject: [PATCH] paypro: more extension debugging.

---
 lib/PayPro.js | 130 +++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 108 insertions(+), 22 deletions(-)

diff --git a/lib/PayPro.js b/lib/PayPro.js
index b671e77..173a93b 100644
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@@ -150,6 +150,87 @@ PayPro.prototype.x509Verify = function() {
     var extensions = rfc5280.decodeExtensions(c, { partial: false });
     var extensionsVerified = extensions.verified;
 
+    // The two most important extensions:
+    // "The keyIdentifier field of the authorityKeyIdentifier extension MUST be
+    // included in all certificates generated by conforming CAs to facilitate
+    // certification path construction."
+    var aki = extensions.authorityKeyIdentifier;
+    aki.sha1Key = aki.raw.slice(4, 24);
+    var ski = extensions.subjectKeyIdentifier;
+    ski.sha1Key = ski.decoded;
+    var ku = extensions.keyUsage;
+
+    // Next Extensions:
+    var nextensions = rfc5280.decodeExtensions(nc, { partial: false });
+    var nextensionsVerified = nextensions.verified;
+    var naki = nextensions.authorityKeyIdentifier;
+    naki.sha1Key = naki.raw.slice(4, 24);
+    var nski = nextensions.subjectKeyIdentifier;
+    nski.sha1Key = nski.decoded;
+    var nku = nextensions.keyUsage;
+
+    // Subject Key was derived from Next Public Key
+
+    // Authority Key Identifier:
+    // { decoded: { _unknown: <Buffer 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> },
+    //   raw: <Buffer 30 16 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> }
+
+    // ~/work/node_modules/asn1.js/lib/asn1/decoders/der.js
+    // ~/work/node_modules/asn1.js/lib/asn1/constants/der.js
+
+    // 0x30 - SEQ
+    // 0x16 - Octet Len = 22 - the sha is 20 bytes
+    // 0x80 - ??
+    // 0x14 - ??
+    // 0xd2 -
+    // 0xc4 -
+    // 0xb0 -
+    // 0xd2 -
+    // 0x91 -
+    // 0xd4 -
+    // 0x4c -
+    // 0x11 -
+    // 0x71 -
+    // 0xb3 -
+    // 0x61 -
+    // 0xcb -
+    // 0x3d -
+    // 0xa1 -
+    // 0xfe -
+    // 0xdd -
+    // 0xa8 -
+    // 0x6a -
+    // 0xd4 -
+    // 0xe3 -
+
+    // Subject Key Identifier
+    // { decoded: <Buffer 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de>,
+    //   raw: <Buffer 04 14 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de> }
+
+    // 0x04 - octet string
+    // 0x14 = 20 bytes
+    // rest: sha1 (20 bytes)
+
+    // if (extensions.subjectDirectoryAttributes.decoded.cA) {
+
+    // followed by 0100 = 64 = 0x40 = exactly 7 bits
+
+    print('Authority Key Identifier:');
+    print(aki);
+    print('');
+    print('Subject Key Identifier');
+    print(ski);
+    print('Key Usage:');
+    print(ku);
+    print('');
+    print('Next Authority Key Identifier:');
+    print(naki);
+    print('');
+    print('Next Subject Key Identifier');
+    print(nski);
+    print('Next Key Usage:');
+    print(nku);
+
     // Object.keys(extensions).forEach(function(key) {
     //   if (extensions[key].execute) {
     //     c = extensions[key].execute(c);
@@ -558,7 +639,7 @@ rfc5280.DirectoryString = asn1.define('DirectoryString', function() {
 
 /**
  * 2
- * # SubjectKeyIdentifier
+ * # Subject Key Identifier
  */
 
 var SubjectKeyIdentifier =
@@ -568,7 +649,7 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() {
 
 /**
  * 3
- * # KeyUsage
+ * # Key Usage
  */
 
 var KeyUsage =
@@ -976,14 +1057,15 @@ rfc5280.extensions = {
     31: {
       name: 'CRL Distribution Points',
       parse: function(decoded, cert, ext, edata) {
-        return decoded;
         // XXX Find the bitstr: ReasonFlags
-        print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
-        print(decoded);
-        print(cert);
-        print(ext);
-        print(edata);
-        print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
+        if (process.env.NODE_DEBUG) {
+          print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
+          print(decoded);
+          print(cert);
+          print(ext);
+          print(edata);
+          print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
+        }
         return decoded;
         // For bitstr: ReasonFlags
         var data = decoded.CRLDistributionPoints.DistributionPoint.reasons;
@@ -1100,18 +1182,18 @@ rfc5280.decodeExtensions = function(cert, options) {
       }
 
       // If the Extension needs extra parsing (i.e. bitstrs)
-      data = ext.parse
-        ? ext.parse(decoded, cert, ext, edata)
-        : decoded;
+      data = {
+        decoded: ext.parse
+          ? ext.parse(decoded, cert, ext, edata)
+          : decoded,
+        raw: edata.extnValue
+      };
 
       // Tack on some useful info
 
       // Comment for debugging:
       // data.edata = edata;
       // data.ext = ext;
-      if (ext.parse) {
-        data.decoded = decoded;
-      }
 
       // Execute Behavior for Cert
       if (ext.execute) {
@@ -1127,18 +1209,22 @@ rfc5280.decodeExtensions = function(cert, options) {
       output[ext.prop] = data;
 
       // XXX Debug
-      print('------------');
-      print('%s (%s):', ext.name, ext.id);
-      print('Buffer:');
-      print(edata.extnValue);
-      print('Extension:');
-      print(data);
+      if (process.env.NODE_DEBUG) {
+        print('------------');
+        print('%s (%s):', ext.name, ext.id);
+        print('Buffer:');
+        print(edata.extnValue);
+        print('Extension:');
+        print(data);
+      }
     } else {
       // Add unknown extension:
       output.unknown.push(edata);
 
       // XXX Debug
-      print('Unknown extension: %s', eid);
+      if (process.env.NODE_DEBUG) {
+        print('Unknown extension: %s', eid);
+      }
     }
   }