Browse Source

paypro: more extension debugging.

patch-2
Christopher Jeffrey 11 years ago
parent
commit
60b266a0db
  1. 102
      lib/PayPro.js

102
lib/PayPro.js

@ -150,6 +150,87 @@ PayPro.prototype.x509Verify = function() {
var extensions = rfc5280.decodeExtensions(c, { partial: false }); var extensions = rfc5280.decodeExtensions(c, { partial: false });
var extensionsVerified = extensions.verified; var extensionsVerified = extensions.verified;
// The two most important extensions:
// "The keyIdentifier field of the authorityKeyIdentifier extension MUST be
// included in all certificates generated by conforming CAs to facilitate
// certification path construction."
var aki = extensions.authorityKeyIdentifier;
aki.sha1Key = aki.raw.slice(4, 24);
var ski = extensions.subjectKeyIdentifier;
ski.sha1Key = ski.decoded;
var ku = extensions.keyUsage;
// Next Extensions:
var nextensions = rfc5280.decodeExtensions(nc, { partial: false });
var nextensionsVerified = nextensions.verified;
var naki = nextensions.authorityKeyIdentifier;
naki.sha1Key = naki.raw.slice(4, 24);
var nski = nextensions.subjectKeyIdentifier;
nski.sha1Key = nski.decoded;
var nku = nextensions.keyUsage;
// Subject Key was derived from Next Public Key
// Authority Key Identifier:
// { decoded: { _unknown: <Buffer 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> },
// raw: <Buffer 30 16 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> }
// ~/work/node_modules/asn1.js/lib/asn1/decoders/der.js
// ~/work/node_modules/asn1.js/lib/asn1/constants/der.js
// 0x30 - SEQ
// 0x16 - Octet Len = 22 - the sha is 20 bytes
// 0x80 - ??
// 0x14 - ??
// 0xd2 -
// 0xc4 -
// 0xb0 -
// 0xd2 -
// 0x91 -
// 0xd4 -
// 0x4c -
// 0x11 -
// 0x71 -
// 0xb3 -
// 0x61 -
// 0xcb -
// 0x3d -
// 0xa1 -
// 0xfe -
// 0xdd -
// 0xa8 -
// 0x6a -
// 0xd4 -
// 0xe3 -
// Subject Key Identifier
// { decoded: <Buffer 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de>,
// raw: <Buffer 04 14 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de> }
// 0x04 - octet string
// 0x14 = 20 bytes
// rest: sha1 (20 bytes)
// if (extensions.subjectDirectoryAttributes.decoded.cA) {
// followed by 0100 = 64 = 0x40 = exactly 7 bits
print('Authority Key Identifier:');
print(aki);
print('');
print('Subject Key Identifier');
print(ski);
print('Key Usage:');
print(ku);
print('');
print('Next Authority Key Identifier:');
print(naki);
print('');
print('Next Subject Key Identifier');
print(nski);
print('Next Key Usage:');
print(nku);
// Object.keys(extensions).forEach(function(key) { // Object.keys(extensions).forEach(function(key) {
// if (extensions[key].execute) { // if (extensions[key].execute) {
// c = extensions[key].execute(c); // c = extensions[key].execute(c);
@ -558,7 +639,7 @@ rfc5280.DirectoryString = asn1.define('DirectoryString', function() {
/** /**
* 2 * 2
* # SubjectKeyIdentifier * # Subject Key Identifier
*/ */
var SubjectKeyIdentifier = var SubjectKeyIdentifier =
@ -568,7 +649,7 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() {
/** /**
* 3 * 3
* # KeyUsage * # Key Usage
*/ */
var KeyUsage = var KeyUsage =
@ -976,14 +1057,15 @@ rfc5280.extensions = {
31: { 31: {
name: 'CRL Distribution Points', name: 'CRL Distribution Points',
parse: function(decoded, cert, ext, edata) { parse: function(decoded, cert, ext, edata) {
return decoded;
// XXX Find the bitstr: ReasonFlags // XXX Find the bitstr: ReasonFlags
if (process.env.NODE_DEBUG) {
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@'); print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
print(decoded); print(decoded);
print(cert); print(cert);
print(ext); print(ext);
print(edata); print(edata);
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@'); print('@@@@@@@@@@@@@@@@@@@@@@@@@@@');
}
return decoded; return decoded;
// For bitstr: ReasonFlags // For bitstr: ReasonFlags
var data = decoded.CRLDistributionPoints.DistributionPoint.reasons; var data = decoded.CRLDistributionPoints.DistributionPoint.reasons;
@ -1100,18 +1182,18 @@ rfc5280.decodeExtensions = function(cert, options) {
} }
// If the Extension needs extra parsing (i.e. bitstrs) // If the Extension needs extra parsing (i.e. bitstrs)
data = ext.parse data = {
decoded: ext.parse
? ext.parse(decoded, cert, ext, edata) ? ext.parse(decoded, cert, ext, edata)
: decoded; : decoded,
raw: edata.extnValue
};
// Tack on some useful info // Tack on some useful info
// Comment for debugging: // Comment for debugging:
// data.edata = edata; // data.edata = edata;
// data.ext = ext; // data.ext = ext;
if (ext.parse) {
data.decoded = decoded;
}
// Execute Behavior for Cert // Execute Behavior for Cert
if (ext.execute) { if (ext.execute) {
@ -1127,20 +1209,24 @@ rfc5280.decodeExtensions = function(cert, options) {
output[ext.prop] = data; output[ext.prop] = data;
// XXX Debug // XXX Debug
if (process.env.NODE_DEBUG) {
print('------------'); print('------------');
print('%s (%s):', ext.name, ext.id); print('%s (%s):', ext.name, ext.id);
print('Buffer:'); print('Buffer:');
print(edata.extnValue); print(edata.extnValue);
print('Extension:'); print('Extension:');
print(data); print(data);
}
} else { } else {
// Add unknown extension: // Add unknown extension:
output.unknown.push(edata); output.unknown.push(edata);
// XXX Debug // XXX Debug
if (process.env.NODE_DEBUG) {
print('Unknown extension: %s', eid); print('Unknown extension: %s', eid);
} }
} }
}
output.verified = !output.unknown.filter(function(ext) { output.verified = !output.unknown.filter(function(ext) {
return ext.critical; return ext.critical;

Loading…
Cancel
Save