|
|
@ -150,6 +150,87 @@ PayPro.prototype.x509Verify = function() { |
|
|
|
var extensions = rfc5280.decodeExtensions(c, { partial: false }); |
|
|
|
var extensionsVerified = extensions.verified; |
|
|
|
|
|
|
|
// The two most important extensions:
|
|
|
|
// "The keyIdentifier field of the authorityKeyIdentifier extension MUST be
|
|
|
|
// included in all certificates generated by conforming CAs to facilitate
|
|
|
|
// certification path construction."
|
|
|
|
var aki = extensions.authorityKeyIdentifier; |
|
|
|
aki.sha1Key = aki.raw.slice(4, 24); |
|
|
|
var ski = extensions.subjectKeyIdentifier; |
|
|
|
ski.sha1Key = ski.decoded; |
|
|
|
var ku = extensions.keyUsage; |
|
|
|
|
|
|
|
// Next Extensions:
|
|
|
|
var nextensions = rfc5280.decodeExtensions(nc, { partial: false }); |
|
|
|
var nextensionsVerified = nextensions.verified; |
|
|
|
var naki = nextensions.authorityKeyIdentifier; |
|
|
|
naki.sha1Key = naki.raw.slice(4, 24); |
|
|
|
var nski = nextensions.subjectKeyIdentifier; |
|
|
|
nski.sha1Key = nski.decoded; |
|
|
|
var nku = nextensions.keyUsage; |
|
|
|
|
|
|
|
// Subject Key was derived from Next Public Key
|
|
|
|
|
|
|
|
// Authority Key Identifier:
|
|
|
|
// { decoded: { _unknown: <Buffer 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> },
|
|
|
|
// raw: <Buffer 30 16 80 14 d2 c4 b0 d2 91 d4 4c 11 71 b3 61 cb 3d a1 fe dd a8 6a d4 e3> }
|
|
|
|
|
|
|
|
// ~/work/node_modules/asn1.js/lib/asn1/decoders/der.js
|
|
|
|
// ~/work/node_modules/asn1.js/lib/asn1/constants/der.js
|
|
|
|
|
|
|
|
// 0x30 - SEQ
|
|
|
|
// 0x16 - Octet Len = 22 - the sha is 20 bytes
|
|
|
|
// 0x80 - ??
|
|
|
|
// 0x14 - ??
|
|
|
|
// 0xd2 -
|
|
|
|
// 0xc4 -
|
|
|
|
// 0xb0 -
|
|
|
|
// 0xd2 -
|
|
|
|
// 0x91 -
|
|
|
|
// 0xd4 -
|
|
|
|
// 0x4c -
|
|
|
|
// 0x11 -
|
|
|
|
// 0x71 -
|
|
|
|
// 0xb3 -
|
|
|
|
// 0x61 -
|
|
|
|
// 0xcb -
|
|
|
|
// 0x3d -
|
|
|
|
// 0xa1 -
|
|
|
|
// 0xfe -
|
|
|
|
// 0xdd -
|
|
|
|
// 0xa8 -
|
|
|
|
// 0x6a -
|
|
|
|
// 0xd4 -
|
|
|
|
// 0xe3 -
|
|
|
|
|
|
|
|
// Subject Key Identifier
|
|
|
|
// { decoded: <Buffer 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de>,
|
|
|
|
// raw: <Buffer 04 14 3a 9a 85 07 10 67 28 b6 ef f6 bd 05 41 6e 20 c1 94 da 0f de> }
|
|
|
|
|
|
|
|
// 0x04 - octet string
|
|
|
|
// 0x14 = 20 bytes
|
|
|
|
// rest: sha1 (20 bytes)
|
|
|
|
|
|
|
|
// if (extensions.subjectDirectoryAttributes.decoded.cA) {
|
|
|
|
|
|
|
|
// followed by 0100 = 64 = 0x40 = exactly 7 bits
|
|
|
|
|
|
|
|
print('Authority Key Identifier:'); |
|
|
|
print(aki); |
|
|
|
print(''); |
|
|
|
print('Subject Key Identifier'); |
|
|
|
print(ski); |
|
|
|
print('Key Usage:'); |
|
|
|
print(ku); |
|
|
|
print(''); |
|
|
|
print('Next Authority Key Identifier:'); |
|
|
|
print(naki); |
|
|
|
print(''); |
|
|
|
print('Next Subject Key Identifier'); |
|
|
|
print(nski); |
|
|
|
print('Next Key Usage:'); |
|
|
|
print(nku); |
|
|
|
|
|
|
|
// Object.keys(extensions).forEach(function(key) {
|
|
|
|
// if (extensions[key].execute) {
|
|
|
|
// c = extensions[key].execute(c);
|
|
|
@ -558,7 +639,7 @@ rfc5280.DirectoryString = asn1.define('DirectoryString', function() { |
|
|
|
|
|
|
|
/** |
|
|
|
* 2 |
|
|
|
* # SubjectKeyIdentifier |
|
|
|
* # Subject Key Identifier |
|
|
|
*/ |
|
|
|
|
|
|
|
var SubjectKeyIdentifier = |
|
|
@ -568,7 +649,7 @@ rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() { |
|
|
|
|
|
|
|
/** |
|
|
|
* 3 |
|
|
|
* # KeyUsage |
|
|
|
* # Key Usage |
|
|
|
*/ |
|
|
|
|
|
|
|
var KeyUsage = |
|
|
@ -976,14 +1057,15 @@ rfc5280.extensions = { |
|
|
|
31: { |
|
|
|
name: 'CRL Distribution Points', |
|
|
|
parse: function(decoded, cert, ext, edata) { |
|
|
|
return decoded; |
|
|
|
// XXX Find the bitstr: ReasonFlags
|
|
|
|
if (process.env.NODE_DEBUG) { |
|
|
|
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@'); |
|
|
|
print(decoded); |
|
|
|
print(cert); |
|
|
|
print(ext); |
|
|
|
print(edata); |
|
|
|
print('@@@@@@@@@@@@@@@@@@@@@@@@@@@'); |
|
|
|
} |
|
|
|
return decoded; |
|
|
|
// For bitstr: ReasonFlags
|
|
|
|
var data = decoded.CRLDistributionPoints.DistributionPoint.reasons; |
|
|
@ -1100,18 +1182,18 @@ rfc5280.decodeExtensions = function(cert, options) { |
|
|
|
} |
|
|
|
|
|
|
|
// If the Extension needs extra parsing (i.e. bitstrs)
|
|
|
|
data = ext.parse |
|
|
|
data = { |
|
|
|
decoded: ext.parse |
|
|
|
? ext.parse(decoded, cert, ext, edata) |
|
|
|
: decoded; |
|
|
|
: decoded, |
|
|
|
raw: edata.extnValue |
|
|
|
}; |
|
|
|
|
|
|
|
// Tack on some useful info
|
|
|
|
|
|
|
|
// Comment for debugging:
|
|
|
|
// data.edata = edata;
|
|
|
|
// data.ext = ext;
|
|
|
|
if (ext.parse) { |
|
|
|
data.decoded = decoded; |
|
|
|
} |
|
|
|
|
|
|
|
// Execute Behavior for Cert
|
|
|
|
if (ext.execute) { |
|
|
@ -1127,20 +1209,24 @@ rfc5280.decodeExtensions = function(cert, options) { |
|
|
|
output[ext.prop] = data; |
|
|
|
|
|
|
|
// XXX Debug
|
|
|
|
if (process.env.NODE_DEBUG) { |
|
|
|
print('------------'); |
|
|
|
print('%s (%s):', ext.name, ext.id); |
|
|
|
print('Buffer:'); |
|
|
|
print(edata.extnValue); |
|
|
|
print('Extension:'); |
|
|
|
print(data); |
|
|
|
} |
|
|
|
} else { |
|
|
|
// Add unknown extension:
|
|
|
|
output.unknown.push(edata); |
|
|
|
|
|
|
|
// XXX Debug
|
|
|
|
if (process.env.NODE_DEBUG) { |
|
|
|
print('Unknown extension: %s', eid); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
output.verified = !output.unknown.filter(function(ext) { |
|
|
|
return ext.critical; |
|
|
|