diff --git a/lib/PayPro.js b/lib/PayPro.js index 88d8c1f..493ad4b 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -169,8 +169,8 @@ PayPro.prototype.x509Verify = function() { unknown: [], }; - for (var i = 0; i < nc.tbsCertificate.extensions.length; i++) { - ext = nc.tbsCertificate.extensions[i]; + for (var i = 0; i < c.tbsCertificate.extensions.length; i++) { + ext = c.tbsCertificate.extensions[i]; eid = ext.extnID; // id-ce extensions - Standard Extensions @@ -178,26 +178,30 @@ PayPro.prototype.x509Verify = function() { switch (eid[3]) { // Authority Key Identifier case 35: + print('Authority Key Identifier:'); + print(ext.extnValue); extensions.authorityKeyIdentifier = ext.extnValue; // parse extensions.authorityKeyIdentifier = rfc5280.AuthorityKeyIdentifier.decode( extensions.authorityKeyIdentifier, - 'der'); - print('Authority Key Identifier:'); + 'der', { partial: false }); print(extensions.authorityKeyIdentifier); break; // Subject Key Identifier - case 14: + case 14: // VERY IMPORTANT, especially is cA (basic constraints) is true (it is) + print('Subject Key Identifier:'); + print(ext.extnValue); extensions.subjectKeyIdentifier = ext.extnValue; // parse extensions.subjectKeyIdentifier = rfc5280.SubjectKeyIdentifier.decode( extensions.subjectKeyIdentifier, - 'der'); - print('Subject Key Identifier:'); + 'der', { partial: false }); print(extensions.subjectKeyIdentifier); break; // Key Usage case 15: + print('Key Usage:'); + print(ext.extnValue); extensions.keyUsage = ext.extnValue; // parse data = rfc5280.KeyUsage.decode( @@ -216,127 +220,138 @@ PayPro.prototype.x509Verify = function() { encipherOnly: !!((data >> 7) & 1), decipherOnly: !!((data >> 8) & 1) }; - print('Key Usage:'); print(extensions.keyUsage); break; // Certificate Policies case 32: + print('Certificate Policies:'); + print(ext.extnValue); extensions.certificatePolicies = ext.extnValue; // parse extensions.certificatePolicies = rfc5280.CertificatePolicies.decode( extensions.certificatePolicies, - 'der'); - print('Certificate Policies:'); + 'der', { partial: false }); print(extensions.certificatePolicies); break; // Policy Mappings case 33: + print('Policy Mappings:'); + print(ext.extnValue); extensions.policyMappings = ext.extnValue; // parse extensions.policyMappings = rfc5280.PolicyMappings.decode( extensions.policyMappings, - 'der'); - print('Policy Mappings:'); + 'der', { partial: false }); print(extensions.policyMappings); break; // Subject Alternative Name case 17: + print('Subject Alternative Name:'); + print(ext.extnValue); extensions.subjectAlternativeName = ext.extnValue; // parse extensions.subjectAlternativeName = rfc5280.SubjectAlternativeName.decode( extensions.subjectAlternativeName, - 'der'); - print('Subject Alternative Name:'); + 'der', { partial: false }); print(extensions.subjectAlternativeName); break; // Issuer Alternative Name case 18: + print('Issuer Alternative Name:'); + print(ext.extnValue); extensions.issuerAlternativeName = ext.extnValue; // parse extensions.issuerAlternativeName = rfc5280.IssuerAlternativeName.decode( extensions.issuerAlternativeName, - 'der'); - print('Issuer Alternative Name:'); + 'der', { partial: false }); print(extensions.issuerAlternativeName); break; // Subject Directory Attributes case 9: + print('Subject Directory Attributes:'); + print(ext.extnValue); extensions.subjectDirectoryAttributes = ext.extnValue; // parse extensions.subjectDirectoryAttributes = rfc5280.SubjectDirectoryAttributes.decode( extensions.subjectDirectoryAttributes, - 'der'); - print('Subject Directory Attributes:'); + 'der', { partial: false }); print(extensions.subjectDirectoryAttributes); break; // Basic Constraints case 19: + print('Basic Constraints:'); + print(ext.extnValue); extensions.basicConstraints = ext.extnValue; // parse extensions.basicConstraints = rfc5280.BasicConstraints.decode( extensions.basicConstraints, - 'der'); - print('Basic Constraints:'); + 'der', { partial: false }); print(extensions.basicConstraints); break; // Name Constraints case 30: + print('Name Constraints:'); + print(ext.extnValue); extensions.nameConstraints = ext.extnValue; // parse extensions.nameConstraints = rfc5280.NameConstraints.decode( extensions.nameConstraints, - 'der'); - print('Name Constraints:'); + 'der', { partial: false }); print(extensions.nameConstraints); break; // Policy Constraints case 36: + print('Policy Constraints:'); + print(ext.extnValue); extensions.policyConstraints = ext.extnValue; // parse extensions.policyConstraints = rfc5280.PolicyConstraints.decode( extensions.policyConstraints, - 'der'); - print('Policy Constraints:'); + 'der', { partial: false }); print(extensions.policyConstraints); break; // Extended Key Usage case 37: + print('Extended Key Usage'); + print(ext.extnValue); extensions.extendedKeyUsage = ext.extnValue; // parse extensions.extendedKeyUsage = rfc5280.ExtendedKeyUsage.decode( extensions.extendedKeyUsage, - 'der'); - print('Extended Key Usage'); + 'der', { partial: false }); print(extensions.extendedKeyUsage); break; // CRL Distribution Points case 31: + print('CRL Distribution Points:'); + print(ext.extnValue); extensions.CRLDistributionPoints = ext.extnValue; // parse extensions.CRLDistributionPoints = rfc5280.CRLDistributionPoints.decode( extensions.CRLDistributionPoints, - 'der'); - print('CRL Distribution Points:'); + 'der', { partial: false }); print(extensions.CRLDistributionPoints); break; // Inhibit anyPolicy case 54: + print('Inhibit Any Policy:'); + print(ext.extnValue); extensions.inhibitAnyPolicy = ext.extnValue; // parse extensions.inhibitAnyPolicy = rfc5280.InhibitAnyPolicy.decode( extensions.inhibitAnyPolicy, - 'der'); - print('Inhibit Any Policy:'); + 'der', { partial: false }); print(extensions.inhibitAnyPolicy); break; // Freshest CRL case 46: + print('Freshest CRL:'); + print(ext.extnValue); extensions.freshestCRL = ext.extnValue; // parse extensions.freshestCRL = rfc5280.FreshestCRL.decode( extensions.freshestCRL, - 'der'); - print('Freshest CRL:'); + 'der', { partial: false }); print(extensions.freshestCRL); break; // Unknown Extension (not documented anywhere, probably non-standard) @@ -361,23 +376,25 @@ PayPro.prototype.x509Verify = function() { // Authority Information Access // id-pe: case 1: + print('Authority Information Access:'); + print(ext.extnValue); extensions.authorityInformationAccess = ext.extnValue; // parse extensions.authorityInformationAccess = rfc5280.AuthorityInformationAccess.decode( extensions.authorityInformationAccess, 'der'); - print('Authority Information Access:'); print(extensions.freshestCRL); break; // Subject Information Access // id-pe: case 11: + print('Subject Information Access:'); + print(ext.extnValue); extensions.subjectInformationAccess = ext.extnValue; // parse extensions.subjectInformationAccess = rfc5280.SubjectInformationAccess.decode( extensions.subjectInformationAccess, 'der'); - print('Subject Information Access:'); print(extensions.subjectInformationAccess); break; // Unknown Extension (not documented anywhere, probably non-standard) @@ -502,7 +519,7 @@ var OtherName = rfc5280.OtherName = asn1.define('OtherName', function() { this.seq().obj( this.key('typeId').objid(), - this.key('value') + this.key('value').explicit(0).any() ); }); @@ -889,8 +906,7 @@ var Attribute = rfc5280.AttributeTypeAndValue = AttributeTypeAndValue; var BasicConstraints = rfc5280.BasicConstraints = asn1.define('BasicConstraints', function() { this.seq().obj( - // this.key('cA').default(false).bool(), - this.key('cA').bool(), + this.key('cA').bool().def(false), this.key('pathLenConstraint').optional().int() ); });