|
|
@ -169,8 +169,8 @@ PayPro.prototype.x509Verify = function() { |
|
|
unknown: [], |
|
|
unknown: [], |
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
for (var i = 0; i < nc.tbsCertificate.extensions.length; i++) { |
|
|
for (var i = 0; i < c.tbsCertificate.extensions.length; i++) { |
|
|
ext = nc.tbsCertificate.extensions[i]; |
|
|
ext = c.tbsCertificate.extensions[i]; |
|
|
eid = ext.extnID; |
|
|
eid = ext.extnID; |
|
|
|
|
|
|
|
|
// id-ce extensions - Standard Extensions
|
|
|
// id-ce extensions - Standard Extensions
|
|
|
@ -178,26 +178,30 @@ PayPro.prototype.x509Verify = function() { |
|
|
switch (eid[3]) { |
|
|
switch (eid[3]) { |
|
|
// Authority Key Identifier
|
|
|
// Authority Key Identifier
|
|
|
case 35: |
|
|
case 35: |
|
|
|
|
|
print('Authority Key Identifier:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.authorityKeyIdentifier = ext.extnValue; |
|
|
extensions.authorityKeyIdentifier = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.authorityKeyIdentifier = rfc5280.AuthorityKeyIdentifier.decode( |
|
|
extensions.authorityKeyIdentifier = rfc5280.AuthorityKeyIdentifier.decode( |
|
|
extensions.authorityKeyIdentifier, |
|
|
extensions.authorityKeyIdentifier, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Authority Key Identifier:'); |
|
|
|
|
|
print(extensions.authorityKeyIdentifier); |
|
|
print(extensions.authorityKeyIdentifier); |
|
|
break; |
|
|
break; |
|
|
// Subject Key Identifier
|
|
|
// Subject Key Identifier
|
|
|
case 14: |
|
|
case 14: // VERY IMPORTANT, especially is cA (basic constraints) is true (it is)
|
|
|
|
|
|
print('Subject Key Identifier:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.subjectKeyIdentifier = ext.extnValue; |
|
|
extensions.subjectKeyIdentifier = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.subjectKeyIdentifier = rfc5280.SubjectKeyIdentifier.decode( |
|
|
extensions.subjectKeyIdentifier = rfc5280.SubjectKeyIdentifier.decode( |
|
|
extensions.subjectKeyIdentifier, |
|
|
extensions.subjectKeyIdentifier, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Subject Key Identifier:'); |
|
|
|
|
|
print(extensions.subjectKeyIdentifier); |
|
|
print(extensions.subjectKeyIdentifier); |
|
|
break; |
|
|
break; |
|
|
// Key Usage
|
|
|
// Key Usage
|
|
|
case 15: |
|
|
case 15: |
|
|
|
|
|
print('Key Usage:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.keyUsage = ext.extnValue; |
|
|
extensions.keyUsage = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
data = rfc5280.KeyUsage.decode( |
|
|
data = rfc5280.KeyUsage.decode( |
|
|
@ -216,127 +220,138 @@ PayPro.prototype.x509Verify = function() { |
|
|
encipherOnly: !!((data >> 7) & 1), |
|
|
encipherOnly: !!((data >> 7) & 1), |
|
|
decipherOnly: !!((data >> 8) & 1) |
|
|
decipherOnly: !!((data >> 8) & 1) |
|
|
}; |
|
|
}; |
|
|
print('Key Usage:'); |
|
|
|
|
|
print(extensions.keyUsage); |
|
|
print(extensions.keyUsage); |
|
|
break; |
|
|
break; |
|
|
// Certificate Policies
|
|
|
// Certificate Policies
|
|
|
case 32: |
|
|
case 32: |
|
|
|
|
|
print('Certificate Policies:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.certificatePolicies = ext.extnValue; |
|
|
extensions.certificatePolicies = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.certificatePolicies = rfc5280.CertificatePolicies.decode( |
|
|
extensions.certificatePolicies = rfc5280.CertificatePolicies.decode( |
|
|
extensions.certificatePolicies, |
|
|
extensions.certificatePolicies, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Certificate Policies:'); |
|
|
|
|
|
print(extensions.certificatePolicies); |
|
|
print(extensions.certificatePolicies); |
|
|
break; |
|
|
break; |
|
|
// Policy Mappings
|
|
|
// Policy Mappings
|
|
|
case 33: |
|
|
case 33: |
|
|
|
|
|
print('Policy Mappings:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.policyMappings = ext.extnValue; |
|
|
extensions.policyMappings = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.policyMappings = rfc5280.PolicyMappings.decode( |
|
|
extensions.policyMappings = rfc5280.PolicyMappings.decode( |
|
|
extensions.policyMappings, |
|
|
extensions.policyMappings, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Policy Mappings:'); |
|
|
|
|
|
print(extensions.policyMappings); |
|
|
print(extensions.policyMappings); |
|
|
break; |
|
|
break; |
|
|
// Subject Alternative Name
|
|
|
// Subject Alternative Name
|
|
|
case 17: |
|
|
case 17: |
|
|
|
|
|
print('Subject Alternative Name:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.subjectAlternativeName = ext.extnValue; |
|
|
extensions.subjectAlternativeName = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.subjectAlternativeName = rfc5280.SubjectAlternativeName.decode( |
|
|
extensions.subjectAlternativeName = rfc5280.SubjectAlternativeName.decode( |
|
|
extensions.subjectAlternativeName, |
|
|
extensions.subjectAlternativeName, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Subject Alternative Name:'); |
|
|
|
|
|
print(extensions.subjectAlternativeName); |
|
|
print(extensions.subjectAlternativeName); |
|
|
break; |
|
|
break; |
|
|
// Issuer Alternative Name
|
|
|
// Issuer Alternative Name
|
|
|
case 18: |
|
|
case 18: |
|
|
|
|
|
print('Issuer Alternative Name:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.issuerAlternativeName = ext.extnValue; |
|
|
extensions.issuerAlternativeName = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.issuerAlternativeName = rfc5280.IssuerAlternativeName.decode( |
|
|
extensions.issuerAlternativeName = rfc5280.IssuerAlternativeName.decode( |
|
|
extensions.issuerAlternativeName, |
|
|
extensions.issuerAlternativeName, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Issuer Alternative Name:'); |
|
|
|
|
|
print(extensions.issuerAlternativeName); |
|
|
print(extensions.issuerAlternativeName); |
|
|
break; |
|
|
break; |
|
|
// Subject Directory Attributes
|
|
|
// Subject Directory Attributes
|
|
|
case 9: |
|
|
case 9: |
|
|
|
|
|
print('Subject Directory Attributes:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.subjectDirectoryAttributes = ext.extnValue; |
|
|
extensions.subjectDirectoryAttributes = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.subjectDirectoryAttributes = rfc5280.SubjectDirectoryAttributes.decode( |
|
|
extensions.subjectDirectoryAttributes = rfc5280.SubjectDirectoryAttributes.decode( |
|
|
extensions.subjectDirectoryAttributes, |
|
|
extensions.subjectDirectoryAttributes, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Subject Directory Attributes:'); |
|
|
|
|
|
print(extensions.subjectDirectoryAttributes); |
|
|
print(extensions.subjectDirectoryAttributes); |
|
|
break; |
|
|
break; |
|
|
// Basic Constraints
|
|
|
// Basic Constraints
|
|
|
case 19: |
|
|
case 19: |
|
|
|
|
|
print('Basic Constraints:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.basicConstraints = ext.extnValue; |
|
|
extensions.basicConstraints = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.basicConstraints = rfc5280.BasicConstraints.decode( |
|
|
extensions.basicConstraints = rfc5280.BasicConstraints.decode( |
|
|
extensions.basicConstraints, |
|
|
extensions.basicConstraints, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Basic Constraints:'); |
|
|
|
|
|
print(extensions.basicConstraints); |
|
|
print(extensions.basicConstraints); |
|
|
break; |
|
|
break; |
|
|
// Name Constraints
|
|
|
// Name Constraints
|
|
|
case 30: |
|
|
case 30: |
|
|
|
|
|
print('Name Constraints:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.nameConstraints = ext.extnValue; |
|
|
extensions.nameConstraints = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.nameConstraints = rfc5280.NameConstraints.decode( |
|
|
extensions.nameConstraints = rfc5280.NameConstraints.decode( |
|
|
extensions.nameConstraints, |
|
|
extensions.nameConstraints, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Name Constraints:'); |
|
|
|
|
|
print(extensions.nameConstraints); |
|
|
print(extensions.nameConstraints); |
|
|
break; |
|
|
break; |
|
|
// Policy Constraints
|
|
|
// Policy Constraints
|
|
|
case 36: |
|
|
case 36: |
|
|
|
|
|
print('Policy Constraints:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.policyConstraints = ext.extnValue; |
|
|
extensions.policyConstraints = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.policyConstraints = rfc5280.PolicyConstraints.decode( |
|
|
extensions.policyConstraints = rfc5280.PolicyConstraints.decode( |
|
|
extensions.policyConstraints, |
|
|
extensions.policyConstraints, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Policy Constraints:'); |
|
|
|
|
|
print(extensions.policyConstraints); |
|
|
print(extensions.policyConstraints); |
|
|
break; |
|
|
break; |
|
|
// Extended Key Usage
|
|
|
// Extended Key Usage
|
|
|
case 37: |
|
|
case 37: |
|
|
|
|
|
print('Extended Key Usage'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.extendedKeyUsage = ext.extnValue; |
|
|
extensions.extendedKeyUsage = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.extendedKeyUsage = rfc5280.ExtendedKeyUsage.decode( |
|
|
extensions.extendedKeyUsage = rfc5280.ExtendedKeyUsage.decode( |
|
|
extensions.extendedKeyUsage, |
|
|
extensions.extendedKeyUsage, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Extended Key Usage'); |
|
|
|
|
|
print(extensions.extendedKeyUsage); |
|
|
print(extensions.extendedKeyUsage); |
|
|
break; |
|
|
break; |
|
|
// CRL Distribution Points
|
|
|
// CRL Distribution Points
|
|
|
case 31: |
|
|
case 31: |
|
|
|
|
|
print('CRL Distribution Points:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.CRLDistributionPoints = ext.extnValue; |
|
|
extensions.CRLDistributionPoints = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.CRLDistributionPoints = rfc5280.CRLDistributionPoints.decode( |
|
|
extensions.CRLDistributionPoints = rfc5280.CRLDistributionPoints.decode( |
|
|
extensions.CRLDistributionPoints, |
|
|
extensions.CRLDistributionPoints, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('CRL Distribution Points:'); |
|
|
|
|
|
print(extensions.CRLDistributionPoints); |
|
|
print(extensions.CRLDistributionPoints); |
|
|
break; |
|
|
break; |
|
|
// Inhibit anyPolicy
|
|
|
// Inhibit anyPolicy
|
|
|
case 54: |
|
|
case 54: |
|
|
|
|
|
print('Inhibit Any Policy:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.inhibitAnyPolicy = ext.extnValue; |
|
|
extensions.inhibitAnyPolicy = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.inhibitAnyPolicy = rfc5280.InhibitAnyPolicy.decode( |
|
|
extensions.inhibitAnyPolicy = rfc5280.InhibitAnyPolicy.decode( |
|
|
extensions.inhibitAnyPolicy, |
|
|
extensions.inhibitAnyPolicy, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Inhibit Any Policy:'); |
|
|
|
|
|
print(extensions.inhibitAnyPolicy); |
|
|
print(extensions.inhibitAnyPolicy); |
|
|
break; |
|
|
break; |
|
|
// Freshest CRL
|
|
|
// Freshest CRL
|
|
|
case 46: |
|
|
case 46: |
|
|
|
|
|
print('Freshest CRL:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.freshestCRL = ext.extnValue; |
|
|
extensions.freshestCRL = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.freshestCRL = rfc5280.FreshestCRL.decode( |
|
|
extensions.freshestCRL = rfc5280.FreshestCRL.decode( |
|
|
extensions.freshestCRL, |
|
|
extensions.freshestCRL, |
|
|
'der'); |
|
|
'der', { partial: false }); |
|
|
print('Freshest CRL:'); |
|
|
|
|
|
print(extensions.freshestCRL); |
|
|
print(extensions.freshestCRL); |
|
|
break; |
|
|
break; |
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
@ -361,23 +376,25 @@ PayPro.prototype.x509Verify = function() { |
|
|
// Authority Information Access
|
|
|
// Authority Information Access
|
|
|
// id-pe:
|
|
|
// id-pe:
|
|
|
case 1: |
|
|
case 1: |
|
|
|
|
|
print('Authority Information Access:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.authorityInformationAccess = ext.extnValue; |
|
|
extensions.authorityInformationAccess = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.authorityInformationAccess = rfc5280.AuthorityInformationAccess.decode( |
|
|
extensions.authorityInformationAccess = rfc5280.AuthorityInformationAccess.decode( |
|
|
extensions.authorityInformationAccess, |
|
|
extensions.authorityInformationAccess, |
|
|
'der'); |
|
|
'der'); |
|
|
print('Authority Information Access:'); |
|
|
|
|
|
print(extensions.freshestCRL); |
|
|
print(extensions.freshestCRL); |
|
|
break; |
|
|
break; |
|
|
// Subject Information Access
|
|
|
// Subject Information Access
|
|
|
// id-pe:
|
|
|
// id-pe:
|
|
|
case 11: |
|
|
case 11: |
|
|
|
|
|
print('Subject Information Access:'); |
|
|
|
|
|
print(ext.extnValue); |
|
|
extensions.subjectInformationAccess = ext.extnValue; |
|
|
extensions.subjectInformationAccess = ext.extnValue; |
|
|
// parse
|
|
|
// parse
|
|
|
extensions.subjectInformationAccess = rfc5280.SubjectInformationAccess.decode( |
|
|
extensions.subjectInformationAccess = rfc5280.SubjectInformationAccess.decode( |
|
|
extensions.subjectInformationAccess, |
|
|
extensions.subjectInformationAccess, |
|
|
'der'); |
|
|
'der'); |
|
|
print('Subject Information Access:'); |
|
|
|
|
|
print(extensions.subjectInformationAccess); |
|
|
print(extensions.subjectInformationAccess); |
|
|
break; |
|
|
break; |
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
// Unknown Extension (not documented anywhere, probably non-standard)
|
|
|
@ -502,7 +519,7 @@ var OtherName = |
|
|
rfc5280.OtherName = asn1.define('OtherName', function() { |
|
|
rfc5280.OtherName = asn1.define('OtherName', function() { |
|
|
this.seq().obj( |
|
|
this.seq().obj( |
|
|
this.key('typeId').objid(), |
|
|
this.key('typeId').objid(), |
|
|
this.key('value') |
|
|
this.key('value').explicit(0).any() |
|
|
); |
|
|
); |
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
@ -889,8 +906,7 @@ var Attribute = rfc5280.AttributeTypeAndValue = AttributeTypeAndValue; |
|
|
var BasicConstraints = |
|
|
var BasicConstraints = |
|
|
rfc5280.BasicConstraints = asn1.define('BasicConstraints', function() { |
|
|
rfc5280.BasicConstraints = asn1.define('BasicConstraints', function() { |
|
|
this.seq().obj( |
|
|
this.seq().obj( |
|
|
// this.key('cA').default(false).bool(),
|
|
|
this.key('cA').bool().def(false), |
|
|
this.key('cA').bool(), |
|
|
|
|
|
this.key('pathLenConstraint').optional().int() |
|
|
this.key('pathLenConstraint').optional().int() |
|
|
); |
|
|
); |
|
|
}); |
|
|
}); |
|
|
|
Christopher Jeffrey
11 years ago