From a39aeeb446c4a4cabe47435663c4d302c237dd20 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Thu, 28 Aug 2014 17:13:02 -0700 Subject: [PATCH] paypro: move tbs parsing into common. --- lib/PayPro.js | 45 ++++---------------------------------------- lib/common/PayPro.js | 41 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 41 deletions(-) diff --git a/lib/PayPro.js b/lib/PayPro.js index 6534fab..024f8a4 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -134,47 +134,12 @@ PayPro.prototype.x509Verify = function() { }); // - // Verify current certificate signature + // Verify current Certificate signature // - // Grab the raw DER To-Be-Signed Certificate to verify: - // First 10 bytes usually look like: - // [ 48, 130, 5, 32, 48, 130, 4, 8, 160, 3 ] - var start = 0; - var starts = 0; - for (var start = 0; start < data.length; start++) { - if (starts === 1 && data[start] === 48) { - break; - } - if (starts < 1 && data[start] === 48) { - starts++; - } - } - - // The bytes *after* the TBS (including the last TBS byte) will look like - // (note the 48 - the start of the sig, and the 122 - the end of the TBS): - // [ 122, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, ... ] - - // The certificate in these examples has a `start` of 4, and an `end` of - // 1040. The 4 bytes is the DER SEQ of the Certificate, right before the - // SEQ of the TBSCertificate. - - var end = 0; - var ends = 0; - for (var end = data.length - 1; end > 0; end--) { - if (ends === 2 && data[end] === 48) { - break; - } - if (ends < 2 && data[end] === 0) { - ends++; - } - } - - console.log(Array.prototype.slice.call(data.slice(end - 1))); - console.log(Array.prototype.slice.call(data.slice(0, start + 6))); - console.log('start=%d, end=%d', start, end); - - var tbs = data.slice(start, end); + // Get the raw DER TBSCertificate + // from the DER Certificate: + var tbs = PayPro.getTBSCertificate(data); var verifier = crypto.createVerify('RSA-' + sigAlg); verifier.update(tbs); @@ -185,8 +150,6 @@ PayPro.prototype.x509Verify = function() { && sigVerified; }); - console.log('verified && chainVerified:', verified && chainVerified); - return verified && chainVerified; }; diff --git a/lib/common/PayPro.js b/lib/common/PayPro.js index 4b53e8d..b360f1c 100644 --- a/lib/common/PayPro.js +++ b/lib/common/PayPro.js @@ -52,6 +52,47 @@ PayPro.getAlgorithm = function(value, index) { return value; }; +// Grab the raw DER To-Be-Signed Certificate +// from a DER Certificate to verify +PayPro.getTBSCertificate = function(data) { + // We start by slicing off the first SEQ of the + // Certificate (TBSCertificate is its own SEQ). + + // The first 10 bytes usually look like: + // [ 48, 130, 5, 32, 48, 130, 4, 8, 160, 3 ] + var start = 0; + var starts = 0; + for (var start = 0; start < data.length; start++) { + if (starts === 1 && data[start] === 48) { + break; + } + if (starts < 1 && data[start] === 48) { + starts++; + } + } + + // The bytes *after* the TBS (including the last TBS byte) will look like + // (note the 48 - the start of the sig, and the 122 - the end of the TBS): + // [ 122, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 5, 0, 3, ... ] + + // The certificate in these examples has a `start` of 4, and an `end` of + // 1040. The 4 bytes is the DER SEQ of the Certificate, right before the + // SEQ of the TBSCertificate. + var end = 0; + var ends = 0; + for (var end = data.length - 1; end > 0; end--) { + if (ends === 2 && data[end] === 48) { + break; + } + if (ends < 2 && data[end] === 0) { + ends++; + } + } + + // Return our raw DER TBSCertificate: + return data.slice(start, end); +}; + PayPro.RootCerts = RootCerts; PayPro.proto = {};