Browse Source

paypro: move x509 sign and verify to their own methods.

patch-2
Christopher Jeffrey 11 years ago
parent
commit
aafbca46d9
  1. 91
      lib/PayPro.js

91
lib/PayPro.js

@ -212,26 +212,7 @@ PayPro.prototype.sign = function(key) {
if (pki_type === 'SIN') { if (pki_type === 'SIN') {
var sig = this.sinSign(key); var sig = this.sinSign(key);
} else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') { } else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') {
var crypto = require('crypto'); var sig = this.x509Sign(key);
var pki_data = this.get('pki_data'); // contains one or more x509 certs
var details = this.get('serialized_payment_details');
var type = pki_type.split('+')[1].toUpperCase();
var trusted = [].concat(pki_data).every(function(cert) {
var der = cert.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pem = DERtoPEM(der, 'CERTIFICATE');
return !!RootCerts[pem.replace(/\s+/g, '')];
});
if (!trusted) {
// throw new Error('Unstrusted certificate.');
}
var signature = crypto.createSign('RSA-' + type);
var buf = this.serializeForSig();
signature.update(buf);
var sig = signature.sign(key);
} else if (pki_type === 'none') { } else if (pki_type === 'none') {
return this; return this;
} else { } else {
@ -252,27 +233,7 @@ PayPro.prototype.verify = function() {
if (pki_type === 'SIN') { if (pki_type === 'SIN') {
return this.sinVerify(); return this.sinVerify();
} else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') { } else if (pki_type === 'x509+sha1' || pki_type === 'x509+sha256') {
var crypto = require('crypto'); return this.x509Verify();
var sig = this.get('signature');
var pki_data = this.get('pki_data');
var details = this.get('serialized_payment_details');
var buf = this.serializeForSig();
var type = pki_type.split('+')[1].toUpperCase();
var verifier = crypto.createVerify('RSA-' + type);
verifier.update(buf);
return [].concat(pki_data).every(function(cert) {
var der = cert.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pem = DERtoPEM(der, 'CERTIFICATE');
if (!RootCerts[pem.replace(/\s+/g, '')]) {
// throw new Error('Unstrusted certificate.');
}
return verifier.verify(pem, sig);
});
} else if (pki_type === 'none') { } else if (pki_type === 'none') {
return true; return true;
} }
@ -280,6 +241,54 @@ PayPro.prototype.verify = function() {
throw new Error('Unsupported pki_type'); throw new Error('Unsupported pki_type');
}; };
PayPro.prototype.x509Sign = function(key) {
var crypto = require('crypto');
var pki_data = this.get('pki_data'); // contains one or more x509 certs
var details = this.get('serialized_payment_details');
var type = pki_type.split('+')[1].toUpperCase();
var trusted = [].concat(pki_data).every(function(cert) {
var der = cert.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pem = DERtoPEM(der, 'CERTIFICATE');
return !!RootCerts[pem.replace(/\s+/g, '')];
});
if (!trusted) {
// throw new Error('Unstrusted certificate.');
}
var signature = crypto.createSign('RSA-' + type);
var buf = this.serializeForSig();
signature.update(buf);
var sig = signature.sign(key);
return sig;
};
PayPro.prototype.x509Verify = function() {
var crypto = require('crypto');
var sig = this.get('signature');
var pki_data = this.get('pki_data');
var details = this.get('serialized_payment_details');
var buf = this.serializeForSig();
var type = pki_type.split('+')[1].toUpperCase();
var verifier = crypto.createVerify('RSA-' + type);
verifier.update(buf);
return [].concat(pki_data).every(function(cert) {
var der = cert.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
// var pem = DERtoPEM(der, 'CERTIFICATE');
if (!RootCerts[pem.replace(/\s+/g, '')]) {
// throw new Error('Unstrusted certificate.');
}
return verifier.verify(pem, sig);
});
};
//default signing function for prototype.sign //default signing function for prototype.sign
PayPro.prototype.sinSign = function(key) { PayPro.prototype.sinSign = function(key) {
this.set('pki_data', key.public) this.set('pki_data', key.public)

Loading…
Cancel
Save