From b6c89413684da1fc80f42ddc35c46adda484cab1 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Mon, 25 Aug 2014 15:34:38 -0700 Subject: [PATCH] paypro: 17 x509 extensions implemented. --- lib/PayPro.js | 431 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 418 insertions(+), 13 deletions(-) diff --git a/lib/PayPro.js b/lib/PayPro.js index fe557f6..6d4c366 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -148,12 +148,23 @@ PayPro.prototype.x509Verify = function() { var ext; var eid; var extensions = { - basicConstraints: null, - keyUsage: null, - subjectKeyIdentifier: null, authorityKeyIdentifier: null, - CRLDistributionPoints: null, + subjectKeyIdentifier: null, + keyUsage: null, certificatePolicies: null, + policyMappings: null, + subjectAlternativeName: null, + issuerAlternativeName: null, + subjectDirectoryAttributes: null, + basicConstraints: null, + nameConstraints: null, + policyConstraints: null, + extendedKeyUsage: null, + CRLDistributionPoints: null, + inhibitAnyPolicy: null, + freshestCRL: null, + authorityInformationAccess: null, + subjectInformationAccess: null, standardUnknown: [], unknown: [], }; @@ -171,21 +182,65 @@ PayPro.prototype.x509Verify = function() { case 14: extensions.subjectKeyIdentifier = ext.extnValue; break; + // Key Usage + case 15: + extensions.keyUsage = ext.extnValue; + break; + // Certificate Policies + case 32: + extensions.certificatePolicies = ext.extnValue; + break; + // Policy Mappings + case 0: + extensions.policyMappings = ext.extnValue; + break; + // Subject Alternative Name + case 0: + extensions.subjectAlternativeName = ext.extnValue; + break; + // Issuer Alternative Name + case 0: + extensions.issuerAlternativeName = ext.extnValue; + break; + // Subject Directory Attributes + case 0: + extensions.subjectDirectoryAttributes = ext.extnValue; + break; // Basic Constraints case 19: extensions.basicConstraints = ext.extnValue; break; - // Key Usage - case 15: - extensions.keyUsage = ext.extnValue; + // Name Constraints + case 0: + extensions.nameConstraints = ext.extnValue; + break; + // Policy Constraints + case 0: + extensions.policyConstraints = ext.extnValue; + break; + // Extended Key Usage + case 0: + extensions.extendedKeyUsage = ext.extnValue; break; // CRL Distribution Points case 31: extensions.CRLDistributionPoints = ext.extnValue; break; - // Certificate Policies - case 32: - extensions.certificatePolicies = ext.extnValue; + // Inhibit anyPolicy + case 0: + extensions.inhibitAnyPolicy = ext.extnValue; + break; + // Freshest CRL + case 0: + extensions.freshestCRL = ext.extnValue; + break; + // Authority Information Access + case 0: + extensions.authorityInformationAccess = ext.extnValue; + break; + // Subject Information Access + case 0: + extensions.subjectInformationAccess = ext.extnValue; break; // Unknown Extension (not documented anywhere, probably non-standard) default: @@ -275,7 +330,8 @@ PayPro.prototype.x509Verify = function() { var rfc5280 = {}; /** - * # AuthorityKeyIdentifier + * 1 + * # Authority Key Identifier */ var AuthorityKeyIdentifier = @@ -512,7 +568,7 @@ rfc5280.BuiltInDomainDefinedAttribute = asn1.define('BuiltInDomainDefinedAttribu }); /** - * # ExtensionAttributes + * ## ExtensionAttributes */ var ExtensionAttributes = @@ -521,7 +577,7 @@ rfc5280.ExtensionAttributes = asn1.define('ExtensionAttributes', function() { }); /** - * ## ExtensionAttribute + * ### ExtensionAttribute */ var ExtensionAttribute = @@ -567,6 +623,17 @@ rfc5280.DirectoryString = asn1.define('DirectoryString', function() { }); /** + * 2 + * # SubjectKeyIdentifier + */ + +var SubjectKeyIdentifier = +rfc5280.SubjectKeyIdentifier = asn1.define('SubjectKeyIdentifier', function() { + this.use(KeyIdentifier); +}); + +/** + * 3 * # KeyUsage */ @@ -575,6 +642,344 @@ rfc5280.KeyUsage = asn1.define('KeyUsage', function() { this.bitstr(); }); +/** + * 4 + * # Certificate Policies + */ + +var CertificatePolicies = +rfc5280.CertificatePolicies = asn1.define('CertificatePolicies', function() { + this.seqof(PolicyInformation); +}); + +/** + * ## Policy Information + */ + +var PolicyInformation = +rfc5280.PolicyInformation = asn1.define('PolicyInformation', function() { + this.seq().obj( + this.key('policyIdentifier').use(CertPolicyId), + this.key('policyQualifiers').use(PolicyQualifiers) + ); +}); + +/** + * ## Cert Policy Id + */ + +var CertPolicyId = +rfc5280.CertPolicyId = asn1.define('CertPolicyId', function() { + this.objid(); +}); + + +/** + * ### Policy Qualifiers + */ + +var PolicyQualifiers = +rfc5280.PolicyQualifiers = asn1.define('PolicyQualifiers', function() { + this.seqof(PolicyQualifierInfo); +}); + +/** + * #### Policy Qualifier Info + */ + +var PolicyQualifierInfo = +rfc5280.PolicyQualifierInfo = asn1.define('PolicyQualifierInfo', function() { + this.seq().obj( + this.key('policyQualifierId').use(PolicyQualifierId), + this.key('qualifier').any().use(PolicyQualifierId) + ); +}); + +/** + * ##### Policy Qualifier Id + */ + +var PolicyQualifierId = +rfc5280.PolicyQualifierId = asn1.define('PolicyQualifierId', function() { + this.objid(); +}); + +/** + * 5 + * # Policy Mappings + */ + +var PolicyMappings = +rfc5280.PolicyMappings = asn1.define('PolicyMappings', function() { + this.seqof(PolicyMapping); +}); + +/** + * ## Policy Mapping + */ + +var PolicyMapping = +rfc5280.PolicyMapping = asn1.define('PolicyMapping', function() { + this.seq().obj( + this.key('issuerDomainPolicy').use(CertPolicyId), + this.key('subjectDomainPolicy').use(CertPolicyId) + ); +}); + +/** + * 6 + * # Subject Alternative Name + */ + +var SubjectAlternativeName = +rfc5280.SubjectAlternativeName = asn1.define('SubjectAlternativeName', function() { + this.use(GeneralNames); +}); + +/** + * 7 + * # Issuer Alternative Name + */ + +var IssuerAlternativeName = +rfc5280.IssuerAlternativeName = asn1.define('IssuerAlternativeName', function() { + this.use(GeneralNames); +}); + +/** + * 8 + * # Subject Directory Attributes + */ + +var SubjectDirectoryAttributes = +rfc5280.SubjectDirectoryAttributes = asn1.define('SubjectDirectoryAttributes', function() { + this.seqof(Attribute); +}); + +/** + * ## Attribute + */ + +var AttributeTypeAndValue = rfc5280.AttributeTypeAndValue = rfc3280.AttributeTypeAndValue; +var Attribute = rfc5280.AttributeTypeAndValue = AttributeTypeAndValue; + +/** + * 9 + * # Basic Constraints + */ + +var BasicConstraints = +rfc5280.BasicConstraints = asn1.define('BasicConstraints', function() { + this.seq().obj( + this.key('cA').default(false).bool(), + this.key('pathLenConstraint').optional().int() + ); +}); + +/** + * 10 + * # Name Constraints + */ + +var NameConstraints = +rfc5280.NameConstraints = asn1.define('NameConstraints', function() { + this.seq().obj( + this.key('permittedSubtrees').optiona().use(GeneralSubtrees), + this.key('excludedSubtrees').optional().use(GeneralSubtrees) + ); +}); + +/** + * ## General Subtrees + */ + +var GeneralSubtrees = +rfc5280.GeneralSubtrees = asn1.define('GeneralSubtrees', function() { + this.seqof(GeneralSubtree); +}); + +/** + * ### General Subtree + */ + +var GeneralSubtree = +rfc5280.GeneralSubtree = asn1.define('GeneralSubtree', function() { + this.seq().obj( + this.key('base').use(GeneralName), + this.key('minimum').default(0).use(BaseDistance), + this.key('maximum').optional().use(BaseDistance) + ); +}); + +/** + * #### Base Distance + */ + +var BaseDistance = +rfc5280.BaseDistance = asn1.define('BaseDistance', function() { + this.int(); +}); + +/** + * 11 + * # Policy Constraints + */ + +var PolicyConstraints = +rfc5280.PolicyConstraints = asn1.define('PolicyConstraints', function() { + this.seq().obj( + this.key('requireExplicitPolicy').optional().use(SkipCerts), + this.key('inhibitPolicyMapping').optional().use(SkipCerts) + ); +}); + +/** + * ## Skip Certs + */ + +var SkipCerts = +rfc5280.SkipCerts = asn1.define('SkipCerts', function() { + this.int(); +}); + +/** + * 12 + * # Extended Key Usage + */ + +var ExtendedKeyUsage = +rfc5280.ExtendedKeyUsage = asn1.define('ExtendedKeyUsage', function() { + this.seqof(KeyPurposeId); +}); + +/** + * ## Key Purpose Id + */ + +var KeyPurposeId = +rfc5280.KeyPurposeId = asn1.define('KeyPurposeId', function() { + this.objid(); +}); + +/** + * 13 + * # CRL Distribution Points + */ + +var CRLDistributionPoints = +rfc5280.CRLDistributionPoints = asn1.define('CRLDistributionPoints', function() { + this.seqof(DistributionPoint); +}); + +/** + * ## Distribution Point + */ + +var DistributionPoint = +rfc5280.DistributionPoint = asn1.define('DistributionPoint', function() { + this.seq().obj( + this.key('distributionPoint').optional().use(DistributionPointName), + this.key('reasons').optional().use(ReasonFlags), + this.key('cRLIssuer').optional().use(GeneralNames) + ); +}); + +/** + * ### Distribution Point Name + */ + +var DistributionPointName = +rfc5280.DistributionPointName = asn1.define('DistributionPointName', function() { + this.choice({ + fullName: this.use(GeneralNames), + nameRelativeToCRLIssuer: this.use(RelativeDistinguishedName) + }); +}); + +/** + * #### Relative Distinguished Name + */ + +var RelativeDistinguishedName = +rfc5280.RelativeDistinguishedName = asn1.define('RelativeDistinguishedName', function() { + this.setof(AttributeTypeAndValue); +}); + +/** + * ### Reason Flags + */ + +var ReasonFlags = +rfc5280.ReasonFlags = asn1.define('ReasonFlags', function() { + this.bitstr(); + // ReasonFlags ::= BIT STRING { + // unused (0), + // keyCompromise (1), + // cACompromise (2), + // affiliationChanged (3), + // superseded (4), + // cessationOfOperation (5), + // certificateHold (6), + // privilegeWithdrawn (7), + // aACompromise (8) } +}); + +/** + * 14 + * # Inhibit anyPolicy + */ + +var InhibitAnyPolicy = +rfc5280.InhibitAnyPolicy = asn1.define('InhibitAnyPolicy', function() { + this.use(SkipCerts); +}); + +/** + * 15 + * # Freshest CRL + */ + +var FreshestCRL = +rfc5280.FreshestCRL = asn1.define('FreshestCRL', function() { + this.use(CRLDistributionPoints); +}); + +/** + * Private Internet Extensions + */ + +/** + * 16 + * # Authority Information Access + */ + +var AuthorityInformationAccess = +rfc5280.AuthorityInformationAccess = asn1.define('AuthorityInformationAccess', function() { + this.seqof(AccessDescription); +}); + +/** + * ## Access Description + */ + +var AccessDescription = +rfc5280.AccessDescription = asn1.define('AccessDescription', function() { + this.seq().obj( + this.key('accessMethod').objid(), + this.key('accessLocation').use(GeneralName) + ); +}); + +/** + * 17 + * # Subject Information Access + */ + +var SubjectInformationAccess = +rfc5280.SubjectInformationAccess = asn1.define('SubjectInformationAccess', function() { + this.seqof(AccessDescription); +}); + /** * Debug */