From cc7657d843048f40b280115ce4d8108e4f368bb7 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Thu, 17 Jul 2014 17:15:25 -0700 Subject: [PATCH] paypro: treat pki_data as an array. --- lib/PayPro.js | 31 ++++++++++++++----------------- lib/browser/PayPro.js | 37 ++++++++++++++++--------------------- test/test.PayPro.js | 4 ++-- 3 files changed, 32 insertions(+), 40 deletions(-) diff --git a/lib/PayPro.js b/lib/PayPro.js index cde9661..1d972b1 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -224,14 +224,13 @@ PayPro.prototype.sign = function(key) { var details = this.get('serialized_payment_details'); var type = pki_type.split('+')[1].toUpperCase(); - pki_data = pki_data && Array.isArray(pki_data) - ? pki_data[0] - : pki_data; + var trusted = [].concat(pki_data).every(function(cert) { + var der = cert.toString('hex'); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); + return !!Trusted[pem.replace(/\s+/g, '')]; + }); - var der = pki_data.toString('hex'); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - - if (!Trusted[pem.replace(/\s+/g, '')]) { + if (!trusted) { // throw new Error('Unstrusted certificate.'); } @@ -269,18 +268,16 @@ PayPro.prototype.verify = function() { var verifier = crypto.createVerify('RSA-' + type); verifier.update(buf); - pki_data = Array.isArray(pki_data) - ? pki_data[0] - : pki_data; - - var der = pki_data.toString('hex'); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); + return [].concat(pki_data).every(function(cert) { + var der = cert.toString('hex'); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - if (!Trusted[pem.replace(/\s+/g, '')]) { - // throw new Error('Unstrusted certificate.'); - } + if (!Trusted[pem.replace(/\s+/g, '')]) { + // throw new Error('Unstrusted certificate.'); + } - return verifier.verify(pem, sig); + return verifier.verify(pem, sig); + }); } else if (pki_type === 'none') { return true; } diff --git a/lib/browser/PayPro.js b/lib/browser/PayPro.js index 9417944..524569c 100644 --- a/lib/browser/PayPro.js +++ b/lib/browser/PayPro.js @@ -29,14 +29,13 @@ PayPro.sign = function(key) { var type = pki_type.split('+')[1].toUpperCase(); var buf = this.serializeForSig(); - pki_data = pki_data && pki_data.unshift - ? pki_data[0] - : pki_data; - - var der = pki_data.toString('hex'); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); + var trusted = [].concat(pki_data).every(function(cert) { + var der = cert.toString('hex'); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); + return !!Trusted[pem.replace(/\s+/g, '')]; + }); - if (!Trusted[pem.replace(/\s+/g, '')]) { + if (!trusted) { // throw new Error('Unstrusted certificate.'); } @@ -79,24 +78,20 @@ PayPro.verify = function() { prov: 'cryptojs/jsrsa' }); - pki_data = pki_data && pki_data.unshift - ? pki_data[0] - : pki_data; - - var der = pki_data.toString('hex'); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - - if (!Trusted[pem.replace(/\s+/g, '')]) { - // throw new Error('Unstrusted certificate.'); - } + return [].concat(pki_data).every(function(cert) { + var der = cert.toString('hex'); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - jsrsaSig.initVerifyByCertificatePEM(pem); + if (!Trusted[pem.replace(/\s+/g, '')]) { + // throw new Error('Unstrusted certificate.'); + } - jsrsaSig.updateHex(buf.toString('hex')); + jsrsaSig.initVerifyByCertificatePEM(pem); - var result = jsrsaSig.verify(sig.toString('hex')); + jsrsaSig.updateHex(buf.toString('hex')); - return result; + return jsrsaSig.verify(sig.toString('hex')); + }); } else if (pki_type === 'none') { return true; } diff --git a/test/test.PayPro.js b/test/test.PayPro.js index ad790ed..3abc0ca 100644 --- a/test/test.PayPro.js +++ b/test/test.PayPro.js @@ -339,7 +339,7 @@ describe('PayPro', function() { paypro.set('serialized_payment_details', pdbuf); paypro.set('pki_type', 'x509+sha256'); - paypro.set('pki_data', x509.crt); + paypro.set('pki_data', [x509.crt]); paypro.sign(x509.priv); @@ -362,7 +362,7 @@ describe('PayPro', function() { paypro.set('pki_type', 'x509+sha256'); paypro.set('signature', x509.sig); // sig buffer - paypro.set('pki_data', x509.crt); // contains one or more x509 certs + paypro.set('pki_data', [x509.crt]); // contains one or more x509 certs var verify = paypro.verify(); verify.should.equal(true);