diff --git a/browser/root-certs b/browser/root-certs index d3d2dbb..364cdd0 100755 --- a/browser/root-certs +++ b/browser/root-certs @@ -29,13 +29,23 @@ function getRootCerts(callback) { body = body.replace(/^"/gm, '+ "'); body = body.replace(/^\+ "-----B/gm, '"-----B'); body += '' + + '\n' + '// Use hash table for efficiency:\n' + 'RootCerts = RootCerts.reduce(function(trusted, cert) {\n' + ' cert = cert.replace(/\\s+/g, "");\n' + ' trusted[cert] = true;\n' + ' return trusted;\n' + '}, {});\n' - + 'module.exports = RootCerts;\n'; + + '\n' + + 'function isTrusted(pem) {\n' + + ' pem = pem + "";\n' + + ' pem = pem.replace(/\\s+/g, "");\n' + + ' return !!RootCerts[pem];\n' + + '}\n' + + '\n' + + 'exports = RootCerts;\n' + + 'exports.isTrusted = isTrusted;\n' + + 'module.exports = exports;\n'; return callback(null, body); }); } diff --git a/lib/PayPro.js b/lib/PayPro.js index 4b5850b..7397c18 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -251,7 +251,7 @@ PayPro.prototype.x509Sign = function(key) { var trusted = [].concat(pki_data).every(function(cert) { var der = cert.toString('hex'); var pem = self._DERtoPEM(der, 'CERTIFICATE'); - return !!RootCerts[pem.replace(/\s+/g, '')]; + return RootCerts.isTrusted(pem); }); if (!trusted) { @@ -282,7 +282,7 @@ PayPro.prototype.x509Verify = function() { var der = cert.toString('hex'); var pem = self._DERtoPEM(der, 'CERTIFICATE'); - if (!RootCerts[pem.replace(/\s+/g, '')]) { + if (!RootCerts.isTrusted(pem)) { // throw new Error('Unstrusted certificate.'); } diff --git a/lib/browser/PayPro.js b/lib/browser/PayPro.js index 5e1a122..0f296af 100644 --- a/lib/browser/PayPro.js +++ b/lib/browser/PayPro.js @@ -25,7 +25,7 @@ PayPro.sign = function(key) { var trusted = [].concat(pki_data).every(function(cert) { var der = cert.toString('hex'); var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - return !!RootCerts[pem.replace(/\s+/g, '')]; + return RootCerts.isTrusted(pem); }); if (!trusted) { @@ -75,7 +75,7 @@ PayPro.verify = function() { var der = cert.toString('hex'); var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); - if (!RootCerts[pem.replace(/\s+/g, '')]) { + if (!RootCerts.isTrusted(pem)) { // throw new Error('Unstrusted certificate.'); } diff --git a/lib/common/RootCerts.js b/lib/common/RootCerts.js index e3526da..ac08b82 100644 --- a/lib/common/RootCerts.js +++ b/lib/common/RootCerts.js @@ -3560,10 +3560,20 @@ var RootCerts = [ + "-----END CERTIFICATE-----\n", ]; + // Use hash table for efficiency: RootCerts = RootCerts.reduce(function(trusted, cert) { cert = cert.replace(/\s+/g, ""); trusted[cert] = true; return trusted; }, {}); -module.exports = RootCerts; + +function isTrusted(pem) { + pem = pem + ""; + pem = pem.replace(/\s+/g, ""); + return !!RootCerts[pem]; +} + +exports = RootCerts; +exports.isTrusted = isTrusted; +module.exports = exports;