lukechilds
/
bitcoincashjs
mirror of https://github.com/lukechilds/bitcoincashjs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

paypro: use asn1.js in browser paypro.

patch-2
Christopher Jeffrey 11 years ago
parent
4a12d5a491
commit
f0757498b6
2 changed files with 25 additions and 40 deletions
Unified View
  1. 5
      lib/PayPro.js
  2. 60
      lib/browser/PayPro.js

5
lib/PayPro.js
View File

@ -10,7 +10,6 @@ var KJUR = require('jsrsasign');
var asn1 = require('asn1.js'); var asn1 = require('asn1.js');
var rfc3280 = require('asn1.js/rfc/3280'); var rfc3280 = require('asn1.js/rfc/3280');
var Certificate = rfc3280.Certificate;
PayPro.prototype.x509Sign = function(key) { PayPro.prototype.x509Sign = function(key) {
var self = this; var self = this;
@ -89,13 +88,13 @@ PayPro.prototype.x509Verify = function() {
// Get public key from next certificate: // Get public key from next certificate:
var data = new Buffer(nder, 'hex'); var data = new Buffer(nder, 'hex');
var nc = Certificate.decode(data, 'der'); var nc = rfc3280.Certificate.decode(data, 'der');
var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY'); npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');
// Get signature from current certificate: // Get signature from current certificate:
var data = new Buffer(der, 'hex'); var data = new Buffer(der, 'hex');
var c = Certificate.decode(data, 'der'); var c = rfc3280.Certificate.decode(data, 'der');
var sig = c.signature.data; var sig = c.signature.data;
var verifier = crypto.createVerify('RSA-' + type); var verifier = crypto.createVerify('RSA-' + type);

60
lib/browser/PayPro.js
View File

@ -5,6 +5,8 @@ var KJUR = require('jsrsasign');
var assert = require('assert'); var assert = require('assert');
var PayPro = require('../common/PayPro'); var PayPro = require('../common/PayPro');
var RootCerts = require('../common/RootCerts'); var RootCerts = require('../common/RootCerts');
var asn1 = require('asn1.js');
var rfc3280 = require('asn1.js/rfc/3280');
// Documentation: // Documentation:
// http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign // http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html#.sign
@ -78,13 +80,9 @@ PayPro.prototype.x509Verify = function(key) {
// 2. Extract signature from current certificate. // 2. Extract signature from current certificate.
// 3. If current cert is not trusted, verify that the current cert is signed // 3. If current cert is not trusted, verify that the current cert is signed
// by NEXT by the certificate. // by NEXT by the certificate.
// 4. XXX What to do when the certificate is revoked? // NOTE: XXX What to do when the certificate is revoked?
var blen = +type.replace(/[^\d]+/g, ''); var chainVerified = chain.every(function(cert, i) {
if (blen === 1) blen = 20;
if (blen === 256) blen = 32;
chain.forEach(function(cert, i) {
var der = cert.toString('hex'); var der = cert.toString('hex');
var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE'); var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
var name = RootCerts.getTrusted(pem); var name = RootCerts.getTrusted(pem);
@ -92,50 +90,38 @@ PayPro.prototype.x509Verify = function(key) {
var ncert = chain[i + 1]; var ncert = chain[i + 1];
// The root cert, check if it's trusted: // The root cert, check if it's trusted:
if (!ncert || name) { if (!ncert || name) {
if (!name) { chain.length = 0;
// console.log('Untrusted certificate.'); return true;
} else {
// console.log('Certificate: %s', name);
}
return;
} }
var nder = ncert.toString('hex'); var nder = ncert.toString('hex');
var npem = KJUR.asn1.ASN1Util.getPEMStringFromHex(nder, 'CERTIFICATE'); var npem = KJUR.asn1.ASN1Util.getPEMStringFromHex(nder, 'CERTIFICATE');
// get sig from current cert - BAD // Get public key from next certificate:
var sig = der.slice(-(blen * 2)); var data = new Buffer(nder, 'hex');
var nc = rfc3280.Certificate.decode(data, 'der');
// Should work but doesn't: var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
// get sig from current cert npubKey = self._DERtoPEM(npubKey, 'RSA PUBLIC KEY');
// var o = new KJUR.asn1.cms.SignerInfo();
// o.setSignerIdentifier(pem);
// var sig = new Buffer(o.getEncodedHex(), 'hex');
// get public key from next cert // Get signature from current certificate:
var js = new KJUR.crypto.Signature({ var data = new Buffer(der, 'hex');
alg: type + 'withRSA', var c = rfc3280.Certificate.decode(data, 'der');
prov: 'cryptojs/jsrsa' var sig = c.signature.data;
});
js.initVerifyByCertificatePEM(npem);
var npubKey = KJUR.KEYUTIL.getPEM(js.pubKey);
var jsrsaSig = new KJUR.crypto.Signature({ var jsrsaSig = new KJUR.crypto.Signature({
alg: type + 'withRSA', alg: type + 'withRSA',
prov: 'cryptojs/jsrsa' prov: 'cryptojs/jsrsa'
}); });
jsrsaSig.initVerifyByPublicKey(npubKey); jsrsaSig.initVerifyByPublicKey(npubKey);
// NOTE: We need to slice off the signatureAlgorithm and signatureValue -
// consult the x509 spec: // Create a To-Be-Signed Certificate to verify using asn1.js:
// https://www.ietf.org/rfc/rfc2459 // Fails at Issuer:
jsrsaSig.updateHex(der); var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');
var v = jsrsaSig.verify(sig); jsrsaSig.updateHex(tbs);
if (!v) {
// console.log(i + ' not verified.'); return jsrsaSig.verify(sig);
verified = false;
}
}); });
return verified; return verified && chainVerified;
}; };
module.exports = PayPro; module.exports = PayPro;

Write Preview
Loading…
Cancel
Save