bitcore-payment-protocol - npm Package Compare versions

Comparing version 0.12.0 to 0.13.0

bower.json

 {
   "name": "bitcore-payment-protocol",
   "main": "./bitcore-payment-protocol.min.js",
-  "version": "0.12.0",
+  "version": "0.13.0",
   "homepage": "https://github.com/bitpay/bitcore-payment-protocol",
@@ -6,0 +6,0 @@ "authors": [

lib/browser.js

@@ -99,2 +99,5 @@ 'use strict';
 
+  if (!caName) 
+    caName = PaymentProtocol.completeChainAndGetCA(chain);
+
   if (chain.length === 1 && !caName) {
@@ -101,0 +104,0 @@ if (returnTrust) {

lib/common.js

@@ -392,3 +392,3 @@ 'use strict';
 PaymentProtocol.prototype.sinSign = function(privateKey) {
-  if ( !(privateKey instanceof PrivateKey) ) {
+  if (!(privateKey instanceof PrivateKey)) {
     throw new TypeError('Expects an instance of PrivateKey');
@@ -418,41 +418,72 @@ }
 PaymentProtocol.PEMtoDER =
-PaymentProtocol.prototype._PEMtoDER = function(pem) {
-  return this._PEMtoDERParam(pem);
-};
+  PaymentProtocol.prototype._PEMtoDER = function(pem) {
+    return this.PEMtoDERParam(pem, 'CERTIFICATE');
+  };
 
 PaymentProtocol.PEMtoDERParam =
-PaymentProtocol.prototype._PEMtoDERParam = function(pem, param) {
-  if (Buffer.isBuffer(pem)) {
-    pem = pem.toString();
-  }
-  var start = new RegExp('(?=-----BEGIN ' + (param || '[^-]+') + '-----)', 'i');
-  var end = new RegExp('^-----END ' + (param || '[^-]+') + '-----$', 'gmi');
-  pem = pem.replace(end, '');
-  var parts = pem.split(start);
-  return parts.map(function(part) {
-    var type = /-----BEGIN ([^-]+)-----/.exec(part)[1];
-    part = part.replace(/-----BEGIN ([^-]+)-----/g, '');
-    part = part.replace(/\s+/g, '');
-    if (!param || type !== param) {
-      return;
+  PaymentProtocol.prototype._PEMtoDERParam = function(pem, param) {
+    if (Buffer.isBuffer(pem)) {
+      pem = pem.toString();
     }
-    return new Buffer(part, 'base64');
-  }).filter(Boolean);
-};
+    var start = new RegExp('(?=-----BEGIN ' + (param || '[^-]+') + '-----)', 'i');
+    var end = new RegExp('^-----END ' + (param || '[^-]+') + '-----$', 'gmi');
+    pem = pem.replace(end, '');
+    var parts = pem.split(start);
+    return parts.map(function(part) {
+      var type = /-----BEGIN ([^-]+)-----/.exec(part)[1];
+      part = part.replace(/-----BEGIN ([^-]+)-----/g, '');
+      part = part.replace(/\s+/g, '');
+      if (!param || type !== param) {
+        return;
+      }
+      return new Buffer(part, 'base64');
+    }).filter(Boolean);
+  };
 
 PaymentProtocol.DERtoPEM =
-PaymentProtocol.prototype._DERtoPEM = function(der, type) {
-  if (typeof der === 'string') {
-    der = new Buffer(der, 'hex');
-  }
-  type = type || 'PRIVACY-ENHANCED MESSAGE';
-  der = der.toString('base64');
-  der = der.replace(/(.{64})/g, '$1\r\n');
-  der = der.replace(/\r\n$/, '');
-  return '' +
-    '-----BEGIN ' + type + '-----\r\n' +
-    der +
-    '\r\n-----END ' + type + '-----\r\n';
-};
+  PaymentProtocol.prototype._DERtoPEM = function(der, type) {
+    if (typeof der === 'string') {
+      der = new Buffer(der, 'hex');
+    }
+    type = type || 'PRIVACY-ENHANCED MESSAGE';
+    der = der.toString('base64');
+    der = der.replace(/(.{64})/g, '$1\r\n');
+    der = der.replace(/\r\n$/, '');
+    return '' +
+      '-----BEGIN ' + type + '-----\r\n' +
+      der +
+      '\r\n-----END ' + type + '-----\r\n';
+  };
 
+
+PaymentProtocol.completeChainAndGetCA =
+  PaymentProtocol.prototype._completeChainAndGetCA = function(chain) {
+    var caName, pem, der;
+    var issuer = chain[chain.length - 1];
+    var nder = issuer.toString('hex');
+    var ndata = new Buffer(nder, 'hex');
+    var nc = rfc3280.Certificate.decode(ndata, 'der');
+    var values = nc.tbsCertificate.issuer.value;
+    var l = values.length,
+      i = 0;
+    while (i++ < l && !caName) {
+      var v = values[i];
+      if (!v) continue;
+      var name = v[0].value.toString().substr(2);
+
+      pem = RootCerts.getCert(name);
+      if (!pem)
+        pem = RootCerts.getCert(name.replace('Certification Authority', 'CA'));
+
+      // Root Cert found
+      if (pem) {
+        caName = name;
+        der = PaymentProtocol.PEMtoDER(pem)[0];
+        chain.push(der);
+      }
+    }
+    return caName;
+  };
+
+
 // Expose RootCerts
@@ -459,0 +490,0 @@ PaymentProtocol.getTrusted = RootCerts.getTrusted;

lib/index.js

@@ -78,2 +78,6 @@ 'use strict';
 
+  if (!caName) 
+    caName = PaymentProtocol.completeChainAndGetCA(chain);
+
+
   if (chain.length === 1 && !caName) {
@@ -80,0 +84,0 @@ if (returnTrust) {

package.json

 {
   "name": "bitcore-payment-protocol",
-  "version": "0.12.0",
+  "version": "0.13.0",
   "description": "Payment Protocol (BIP70 and related) support for bitcore",
@@ -11,3 +11,4 @@ "author": "BitPay <dev@bitpay.com>",
     "coverage": "gulp coverage",
-    "build": "gulp"
+    "build": "gulp",
+    "rootcerts": "node ./update-rootcerts.js"
   },
@@ -14,0 +15,0 @@ "contributors": [

README.md

@@ -40,3 +40,3 @@ <img src="http://bitcore.io/css/images/module-payment-protocol.png" alt="bitcore payment protocol" height="35">
 
-See [CONTRIBUTING.md](https://github.com/bitpay/bitcore) on the main bitcore repo for information about how to contribute.
+See [CONTRIBUTING.md](https://github.com/bitpay/bitcore/blob/master/CONTRIBUTING.md) on the main bitcore repo for information about how to contribute.
 
@@ -43,0 +43,0 @@ ## License

test/index.js

@@ -13,2 +13,3 @@ 'use strict';
 var PaymentProtocol = require('../');
+var SampleRequest  = require('./samplerequest');
 
@@ -102,180 +103,2 @@ var x509 = {
 
-// A test PaymentRequest (with a full cert chain) from test.bitpay.com:
-
-var bitpayRequest = new Buffer(''
-  + '0801120b783530392b7368613235361a89250aa40a3082052030820408a0'
-  + '03020102020727a49d05046d62300d06092a864886f70d01010b05003081'
-  + 'b4310b30090603550406130255533110300e060355040813074172697a6f'
-  + '6e61311330110603550407130a53636f74747364616c65311a3018060355'
-  + '040a1311476f44616464792e636f6d2c20496e632e312d302b060355040b'
-  + '1324687474703a2f2f63657274732e676f64616464792e636f6d2f726570'
-  + '6f7369746f72792f313330310603550403132a476f204461646479205365'
-  + '6375726520436572746966696361746520417574686f72697479202d2047'
-  + '32301e170d3134303432363132333532365a170d31363034323631323335'
-  + '32365a303a3121301f060355040b1318446f6d61696e20436f6e74726f6c'
-  + '2056616c6964617465643115301306035504030c0c2a2e6269747061792e'
-  + '636f6d30820122300d06092a864886f70d01010105000382010f00308201'
-  + '0a0282010100e2a5dd4aea959c1d0fb016e6e05bb7011e741cdc61918c61'
-  + 'f9625a2f682f485f0e862ea63db61cc9161753127504de800604df36b10f'
-  + '46cb17ab6cb99dba8aa45a36adfb901a2fc380c89e234bce18de6639b883'
-  + 'e9339801673efaee1f2df77eeb82f7c39c96a2f8ef4572b634c203d9be8f'
-  + 'd1e0036d32fb38b6b9b5ecd5a0684345c7e9ffc5d26bc6fd69aa6619f77b'
-  + 'adaa4bfb989478fb2f41aa92782e40b34ba9ac4549a4e6fda76b5fc4a581'
-  + '853bd0de5fb5a2c6dfdc12cdfadb54e9636a6d1223705924b8be566b81ac'
-  + '7921078cf590a146ae397a84908ef4fc83ff5715a44ab59e9258674d9011'
-  + '3bb607b8d81eb268e4c6ce849497c76521795b0873950203010001a38201'
-  + 'ae308201aa300f0603551d130101ff04053003010100301d0603551d2504'
-  + '16301406082b0601050507030106082b06010505070302300e0603551d0f'
-  + '0101ff0404030205a030360603551d1f042f302d302ba029a02786256874'
-  + '74703a2f2f63726c2e676f64616464792e636f6d2f676469673273312d34'
-  + '392e63726c30530603551d20044c304a3048060b6086480186fd6d010717'
-  + '013039303706082b06010505070201162b687474703a2f2f636572746966'
-  + '6963617465732e676f64616464792e636f6d2f7265706f7369746f72792f'
-  + '307606082b06010505070101046a3068302406082b060105050730018618'
-  + '687474703a2f2f6f6373702e676f64616464792e636f6d2f304006082b06'
-  + '0105050730028634687474703a2f2f6365727469666963617465732e676f'
-  + '64616464792e636f6d2f7265706f7369746f72792f67646967322e637274'
-  + '301f0603551d2304183016801440c2bd278ecc348330a233d7fb6cb3f0b4'
-  + '2c80ce30230603551d11041c301a820c2a2e6269747061792e636f6d820a'
-  + '6269747061792e636f6d301d0603551d0e0416041485454e3b4072e2f58e'
-  + '377438988b5229387e967a300d06092a864886f70d01010b050003820101'
-  + '002d0a7ef97f988905ebbbad4e9ffb690352535211d6792516119838b55f'
-  + '24ff9fa4e93b6187b8517cbb0477457d3378078ef66057abe41bcafeb142'
-  + 'ec52443a94b88114fa069f725c6198581d97af16352727f4f35e7f2110fa'
-  + 'a41a0511bcfdf8e3f4a3a310278c150b10f32a962c81e8f3d5374d9cb56d'
-  + '893027ff4fa4e3c3e6384c1f1557ceea6fca9cbc0c110748c08b82d8f0ed'
-  + '9a579637ee43a2d8fec3b5b04d1f3c8f1a3e2088da2274b6bc60948bbe74'
-  + '4a7f8b942b41f0ae9b4afaeefbb7e0f04a0587b52efb6ebfa2d970b9de56'
-  + 'a068575e4bf0cf824618dc17bbeaa2cdd25d65970a9f1a06fc9fffb466a1'
-  + '0c9568cd651795bc2c7996975027bdbaba0ad409308204d0308203b8a003'
-  + '020102020107300d06092a864886f70d01010b0500308183310b30090603'
-  + '550406130255533110300e060355040813074172697a6f6e613113301106'
-  + '03550407130a53636f74747364616c65311a3018060355040a1311476f44'
-  + '616464792e636f6d2c20496e632e3131302f06035504031328476f204461'
-  + '64647920526f6f7420436572746966696361746520417574686f72697479'
-  + '202d204732301e170d3131303530333037303030305a170d333130353033'
-  + '3037303030305a3081b4310b30090603550406130255533110300e060355'
-  + '040813074172697a6f6e61311330110603550407130a53636f7474736461'
-  + '6c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e'
-  + '312d302b060355040b1324687474703a2f2f63657274732e676f64616464'
-  + '792e636f6d2f7265706f7369746f72792f313330310603550403132a476f'
-  + '204461646479205365637572652043657274696669636174652041757468'
-  + '6f72697479202d20473230820122300d06092a864886f70d010101050003'
-  + '82010f003082010a0282010100b9e0cb10d4af76bdd49362eb3064b88108'
-  + '6cc304d962178e2fff3e65cf8fce62e63c521cda16454b55ab786b638362'
-  + '90ce0f696c99c81a148b4ccc4533ea88dc9ea3af2bfe80619d7957c4cf2e'
-  + 'f43f303c5d47fc9a16bcc3379641518e114b54f828bed08cbef030381ef3'
-  + 'b026f86647636dde7126478f384753d1461db4e3dc00ea45acbdbc71d9aa'
-  + '6f00dbdbcd303a794f5f4c47f81def5bc2c49d603bb1b24391d8a4334eea'
-  + 'b3d6274fad258aa5c6f4d5d0a6ae7405645788b54455d42d2a3a3ef8b8bd'
-  + 'e9320a029464c4163a50f14aaee77933af0c20077fe8df0439c269026c63'
-  + '52fa77c11bc87487c8b993185054354b694ebc3bd3492e1fdcc1d252fb02'
-  + '03010001a382011a30820116300f0603551d130101ff040530030101ff30'
-  + '0e0603551d0f0101ff040403020106301d0603551d0e0416041440c2bd27'
-  + '8ecc348330a233d7fb6cb3f0b42c80ce301f0603551d230418301680143a'
-  + '9a8507106728b6eff6bd05416e20c194da0fde303406082b060105050701'
-  + '0104283026302406082b060105050730018618687474703a2f2f6f637370'
-  + '2e676f64616464792e636f6d2f30350603551d1f042e302c302aa028a026'
-  + '8624687474703a2f2f63726c2e676f64616464792e636f6d2f6764726f6f'
-  + '742d67322e63726c30460603551d20043f303d303b0604551d2000303330'
-  + '3106082b06010505070201162568747470733a2f2f63657274732e676f64'
-  + '616464792e636f6d2f7265706f7369746f72792f300d06092a864886f70d'
-  + '01010b05000382010100087e6c9310c838b896a9904bffa15f4f04ef6c3e'
-  + '9c8806c9508fa673f757311bbebce42fdbf8bad35be0b4e7e679620e0ca2'
-  + 'd76a637331b5f5a848a43b082da25d90d7b47c254f115630c4b6449d7b2c'
-  + '9de55ee6ef0c61aabfe42a1bee849eb8837dc143ce44a713700d911ff4c8'
-  + '13ad8360d9d872a873241eb5ac220eca17896258441bab892501000fcdc4'
-  + '1b62db51b4d30f512a9bf4bc73fc76ce36a4cdd9d82ceaae9bf52ab290d1'
-  + '4d75188a3f8a4190237d5b4bfea403589b46b2c3606083f87d5041cec2a1'
-  + '90c3bbef022fd21554ee4415d90aaea78a33edb12d763626dc04eb9ff761'
-  + '1f15dc876fee469628ada1267d0a09a72e04a38dbcf8bc0430010a810930'
-  + '82047d30820365a00302010202031be715300d06092a864886f70d01010b'
-  + '05003063310b30090603550406130255533121301f060355040a13185468'
-  + '6520476f2044616464792047726f75702c20496e632e3131302f06035504'
-  + '0b1328476f20446164647920436c61737320322043657274696669636174'
-  + '696f6e20417574686f72697479301e170d3134303130313037303030305a'
-  + '170d3331303533303037303030305a308183310b30090603550406130255'
-  + '533110300e060355040813074172697a6f6e61311330110603550407130a'
-  + '53636f74747364616c65311a3018060355040a1311476f44616464792e63'
-  + '6f6d2c20496e632e3131302f06035504031328476f20446164647920526f'
-  + '6f7420436572746966696361746520417574686f72697479202d20473230'
-  + '820122300d06092a864886f70d01010105000382010f003082010a028201'
-  + '0100bf716208f1fa5934f71bc918a3f7804958e9228313a6c52043013b84'
-  + 'f1e685499f27eaf6841b4ea0b4db7098c73201b1053e074eeef4fa4f2f59'
-  + '3022e7ab19566be28007fcf316758039517be5f935b6744ea98d8213e4b6'
-  + '3fa90383faa2be8a156a7fde0bc3b6191405caeac3a804943b467c320df3'
-  + '006622c88d696d368c1118b7d3b21c60b438fa028cced3dd4607de0a3eeb'
-  + '5d7cc87cfbb02b53a4926269512505611a44818c2ca9439623dfac3a819a'
-  + '0e29c51ca9e95d1eb69e9e300a39cef18880fb4b5dcc32ec856243253402'
-  + '56270191b43b702a3f6eb1e89c88017d9fd4f9db536d609dbf2ce758abb8'
-  + '5f46fccec41b033c09eb49315c6946b3e0470203010001a3820117308201'
-  + '13300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404'
-  + '03020106301d0603551d0e041604143a9a8507106728b6eff6bd05416e20'
-  + 'c194da0fde301f0603551d23041830168014d2c4b0d291d44c1171b361cb'
-  + '3da1fedda86ad4e3303406082b0601050507010104283026302406082b06'
-  + '0105050730018618687474703a2f2f6f6373702e676f64616464792e636f'
-  + '6d2f30320603551d1f042b30293027a025a0238621687474703a2f2f6372'
-  + '6c2e676f64616464792e636f6d2f6764726f6f742e63726c30460603551d'
-  + '20043f303d303b0604551d20003033303106082b06010505070201162568'
-  + '747470733a2f2f63657274732e676f64616464792e636f6d2f7265706f73'
-  + '69746f72792f300d06092a864886f70d01010b05000382010100590b53bd'
-  + '928611a7247bed5b31cf1d1f6c70c5b86ebe4ebbf6be9750e1307fba285c'
-  + '6294c2e37e33f7fb427685db951c8c225875090c886567390a1609c5a038'
-  + '97a4c523933fb418a601064491e3a76927b45a257f3ab732cddd84ff2a38'
-  + '2933a4dd67b285fea188201c5089c8dc2af64203374ce688dfd5af24f2b1'
-  + 'c3dfccb5ece0995eb74954203c94180cc71c521849a46de1b3580bc9d8ec'
-  + 'd9ae1c328e28700de2fea6179e840fbd5770b35ae91fa08653bbef7cff69'
-  + '0be048c3b7930bc80a54c4ac5d1467376ccaa52f310837aa6e6f8cbc9be2'
-  + '575d2481af97979c84ad6cac374c66f361911120e4be309f7aa42909b0e1'
-  + '345f6477184051df8c30a6af0a840830820400308202e8a0030201020201'
-  + '00300d06092a864886f70d01010505003063310b30090603550406130255'
-  + '533121301f060355040a131854686520476f2044616464792047726f7570'
-  + '2c20496e632e3131302f060355040b1328476f20446164647920436c6173'
-  + '7320322043657274696669636174696f6e20417574686f72697479301e17'
-  + '0d3034303632393137303632305a170d3334303632393137303632305a30'
-  + '63310b30090603550406130255533121301f060355040a13185468652047'
-  + '6f2044616464792047726f75702c20496e632e3131302f060355040b1328'
-  + '476f20446164647920436c61737320322043657274696669636174696f6e'
-  + '20417574686f7269747930820120300d06092a864886f70d010101050003'
-  + '82010d00308201080282010100de9dd7ea571849a15bebd75f4886eabedd'
-  + 'ffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2cc'
-  + 'd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a'
-  + '2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f7236'
-  + '4ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a213'
-  + '2dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b'
-  + '62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140'
-  + 'a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c644'
-  + '7b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf02'
-  + '0103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361'
-  + 'cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291'
-  + 'd44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406'
-  + '130255533121301f060355040a131854686520476f204461646479204772'
-  + '6f75702c20496e632e3131302f060355040b1328476f2044616464792043'
-  + '6c61737320322043657274696669636174696f6e20417574686f72697479'
-  + '820100300c0603551d13040530030101ff300d06092a864886f70d010105'
-  + '05000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18'
-  + 'f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428'
-  + 'a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad'
-  + '2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda'
-  + '70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96'
-  + 'ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb'
-  + '4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a0'
-  + '02126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320c'
-  + 'e42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f22a1010a047465'
-  + '7374122008c0c9e714121976a914176d7c5d60da6f8c82de86671a1fb776'
-  + '028538ca88ac18c6f5d89f0520cafcd89f052a395061796d656e74207265'
-  + '717565737420666f722042697450617920696e766f69636520434d577075'
-  + '46736a676d51325a4c6979476663463157323068747470733a2f2f746573'
-  + '742e6269747061792e636f6d2f692f434d57707546736a676d51325a4c69'
-  + '794766634631572a80021566366ab78842a514c056ca7ecb76481262cac7'
-  + '4cc4c4ccdc82c4980bc3300de67836d61d3e06dc8c90798a7774c21c7ad4'
-  + 'fe634b85faa8719d6402411bb720396ae03cbb4e14f06f7894a66b208b99'
-  + 'f727fab35d32f4f2148294d24bea1b3f240c159d0fd3ee4a32e5f926bf7c'
-  + '05eb7a3f75e01d9af81254cfbb61606467750ea7e0a1536728358e0898d0'
-  + '6f57235e4096d2caf647ae58dff645be80c9b3555fa96c81efa07d421977'
-  + 'd26214ad4f1ff642a93d0925656aeab454fa0b60fcbb6c1bc570eb6e43e7'
-  + '613392f37900748635ae381534bfaa558792bc46028b9efce391423a9c12'
-  + '01f76292614b30a14272e837f3813045b035f3d42f4f76f48acd',
-  'hex');
-
 describe('PaymentProtocol', function() {
@@ -869,3 +692,3 @@
     it('should verify a real PaymentRequest', function() {
-      var data = PaymentProtocol.PaymentRequest.decode(bitpayRequest);
+      var data = PaymentProtocol.PaymentRequest.decode(SampleRequest.bitpay);
       var pr = new PaymentProtocol();
@@ -960,2 +783,166 @@ pr = pr.makePaymentRequest(data);
     });
+
+    it('should verify a real PaymentRequest without Root Cert', function() {
+      var data = PaymentProtocol.PaymentRequest.decode(SampleRequest.bitpay2);
+      var pr = new PaymentProtocol();
+      pr = pr.makePaymentRequest(data);
+
+      // PaymentRequest
+      var ver = pr.get('payment_details_version');
+      var pki_type = pr.get('pki_type');
+      var pki_data = pr.get('pki_data');
+      var details = pr.get('serialized_payment_details');
+      var sig = pr.get('signature');
+
+      pki_data = PaymentProtocol.X509Certificates.decode(pki_data);
+      pki_data = pki_data.certificate;
+
+      ver.should.equal(1);
+      pki_type.should.equal('x509+sha256');
+      pki_data.length.should.equal(3);
+
+      if (is_browser) {
+        var type = 'SHA256';
+        var pem = PaymentProtocol.prototype._DERtoPEM(pki_data[0], 'CERTIFICATE');
+        var buf = pr.serializeForSig();
+        var jsrsaSig = new KJUR.crypto.Signature({
+          alg: type + 'withRSA',
+          prov: 'cryptojs/jsrsa'
+        });
+        var signedCert = pki_data[0];
+        var der = signedCert.toString('hex');
+        // var pem = PaymentProtocol.DERtoPEM(der, 'CERTIFICATE');
+        var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
+        jsrsaSig.initVerifyByCertificatePEM(pem);
+        jsrsaSig.updateHex(buf.toString('hex'));
+        jsrsaSig.verify(sig.toString('hex')).should.equal(true);
+      } else {
+        var crypto = require('crypto');
+        var type = 'SHA256';
+        var pem = PaymentProtocol.DERtoPEM(pki_data[0], 'CERTIFICATE');
+        var buf = pr.serializeForSig();
+        var verifier = crypto.createVerify('RSA-' + type);
+        verifier.update(buf);
+        verifier.verify(pem, sig).should.equal(true);
+      }
+
+      // Verify Signature
+      var verified = pr.x509Verify();
+      verified.should.equal(true);
+
+      // Verify Signature with trust properties
+      var trust = pr.x509Verify(true);
+      trust.selfSigned.should.equal(0);
+      trust.isChain.should.equal(true);
+      trust.verified.should.equal(true);
+      trust.caTrusted.should.equal(true);
+      trust.caName.should.equal('Go Daddy Class 2 Certification Authority');
+      trust.chainVerified.should.equal(true);
+
+      // PaymentDetails
+      details = PaymentProtocol.PaymentDetails.decode(details);
+      var pd = new PaymentProtocol();
+      pd = pd.makePaymentDetails(details);
+      var network = pd.get('network');
+      var outputs = pd.get('outputs');
+      var time = pd.get('time');
+      var expires = pd.get('expires');
+      var memo = pd.get('memo');
+      var payment_url = pd.get('payment_url');
+
+      network.should.equal('main');
+      outputs.length.should.equal(1);
+      outputs[0].amount.should.not.equal(undefined);
+      outputs[0].script.should.not.equal(undefined);
+      time.should.equal(1442409238);
+      expires.should.equal(1442410138);
+      memo.should.equal('Payment request for BitPay invoice PAQtNxX7KL8BtJBnfXyTaH for merchant BitGive Foundation');
+      payment_url.should.equal('https://bitpay.com/i/PAQtNxX7KL8BtJBnfXyTaH');
+      var merchant_data = pd.get('merchant_data');
+      should.equal('{"invoiceId":"PAQtNxX7KL8BtJBnfXyTaH","merchantId":"TxZ5RyChmZw2isKjJWGhBc"}', merchant_data.toString());
+    });
+
+    it.skip('should verify a real PaymentRequest without Root Cert (case 2: Coinbase)', function() {
+      var data = PaymentProtocol.PaymentRequest.decode(SampleRequest.coinbase);
+      var pr = new PaymentProtocol();
+      pr = pr.makePaymentRequest(data);
+
+      // PaymentRequest
+      var ver = pr.get('payment_details_version');
+      var pki_type = pr.get('pki_type');
+      var pki_data = pr.get('pki_data');
+      var details = pr.get('serialized_payment_details');
+      var sig = pr.get('signature');
+
+      pki_data = PaymentProtocol.X509Certificates.decode(pki_data);
+      pki_data = pki_data.certificate;
+
+      ver.should.equal(1);
+      pki_type.should.equal('x509+sha256');
+
+      pki_data.length.should.equal(2);
+
+
+      if (is_browser) {
+        var type = 'SHA256';
+        var pem = PaymentProtocol.prototype._DERtoPEM(pki_data[0], 'CERTIFICATE');
+        var buf = pr.serializeForSig();
+        var jsrsaSig = new KJUR.crypto.Signature({
+          alg: type + 'withRSA',
+          prov: 'cryptojs/jsrsa'
+        });
+        var signedCert = pki_data[0];
+        var der = signedCert.toString('hex');
+        // var pem = PaymentProtocol.DERtoPEM(der, 'CERTIFICATE');
+        var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(der, 'CERTIFICATE');
+        jsrsaSig.initVerifyByCertificatePEM(pem);
+        jsrsaSig.updateHex(buf.toString('hex'));
+        jsrsaSig.verify(sig.toString('hex')).should.equal(true);
+      } else {
+        var crypto = require('crypto');
+        var type = 'SHA256';
+        var pem = PaymentProtocol.DERtoPEM(pki_data[0], 'CERTIFICATE');
+        var buf = pr.serializeForSig();
+        var verifier = crypto.createVerify('RSA-' + type);
+        verifier.update(buf);
+        verifier.verify(pem, sig).should.equal(true);
+      }
+
+      // Verify Signature
+      var verified = pr.x509Verify();
+      verified.should.equal(true);
+
+      // Verify Signature with trust properties
+      var trust = pr.x509Verify(true);
+      trust.selfSigned.should.equal(0);
+      trust.isChain.should.equal(true);
+      trust.verified.should.equal(true);
+      trust.caTrusted.should.equal(true);
+      trust.caName.should.equal('Go Daddy Class 2 Certification Authority');
+      trust.chainVerified.should.equal(true);
+
+      // PaymentDetails
+      details = PaymentProtocol.PaymentDetails.decode(details);
+      var pd = new PaymentProtocol();
+      pd = pd.makePaymentDetails(details);
+      var network = pd.get('network');
+      var outputs = pd.get('outputs');
+      var time = pd.get('time');
+      var expires = pd.get('expires');
+      var memo = pd.get('memo');
+      var payment_url = pd.get('payment_url');
+
+      network.should.equal('main');
+      outputs.length.should.equal(1);
+      outputs[0].amount.should.not.equal(undefined);
+      outputs[0].script.should.not.equal(undefined);
+      time.should.equal(1442409238);
+      expires.should.equal(1442410138);
+      memo.should.equal('Payment request for BitPay invoice PAQtNxX7KL8BtJBnfXyTaH for merchant BitGive Foundation');
+      payment_url.should.equal('https://bitpay.com/i/PAQtNxX7KL8BtJBnfXyTaH');
+      var merchant_data = pd.get('merchant_data');
+      should.equal('{"invoiceId":"PAQtNxX7KL8BtJBnfXyTaH","merchantId":"TxZ5RyChmZw2isKjJWGhBc"}', merchant_data.toString());
+    });
+
+
   });
@@ -988,2 +975,3 @@
 
+
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

369125

increased by19.69%

Number of package files

25

increased by8.7%

Lines of code

3363

increased by28.31%

Worsened metrics

Number of low supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

4

increased by33.33%

No dependency changes