From 354217a4b507c11e9e211d7ac3ed843f91666ff3 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Sat, 3 Sep 2011 14:07:05 -0700
Subject: [PATCH] changed ca interface to make it more sensible

---
 browserid/lib/ca.js        | 16 +++++++++++++---
 browserid/lib/wsapi.js     |  5 +++--
 browserid/tests/ca-test.js |  9 ++++++---
 3 files changed, 22 insertions(+), 8 deletions(-)
 mode change 100644 => 100755 browserid/tests/ca-test.js

diff --git a/browserid/lib/ca.js b/browserid/lib/ca.js
index 533538ae2..45fa72603 100644
--- a/browserid/lib/ca.js
+++ b/browserid/lib/ca.js
@@ -81,10 +81,18 @@ function loadPublicKey(name, dir) {
 var SECRET_KEY = loadSecretKey('root', configuration.get('var_path'));
 var PUBLIC_KEY = loadPublicKey('root', configuration.get('var_path'));
 
-function certify(email, serializedPublicKey) {
-  var pk = jws.getByAlg("RS").PublicKey.deserialize(serializedPublicKey);
+function parsePublicKey(serializedPK) {
+  return jws.getByAlg("RS").PublicKey.deserialize(serializedPK);
+}
+
+function parseCert(serializedCert) {
+  var cert = new jwcert.JWCert();
+  cert.parse(serializedCert);
+  return cert;
+}
 
-  return new jwcert.JWCert("browserid.org", new Date(), pk, {email: email}).sign(SECRET_KEY);
+function certify(email, publicKey, expiration) {
+  return new jwcert.JWCert("browserid.org", new Date(), publicKey, {email: email}).sign(SECRET_KEY);
 }
 
 function verifyChain(certChain, publicKey) {
@@ -109,3 +117,5 @@ function verifyChain(certChain, publicKey) {
 // exports, not the key stuff
 exports.certify = certify;
 exports.verifyChain = verifyChain;
+exports.parsePublicKey = parsePublicKey;
+exports.parseCert = parseCert;
\ No newline at end of file
diff --git a/browserid/lib/wsapi.js b/browserid/lib/wsapi.js
index e6983ced5..be8b4f882 100644
--- a/browserid/lib/wsapi.js
+++ b/browserid/lib/wsapi.js
@@ -298,10 +298,11 @@ function setup(app) {
       // not same account? big fat error
       if (!sameAccount) return httputils.badRequest(resp, "that email does not belong to you");
 
-      // pubkey is checked in ca.certify
+      // parse the pubkey
+      var pk = ca.parsePublicKey(req.body.pubkey);
       
       // same account, we certify the key
-      var cert = ca.certify(req.body.email, req.body.pubkey);
+      var cert = ca.certify(req.body.email, pk);
       resp.json(cert);
     });
   });
diff --git a/browserid/tests/ca-test.js b/browserid/tests/ca-test.js
old mode 100644
new mode 100755
index 2b13df7a3..b42ebf6d3
--- a/browserid/tests/ca-test.js
+++ b/browserid/tests/ca-test.js
@@ -59,10 +59,13 @@ var email_addr = "foo@foo.com";
 // create a new account via the api with (first address)
 suite.addBatch({
   "certify a public key": {
-    topic: ca.certify(email_addr, kp.publicKey.serialize()),
+    topic: ca.certify(email_addr, kp.publicKey),
+    "parses" : function(r, err) {
+      var cert = ca.parseCert(r);
+      assert.notEqual(cert, null);
+    },
     "verifies": function(r, err) {
-      var cert = new jwcert.JWCert();
-      cert.parse(r);
+      var cert = ca.parseCert(r);
       assert.isTrue(ca.verifyChain([cert], kp.publicKey));
     }
   }
-- 
GitLab