From 6c2e0b7fd2417de80ef8e44a28f3fdd8347e34cb Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Sat, 3 Sep 2011 14:39:25 -0700
Subject: [PATCH] moved ca verification function to return a pk, rather than to
compare to an existing pk
---
browserid/lib/ca.js | 8 ++++----
browserid/tests/ca-test.js | 2 +-
browserid/tests/cert-emails-test.js | 9 +++++----
lib/jwcrypto | 2 +-
4 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/browserid/lib/ca.js b/browserid/lib/ca.js
index 45fa72603..fd1b5bc2d 100644
--- a/browserid/lib/ca.js
+++ b/browserid/lib/ca.js
@@ -95,10 +95,10 @@ function certify(email, publicKey, expiration) {
return new jwcert.JWCert("browserid.org", new Date(), publicKey, {email: email}).sign(SECRET_KEY);
}
-function verifyChain(certChain, publicKey) {
+function verifyChain(certChain) {
// the certChain is expected to be ordered
// first cert signed root, next cert signed by first, ...
- // last cert should contain the expected public key
+ // returns the last certified public key
var currentPublicKey = PUBLIC_KEY;
for (var i =0; i < certChain.length; i++) {
var cert = certChain[i];
@@ -110,8 +110,8 @@ function verifyChain(certChain, publicKey) {
currentPublicKey = cert.pk;
}
- // pk matches?
- return currentPublicKey.serialize() == publicKey.serialize();
+ // return last certified public key
+ return currentPublicKey;
}
// exports, not the key stuff
diff --git a/browserid/tests/ca-test.js b/browserid/tests/ca-test.js
index 225a2231c..2806cca23 100755
--- a/browserid/tests/ca-test.js
+++ b/browserid/tests/ca-test.js
@@ -66,7 +66,7 @@ suite.addBatch({
},
"verifies": function(r, err) {
var cert = ca.parseCert(r);
- assert.isTrue(ca.verifyChain([cert], kp.publicKey));
+ assert.isTrue(ca.verifyChain([cert]).equals(kp.publicKey));
}
},
"certify a chain of keys": {
diff --git a/browserid/tests/cert-emails-test.js b/browserid/tests/cert-emails-test.js
index 736e310f3..556cb31d8 100755
--- a/browserid/tests/cert-emails-test.js
+++ b/browserid/tests/cert-emails-test.js
@@ -102,8 +102,9 @@ suite.addBatch({
var cert_key_url = "/wsapi/cert_key";
-var pubkey = '-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMKlDDHBs5/B0uHDF3AZqOqzavAvpESI\nxEy2/6/p0gOhlUhkj/fWnQWyhM4lU3Ts5+aCzCoQvlWDGePphk8H9FMCAwEAAQ==\n-----END PUBLIC KEY-----\n';
-var pk_obj = jws.getByAlg("RS").PublicKey.deserialize(pubkey);
+// generate a keypair, we'll use this to sign assertions, as if
+// this keypair is stored in the browser localStorage
+var kp = jws.getByAlg("RS").KeyPair.generate(64);
suite.addBatch({
"cert key with no parameters": {
@@ -119,7 +120,7 @@ suite.addBatch({
}
},
"cert key invoked with proper argument": {
- topic: wsapi.post(cert_key_url, { email: 'syncer@somehost.com', pubkey: pubkey }),
+ topic: wsapi.post(cert_key_url, { email: 'syncer@somehost.com', pubkey: kp.publicKey.serialize() }),
"returns a response with a proper content-type" : function(r, err) {
assert.strictEqual(r.code, 200);
assert.isTrue(r.headers['content-type'].indexOf('application/json; charset=utf-8') > -1);
@@ -128,7 +129,7 @@ suite.addBatch({
var cert = new jwcert.JWCert();
cert.parse(JSON.parse(r.body));
- assert.isTrue(ca.verifyChain([cert], pk_obj));
+ assert.isTrue(ca.verifyChain([cert]).equals(kp.publicKey));
}
}
// NOTE: db-test has more thorough tests of the algorithm behind the sync_emails API
diff --git a/lib/jwcrypto b/lib/jwcrypto
index 63912eac2..9aaa4c075 160000
--- a/lib/jwcrypto
+++ b/lib/jwcrypto
@@ -1 +1 @@
-Subproject commit 63912eac29589c421d01a70826a74c6b5ef79829
+Subproject commit 9aaa4c075c9b4f6188b5f0098e641f21f2c30a2a
--
GitLab