diff --git a/browserid/lib/ca.js b/browserid/lib/ca.js index b609a72ece079cdaca1164239e2c08c0a447a7ff..0d50b95542c8c9634b2b9bb9f4e64abdda4d6948 100644 --- a/browserid/lib/ca.js +++ b/browserid/lib/ca.js @@ -77,6 +77,7 @@ function loadPublicKey(name, dir) { var SECRET_KEY = loadSecretKey('root', configuration.get('var_path')); var PUBLIC_KEY = loadPublicKey('root', configuration.get('var_path')); +var HOSTNAME = configuration.get('hostname'); function parsePublicKey(serializedPK) { return jwk.PublicKey.deserialize(serializedPK); @@ -89,14 +90,14 @@ function parseCert(serializedCert) { } function certify(email, publicKey, expiration) { - return new jwcert.JWCert("browserid.org", new Date(), publicKey, {email: email}).sign(SECRET_KEY); + return new jwcert.JWCert(HOSTNAME, new Date(), publicKey, {email: email}).sign(SECRET_KEY); } function verifyChain(certChain, cb) { // raw certs return jwcert.JWCert.verifyChain(certChain, function(issuer, next) { // for now we only do browserid.org issued keys - if (issuer != "browserid.org") + if (issuer != HOSTNAME) return next(null); next(PUBLIC_KEY); diff --git a/verifier/lib/certassertion.js b/verifier/lib/certassertion.js index b2ed480d6c14aa7fc46f9842d9a710e3374592ce..2925b5ac699296f2ea09b03e4d6efceb81d8ae70 100644 --- a/verifier/lib/certassertion.js +++ b/verifier/lib/certassertion.js @@ -45,6 +45,7 @@ jwk = require("../../lib/jwcrypto/jwk"), jwt = require("../../lib/jwcrypto/jwt"), jwcert = require("../../lib/jwcrypto/jwcert"), vep = require("../../lib/jwcrypto/vep"), +configuration = require('../../libs/configuration'), logger = require("../../libs/logging.js").logger; // configuration information to check the issuer @@ -134,7 +135,7 @@ function verify(assertion, audience, successCB, errorCB, pkRetriever) { jwcert.JWCert.verifyChain(bundle.certificates, function(issuer, next) { // for now, only support the browserid.org issuer - if (issuer != "browserid.org") { + if (issuer != configuration.get('hostname')) { // allow other retrievers for now for testing // // retrieve the public key for the issuer and @@ -148,7 +149,9 @@ function verify(assertion, audience, successCB, errorCB, pkRetriever) { } // retrieve the public key for real - retrieveHostPublicKey(issuer, next); + retrieveHostPublicKey(issuer, next, function(err) { + next(null); + }); }, function(pk, principal) { var tok = new jwt.JWT(); tok.parse(bundle.assertion); @@ -162,7 +165,7 @@ function verify(assertion, audience, successCB, errorCB, pkRetriever) { } else { errorCB(); } - }); + }, errorCB); }