Merge branch 'feature-certs' of github.com:mozilla/browserid into feature-certs

a0a424a5 · Shane Tomlinson · b1ee54b5 · 16583925 · a0a424a5
Commit a0a424a5 authored 13 years ago by Shane Tomlinson
--- a/verifier/lib/certassertion.js
+++ b/verifier/lib/certassertion.js
@@ -140,28 +140,23 @@ function retrieveHostPublicKey(host, successCB, errorCB) {
 function verify(assertion, audience, successCB, errorCB, pkRetriever) {
  // assertion is bundle
  var bundle = vep.unbundleCertsAndAssertion(assertion);
-  
+
+  var theIssuer;
  jwcert.JWCert.verifyChain(bundle.certificates, function(issuer, next) {
-    console.log("ISSUER is " + issuer);
-    // for now, only support the browserid.org issuer
-    if (issuer != configuration.get('hostname')) {
-      // allow other retrievers for now for testing
-      //
-      // retrieve the public key for the issuer and
-      // pass it to the continuation
-      if (pkRetriever)
-        pkRetriever(issuer, next);
-      else
-        next(null);
-
-      return;
+    theIssuer = issuer;
+    // allow other retrievers for testing
+    if (pkRetriever)
+      pkRetriever(issuer, next);
+    else
+      retrieveHostPublicKey(issuer, next, function(err) {next(null);});
+  }, function(pk, principal) {
+    // primary?
+    if (theIssuer != configuration.get('hostname')) {
+      // then the email better match the issuer
+      if (!principal.email.match("@" + theIssuer + "$"))
+        return errorCB();
    }

-    // retrieve the public key for real
-    retrieveHostPublicKey(issuer, next, function(err) {
-      next(null);
-    });
-  }, function(pk, principal) {
    var tok = new jwt.JWT();
    tok.parse(bundle.assertion);