-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
implement verifyFromStr #63
base: master
Are you sure you want to change the base?
Changes from 11 commits
d163b5e
5aff0bd
748b3c2
327f6a4
9c32c21
3d6b34f
354a351
c3a1ea9
46b1dd7
90be422
22e520c
de6fbd9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,32 @@ exports.getAltNames = x509.getAltNames; | |
exports.getSubject = x509.getSubject; | ||
exports.getIssuer = x509.getIssuer; | ||
|
||
exports.verifyFromStr = function(certStr, CABundleStr, cb) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Valid if There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
if (typeof cb !== 'function') { | ||
throw new Error('cb should be function'); | ||
} | ||
if (certStr instanceof Buffer) { | ||
certStr = certStr.toString(); | ||
} else if (typeof certStr !== 'string') { | ||
cb(new Error('certStr should be string or buffer')); | ||
return; | ||
} | ||
if (CABundleStr instanceof Buffer) { | ||
CABundleStr = CABundleStr.toString(); | ||
} else if (typeof CABundleStr !== 'string') { | ||
cb(new Error('CABundleStr should be string or buffer')); | ||
return; | ||
} | ||
var caughtErr = null; | ||
try { | ||
x509.verify_from_str(certStr, CABundleStr); | ||
} catch (verificationError) { | ||
caughtErr = verificationError; | ||
} finally { | ||
cb(caughtErr); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Valid the callback is a function, too. |
||
} | ||
}; | ||
|
||
exports.verify = function(certPath, CABundlePath, cb) { | ||
if (!certPath) { | ||
throw new TypeError('Certificate path is required'); | ||
|
@@ -29,8 +55,7 @@ exports.verify = function(certPath, CABundlePath, cb) { | |
try { | ||
x509.verify(certPath, CABundlePath); | ||
cb(null); | ||
} | ||
catch (verificationError) { | ||
} catch (verificationError) { | ||
cb(verificationError); | ||
} | ||
}); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -46,7 +46,72 @@ std::string parse_args(const Nan::FunctionCallbackInfo<v8::Value>& info) { | |
return *String::Utf8Value(info[0]->ToString()); | ||
} | ||
|
||
|
||
NAN_METHOD(verify_from_str) { | ||
Nan::HandleScope scope; | ||
OpenSSL_add_all_algorithms(); | ||
std::string cert_str = *String::Utf8Value(info[0]->ToString()); | ||
std::string ca_str = *String::Utf8Value(info[1]->ToString()); | ||
|
||
X509_STORE *store = NULL; | ||
X509_STORE_CTX *verify_ctx = NULL; | ||
X509 *ca_cert = NULL; | ||
BIO *ca_bio = NULL; | ||
X509 *cert = NULL; | ||
BIO *cert_bio = NULL; | ||
const char *error = NULL; | ||
do { | ||
store = X509_STORE_new(); | ||
if (store == NULL) { | ||
error = "Failed to create X509 certificate store."; | ||
break; | ||
} | ||
verify_ctx = X509_STORE_CTX_new(); | ||
if (verify_ctx == NULL) { | ||
error = "Failed to create X509 verification context."; | ||
break; | ||
} | ||
cert_bio = BIO_new(BIO_s_mem()); | ||
size_t ret = BIO_puts(cert_bio, cert_str.c_str()); | ||
if (ret != cert_str.length()) { | ||
error = "Error reading cert content"; | ||
break; | ||
} | ||
cert = PEM_read_bio_X509(cert_bio, NULL, 0, NULL); | ||
if (cert == NULL) { | ||
error = "Failed to load cert"; | ||
break; | ||
} | ||
ca_bio = BIO_new(BIO_s_mem()); | ||
ret = BIO_puts(ca_bio, ca_str.c_str()); | ||
if (ret != ca_str.length()) { | ||
error = "Error reading ca content"; | ||
break; | ||
} | ||
ca_cert = PEM_read_bio_X509(ca_bio, NULL, 0, NULL); | ||
if (ca_cert == NULL) { | ||
error = "Failed to load ca"; | ||
break; | ||
} | ||
X509_STORE_CTX_init(verify_ctx, store, ca_cert, NULL); | ||
X509_STORE_add_cert(store, cert); | ||
ret = X509_verify_cert(verify_ctx); | ||
if (ret < 1) { | ||
error = X509_verify_cert_error_string(verify_ctx->error); | ||
break; | ||
} | ||
} while(0); | ||
X509_STORE_free(store); | ||
X509_STORE_CTX_free(verify_ctx); | ||
X509_free(ca_cert); | ||
BIO_free_all(ca_bio); | ||
X509_free(cert); | ||
BIO_free_all(cert_bio); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Check There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. these functions have checked NULL, the free function also does nothing when ptr is NULL , so we don't need to check again |
||
if (error != NULL) { | ||
Nan::ThrowError(error); | ||
} else { | ||
info.GetReturnValue().Set(Nan::New(true)); | ||
} | ||
} | ||
|
||
NAN_METHOD(verify) { | ||
Nan::HandleScope scope; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As @Southern said at #63 (comment), please update the CABundleStr to
caBundleStr
.