From 613da4d0b5768876f379b9814e7aaff423576a15 Mon Sep 17 00:00:00 2001 From: pehmo1 Date: Thu, 19 Aug 2021 14:48:17 +0300 Subject: [PATCH] Get all crypto values from authority --- static/js/certidude.js | 36 +++++++++++++++++++----------------- static/js/util.js | 4 ++++ 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/static/js/certidude.js b/static/js/certidude.js index 5c76ba5..d2eef0e 100644 --- a/static/js/certidude.js +++ b/static/js/certidude.js @@ -16,6 +16,7 @@ import { pkcs12chain } from "./pkcs12chain.js"; import { pkijsToPem, pkijsToBase64, + pemToBase64, } from "./util.js" const DEVICE_KEYWORDS = ["Android", "iPhone", "iPad", "Windows", "Ubuntu", "Fedora", "Mac", "Linux"]; @@ -102,14 +103,14 @@ function onKeyGen() { let algorithm; if (authority.certificate.algorithm == "rsa") { algorithm = getAlgorithmParameters( - window.authority.rsa_sign_alg, "generatekey"); + window.authority.certificate.key_type_specific, "generatekey"); } if (authority.certificate.algorithm == "ec") { algorithm = getAlgorithmParameters( - window.authority.ec_sign_alg, "generatekey"); + window.authority.certificate.curve, "generatekey"); } if ("hash" in algorithm.algorithm) - algorithm.algorithm.hash.name = window.authority.hash_alg; + algorithm.algorithm.hash.name = window.authority.certificate.hash_algorithm; const keyPair = await window.cryptoEngine.generateKey( algorithm.algorithm, true, algorithm.usages); @@ -118,7 +119,7 @@ function onKeyGen() { const privateKey = keyPair.privateKey; await pkcs10.subjectPublicKeyInfo.importKey(publicKey); - await pkcs10.sign(privateKey, window.authority.hash_alg); + await pkcs10.sign(privateKey, window.authority.certificate.hash_algorithm); window.csr = pkcs10; console.info("Certification request created"); @@ -184,23 +185,21 @@ function onEnroll(encoding) { xhr.open('GET', "/api/certificate/"); xhr.onload = async function() { if (xhr.status === 200) { - const caBase64 = xhr.responseText.replace( - /(-----(BEGIN|END) CERTIFICATE-----|\n)/g, ""); + const caBase64 = pemToBase64(xhr.responseText); var xhr2 = new XMLHttpRequest(); xhr2.open("PUT", "/api/token/?token=" + query.token ); xhr2.onload = async function() { if (xhr2.status === 200) { var a = document.createElement("a"); - const certBase64 = xhr.responseText.replace( - /(-----(BEGIN|END) CERTIFICATE-----|\n)/g, ""); + const certBase64 = pemToBase64(xhr.responseText); // Private key to base64 (for pkcs12chain) let privKeyBase64 = await pkijsToBase64(keys.privateKey); switch(encoding) { case 'p12': - var p12 = await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.hash_alg); + var p12 = await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.certificate.hash_algorithm); var buf = arrayBufferToString(p12.toSchema().toBER(false)); var mimetype = "application/x-pkcs12" @@ -208,7 +207,7 @@ function onEnroll(encoding) { break case 'sswan': var p12 = arrayBufferToString( - (await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.hash_alg)).toSchema().toBER(false)); + (await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.certificate.hash_algorithm)).toSchema().toBER(false)); var buf = JSON.stringify({ uuid: await blobToUuid(authority.namespace), @@ -247,7 +246,7 @@ function onEnroll(encoding) { var p12 = arrayBufferToString( (await pkcs12chain( privKeyBase64, [certBase64, caBase64], - "1234", window.authority.hash_alg)) + "1234", window.authority.certificate.hash_algorithm)) .toSchema().toBER(false)); var buf = nunjucks.render('snippets/ios.mobileconfig', { @@ -312,9 +311,12 @@ async function onHashChanged() { }, success: async function(authority) { window.authority = authority - window.authority.hash_alg = "SHA-384"; - window.authority.rsa_sign_alg = "RSASSA-PKCS1-v1_5"; - window.authority.ec_sign_alg = "ECDSA"; + + // convert "sha512" to "SHA-512" + window.authority.certificate.hash_algorithm = + (window.authority.certificate.hash_algorithm.slice(0,3) + + "-" + window.authority.certificate.hash_algorithm.slice(3)) + .toUpperCase(); var prefix = "unknown"; for (i in DEVICE_KEYWORDS) { @@ -770,10 +772,10 @@ function loadAuthority(query) { $("#enroll").click(async function() { var keys = await window.cryptoEngine.generateKey( { - name: "RSASSA-PKCS1-v1_5", - modulusLength: 1024, + name: window.authority.certificate.key_type_specific, + modulusLength: window.authority.certificate.key_size, publicExponent: new Uint8Array([1, 0, 1]), - hash: "SHA-256", + hash: window.authority.certificate.hash_algorithm, }, true, ["encrypt", "decrypt"]); diff --git a/static/js/util.js b/static/js/util.js index ec1d4c2..e9a4c43 100644 --- a/static/js/util.js +++ b/static/js/util.js @@ -47,4 +47,8 @@ export function pkijsToPem(pkijsObj) { break; } }); +} + +export function pemToBase64(pem) { + return pem.replace(/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, ""); } \ No newline at end of file