From a8a9168648f2b0fa90dc40cdf8815d3bfed72ee7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Wed, 29 Sep 2021 13:57:21 +0300 Subject: [PATCH] Use updated WebCrypto parameters from bootstrap API endpoint --- static/js/certidude.js | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/static/js/certidude.js b/static/js/certidude.js index 9428280..9e23bea 100644 --- a/static/js/certidude.js +++ b/static/js/certidude.js @@ -88,6 +88,9 @@ function onKeyGen() { return; } + console.info("Using hashing algorithm:", window.authority.webcrypto.hash_algorithm); + console.info("Using signature algorithm:", window.authority.webcrypto.signature_algorithm); + let pkcs10 = new CertificationRequest(); // Commonname @@ -103,18 +106,15 @@ function onKeyGen() { let algorithm; if (authority.certificate.algorithm == "rsa") { algorithm = getAlgorithmParameters( - window.authority.certificate.signature_algorithm, "generatekey"); + window.authority.webcrypto.signature_algorithm, "generatekey"); + } else if (authority.certificate.algorithm == "ec") { + algorithm = getAlgorithmParameters("ECDSA", "generatekey"); + algorithm.algorithm.namedCurve = window.authority.webcrypto.curve; + } else { + console.error("Unsupported certificate algortihm:", authority.certificate.algorithm); } - if (authority.certificate.algorithm == "ec") { - if(authority.certificate.curve.startsWith("secp")) { - algorithm = getAlgorithmParameters( - "ECDSA", "generatekey"); - algorithm.algorithm.namedCurve = - `P-${authority.certificate.curve.slice(4,7)}`; - } - } - if ("hash" in algorithm.algorithm) - algorithm.algorithm.hash.name = window.authority.certificate.hash_algorithm; + + algorithm.algorithm.hash.name = window.authority.webcrypto.hash_algorithm; const keyPair = await window.cryptoEngine.generateKey( algorithm.algorithm, true, algorithm.usages); @@ -123,7 +123,7 @@ function onKeyGen() { const privateKey = keyPair.privateKey; await pkcs10.subjectPublicKeyInfo.importKey(publicKey); - await pkcs10.sign(privateKey, window.authority.certificate.hash_algorithm); + await pkcs10.sign(privateKey, window.authority.webcrypto.hash_algorithm); window.csr = pkcs10; console.info("Certification request created"); @@ -204,7 +204,7 @@ function onEnroll(encoding) { switch(encoding) { case 'sswan': var p12 = arrayBufferToString( - (await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.certificate.hash_algorithm)).toSchema().toBER(false)); + (await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.webcrypto.hash_algorithm)).toSchema().toBER(false)); var buf = JSON.stringify({ uuid: await blobToUuid(authority.namespace), @@ -243,7 +243,7 @@ function onEnroll(encoding) { var p12 = arrayBufferToString( (await pkcs12chain( privKeyBase64, [certBase64, caBase64], - "1234", window.authority.certificate.hash_algorithm)) + "1234", window.authority.webcrypto.hash_algorithm)) .toSchema().toBER(false)); var buf = nunjucks.render('snippets/ios.mobileconfig', { @@ -765,10 +765,10 @@ function loadAuthority(query) { $("#enroll").click(async function() { var keys = await window.cryptoEngine.generateKey( { - name: window.authority.certificate.signature_algorithm, + name: window.authority.webcrypto.signature_algorithm, modulusLength: window.authority.certificate.key_size, publicExponent: new Uint8Array([1, 0, 1]), - hash: window.authority.certificate.hash_algorithm, + hash: window.authority.webcrypto.hash_algorithm, }, true, ["encrypt", "decrypt"]);