Add support for EC keys #3
@ -16,6 +16,7 @@ import { pkcs12chain } from "./pkcs12chain.js";
|
|||||||
import {
|
import {
|
||||||
pkijsToPem,
|
pkijsToPem,
|
||||||
pkijsToBase64,
|
pkijsToBase64,
|
||||||
|
pemToBase64,
|
||||||
} from "./util.js"
|
} from "./util.js"
|
||||||
|
|
||||||
const DEVICE_KEYWORDS = ["Android", "iPhone", "iPad", "Windows", "Ubuntu", "Fedora", "Mac", "Linux"];
|
const DEVICE_KEYWORDS = ["Android", "iPhone", "iPad", "Windows", "Ubuntu", "Fedora", "Mac", "Linux"];
|
||||||
@ -102,14 +103,14 @@ function onKeyGen() {
|
|||||||
let algorithm;
|
let algorithm;
|
||||||
if (authority.certificate.algorithm == "rsa") {
|
if (authority.certificate.algorithm == "rsa") {
|
||||||
algorithm = getAlgorithmParameters(
|
algorithm = getAlgorithmParameters(
|
||||||
window.authority.rsa_sign_alg, "generatekey");
|
window.authority.certificate.key_type_specific, "generatekey");
|
||||||
}
|
}
|
||||||
if (authority.certificate.algorithm == "ec") {
|
if (authority.certificate.algorithm == "ec") {
|
||||||
algorithm = getAlgorithmParameters(
|
algorithm = getAlgorithmParameters(
|
||||||
window.authority.ec_sign_alg, "generatekey");
|
window.authority.certificate.curve, "generatekey");
|
||||||
}
|
}
|
||||||
if ("hash" in algorithm.algorithm)
|
if ("hash" in algorithm.algorithm)
|
||||||
algorithm.algorithm.hash.name = window.authority.hash_alg;
|
algorithm.algorithm.hash.name = window.authority.certificate.hash_algorithm;
|
||||||
|
|
||||||
const keyPair = await window.cryptoEngine.generateKey(
|
const keyPair = await window.cryptoEngine.generateKey(
|
||||||
algorithm.algorithm, true, algorithm.usages);
|
algorithm.algorithm, true, algorithm.usages);
|
||||||
@ -118,7 +119,7 @@ function onKeyGen() {
|
|||||||
const privateKey = keyPair.privateKey;
|
const privateKey = keyPair.privateKey;
|
||||||
|
|
||||||
await pkcs10.subjectPublicKeyInfo.importKey(publicKey);
|
await pkcs10.subjectPublicKeyInfo.importKey(publicKey);
|
||||||
await pkcs10.sign(privateKey, window.authority.hash_alg);
|
await pkcs10.sign(privateKey, window.authority.certificate.hash_algorithm);
|
||||||
window.csr = pkcs10;
|
window.csr = pkcs10;
|
||||||
console.info("Certification request created");
|
console.info("Certification request created");
|
||||||
|
|
||||||
@ -184,23 +185,21 @@ function onEnroll(encoding) {
|
|||||||
xhr.open('GET', "/api/certificate/");
|
xhr.open('GET', "/api/certificate/");
|
||||||
xhr.onload = async function() {
|
xhr.onload = async function() {
|
||||||
if (xhr.status === 200) {
|
if (xhr.status === 200) {
|
||||||
const caBase64 = xhr.responseText.replace(
|
const caBase64 = pemToBase64(xhr.responseText);
|
||||||
/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, "");
|
|
||||||
|
|
||||||
var xhr2 = new XMLHttpRequest();
|
var xhr2 = new XMLHttpRequest();
|
||||||
xhr2.open("PUT", "/api/token/?token=" + query.token );
|
xhr2.open("PUT", "/api/token/?token=" + query.token );
|
||||||
xhr2.onload = async function() {
|
xhr2.onload = async function() {
|
||||||
if (xhr2.status === 200) {
|
if (xhr2.status === 200) {
|
||||||
var a = document.createElement("a");
|
var a = document.createElement("a");
|
||||||
const certBase64 = xhr.responseText.replace(
|
const certBase64 = pemToBase64(xhr.responseText);
|
||||||
/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, "");
|
|
||||||
|
|
||||||
// Private key to base64 (for pkcs12chain)
|
// Private key to base64 (for pkcs12chain)
|
||||||
let privKeyBase64 = await pkijsToBase64(keys.privateKey);
|
let privKeyBase64 = await pkijsToBase64(keys.privateKey);
|
||||||
|
|
||||||
switch(encoding) {
|
switch(encoding) {
|
||||||
case 'p12':
|
case 'p12':
|
||||||
var p12 = await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.hash_alg);
|
var p12 = await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.certificate.hash_algorithm);
|
||||||
|
|
||||||
var buf = arrayBufferToString(p12.toSchema().toBER(false));
|
var buf = arrayBufferToString(p12.toSchema().toBER(false));
|
||||||
var mimetype = "application/x-pkcs12"
|
var mimetype = "application/x-pkcs12"
|
||||||
@ -208,7 +207,7 @@ function onEnroll(encoding) {
|
|||||||
break
|
break
|
||||||
case 'sswan':
|
case 'sswan':
|
||||||
var p12 = arrayBufferToString(
|
var p12 = arrayBufferToString(
|
||||||
(await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.hash_alg)).toSchema().toBER(false));
|
(await pkcs12chain(privKeyBase64, [certBase64, caBase64], "", window.authority.certificate.hash_algorithm)).toSchema().toBER(false));
|
||||||
|
|
||||||
var buf = JSON.stringify({
|
var buf = JSON.stringify({
|
||||||
uuid: await blobToUuid(authority.namespace),
|
uuid: await blobToUuid(authority.namespace),
|
||||||
@ -247,7 +246,7 @@ function onEnroll(encoding) {
|
|||||||
var p12 = arrayBufferToString(
|
var p12 = arrayBufferToString(
|
||||||
(await pkcs12chain(
|
(await pkcs12chain(
|
||||||
privKeyBase64, [certBase64, caBase64],
|
privKeyBase64, [certBase64, caBase64],
|
||||||
"1234", window.authority.hash_alg))
|
"1234", window.authority.certificate.hash_algorithm))
|
||||||
.toSchema().toBER(false));
|
.toSchema().toBER(false));
|
||||||
|
|
||||||
var buf = nunjucks.render('snippets/ios.mobileconfig', {
|
var buf = nunjucks.render('snippets/ios.mobileconfig', {
|
||||||
@ -312,9 +311,12 @@ async function onHashChanged() {
|
|||||||
},
|
},
|
||||||
success: async function(authority) {
|
success: async function(authority) {
|
||||||
window.authority = authority
|
window.authority = authority
|
||||||
window.authority.hash_alg = "SHA-384";
|
|
||||||
window.authority.rsa_sign_alg = "RSASSA-PKCS1-v1_5";
|
// convert "sha512" to "SHA-512"
|
||||||
window.authority.ec_sign_alg = "ECDSA";
|
window.authority.certificate.hash_algorithm =
|
||||||
|
(window.authority.certificate.hash_algorithm.slice(0,3) +
|
||||||
|
"-" + window.authority.certificate.hash_algorithm.slice(3))
|
||||||
|
.toUpperCase();
|
||||||
|
|
||||||
var prefix = "unknown";
|
var prefix = "unknown";
|
||||||
for (i in DEVICE_KEYWORDS) {
|
for (i in DEVICE_KEYWORDS) {
|
||||||
@ -770,10 +772,10 @@ function loadAuthority(query) {
|
|||||||
$("#enroll").click(async function() {
|
$("#enroll").click(async function() {
|
||||||
var keys = await window.cryptoEngine.generateKey(
|
var keys = await window.cryptoEngine.generateKey(
|
||||||
{
|
{
|
||||||
name: "RSASSA-PKCS1-v1_5",
|
name: window.authority.certificate.key_type_specific,
|
||||||
modulusLength: 1024,
|
modulusLength: window.authority.certificate.key_size,
|
||||||
publicExponent: new Uint8Array([1, 0, 1]),
|
publicExponent: new Uint8Array([1, 0, 1]),
|
||||||
hash: "SHA-256",
|
hash: window.authority.certificate.hash_algorithm,
|
||||||
},
|
},
|
||||||
true,
|
true,
|
||||||
["encrypt", "decrypt"]);
|
["encrypt", "decrypt"]);
|
||||||
|
|||||||
@ -47,4 +47,8 @@ export function pkijsToPem(pkijsObj) {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
export function pemToBase64(pem) {
|
||||||
|
return pem.replace(/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, "");
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user