Add support for EC keys #3
@ -12,20 +12,18 @@ import {
|
||||
} from "../node_modules/pkijs/src/common.js";
|
||||
import CertificationRequest from "../node_modules/pkijs/src/CertificationRequest.js";
|
||||
import AttributeTypeAndValue from "../node_modules/pkijs/src/AttributeTypeAndValue.js";
|
||||
import { formatPEM } from "./formatPEM.js";
|
||||
import { pkcs12chain } from "./pkcs12chain.js";
|
||||
import {
|
||||
privKeyToBase64,
|
||||
privKeyToPem,
|
||||
certReqToPem
|
||||
pkijsToPem,
|
||||
pkijsToBase64,
|
||||
} from "./util.js"
|
||||
|
||||
const DEVICE_KEYWORDS = ["Android", "iPhone", "iPad", "Windows", "Ubuntu", "Fedora", "Mac", "Linux"];
|
||||
|
||||
jQuery.timeago.settings.allowFuture = true;
|
||||
|
||||
const crypto = getCrypto();
|
||||
if (typeof crypto === "undefined")
|
||||
window.cryptoEngine = getCrypto();
|
||||
if (typeof window.cryptoEngine === "undefined")
|
||||
console.error("No WebCrypto extension found");
|
||||
|
||||
function onLaunchShell(common_name) {
|
||||
@ -113,7 +111,7 @@ function onKeyGen() {
|
||||
if ("hash" in algorithm.algorithm)
|
||||
algorithm.algorithm.hash.name = window.authority.hash_alg;
|
||||
|
||||
const keyPair = await crypto.generateKey(
|
||||
const keyPair = await window.cryptoEngine.generateKey(
|
||||
algorithm.algorithm, true, algorithm.usages);
|
||||
window.keys = keyPair;
|
||||
const publicKey = keyPair.publicKey;
|
||||
@ -157,7 +155,10 @@ function onKeyGen() {
|
||||
|
||||
function blobToUuid(blob) {
|
||||
return new Promise((resolve, reject) => {
|
||||
crypto.digest({ name: "SHA-1" }, stringToArrayBuffer(blob)).then((res) => {
|
||||
window.cryptoEngine.digest(
|
||||
{ name: "SHA-1" },
|
||||
stringToArrayBuffer(blob))
|
||||
.then((res) => {
|
||||
res = bufferToHexCodes(res).toLowerCase();
|
||||
res =
|
||||
res.substring(0, 8) +
|
||||
@ -195,7 +196,7 @@ function onEnroll(encoding) {
|
||||
/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, "");
|
||||
|
||||
// Private key to base64 (for pkcs12chain)
|
||||
let privKeyBase64 = await privKeyToBase64(keys.privateKey, crypto);
|
||||
let privKeyBase64 = await pkijsToBase64(keys.privateKey);
|
||||
|
||||
switch(encoding) {
|
||||
case 'p12':
|
||||
@ -231,7 +232,7 @@ function onEnroll(encoding) {
|
||||
a.download = query.title + ".sswan";
|
||||
break
|
||||
case 'ovpn':
|
||||
let privKeyPem = await privKeyToPem(keys.privateKey, crypto);
|
||||
let privKeyPem = await pkijsToPem(keys.privateKey);
|
||||
|
||||
var buf = nunjucks.render('snippets/openvpn-client.conf', {
|
||||
authority: authority,
|
||||
@ -281,9 +282,7 @@ function onEnroll(encoding) {
|
||||
}
|
||||
}
|
||||
};
|
||||
let resultString = await certReqToPem(window.csr);
|
||||
|
||||
xhr2.send(resultString);
|
||||
xhr2.send(await pkijsToPem(window.csr));
|
||||
}
|
||||
}
|
||||
xhr.send();
|
||||
@ -769,7 +768,7 @@ function loadAuthority(query) {
|
||||
|
||||
|
||||
$("#enroll").click(async function() {
|
||||
var keys = await crypto.generateKey(
|
||||
var keys = await window.cryptoEngine.generateKey(
|
||||
{
|
||||
name: "RSASSA-PKCS1-v1_5",
|
||||
modulusLength: 1024,
|
||||
@ -795,11 +794,7 @@ function loadAuthority(query) {
|
||||
|
||||
|
||||
|
||||
var pkcs8 = await crypto.exportKey("pkcs8", keys.privateKey);
|
||||
var pem = formatPEM(
|
||||
toBase64(String.fromCharCode.apply(null, new Uint8Array(pkcs8)))
|
||||
);
|
||||
privateKeyBuffer = `-----BEGIN RSA PRIVATE KEY-----\r\n${pem}\r\n-----END RSA PRIVATE KEY-----\r\n`;
|
||||
var privateKeyBuffer = pkijsToPem(keys.privateKey);
|
||||
});
|
||||
|
||||
/**
|
||||
|
@ -1,51 +1,50 @@
|
||||
import * as asn1js from "asn1js";
|
||||
import {
|
||||
arrayBufferToString,
|
||||
stringToArrayBuffer,
|
||||
toBase64,
|
||||
fromBase64,
|
||||
bufferToHexCodes
|
||||
} from "pvutils";
|
||||
import {
|
||||
getCrypto,
|
||||
getAlgorithmParameters,
|
||||
} from "../node_modules/pkijs/src/common.js";
|
||||
import CertificationRequest from "../node_modules/pkijs/src/CertificationRequest.js";
|
||||
import AttributeTypeAndValue from "../node_modules/pkijs/src/AttributeTypeAndValue.js";
|
||||
import Certificate from "../node_modules/pkijs/src/Certificate.js";
|
||||
import { formatPEM } from "./formatPEM.js";
|
||||
|
||||
export async function privKeyToBase64(privKey, crypto) {
|
||||
export function pkijsToBase64(pkijsObj) {
|
||||
return new Promise(async (resolve, reject) => {
|
||||
switch(pkijsObj.__proto__.constructor.name) {
|
||||
case "CryptoKey":
|
||||
let arrayBuf = new ArrayBuffer(0);
|
||||
arrayBuf = await crypto.exportKey("pkcs8", privKey);
|
||||
|
||||
resolve(formatPEM(toBase64(arrayBufferToString(arrayBuf))));
|
||||
if (pkijsObj.type == "private")
|
||||
arrayBuf = await window.cryptoEngine.exportKey("pkcs8", pkijsObj);
|
||||
else
|
||||
arrayBuf = await window.cryptoEngine.exportKey("spki", pkijsObj);
|
||||
|
||||
resolve(toBase64(arrayBufferToString(arrayBuf)));
|
||||
break;
|
||||
|
||||
case "CertificationRequest":
|
||||
resolve(toBase64(arrayBufferToString(pkijsObj.toSchema().toBER(false))));
|
||||
break;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
export async function privKeyToPem(privKey, crypto) {
|
||||
export function pkijsToPem(pkijsObj) {
|
||||
return new Promise(async (resolve, reject) => {
|
||||
let privKeyExported = await crypto.exportKey("pkcs8", privKey);
|
||||
switch(pkijsObj.__proto__.constructor.name) {
|
||||
case "CryptoKey":
|
||||
let privKeyExported = await window.cryptoEngine.exportKey("pkcs8", pkijsObj);
|
||||
let privKeyBody = formatPEM(
|
||||
toBase64(
|
||||
String.fromCharCode.apply(null, new Uint8Array(privKeyExported))
|
||||
)
|
||||
);
|
||||
let privKeyPem = `-----BEGIN RSA PRIVATE KEY-----\r\n${privKeyBody}\r\n-----END RSA PRIVATE KEY-----\r\n`;
|
||||
resolve(`-----BEGIN RSA PRIVATE KEY-----\r\n${privKeyBody}\r\n-----END RSA PRIVATE KEY-----\r\n`);
|
||||
break;
|
||||
|
||||
resolve(privKeyPem);
|
||||
});
|
||||
}
|
||||
|
||||
export async function certReqToPem(csr) {
|
||||
return new Promise(async (resolve, reject) => {
|
||||
case "CertificationRequest":
|
||||
let resPem = "-----BEGIN CERTIFICATE REQUEST-----\r\n";
|
||||
resPem = `${resPem}${formatPEM(
|
||||
toBase64(arrayBufferToString(csr.toSchema().toBER(false)))
|
||||
toBase64(arrayBufferToString(pkijsObj.toSchema().toBER(false)))
|
||||
)}`;
|
||||
resPem = `${resPem}\r\n-----END CERTIFICATE REQUEST-----\r\n`;
|
||||
|
||||
resolve(resPem);
|
||||
resolve(`${resPem}\r\n-----END CERTIFICATE REQUEST-----\r\n`);
|
||||
break;
|
||||
}
|
||||
});
|
||||
}
|
Loading…
Reference in New Issue
Block a user