-
Notifications
You must be signed in to change notification settings - Fork 5
/
example1.html
171 lines (143 loc) · 5.23 KB
/
example1.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Example #1</title>
<!-- Babel Polyfill -->
<script src="https://fortifyapp.com/external/babel-polyfill/6.26.0/polyfill.min.js"></script>
<!-- Fetch Polyfill -->
<script
nomodule
src="https://fortifyapp.com/external/[email protected]/fetch.umd.js"
></script>
<!-- Crypto Polyfill -->
<script src="https://fortifyapp.com/external/asmCrypto/2.3.2/asmcrypto.all.es5.min.js"></script>
<script src="https://fortifyapp.com/external/elliptic/elliptic.min.js"></script>
<script
type="module"
src="https://fortifyapp.com/external/webcrypto-liner/1.2.3/webcrypto-liner.shim.min.mjs"
></script>
<script
nomodule
src="https://fortifyapp.com/external/webcrypto-liner/1.2.3/webcrypto-liner.shim.min.js"
></script>
<!-- WebCrypto Socket -->
<script src="https://fortifyapp.com/external/protobuf/6.8.0/protobuf.min.js"></script>
<script src="https://fortifyapp.com/external/webcrypto-local/client/1.7.1/webcrypto-socket.min.js"></script>
<!-- CMS -->
<script src="https://fortifyapp.com/external/pvtsutils/pvtsutils.js"></script>
<script src="https://fortifyapp.com/external/asn1js/asn1.min.js"></script>
<script src="https://fortifyapp.com/external/pkijs/pki.min.js"></script>
<script src="src/helper.js"></script>
</head>
<body>
<h2>Certificate request generation</h2>
<div>
<h3>1: Select provider:</h3>
<select name="provider" id="provider" style="width: 300px">
</select>
</div>
<div>
<h3>2: Request CommonName</h3>
<input id="cn" type="text" value="Test request">
</div>
<div>
<h3>3: Create</h3>
<button id="btn" onclick="start()">Start</button>
</div>
<script>
async function main() {
self.ws = new WebcryptoSocket.SocketProvider({
storage: await WebcryptoSocket.BrowserStorage.create(),
});
ws.connect("127.0.0.1:31337")
.on("error", function (e) {
console.error(e);
})
.on("listening", async (e) => {
// Check if end-to-end session is approved
if (! await ws.isLoggedIn()) {
const pin = await ws.challenge();
// show PIN
setTimeout(() => {
alert("2key session PIN:" + pin);
}, 100)
// ask to approve session
await ws.login();
}
await FillProviderSelect($("provider"));
ws.cardReader
.on("insert", updateProvider)
.on("remove", updateProvider);
});
}
async function updateProvider() {
const $provider = $("provider");
$provider.innerHTML = "";
await FillProviderSelect($provider);
}
async function start() {
// Block button
$("btn").disabled = true;
try {
// Get info about allowed providers
const providerId = $("provider").value;
const crypto = await ws.getCrypto(providerId);
// Check provider login
if (! await crypto.isLoggedIn()) {
await crypto.login();
}
// Generate new key pair
const alg = {
name: "RSASSA-PKCS1-v1_5",
hash: "SHA-256",
publicExponent: new Uint8Array([1, 0, 1]),
modulusLength: 2048,
};
const keys = await crypto.subtle.generateKey(alg, false, ["sign", "verify"]);
// Generate new request
// NOTE: pkijs needs crypto engine
pkijs.setEngine("Fortify", crypto, crypto.subtle);
const request = new pkijs.CertificationRequest();
// Fill certificate properties
request.version = 0;
request.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: "2.5.4.6", // Country name
value: new asn1js.PrintableString({ value: "EN" }),
}));
request.attributes = [];
const cn = $("cn").value;
if (!cn) {
throw new Error("CommonName is empty");
}
request.subject.typesAndValues.push(new pkijs.AttributeTypeAndValue({
type: "2.5.4.3", // Common name
value: new asn1js.BmpString({ value: cn }),
}));
fixDN(request.subject);
await request.subjectPublicKeyInfo.importKey(keys.publicKey);
await request.sign(keys.privateKey, "SHA-256");
// Convert request to DER
const derRequest = request.toSchema(true).toBER(false);
const base64 = DerToPem(derRequest, "CERTIFICATE REQUEST");
console.log(base64);
// import key to crypto
const req = await crypto.certStorage.importCert("request", derRequest, alg, ["sign", "verify"]);
// add keys and request to storage
const privateKeyIndex = await crypto.keyStorage.setItem(keys.privateKey);
const publicKeyIndex = await crypto.keyStorage.setItem(keys.publicKey);
const requestIndex = await crypto.certStorage.setItem(req);
const message = "Request was generated successfully.\nIndex of the request is " + requestIndex;
console.log(message);
alert(message);
}
finally {
$("btn").disabled = false;
}
}
main();
</script>
</body>
</html>