1 /**
  2  *  ---------
  3  * |.##> <##.|  SmartCard-HSM Support Scripts
  4  * |#       #|  
  5  * |#       #|  Copyright (c) 2011-2012 CardContact Software & System Consulting
  6  * |'##> <##'|  Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de)
  7  *  --------- 
  8  *
  9  * Consult your license package for usage terms and conditions.
 10  * 
 11  * @fileoverview Generator for PKCS#10 encoded certificate requests
 12  */
 13 
 14 
 15 // Load classes
 16 load("tools/file.js");
 17 load("../lib/smartcardhsm.js");
 18 load("../lib/hsmkeystore.js");
 19 
 20 
 21 
 22 // Information for PKCS#10 Request
 23 var data = new ASN1(ASN1.SEQUENCE);
 24 
 25 var commonname = Dialog.prompt("Common Name", "");					// Common Name
 26 if ((commonname != null) && (commonname != "")) {
 27   data.add(new ASN1(ASN1.SET,
 28 		   new ASN1(ASN1.SEQUENCE,		// Common name
 29 		   new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-commonName", OID)),
 30 		   new ASN1(ASN1.UTF8String, new ByteString(commonname, UTF8))))); 
 31   }
 32 
 33 
 34 var business = Dialog.prompt("Business Name", "OpenSCDP");				// Business Name
 35 if ((business != null) && (business != "")) {
 36   data.add(new ASN1(ASN1.SET,
 37 		   new ASN1(ASN1.SEQUENCE, 		// Business Name
 38 		   new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-organizationName", OID)),
 39 		   new ASN1(ASN1.PrintableString, new ByteString(business, ASCII)))));
 40   }
 41 
 42   
 43 var department = Dialog.prompt("Department Name", "");					// Department Name
 44 if ((department != null) && (department != "")) {
 45   data.add(new ASN1(ASN1.SET,
 46 		   new ASN1(ASN1.SEQUENCE, 		// Department Name
 47 		   new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-organizationalUnitName", OID)),
 48 		   new ASN1(ASN1.PrintableString, new ByteString(department, ASCII)))));
 49   }
 50   
 51 
 52 var town = Dialog.prompt("Town", "");							// Town
 53 if ((town != null) && (town != "")) {
 54   data.add(new ASN1(ASN1.SET,
 55 		   new ASN1(ASN1.SEQUENCE, 		// Town
 56 		   new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-localityName", OID)),
 57 		   new ASN1(ASN1.PrintableString, new ByteString(town, ASCII)))));
 58   }
 59   
 60   
 61 var province = Dialog.prompt("Province", "");						// Province
 62 if ((province != null) && (province != "")) {
 63   data.add(new ASN1(ASN1.SET,
 64 		   new ASN1(ASN1.SEQUENCE, 		// Province
 65 		   new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-stateOrProvinceName", OID)),
 66 		   new ASN1(ASN1.PrintableString, new ByteString(province, ASCII)))));
 67   }
 68   
 69    
 70 var country = Dialog.prompt("Country", "DE");						// Country
 71 if ((country != null) && (country != "")) {
 72   data.add(new ASN1(ASN1.SET,
 73 		   new ASN1(ASN1.SEQUENCE,				// Country
 74 		   new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-countryName", OID)),
 75 		   new ASN1(ASN1.PrintableString, new ByteString(country, ASCII)))));
 76   }
 77 
 78 
 79 var eMailAddress = Dialog.prompt("Please enter your e-mail address", ""); 		// User's e-mail address
 80 if ((eMailAddress != null) && (eMailAddress != "")) {
 81   data.add(new ASN1(ASN1.SET,
 82 		   new ASN1(ASN1.SEQUENCE, 		// User's e-mail address
 83 		   new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("1 2 840 113549 1 9 1", OID)),
 84 		   new ASN1(ASN1.IA5String, new ByteString(eMailAddress, ASCII)))));
 85   }
 86   
 87   
 88 /// CertificationRequestInfo
 89 var certificationRequestInfo = new ASN1(ASN1.SEQUENCE);
 90 certificationRequestInfo.add(new ASN1(ASN1.INTEGER, new ByteString("00", HEX))); 	// Version number
 91 certificationRequestInfo.add(data);
 92 				      
 93 // Use default crypto provider
 94 var crypto = new Crypto();
 95 
 96 // Card access
 97 var card = new Card();
 98 
 99 // Reset card
100 card.reset(Card.RESET_COLD);
101 
102 // Create card access object
103 var sc = new SmartCardHSM(card);
104 
105 // Verify user PIN
106 var userPIN = Dialog.prompt("Please enter user PIN for SmartCard-HSM", "648219");
107 assert(userPIN != null);
108 sc.verifyUserPIN(new ByteString(userPIN, ASCII));
109 
110 // Keypair label
111 var label = eMailAddress;
112 print("Using label \"" + label + "\" for key");
113 
114 // Key store front-end
115 var hsmks = new HSMKeyStore(sc);
116 sc.enumerateKeys();
117 
118 // Check for same-named keypair
119 var key = sc.getKey(label);
120 if (key) {
121 	assert(Dialog.prompt("A key with the label " + label + " already exists. Press OK to delete the key"));
122 	hsmks.deleteKey(label);
123 }
124 
125 // Generate asymmetric keypair
126 print("Generating a 2048 bit RSA key pair can take up to 60 seconds. Please wait...");
127 var req = hsmks.generateRSAKeyPair(label, 2048);
128 
129 // Get public-key
130 var pubkey = req.getPublicKey();
131 var encPK = new ASN1(ASN1.SEQUENCE);
132 encPK.add(new ASN1(ASN1.INTEGER, pubkey.getComponent(Key.MODULUS)));	// modulus
133 encPK.add(new ASN1(ASN1.INTEGER,pubkey.getComponent(Key.EXPONENT)));	// exponent
134 
135 // Information the public-key
136 var SubjectPublicKeyInfo = new ASN1(ASN1.SEQUENCE);
137 SubjectPublicKeyInfo.add(new ASN1(ASN1.SEQUENCE,
138 				    new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("rsaEncryption", OID)),	// public-key algorithm
139 				    new ASN1(ASN1.NULL)));							// attributes
140 SubjectPublicKeyInfo.add(new ASN1(ASN1.BIT_STRING, 
141 				    new ByteString("00", HEX).concat(encPK.getBytes()))); 			// public-key
142 certificationRequestInfo.add(SubjectPublicKeyInfo);
143 
144 var Attributes = new ASN1(ASN1.CONTEXT | 0x20 | 0x00);								// attributes
145 certificationRequestInfo.add(Attributes);
146 
147 var signature = sc.getCrypto().sign(sc.getKey(label), Crypto.RSA_SHA256, certificationRequestInfo.getBytes());	// signed certificationRequestInfo
148 
149 
150 /// CertificationRequest
151 var AlgorithmIdentifier = new ASN1(ASN1.SEQUENCE);
152 AlgorithmIdentifier.add(new ASN1(ASN1.OBJECT_IDENTIFIER, 
153 				   new ByteString("sha256WithRSAEncryption", OID)));				// algorithm
154 AlgorithmIdentifier.add(new ASN1(ASN1.NULL));									// parameter
155 
156 // Encoded signature
157 var encodedsignature = new ASN1(ASN1.BIT_STRING, 
158 				  new ByteString("00", HEX).concat(signature));
159 
160 // PKCS#10 Request
161 var CertRequest = new ASN1(ASN1.SEQUENCE);
162 CertRequest.add(certificationRequestInfo);
163 CertRequest.add(AlgorithmIdentifier);
164 CertRequest.add(encodedsignature);
165 
166 //print(CertRequest);
167 
168 // Writing PKCS#10 Request to file
169 var csrfile = new File("CSR_" + label);
170 var csrbinary = CertRequest.getBytes();
171 var csrbase64 = csrbinary.toBase64(true);
172 var header = new ByteString("-----BEGIN CERTIFICATE REQUEST-----\n", ASCII);
173 var footer = new ByteString("\n-----END CERTIFICATE REQUEST-----", ASCII);
174 var pem = header.concat(csrbase64).concat(footer);
175 csrfile.writeAll(pem);
176 
177 print("PKCS#10 Request written to file >> " + "CSR_" + label + " <<");
178