1 /** 2 * --------- 3 * |.##> <##.| SmartCard-HSM Support Scripts 4 * |# #| 5 * |# #| Copyright (c) 2011-2012 CardContact Software & System Consulting 6 * |'##> <##'| Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de) 7 * --------- 8 * 9 * Consult your license package for usage terms and conditions. 10 * 11 * @fileoverview Generator for PKCS#10 encoded certificate requests 12 */ 13 14 15 // Load classes 16 load("tools/file.js"); 17 load("../lib/smartcardhsm.js"); 18 load("../lib/hsmkeystore.js"); 19 20 21 22 // Information for PKCS#10 Request 23 var data = new ASN1(ASN1.SEQUENCE); 24 25 var commonname = Dialog.prompt("Common Name", ""); // Common Name 26 if ((commonname != null) && (commonname != "")) { 27 data.add(new ASN1(ASN1.SET, 28 new ASN1(ASN1.SEQUENCE, // Common name 29 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-commonName", OID)), 30 new ASN1(ASN1.UTF8String, new ByteString(commonname, UTF8))))); 31 } 32 33 34 var business = Dialog.prompt("Business Name", "OpenSCDP"); // Business Name 35 if ((business != null) && (business != "")) { 36 data.add(new ASN1(ASN1.SET, 37 new ASN1(ASN1.SEQUENCE, // Business Name 38 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-organizationName", OID)), 39 new ASN1(ASN1.PrintableString, new ByteString(business, ASCII))))); 40 } 41 42 43 var department = Dialog.prompt("Department Name", ""); // Department Name 44 if ((department != null) && (department != "")) { 45 data.add(new ASN1(ASN1.SET, 46 new ASN1(ASN1.SEQUENCE, // Department Name 47 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-organizationalUnitName", OID)), 48 new ASN1(ASN1.PrintableString, new ByteString(department, ASCII))))); 49 } 50 51 52 var town = Dialog.prompt("Town", ""); // Town 53 if ((town != null) && (town != "")) { 54 data.add(new ASN1(ASN1.SET, 55 new ASN1(ASN1.SEQUENCE, // Town 56 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-localityName", OID)), 57 new ASN1(ASN1.PrintableString, new ByteString(town, ASCII))))); 58 } 59 60 61 var province = Dialog.prompt("Province", ""); // Province 62 if ((province != null) && (province != "")) { 63 data.add(new ASN1(ASN1.SET, 64 new ASN1(ASN1.SEQUENCE, // Province 65 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-stateOrProvinceName", OID)), 66 new ASN1(ASN1.PrintableString, new ByteString(province, ASCII))))); 67 } 68 69 70 var country = Dialog.prompt("Country", "DE"); // Country 71 if ((country != null) && (country != "")) { 72 data.add(new ASN1(ASN1.SET, 73 new ASN1(ASN1.SEQUENCE, // Country 74 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("id-at-countryName", OID)), 75 new ASN1(ASN1.PrintableString, new ByteString(country, ASCII))))); 76 } 77 78 79 var eMailAddress = Dialog.prompt("Please enter your e-mail address", ""); // User's e-mail address 80 if ((eMailAddress != null) && (eMailAddress != "")) { 81 data.add(new ASN1(ASN1.SET, 82 new ASN1(ASN1.SEQUENCE, // User's e-mail address 83 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("1 2 840 113549 1 9 1", OID)), 84 new ASN1(ASN1.IA5String, new ByteString(eMailAddress, ASCII))))); 85 } 86 87 88 /// CertificationRequestInfo 89 var certificationRequestInfo = new ASN1(ASN1.SEQUENCE); 90 certificationRequestInfo.add(new ASN1(ASN1.INTEGER, new ByteString("00", HEX))); // Version number 91 certificationRequestInfo.add(data); 92 93 // Use default crypto provider 94 var crypto = new Crypto(); 95 96 // Card access 97 var card = new Card(); 98 99 // Reset card 100 card.reset(Card.RESET_COLD); 101 102 // Create card access object 103 var sc = new SmartCardHSM(card); 104 105 // Verify user PIN 106 var userPIN = Dialog.prompt("Please enter user PIN for SmartCard-HSM", "648219"); 107 assert(userPIN != null); 108 sc.verifyUserPIN(new ByteString(userPIN, ASCII)); 109 110 // Keypair label 111 var label = eMailAddress; 112 print("Using label \"" + label + "\" for key"); 113 114 // Key store front-end 115 var hsmks = new HSMKeyStore(sc); 116 sc.enumerateKeys(); 117 118 // Check for same-named keypair 119 var key = sc.getKey(label); 120 if (key) { 121 assert(Dialog.prompt("A key with the label " + label + " already exists. Press OK to delete the key")); 122 hsmks.deleteKey(label); 123 } 124 125 // Generate asymmetric keypair 126 print("Generating a 2048 bit RSA key pair can take up to 60 seconds. Please wait..."); 127 var req = hsmks.generateRSAKeyPair(label, 2048); 128 129 // Get public-key 130 var pubkey = req.getPublicKey(); 131 var encPK = new ASN1(ASN1.SEQUENCE); 132 encPK.add(new ASN1(ASN1.INTEGER, pubkey.getComponent(Key.MODULUS))); // modulus 133 encPK.add(new ASN1(ASN1.INTEGER,pubkey.getComponent(Key.EXPONENT))); // exponent 134 135 // Information the public-key 136 var SubjectPublicKeyInfo = new ASN1(ASN1.SEQUENCE); 137 SubjectPublicKeyInfo.add(new ASN1(ASN1.SEQUENCE, 138 new ASN1(ASN1.OBJECT_IDENTIFIER, new ByteString("rsaEncryption", OID)), // public-key algorithm 139 new ASN1(ASN1.NULL))); // attributes 140 SubjectPublicKeyInfo.add(new ASN1(ASN1.BIT_STRING, 141 new ByteString("00", HEX).concat(encPK.getBytes()))); // public-key 142 certificationRequestInfo.add(SubjectPublicKeyInfo); 143 144 var Attributes = new ASN1(ASN1.CONTEXT | 0x20 | 0x00); // attributes 145 certificationRequestInfo.add(Attributes); 146 147 var signature = sc.getCrypto().sign(sc.getKey(label), Crypto.RSA_SHA256, certificationRequestInfo.getBytes()); // signed certificationRequestInfo 148 149 150 /// CertificationRequest 151 var AlgorithmIdentifier = new ASN1(ASN1.SEQUENCE); 152 AlgorithmIdentifier.add(new ASN1(ASN1.OBJECT_IDENTIFIER, 153 new ByteString("sha256WithRSAEncryption", OID))); // algorithm 154 AlgorithmIdentifier.add(new ASN1(ASN1.NULL)); // parameter 155 156 // Encoded signature 157 var encodedsignature = new ASN1(ASN1.BIT_STRING, 158 new ByteString("00", HEX).concat(signature)); 159 160 // PKCS#10 Request 161 var CertRequest = new ASN1(ASN1.SEQUENCE); 162 CertRequest.add(certificationRequestInfo); 163 CertRequest.add(AlgorithmIdentifier); 164 CertRequest.add(encodedsignature); 165 166 //print(CertRequest); 167 168 // Writing PKCS#10 Request to file 169 var csrfile = new File("CSR_" + label); 170 var csrbinary = CertRequest.getBytes(); 171 var csrbase64 = csrbinary.toBase64(true); 172 var header = new ByteString("-----BEGIN CERTIFICATE REQUEST-----\n", ASCII); 173 var footer = new ByteString("\n-----END CERTIFICATE REQUEST-----", ASCII); 174 var pem = header.concat(csrbase64).concat(footer); 175 csrfile.writeAll(pem); 176 177 print("PKCS#10 Request written to file >> " + "CSR_" + label + " <<"); 178