220-importp12-plugin.js
Summary
Plug-In to import keys from a PKCS#12 container
var DKEK = require("scsh/sc-hsm/DKEK").DKEK;
function ImportP12(km) {
this.km = km;
}
exports.Plugin = ImportP12;
ImportP12.PLUGIN_ACTION = "Import from PKCS#12";
ImportP12.prototype.addDeviceContextMenu = function(contextMenu, isInitialized, authenticationState) {
if (authenticationState == 0x9000) {
contextMenu.push(ImportP12.PLUGIN_ACTION);
}
}
ImportP12.prototype.addKeyContextMenu = function(contextMenu, authenticationState, keynode) {
}
ImportP12.prototype.actionListener = function(source, action) {
if (!action.equals(ImportP12.PLUGIN_ACTION)) {
return false;
}
this.importP12();
return true;
}
ImportP12.prototype.importP12 = function() {
var sc = this.km.sc;
var crypto = this.km.crypto;
var kdid = -1;
do {
kdid++;
var kd = sc.queryKeyDomainStatus(kdid);
if ((kd.sw == 0x6A86) || (kd.sw == 0x6D00)) {
Dialog.prompt("No empty key domain found.");
return
}
} while (kd.sw != 0x6A88);
sc.createDKEKKeyDomain(kdid, 1);
var share = crypto.generateRandom(32);
sc.importKeyShare(kdid, share);
var dkek = new DKEK(crypto);
dkek.importDKEKShare(share);
do {
var file = Dialog.prompt("Select PKCS#12 container", "", null, "*.p12");
if (file == null) {
return;
}
var pwd = Dialog.prompt("Enter PKCS#12 password", "*");
if (pwd == null) {
return;
}
var p12 = new KeyStore("BC", "PKCS12", file, pwd);
var aliases = p12.getAliases();
do {
var alias = Dialog.prompt("Select key", "", aliases);
assert(alias != null);
var key = new Key();
key.setType(Key.PRIVATE);
key.setID(alias);
try {
p12.getKey(key);
}
catch(e) {
print(e);
key = null;
}
var cert = p12.getCertificate(alias);
print(cert);
do {
var alias = Dialog.prompt("Enter key name for import", alias);
if (alias == null) {
return;
}
if (!this.km.ks.hasKey(alias)) {
break;
}
Dialog.prompt("A key with label " + alias + " does already exists. Please choose a different name");
} while (1);
if (key != null) {
print("Importing key and certificate...");
var pubkey = cert.getPublicKey();
var blob = dkek.encodeKey(key, pubkey);
if (pubkey.getComponent(Key.MODULUS)) {
hkey = this.km.ks.importRSAKey(alias, blob, pubkey.getSize());
var signalgo = Crypto.RSA_PSS_SHA256;
} else {
hkey = this.km.ks.importECCKey(alias, blob, pubkey.getSize());
var signalgo = Crypto.ECDSA_SHA256;
}
this.km.ks.storeEndEntityCertificate(alias, cert);
var msg = new ByteString("Hello World", ASCII);
var signature = hkey.sign(signalgo, msg);
assert(crypto.verify(pubkey, signalgo, msg, signature), "Signature verification of imported key failed");
print("Import completed");
} else {
var str = "OK";
if (sc.getCACertificate(alias)) {
str = Dialog.prompt("CA Certificate alias does exists (OK to overwrite)");
}
if (str == "OK") {
print("Importing certificate...");
this.km.ks.storeCACertificate(alias, cert);
}
}
this.km.createOutline();
} while (aliases.length > 1 && Dialog.prompt("Import more keys ?"));
} while (Dialog.prompt("Import more PKCS#12 files ?"));
dkek.clear();
sc.deleteKEK(kdid);
}
ImportP12.prototype.toString = function() {
return "ImportP12-Plugin";
}
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024