x509-import-test.js
Summary
Script to create a database and SmartCard-HSM backed two layer PKI.
var DAOFactoryDatabase = require('scsh/pki-db/DAOFactoryDatabase').DAOFactoryDatabase;
var X509CertificateStore = require('scsh/x509/X509CertificateStore').X509CertificateStore;
var X509CertificateIssuer = require('scsh/x509/X509CertificateIssuer').X509CertificateIssuer;
var X509Signer = require('scsh/x509/X509Signer').X509Signer;
var SmartCardHSM = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSM;
var SmartCardHSMInitializer = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSMInitializer;
var CryptoProvider = require('scsh/sc-hsm/CryptoProvider').CryptoProvider;
var PKIXCommon = require("scsh/x509/PKIXCommon").PKIXCommon;
var type = "MySQL";
var url = "jdbc:mysql://localhost/";
var user = "testing";
var password = "password";
assert(Dialog.prompt("Warning: This script will initialize the SmartCard-HSM attached"));
var card = new Card(_scsh3.reader);
var sc = new SmartCardHSM(card);
var i = new SmartCardHSMInitializer(card);
i.initialize();
var cp = new CryptoProvider(sc, 0, -1);
var cpf = { getCryptoProvider: function(id, requireLogin) { return cp }};
var daof = new DAOFactoryDatabase(type, url + "x509", user, password);
daof.dropTables();
daof.createTables();
var starttime = new Date();
print("Started at " + starttime);
var forImport = [];
var keyspec = new Key();
keyspec.setComponent(Key.ECC_CURVE_OID, new ByteString("brainpoolP256r1", OID));
var sigalg = Crypto.ECDSA_SHA256;
var rootCApolicy = {
distinguishedName: [ { C:"UT" }, { O:"OpenSCDP" }, { CN:"OpenSCDP Demo Root CA 1" } ],
keySpecification: keyspec,
signatureAlgorithm: sigalg,
reqSignatureAlgorithm: sigalg,
validityDaysSelfSigned: 3650,
validityDaysCertificates: 730,
validityDaysCRL: 10
};
var name = PKIXCommon.makeName(rootCApolicy.distinguishedName);
print("Name : " + name);
var holderId = X509CertificateIssuer.createCertificateIssuer(daof, undefined, undefined, { name: name } );
var holderdao = daof.getHolderDAO();
var holder = holderdao.getHolderById(holderId);
var rootCA = new X509CertificateIssuer(daof, cpf, holder);
rootCA.setPolicy(rootCApolicy);
var t = {
keyDomain: 1
};
var keyId = rootCA.newSigner("Root Signer 1", t);
var request = rootCA.getRequest(keyId);
assert(request.verify());
rootCA.issueSelfSignedCertificate(keyId);
var crl = rootCA.issueCRL();
print(crl);
var cert = rootCA.getSignerCertificate();
print(cert);
forImport.push(cert);
var subCApolicy = {
distinguishedName: [ { C:"UT" }, { O:"OpenSCDP" }, { OU: "OpenSCDP" }, { CN: "OpenSCDP Demo Sub CA 1" } ],
keySpecification: keyspec,
signatureAlgorithm: sigalg,
reqSignatureAlgorithm: sigalg,
validityDaysCertificates: 730,
validityDaysCRL: 10
};
var name = PKIXCommon.makeName(subCApolicy.distinguishedName);
print("Name : " + name);
var holderId = X509CertificateIssuer.createCertificateIssuer(daof, rootCA.getHolderId(), undefined, { name: name });
var holder = holderdao.getHolderById(holderId);
var subCA = new X509CertificateIssuer(daof, cpf, holder);
subCA.setPolicy(subCApolicy);
var keyId = subCA.newSigner("Sub-CA Signer 2", t);
var request = subCA.getRequest(keyId);
var cert = rootCA.issueCertificate(subCA.getHolder(), request.getPublicKey(), request.getSubject(), undefined);
print(cert.cert);
forImport.push(cert.cert);
var name = "Test";
var holderId = X509Signer.createSigner(daof, subCA.getHolderId(), undefined, { name: name });
var holder = holderdao.getHolderById(holderId);
var s = new X509Signer(daof, cpf, holder);
var dn = [ { C:"UT" }, { O:"OpenSCDP" }, { OU: "OpenSCDP" }, { OU: "OpenSCDP Samples" }, { CN: name } ];
var policy = {
distinguishedName: dn,
keySpecification: keyspec,
signatureAlgorithm: sigalg,
reqSignatureAlgorithm: sigalg
};
s.setPolicy(policy);
var keyId = s.newSigner(undefined, t);
var request = s.getRequest(keyId);
var cert = subCA.issueCertificate(s.getHolder(), request.getPublicKey(), request.getSubject(), undefined);
print(cert.cert);
forImport.push(cert.cert);
daof.dropTables();
daof.createTables();
var store = new X509CertificateStore(daof);
store.storeCertificate("/ROOTCA", forImport[0], true);
for (var i = 1; i < forImport.length; i++) {
store.importCertificate(forImport[i]);
}
var noissuer = new X509(new ByteString("308201E330820188A00302010202080934E79EC2FBDFC3300C06082A8648CE3D04030205003042310B30090603550406130255543111300F060355040A0C084F70656E534344503120301E06035504030C174F70656E534344502044656D6F20526F6F742043412031301E170D3232303932313131343332325A170D3234303932303131343332325A3054310B30090603550406130255543111300F060355040A0C084F70656E534344503111300F060355040B0C084F70656E53434450311F301D06035504030C164F70656E534344502044656D6F205375622043412031305A301406072A8648CE3D020106092B24030302080101070342000430A237E936F18A243CB0A9CBF6328434FB3B55DEEDE2A355C78B1068CCB7F0FC9910815E38890EA9A4A72031CE21FE32B4ABD3DA15439D6FC9D45878A99BFC05A3533051301D0603551D0E041604146358121F44E0BCABE8388D7D287FAF038BAA66D3301F0603551D23041830168014BF803D828090755294CCA499CB7B3B886F2F60E8300F0603551D130101FF04053003020100300C06082A8648CE3D04030205000347003044022027271CBEE5748CD069B26C2C464881483CC9754F40DB462AE0117A79E469066502201132ECB06B134D8A6E37D849499E20F26AFD98A92E356D2FFBFDA8CBC300A56C", HEX));
assert(store.importCertificate(noissuer) == null);
var stoptime = new Date();
print("Ended at " + stoptime);
var duration = stoptime.valueOf() - starttime.valueOf();
print("Duration " + duration + " ms");
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024