x509-ca-test.js
Summary
Script to create a database and SmartCard-HSM backed two layer PKI.
var DAOFactoryDatabase = require('scsh/pki-db/DAOFactoryDatabase').DAOFactoryDatabase;
var X509CertificateStore = require('scsh/x509/X509CertificateStore').X509CertificateStore;
var X509CertificateIssuer = require('scsh/x509/X509CertificateIssuer').X509CertificateIssuer;
var X509Signer = require('scsh/x509/X509Signer').X509Signer;
var SmartCardHSM = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSM;
var SmartCardHSMInitializer = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSMInitializer;
var CryptoProvider = require('scsh/sc-hsm/CryptoProvider').CryptoProvider;
var PKIXCommon = require("scsh/x509/PKIXCommon").PKIXCommon;
var type = "MySQL";
var url = "jdbc:mysql://localhost/";
var user = "testing";
var password = "password";
assert(Dialog.prompt("Warning: This script will initialize the SmartCard-HSM attached"));
var card = new Card(_scsh3.reader);
var sc = new SmartCardHSM(card);
var i = new SmartCardHSMInitializer(card);
i.initialize();
var cp = new CryptoProvider(sc, 0, -1);
var cpf = { getCryptoProvider: function(id, requireLogin) { return cp }};
var daof = new DAOFactoryDatabase(type, url + "x509", user, password);
daof.dropTables();
daof.createTables();
var starttime = new Date();
print("Started at " + starttime);
var keyspec = new Key();
keyspec.setComponent(Key.ECC_CURVE_OID, new ByteString("brainpoolP256r1", OID));
var sigalg = Crypto.ECDSA_SHA256;
var rootCApolicy = {
distinguishedName: [ { C:"UT" }, { O:"OpenSCDP" }, { CN:"OpenSCDP Demo Root CA 1" } ],
keySpecification: keyspec,
signatureAlgorithm: sigalg,
reqSignatureAlgorithm: sigalg,
validityDaysSelfSigned: 3650,
validityDaysCertificates: 730,
validityDaysCRL: 10
};
var name = PKIXCommon.makeName(rootCApolicy.distinguishedName);
print("Name : " + name);
var holderId = X509CertificateIssuer.createCertificateIssuer(daof, undefined, undefined, { name: name } );
var holderdao = daof.getHolderDAO();
var holder = holderdao.getHolderById(holderId);
var rootCA = new X509CertificateIssuer(daof, cpf, holder);
rootCA.setPolicy(rootCApolicy);
var t = {
keyDomain: 1
};
var keyId = rootCA.newSigner("Root Signer 1", t);
var request = rootCA.getRequest(keyId);
assert(request.verify());
rootCA.issueSelfSignedCertificate(keyId);
var crl = rootCA.issueCRL();
print(crl);
var cert = rootCA.getSignerCertificate();
print(cert);
var subCApolicy = {
distinguishedName: [ { C:"UT" }, { O:"OpenSCDP" }, { OU: "OpenSCDP" }, { CN: "OpenSCDP Demo Sub CA 1" } ],
keySpecification: keyspec,
signatureAlgorithm: sigalg,
reqSignatureAlgorithm: sigalg,
validityDaysCertificates: 730,
validityDaysCRL: 10
};
var name = PKIXCommon.makeName(subCApolicy.distinguishedName);
print("Name : " + name);
var holderId = X509CertificateIssuer.createCertificateIssuer(daof, rootCA.getHolderId(), undefined, { name: name });
var holder = holderdao.getHolderById(holderId);
var subCA = new X509CertificateIssuer(daof, cpf, holder);
subCA.setPolicy(subCApolicy);
var keyId = subCA.newSigner("Sub-CA Signer 2", t);
var request = subCA.getRequest(keyId);
var cert = rootCA.issueCertificate(subCA.getHolder(), request.getPublicKey(), request.getSubject(), undefined);
print(cert.cert);
for (var i = 1; i <= 5; i++) {
var name = "Test" + i;
var holderId = X509Signer.createSigner(daof, subCA.getHolderId(), undefined, { name: name });
var holder = holderdao.getHolderById(holderId);
var s = new X509Signer(daof, cpf, holder);
var dn = [ { C:"UT" }, { O:"OpenSCDP" }, { OU: "OpenSCDP" }, { OU: "OpenSCDP Samples" }, { CN: name } ];
var policy = {
distinguishedName: dn,
keySpecification: keyspec,
signatureAlgorithm: sigalg,
reqSignatureAlgorithm: sigalg
};
s.setPolicy(policy);
for (var j = 1; j <= 5; j++) {
var keyId = s.newSigner(undefined, t);
var request = s.getRequest(keyId);
var cert = subCA.issueCertificate(s.getHolder(), request.getPublicKey(), request.getSubject(), undefined);
print(cert.cert);
}
}
var stoptime = new Date();
print("Ended at " + stoptime);
var duration = stoptime.valueOf() - starttime.valueOf();
print("Duration " + duration + " ms");
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024