x509-import-test.js

Summary

Script to create a database and SmartCard-HSM backed two layer PKI.


/**
 *  ---------
 * |.##> <##.|  SmartCard-HSM Support Scripts
 * |#       #|
 * |#       #|  Copyright (c) 2011-2015 CardContact Software & System Consulting
 * |'##> <##'|  Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de)
 *  ---------
 *
 * Consult your license package for usage terms and conditions.
 *
 * @fileoverview Script to create a database and SmartCard-HSM backed two layer PKI.
 */

var DAOFactoryDatabase = require('scsh/pki-db/DAOFactoryDatabase').DAOFactoryDatabase;
var X509CertificateStore = require('scsh/x509/X509CertificateStore').X509CertificateStore;
var X509CertificateIssuer = require('scsh/x509/X509CertificateIssuer').X509CertificateIssuer;
var X509Signer = require('scsh/x509/X509Signer').X509Signer;
var SmartCardHSM = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSM;
var SmartCardHSMInitializer = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSMInitializer;
var CryptoProvider = require('scsh/sc-hsm/CryptoProvider').CryptoProvider;
var PKIXCommon = require("scsh/x509/PKIXCommon").PKIXCommon;


// You need to add a mariadb-java-client to the lib directory of your SmartCard-HSM installation
// to allow accessing a MySQL database. You can copy the file from the scriptingserver installation.
var type = "MySQL";
var url = "jdbc:mysql://localhost/";
var user = "testing";
var password = "password";


assert(Dialog.prompt("Warning: This script will initialize the SmartCard-HSM attached"));

// Create a simple Crypto Provider Factory
var card = new Card(_scsh3.reader);
var sc = new SmartCardHSM(card);
// sc.verifyUserPIN(new ByteString("648219", ASCII));
var i = new SmartCardHSMInitializer(card);
i.initialize();

var cp = new CryptoProvider(sc, 0, -1);

var cpf = { getCryptoProvider: function(id, requireLogin) { return cp }};


// Access the database
var daof = new DAOFactoryDatabase(type, url + "x509", user, password);

daof.dropTables();
daof.createTables();


var starttime = new Date();

print("Started at " + starttime);

var forImport = [];

// Define policy for self-signed root certificate
var keyspec = new Key();
// keyspec.setSize(1024);
// var sigalg = Crypto.RSA_SHA256;
keyspec.setComponent(Key.ECC_CURVE_OID, new ByteString("brainpoolP256r1", OID));
var sigalg = Crypto.ECDSA_SHA256;

var rootCApolicy = {
	distinguishedName: [ { C:"UT" }, { O:"OpenSCDP" }, { CN:"OpenSCDP Demo Root CA 1" } ],
	keySpecification: keyspec,
	signatureAlgorithm: sigalg,
	reqSignatureAlgorithm: sigalg,
	validityDaysSelfSigned: 3650,
	validityDaysCertificates: 730,
	validityDaysCRL: 10
};

// Create a basic X509CertificateIssuer in the database
var name = PKIXCommon.makeName(rootCApolicy.distinguishedName);
print("Name : " + name);
var holderId = X509CertificateIssuer.createCertificateIssuer(daof, undefined, undefined, { name: name } );

var holderdao = daof.getHolderDAO();
var holder = holderdao.getHolderById(holderId);

// Create a certificate issuer instance from database
var rootCA = new X509CertificateIssuer(daof, cpf, holder);

rootCA.setPolicy(rootCApolicy);

// Create a signer (aka key pair)
var t = {
	keyDomain: 1
};

var keyId = rootCA.newSigner("Root Signer 1", t);

var request = rootCA.getRequest(keyId);
assert(request.verify());

rootCA.issueSelfSignedCertificate(keyId);
var crl = rootCA.issueCRL();

print(crl);

var cert = rootCA.getSignerCertificate();

print(cert);

forImport.push(cert);


// Now create a sub-ca policy

var subCApolicy = {
	distinguishedName: [ { C:"UT" }, { O:"OpenSCDP" }, { OU: "OpenSCDP" }, { CN: "OpenSCDP Demo Sub CA 1" } ],
	keySpecification: keyspec,
	signatureAlgorithm: sigalg,
	reqSignatureAlgorithm: sigalg,
	validityDaysCertificates: 730,
	validityDaysCRL: 10
};


// Create a basic X509CertificateIssuer for the sub-ca
var name = PKIXCommon.makeName(subCApolicy.distinguishedName);
print("Name : " + name);
var holderId = X509CertificateIssuer.createCertificateIssuer(daof, rootCA.getHolderId(), undefined, { name: name });
var holder = holderdao.getHolderById(holderId);

// Create a certificate issuer instance from database
var subCA = new X509CertificateIssuer(daof, cpf, holder);

subCA.setPolicy(subCApolicy);
var keyId = subCA.newSigner("Sub-CA Signer 2", t);

var request = subCA.getRequest(keyId);

var cert = rootCA.issueCertificate(subCA.getHolder(), request.getPublicKey(), request.getSubject(), undefined);
print(cert.cert);

forImport.push(cert.cert);



var name = "Test";

var holderId = X509Signer.createSigner(daof, subCA.getHolderId(), undefined, { name: name });
var holder = holderdao.getHolderById(holderId);
var s = new X509Signer(daof, cpf, holder);

var dn = [ { C:"UT" }, { O:"OpenSCDP" }, { OU: "OpenSCDP" }, { OU: "OpenSCDP Samples" }, { CN: name } ];
var policy = {
	distinguishedName: dn,
	keySpecification: keyspec,
	signatureAlgorithm: sigalg,
	reqSignatureAlgorithm: sigalg
};
s.setPolicy(policy);

var keyId = s.newSigner(undefined, t);

var request = s.getRequest(keyId);

var cert = subCA.issueCertificate(s.getHolder(), request.getPublicKey(), request.getSubject(), undefined);
print(cert.cert);

forImport.push(cert.cert);


// Clear database and re-import certificates
daof.dropTables();
daof.createTables();

var store = new X509CertificateStore(daof);

store.storeCertificate("/ROOTCA", forImport[0], true);
for (var i = 1; i < forImport.length; i++) {
	store.importCertificate(forImport[i]);
}

var noissuer = new X509(new ByteString("308201E330820188A00302010202080934E79EC2FBDFC3300C06082A8648CE3D04030205003042310B30090603550406130255543111300F060355040A0C084F70656E534344503120301E06035504030C174F70656E534344502044656D6F20526F6F742043412031301E170D3232303932313131343332325A170D3234303932303131343332325A3054310B30090603550406130255543111300F060355040A0C084F70656E534344503111300F060355040B0C084F70656E53434450311F301D06035504030C164F70656E534344502044656D6F205375622043412031305A301406072A8648CE3D020106092B24030302080101070342000430A237E936F18A243CB0A9CBF6328434FB3B55DEEDE2A355C78B1068CCB7F0FC9910815E38890EA9A4A72031CE21FE32B4ABD3DA15439D6FC9D45878A99BFC05A3533051301D0603551D0E041604146358121F44E0BCABE8388D7D287FAF038BAA66D3301F0603551D23041830168014BF803D828090755294CCA499CB7B3B886F2F60E8300F0603551D130101FF04053003020100300C06082A8648CE3D04030205000347003044022027271CBEE5748CD069B26C2C464881483CC9754F40DB462AE0117A79E469066502201132ECB06B134D8A6E37D849499E20F26AFD98A92E356D2FFBFDA8CBC300A56C", HEX));
assert(store.importCertificate(noissuer) == null);



var stoptime = new Date();
print("Ended at " + stoptime);
var duration = stoptime.valueOf() - starttime.valueOf();
print("Duration " + duration + " ms");


Documentation generated by JSDoc on Sat Feb 24 15:17:19 2024