UNPKG

pkijs

Version:

Public Key Infrastructure (PKI) is the basis of how identity and key management is performed on the web today. PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications. It is built on WebCrypto and aspires to make it p

github.com/GlobalSign/PKI.js

GlobalSign/PKI.js

341 lines (313 loc) 14.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="utf-8" /> <title>How to decode OCSP Request</title> <script type="text/javascript" src="org/pkijs/common.js"></script> <script type="text/javascript" src="org/pkijs/asn1.js"></script> <script type="text/javascript" src="org/pkijs/x509_schema.js"></script> <script type="text/javascript" src="org/pkijs/x509_simpl.js"></script> <script type="text/javascript" src="org/pkijs/x509_simpl.js"></script> <script type="text/javascript" src="org/pkijs/ocsp_tsp_schema.js"></script> <script type="text/javascript" src="org/pkijs/ocsp_tsp_simpl.js"></script> <style type="text/css"> body{background:#EFEFEF;font:normal 14px/16px Helvetica, Arial, sans-serif;} .wrapper{ width:600px; margin:50px auto; padding:50px; border:solid 2px #CCC; border-radius:10px; -webkit-border-radius:10px; box-shadow:0 0 12px 3px #CDCDCD; -webkit-box-shadow:0 0 12px 3px #CDCDCD; background:#FFF; } #add-ocsp-block label{ display:block; font:bold 18px/22px Helvetica, Arial, sans-serif; margin:0 0 8px; } #pem-text-block{ width:500px; border:solid 1px #999; border-radius:5px; -webkit-border-radius:5px; height:80px; font:normal 12px/15px monospace; display:block; margin:0 0 12px; box-shadow:0 0 5px 5px #EFEFEF inset; -webkit-box-shadow:0 0 5px 5px #EFEFEF inset; padding:20px; } #get-text-block{ width:500px; border:solid 1px #999; border-radius:5px; -webkit-border-radius:5px; height:50px; font:normal 12px/15px monospace; display:block; margin:0 0 12px; box-shadow:0 0 5px 5px #EFEFEF inset; -webkit-box-shadow:0 0 5px 5px #EFEFEF inset; padding:20px; } #add-ocsp-block a{ display:inline-block; padding:5px 15px; background:#ACD0EC; border:solid 1px #4C6181; color:#000; font:normal 14px/16px Helvetica, Arial, sans-serif; } #add-ocsp-block a:hover{ background:#DAEBF8; cursor:pointer; } #ocsp-data-block{ display:none; border:solid 2px #999; border-radius:5px; -webkit-border-radius:5px; margin:50px 0 0; padding:20px 30px; background:#F0F4FF; } #ocsp-data-block h2{ margin:0 0 16px; font:bold 22px/24px Helvetica, Arial, sans-serif; } #ocsp-data-block p{ margin:0 0 12px; } #ocsp-data-block p .type{ font-weight:bold; display:inline-block; width:176px; } #ocsp-data-block .two-col{ overflow:hidden; margin:0 0 16px; } #ocsp-data-block .two-col .issuer{ width:180px; font-weight:bold; margin:0 0 12px; float:left; } #ocsp-data-block .two-col #ocsp-issuer{ margin:0; padding:0; float:left; list-style:none; } #ocsp-data-block .two-col #ocsp-issuer li p{ margin:0; } #ocsp-data-block .two-col #ocsp-issuer li p span{ width:40px; display:inline-block; margin:0 0 5px; } #ocsp-data-block .two-col #ocsp-exten{ overflow:hidden; padding:0 0 0 17px; margin:0; list-style-type:square; } table { border:solid; border-collapse:collapse; border-color:black; } th { text-align:center; background: #ccc; padding: 5px; border: 1px solid black; } td { padding: 5px; border: 1px solid black; } </style> <script type="text/javascript"> function getOCSPData() { // function to convert string to ArrayBuffer function str2ab(str) { var buf = new ArrayBuffer(str.length); var bufView = new Uint8Array(buf); for (var i = 0, strLen = str.length; i < strLen; i++) bufView[i] = str.charCodeAt(i); return buf; }; // function to convert serial from buffer array if needed function toHexCodes(input_buffer) { var result = ""; var int_buffer = new Uint8Array(input_buffer); for (var i = 0; i < int_buffer.length; i++) { var str = int_buffer[i].toString(16).toUpperCase(); result = result + ((str.length === 1) ? " 0" : " ") + str; } return result; }; var getLocation = function(href) { var l = document.createElement("a"); l.href = href; return l.pathname.substr(1); }; // remove any things in our table so we start clean document.getElementById("ocsp-data-block").style.display = "none"; document.getElementById("ocsp-statusRequests").getElementsByTagName("tbody")[0].innerHTML = ""; document.getElementById("ocsp-exten").innerHTML=""; // If they gave us an URL lets make it a PEM block var userInput = document.getElementById("pem-text-block").value; if ((userInput.indexOf("http")) === 0) { var OCSPREQUEST = decodeURIComponent(getLocation(document.getElementById("pem-text-block").value)); document.getElementById("pem-text-block").value = "-----BEGIN OCSP REQUEST-----\n" + OCSPREQUEST + "\n-----END OCSP REQUEST-----"; } // strip certificate header/footer from PEM var OCSPPEM = document.getElementById("pem-text-block").value.replace(/(-----(BEGIN|END) OCSP REQUEST-----|\n)/g, ''), OCSPBuf = str2ab(window.atob(OCSPPEM)), // convert stripped PEM to ArrayBuffer algomap = { "1.2.840.113549.2.1": "MD2", "1.2.840.113549.1.1.2": "MD2 with RSA", "1.2.840.113549.2.5": "MD5", "1.2.840.113549.1.1.4": "MD5 with RSA", "1.3.14.3.2.26": "SHA1", "1.2.840.10040.4.3": "SHA1 with DSA", "1.2.840.10045.4.1": "SHA1 with ECDSA", "1.2.840.113549.1.1.5": "SHA1 with RSA", "2.16.840.1.101.3.4.2.4": "SHA224", "1.2.840.113549.1.1.14": "SHA224 with RSA", "2.16.840.1.101.3.4.2.1": "SHA256", "1.2.840.113549.1.1.11": "SHA256 with RSA", "2.16.840.1.101.3.4.2.2": "SHA384", "1.2.840.113549.1.1.12": "SHA384 with RSA", "2.16.840.1.101.3.4.2.3": "SHA512", "1.2.840.113549.1.1.13": "SHA512 with RSA" }; // array mapping of common algorithm OIDs and corresponding types // calls to convert ArrayBuffer with encoded OCSP to an object in the variable 'ocsp_req_simpl' var asn1 = org.pkijs.fromBER(OCSPBuf); var ocsp_req_simpl = new org.pkijs.simpl.OCSP_REQUEST({ schema: asn1.result }); // Enumerate through request list if(ocsp_req_simpl.requestList.length === 0) document.getElementById("ocsp-statusRequests").innerHTML = "None"; else { // loop to get revoked certificates var statusRequestRows = ""; var status_table = document.getElementById("ocsp-statusRequests").getElementsByTagName("tbody")[0]; for(var i = 0; i < ocsp_req_simpl.requestList.length; i++) { // #region Initial variables var hashAlgorithm; var issuerNameHash; var issuerKeyHash; var subjectSerial; var revokedSerial; // not needed var revokedReason = "Not specified"; // not needed // #endregion // #region Get the Hash Algorithm hashAlgorithm = algomap[ocsp_req_simpl.requestList[i].reqCert.hashAlgorithm.algorithm_id]; // #endregion // #region Get the Issuer Name Hash issuerNameHash = toHexCodes(ocsp_req_simpl.requestList[i].reqCert.issuerNameHash.value_block.value_hex); // #endregion // #region Get the Issuer Key Hash issuerKeyHash = toHexCodes(ocsp_req_simpl.requestList[i].reqCert.issuerKeyHash.value_block.value_hex); // #endregion // #region Get the Subject Serial Number if(ocsp_req_simpl.requestList[i].reqCert.serialNumber.value_block.is_hex_only == true) subjectSerial = toHexCodes(ocsp_req_simpl.requestList[i].reqCert.serialNumber.value_block.value_hex); else subjectSerial = ocsp_req_simpl.requestList[i].reqCert.serialNumber.value_block.value_dec; // #endregion var row = status_table.insertRow(status_table.rows.length); var cell1 = row.insertCell(0); cell1.innerHTML = hashAlgorithm; var cell2 = row.insertCell(1); cell2.innerHTML = issuerNameHash; var cell3 = row.insertCell(2); cell3.innerHTML = issuerKeyHash var cell4 = row.insertCell(3); cell4.innerHTML = subjectSerial // #region Find any Single Requests Extensions var cell5 = row.insertCell(4); if (("singleRequestExtensions" in ocsp_req_simpl.requestList[i]) === false) { var node = document.createElement("LI"); var textnode = document.createTextNode("None"); node.appendChild(textnode); cell5.appendChild(node); } else { for (var j = 0; j < ocsp_req_simpl.requestList[i].singleRequestExtensions.length; j++) { singleRequestExtensionValue = ocsp_req_simpl.requestList[i].singleRequestExtensions[f].extnID; var node = document.createElement("LI"); var textnode = document.createTextNode(singleRequestExtensionValue); node.appendChild(textnode); cell5.appendChild(node); } } // #endregion }; } // Enumerate through request extensions if (("requestExtensions" in ocsp_req_simpl) === false) { var node = document.createElement("LI"); var textnode = document.createTextNode("None"); node.appendChild(textnode); document.getElementById("ocsp-exten").appendChild(node); } else{ for(var i = 0; i < ocsp_req_simpl.requestExtensions.length; i++) { // OID map var extenmap = { "1.3.6.1.5.5.7.48.1.2": "Nonce", "1.3.6.1.5.5.7.48.1.3": "CRL References", "1.3.6.1.5.5.7.48.1.4": "Acceptable Response Types", "1.3.6.1.5.5.7.48.1.6": "Archive Cutoff", "1.3.6.1.5.5.7.48.1.7": "Service Locator", "1.3.6.1.5.5.7.48.1.8": "Preferred Signature Algorithms", "1.3.6.1.5.5.7.48.1.9": "Extended Revoked Definition", "2.5.29.21": "CRL Reason", "2.5.29.24": "Invalidity Date", "2.5.29.29": "Certificate Issuer", "1.3.6.1.4.1.311.21.4": "Next Update" }, extensionValue = extenmap[ocsp_req_simpl.requestExtensions[i].extnID]; var node = document.createElement("LI"); var textnode = document.createTextNode(extensionValue); node.appendChild(textnode); document.getElementById("ocsp-exten").appendChild(node); } } document.getElementById("ocsp-data-block").style.display = "block"; } </script> </head> <body> <div class="wrapper"> <div id="add-ocsp-block"> <label for="pem-text-block" style="font-weight:bold">Paste in OCSP in as PEM or as a HTTP/S URL:</label> <textarea id="pem-text-block" onClick="select();"> http://ocsp.example.com/MHgwdjBPME0wSzAJBgUrDgMCGgUABBSgcg6ganxiAlTyqPWd0nuk87cvpAQU3O7mV06lao%2BJW%2Fldxmx0OymFvMUCEhEhli1dITJOX7nae39pajyPyaIjMCEwHwYJKwYBBQUHMAECBBIEEKmqq4Vv1%2FhAVwe0Fmukt7Y%3D</textarea> <a onClick="getOCSPData();">Decode</a> </div> <div id="ocsp-data-block"> <div class="two-col"> <p class="issuer">Requests List:</p> <table id="ocsp-statusRequests"><thead><tr><th>Hash Algorithm</th><th>Issuer Name Hash</th><th>Issuer Key Hash</th><th>Subject Serial</th><th>Single Request Extensions</th></thead><tbody></tbody></table> </div> <div class="two-col"> <p class="issuer">Request Extensions:</p> <ul id="ocsp-exten"></ul> </div> </div> </div> </body> </html>