forked from kjur/jsrsasign
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtool_ca.html
executable file
·299 lines (269 loc) · 11.7 KB
/
tool_ca.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="chrome=1" />
<meta name="description" content="jsrsasign : The 'jsrsasign' (RSA-Sign JavaScript Library) is a open source free pure JavaScript implementation of PKCS#1 v2.1 RSASSA-PKCS1-v1_5 RSA signing and validation algorithm." />
<link rel="stylesheet" type="text/css" media="screen" href="../stylesheets/stylesheet.css">
<title>JS Certification Authority :)</title>
<!-- for pkcs5pkey -->
<script language="JavaScript" type="text/javascript" src="../jsrsasign-all-min.js"></script>
<script language="JavaScript" type="text/javascript">
function doIssue() {
var f1 = document.form1;
f1.newcert1.value = "issuing ...";
var params = {ext:[]};
params.serial = {int: parseInt(f1.serial1.value)};
params.sigalg = "SHA256withRSA";
params.issuer = {str: f1.issuer1.value};
params.notbefore = f1.notbefore1.value;
params.notafter = f1.notafter1.value;
params.sbjpubkey = f1.pubkey1.value;
if (f1.bc_exists.checked) {
var param = {extname:'basicConstraints'};
param.critical = (f1.bc_critical.checked)? true : false;
param.cA = (f1.bc_ca.checked)? true : false;
if (f1.bc_pathlen.value != '') {
param.pathLen = parseInt(f1.bc_pathlen.value);
}
params.ext.push(param);
}
if (f1.ku_exists.checked) {
var param = {extname:'keyUsage'};
param.critical = (f1.ku_critical.checked)? true : false;
var sBin = '';
sBin += (f1.ku_0dsig.checked) ? "1" : "0";
sBin += (f1.ku_1nonrep.checked) ? "1" : "0";
sBin += (f1.ku_2keyenc.checked) ? "1" : "0";
sBin += (f1.ku_3datenc.checked) ? "1" : "0";
sBin += (f1.ku_4keyagree.checked) ? "1" : "0";
sBin += (f1.ku_5keycertsign.checked) ? "1" : "0";
sBin += (f1.ku_6crlsign.checked) ? "1" : "0";
sBin += (f1.ku_7enconly.checked) ? "1" : "0";
sBin += (f1.ku_8deconly.checked) ? "1" : "0";
param.bin = sBin;
params.ext.push(param);
}
if (f1.eku_exists.checked) {
var param = {extname:"extKeyUsage",array:[]};
var a = param.array;
param.critical = (f1.eku_critical.checked) ? true : false;
if (f1.eku_srv.checked) a.push('serverAuth');
if (f1.eku_cli.checked) a.push('clientAuth');
if (f1.eku_code.checked) a.push('codeSigning');
if (f1.eku_email.checked) a.push('emailProtection');
if (f1.eku_time.checked) a.push('timeStamping');
params.ext.push(param);
}
if (f1.cdp_exists.checked && f1.cdp_uri.value != '') {
var param = {extname:"cRLDistributionPoints", array:[]};
param.critical = (f1.cdp_critical.checked)? true : false;
param.array.push({fulluri: f1.cdp_uri.value});
params.ext.push(param);
}
// SAN
var aSAN = [];
if (f1.san1_val.value !== "") {
var san = {};
san[f1.san1_type.value] = f1.san1_val.value;
aSAN.push(san);
}
if (f1.san2_val.value !== "") {
var san = {};
san[f1.san2_type.value] = f1.san2_val.value;
aSAN.push(san);
}
if (f1.san3_val.value !== "") {
var san = {};
san[f1.san3_type.value] = f1.san3_val.value;
aSAN.push(san);
}
if (aSAN.length > 0) {
var param = {extname:"subjectAltName"};
param.critical = (f1.san_critical.checked) ? true : false;
param.array = aSAN;
params.ext.push(param);
}
// generate and sign certificate
params.cakey = KEYUTIL.getKey.apply(null, [f1.cakey1.value, f1.cakeypass1.value]);
var cert,certpem,certdump;
try {
cert = new KJUR.asn1.x509.Certificate(params);
certpem = cert.getPEM();
f1.newcert1.value = certpem;
} catch (ex) { alert("ISSUE ERROR: " + ex); }
try {
certdump = ASN1HEX.dump(pemtohex(certpem));
f1.newcert1dump.value = certdump;
} catch (ex) { alert("DUMP ERROR: " + ex); }
}
</script>
</head>
<body>
<!-- HEADER -->
<div id="header_wrap" class="outer">
<header class="inner">
<h1 id="project_title">JS Certification Authority</h1>
<h2 id="project_tagline">This is the world's first test certification authority by pure JavaScript ;)</h2>
<a href="https://kjur.github.io/jsrsasign/">TOP</a> |
<a href="https://github.com/kjur/jsrsasign/tags/" target="_blank">DOWNLOADS</a> |
<a href="https://github.com/kjur/jsrsasign/wiki#programming-tutorial">TUTORIALS</a> |
<a href="https://kjur.github.io/jsrsasign/api/" target="_blank">API REFERENCE</a> |
<a href="https://kjur.github.io/jsrsasign/index.html#demo" target="_blank">DEMOS</a> |
</header>
</div>
<!-- MAIN CONTENT -->
<div id="main_content_wrap" class="outer">
<section id="main_content" class="inner">
<!-- now editing -->
<form name="form1">
<h4>(Step1) Fill CA private key (PEM formatted PKCS#5 RSA key) and passcode</h4>
<textarea name="cakey1" cols="80" rows="6">-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A6AE7A163CC2609A
DtnpA2/qSFl0xKMETlh4oMxeo7PZSpX4+7Oo6yNvncNBGzzdLerMfo9vmjNGRJY2
L2DhpI2XxQwNTlNZFKi/9kjDOV79d14Pkw14AC74ZpiRZhEQoXcxHVuQPJir2ym5
oLWGQ1o3e6W0iIJJSPV9REv82TtBAOAhs6yKcm8pRhXlMPh1v4x5uYJJ7QhJBzii
FMQUkY+fsFCU5KSvN2mvNV71pW63Tk7p8y61+UjZxvC3TPv5JiY+7hsNGw/GqwPS
Zykh1G2YT6HhFp/Ym5ngbZi8UiuR7rtwR/zKLSJzKoGU3aWUKUssWLLUUZfxrKYa
XiT4w49daOJmFJ7TcYo/w/9NTHDqQjFJUmUAbzluWgNRLv43MX0/rOzYprkp2Jl0
mkzy+YGw5PR7zyLheMPrork14eBY/uVR327SsGEogP9Y4t8wlwp9dSaxmaPe7/yi
nQRqPSJqbD+9gJqZRYrfN4cq+dibu2v/P1z7rZ/nmKPxiq4m4OSOl2ah8ZuQjPkd
lyD5LXMUYRVX9BaKMYGT8YwlvUJJ0LgSYYUnyDzPm3posWoj+BNuLnybRDvHCnGZ
DxPlHOI47swSQ4j4Khcv3O1V/UXIoREw+Fz7IGKqUb7Ku9cNjr7h4zJrbLRwksZ7
VtTH73u+IB98qkDBIaTKNSEJ8DsxQ6xFZTnfZsYcDvXVfoUoF1sfL0sTmgvrNqUn
OG9V34LwWOxfMc/SIFX/06u8TuAow+7PH0rvLzqdRrZme8iG4bNNcQClaiJzcFjC
ZKazMs0Pt1sc/htY3SjXEqGvdlXJWg8q5nOOtx6TBAbJphtNrfmRBuQK5jV4g4bs
W1p1q7KHvyq3qONIRPtGCT10sB7Ss5PT1WxscXyWDKMnPtEFCX85fNCMEfqSUsFd
ny2kq8CDcVWYeoAbWZ8wi/QgJFoVE3/ktVxUHMSbH2f4mbpYcHEgD7A+xNQCYgIC
bAUZqMGnmiXXVBRCROSsYSaM0AgeXMd1htvqvuLsWSsJpbD5eAbMMSIyrDKbHkU5
A8oe013Woa/M7OReXTC/lUp4XE/IjK19aXqN2A6LbU15kMx5e1inDZ3ZLQaMb2+j
fkysSkGpQRxoD95BmuiQJmXfRl+gHt3EX4kd6E9an8/t6jrRsfgXFN98eCiB5lGw
Q35OzV3EeYV6n4QSEOJgkB42b8oeGbmpHf6dEWVksTtGNJRNYW0elXVCW2L/6bOA
PiPQR2y5fbaNntBjsisGG9XDMK7Nexn+NOQYqBvEr5Z4p/odci2q/yPvkWdIYW6q
NyEJG3R48H4OB5ZfXa168oQolke//2J1Bz9BYcxHRtT/WnfQeU5XS1LXbuJ83Q51
/g6HqxRCng+4cLHuOTZ5sZa9qelbWllS8/D21CUGzUP28/2IGgdCqM+goZQZUH4E
0PSEC4YbhvNqz4g8+TG+WKYFJOyTk0ntYkSitQAzDmA/rIQuIbQ9+JAj4g+fCjXJ
gpeOxNW7g4FC0ZrzJhHiblwk7i7PthBDFOkEPGMDMFSMUzzkOxBcBiQ7oKVZXPuE
ectXs6OFc5EXAkUZzgI/dsoGaqv7b1ikarKWdX1HqiRpxLO/Ol17Pg==
-----END RSA PRIVATE KEY-----</textarea>
<br/>
CA KEY PASSCODE(=hoge): <input type="password" name="cakeypass1" value="hoge" size="0"/>
<br/>
<!-- ============================================================== -->
<h4>(Step2) Fill Issuing Certificate Fields</h4>
<table>
<tr><td>Serial:</td><td><input type="text" name="serial1" value="76" size="20"/></td></tr>
<tr><td>Issuer DN:</td><td><input type="text" name="issuer1" value="/C=US/O=JS-TEST-CA" size="80"/></td></tr>
<tr><td>Validity:</td><td>
From <input type="text" name="notbefore1" value="130501235959Z" size="20"/>
To <input type="text" name="notafter1" value="230501235959Z" size="20"/>
</td></tr>
<tr><td>Subjec DN:</td><td><input type="text" name="subject1" value="/C=US/CN=Test User1" size="80"/></td></tr>
<tr><td>Subject<br/>Public Key</td><td>
<textarea name="pubkey1" cols="80" rows="3">-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qiw8PWs7PpnnC2BUEoD
RcwXF8pq8XT1/3Hc3cuUJwX/otNefr/Bomr3dtM0ERLN3DrepCXvuzEU5FcJVDUB
3sI+pFtjjLBXD/zJmuL3Afg91J9p79+Dm+43cR6wuKywVJx5DJIdswF6oQDDzhwu
89d2V5x02aXB9LqdXkPwiO0eR5s/xHXgASl+hqDdVL9hLod3iGa9nV7cElCbcl8U
VXNPJnQAfaiKazF+hCdl/syrIh0KCZ5opggsTJibo8qFXBmG4PkT5YbhHE11wYKI
LwZFSvZ9iddRPQK3CtgFiBnXbVwU5t67tn9pMizHgypgsfBoeoyBrpTuc4egSCpj
sQIDAQAB
-----END PUBLIC KEY-----</textarea><br/>
NOTE: This shall be 'BEGIN PUBLIC KEY', not 'BEGIN RSA PUBLIC KEY'.</td></tr>
<tr><td colspan="2">
Basic Constraints:
exists<input type="checkbox" name="bc_exists" value="1" checked/>
critical<input type="checkbox" name="bc_critical" value="1" checked/>
cAflag<input type="checkbox" name="bc_ca" value="1"/>
pathLen<input type="text" name="bc_pathlen" size="3"/>
</td></tr>
<tr><td colspan="2">
Key Usage:
exists<input type="checkbox" name="ku_exists" value="1" checked/>
critical<input type="checkbox" name="ku_critical" value="1"/>
<br/>
<input type="checkbox" name="ku_0dsig" value="1" checked/> digitalSignature(0)
<input type="checkbox" name="ku_1nonrep" value="1"/> nonRepudiation(1)
<input type="checkbox" name="ku_2keyenc" value="1"/> keyEncipherment(2)<br/>
<input type="checkbox" name="ku_3datenc" value="1"/> dataEncipherment(3)
<input type="checkbox" name="ku_4keyagree" value="1"/> keyAgreement(4)
<input type="checkbox" name="ku_5keycertsign" value="1"/> keyCertSign(5)<br/>
<input type="checkbox" name="ku_6crlsign" value="1"/> cRLSign(6)
<input type="checkbox" name="ku_7enconly" value="1"/> encipherOnly(7)
<input type="checkbox" name="ku_8deconly" value="1"/> decipherOnly(8)<br/>
</td></tr>
<tr><td colspan="2">
Extended Key Usage:
exists<input type="checkbox" name="eku_exists" value="1"/>
critical<input type="checkbox" name="eku_critical" value="1"/>
<br/>
<input type="checkbox" name="eku_srv" value="1"/> serverAuth
<input type="checkbox" name="eku_cli" value="1"/> clientAuth
<input type="checkbox" name="eku_code" value="1"/> codeSigning
<input type="checkbox" name="eku_email" value="1"/> emailProtection
<input type="checkbox" name="eku_time" value="1"/> timeStamping
</td></tr>
<tr><td colspan="2">
CRL DistributionPoints:
exists<input type="checkbox" name="cdp_exists" value="1" checked/>
critical<input type="checkbox" name="cdp_critical" value="1"/>
<br/>
URL<input type="text" name="cdp_uri" value="http://crl.example.com/jsca.crl" size="80"/>
</td></tr>
<tr><td colspan="2">
subjectAltName:
critical<input type="checkbox" name="san_critical" value="0"/>
<br/>
<select name="san1_type">
<option value="dns" selected>DNS
<option value="rfc822">rfc822
<option value="uri">URI
<option value="dn">DN
<option value="ip">IPAddress
</select>
<input type="text" name="san1_val" size="80" value="example.com"><br/>
<select name="san2_type">
<option value="dns">DNS
<option value="rfc822" selected>rfc822
<option value="uri">URI
<option value="dn">DN
<option value="ip">IPAddress
</select>
<input type="text" name="san2_val" size="80"><br/>
<select name="san3_type">
<option value="dns">DNS
<option value="rfc822">rfc822
<option value="uri" selected>URI
<option value="dn">DN
<option value="ip">IPAddress
</select>
<input type="text" name="san3_val" size="80"><br/>
</tr>
</table>
<h4>(Step3) Press "Issue Certificate" button</h4>
<input type="button" value="Issue Certificate" onClick="doIssue();"/>
<input type="reset" name="reset" value="Reset"/>
<h2>Issued Certificate</h2>
<textarea name="newcert1" cols="80" rows="8"></textarea>
<br/>
<textarea name="newcert1dump" cols="80" rows="8"></textarea>
</form>
Another version of CA is also available
<a href="tool_ca2.html">here</a>.
<!-- now editing -->
</section>
</div>
<!-- FOOTER -->
<div id="footer_wrap" class="outer">
<footer class="inner">
<p class="copyright">jsrsasign maintained by <a href="https://github.com/kjur">kjur</a></p>
<p>Published with <a href="https://pages.github.com">GitHub Pages</a></p>
<div align="center" style="color: white">
Copyright © 2010-2020 Kenji Urushima. All rights reserved.
</div>
</footer>
</div>
</body>
</html>