Jan Dittberner
1f8c44689e
This commit adds CSRF protection based on the gorilla/csrf package. Node dependencies have been updated. Logging uses sirupsen/logrus for log level support now.
182 lines
No EOL
8.8 KiB
HTML
182 lines
No EOL
8.8 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
|
|
|
<!-- Bootstrap CSS -->
|
|
<link rel="stylesheet" href="css/styles.min.css"
|
|
integrity="sha384-vKuz4xd0kXa+x9wRdibDAVE8gXC/1up2T9QVSas8Rk07AZhzOzbwFdj00XUjOO4i" crossorigin="anonymous">
|
|
<meta name="theme-color" content="#ffffff">
|
|
|
|
<title>{{ .Title }}</title>
|
|
</head>
|
|
<body>
|
|
<div class="container">
|
|
<h1>{{ .Title }}</h1>
|
|
<div class="row">
|
|
<div class="col-12">
|
|
<form id="csr-form">
|
|
{{ .csrfField }}
|
|
<div class="form-group">
|
|
<label for="nameInput">{{ .NameLabel }}</label>
|
|
<input type="text" class="form-control" id="nameInput" aria-describedby="nameHelp" required
|
|
minlength="3">
|
|
<small id="nameHelp" class="form-text text-muted">{{ .NameHelpText }}</small>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="passwordInput">{{ .PasswordLabel }}</label>
|
|
<input type="password" class="form-control" id="passwordInput" aria-describedby="nameHelp" required
|
|
minlength="8">
|
|
</div>
|
|
<fieldset class="form-group">
|
|
<legend>{{ .RSAKeySizeLegend }}</legend>
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="radio" name="keySize" id="size3072" value="3072" checked>
|
|
<label class="form-check-label" for="size3072">{{ .RSA3072Label }}</label>
|
|
</div>
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="radio" name="keySize" id="size2048" value="2048">
|
|
<label class="form-check-label" for="size2048">{{ .RSA2048Label }}</label>
|
|
</div>
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="radio" name="keySize" id="size4096" value="4096">
|
|
<label class="form-check-label" for="size4096">{{ .RSA4096Label }}</label>
|
|
</div>
|
|
<small id="keySizeHelp" class="form-text text-muted">{{ .RSAHelpText }}</small>
|
|
</fieldset>
|
|
<button type="submit" id="gen-csr-button" class="btn btn-primary">{{ .CSRButtonLabel }}</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
<div id="status-block" class="d-none row">
|
|
<div class="col-12">
|
|
<div class="d-flex align-items-center">
|
|
<strong id="status-text">{{ .StatusLoading }}</strong>
|
|
<div class="spinner-border ml-auto" id="status-spinner" role="status" aria-hidden="true"></div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="row">
|
|
<div class="col-12">
|
|
<div id="result">
|
|
<button type="button" disabled id="send-button" class="btn btn-default disabled">
|
|
{{ .SendCSRButtonLabel }}
|
|
</button>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<pre id="key"></pre>
|
|
<pre id="csr"></pre>
|
|
<pre id="crt"></pre>
|
|
</div>
|
|
<script src="js/jquery.min.js" integrity="sha384-ZvpUoO/+PpLXR1lu4jmpXWu80pZlYUAfxl5NsBMWOEPSjUn/6Z/hRTt8+pR6L4N2"
|
|
crossorigin="anonymous"></script>
|
|
<script src="js/forge.all.min.js" integrity="sha384-VfWVy4csHnuL0Tq/vQkZtIpDf4yhSLNf3aBffGj3wKUmyn1UPNx4v0Pzo9chiHu1"
|
|
crossorigin="anonymous"></script>
|
|
<script src="js/bootstrap.bundle.min.js"
|
|
integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx"
|
|
crossorigin="anonymous"></script>
|
|
<script src="js/i18next.min.js" integrity="sha384-Juj1kpjwKBUTV6Yp9WHG4GdeoMxCmx0zBN9SkwlyrAh5QYWb3l4WrfG7oTv/b00a"
|
|
crossorigin="anonymous"></script>
|
|
<script>
|
|
async function postData(url = '', data = {}, csrfToken) {
|
|
const response = await fetch(url, {
|
|
method: 'POST',
|
|
mode: 'cors',
|
|
cache: 'no-cache',
|
|
credentials: 'same-origin',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'X-CSRF-Token': csrfToken,
|
|
},
|
|
redirect: "error",
|
|
referrerPolicy: "no-referrer",
|
|
body: JSON.stringify(data),
|
|
});
|
|
return response.json()
|
|
}
|
|
|
|
document.addEventListener("DOMContentLoaded", function () {
|
|
i18n.init({fallbackLng: 'en', debug: true}, (err) => {
|
|
if (err) return console.log('something went wrong loading', err);
|
|
});
|
|
|
|
const keyElement = document.getElementById('key');
|
|
document.getElementById('csr-form').onsubmit = function (event) {
|
|
const subject = event.target["nameInput"].value;
|
|
const password = event.target["passwordInput"].value;
|
|
const csrfToken = event.target["csrfToken"].value;
|
|
const keySize = parseInt(event.target["keySize"].value);
|
|
if (isNaN(keySize)) {
|
|
return false;
|
|
}
|
|
const spinner = document.getElementById('status-spinner');
|
|
const statusText = document.getElementById('status-text');
|
|
const statusBlock = document.getElementById('status-block');
|
|
statusBlock.classList.remove('d-none');
|
|
spinner.classList.remove('d-none');
|
|
|
|
const state = forge.pki.rsa.createKeyPairGenerationState(keySize, 0x10001);
|
|
statusText.innerHTML = i18n.t('keygen.started');
|
|
const startDate = new Date();
|
|
const step = function () {
|
|
let duration = (new Date()).getTime() - startDate.getTime();
|
|
let seconds = Math.floor(duration / 100) / 10;
|
|
if (!forge.pki.rsa.stepKeyPairGenerationState(state, 100)) {
|
|
setTimeout(step, 1);
|
|
statusText.innerHTML = i18n.t('keygen.running', {seconds: seconds}); // `key generation running for ${seconds} seconds`;
|
|
} else {
|
|
statusText.innerHTML = i18n.t('keygen.generated', {seconds: seconds}); // ``
|
|
spinner.classList.add('d-none');
|
|
const keys = state.keys;
|
|
keyElement.innerHTML = forge.pki.privateKeyToPem(keys.privateKey);
|
|
const csr = forge.pki.createCertificationRequest();
|
|
|
|
csr.publicKey = keys.publicKey;
|
|
csr.setSubject([{
|
|
name: 'commonName',
|
|
value: subject,
|
|
valueTagClass: forge.asn1.Type.UTF8,
|
|
}]);
|
|
csr.sign(keys.privateKey, forge.md.sha256.create());
|
|
|
|
const verified = csr.verify();
|
|
if (verified) {
|
|
let csrPem = forge.pki.certificationRequestToPem(csr);
|
|
document.getElementById("csr").innerHTML = csrPem;
|
|
const sendButton =
|
|
document.getElementById("send-button");
|
|
sendButton.addEventListener("click", function () {
|
|
postData("/sign/", {"csr": csrPem, "commonName": subject}, csrfToken)
|
|
.then(data => {
|
|
console.log(data);
|
|
document.getElementById("crt").innerHTML = data["certificate"];
|
|
const certificate = forge.pki.certificateFromPem(data["certificate"]);
|
|
// browsers have trouble importing anything but 3des encrypted PKCS#12
|
|
const p12asn1 = forge.pkcs12.toPkcs12Asn1(
|
|
keys.privateKey, certificate, password,
|
|
{algorithm: '3des'}
|
|
);
|
|
const p12Der = forge.asn1.toDer(p12asn1).getBytes();
|
|
const p12B64 = forge.util.encode64(p12Der);
|
|
|
|
const a = document.createElement('a');
|
|
a.download = 'client_certificate.p12';
|
|
a.setAttribute('href', 'data:application/x-pkcs12;base64,' + p12B64);
|
|
a.appendChild(document.createTextNode("Download"));
|
|
document.getElementById('result').appendChild(a);
|
|
});
|
|
});
|
|
sendButton.removeAttribute("disabled");
|
|
sendButton.classList.remove("disabled");
|
|
}
|
|
}
|
|
}
|
|
setTimeout(step);
|
|
return false;
|
|
};
|
|
});
|
|
</script>
|
|
</body>
|
|
</html> |