jandd
/
poc-browser-csr-generation
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Proof-of-concept implementation of in-Browser CSR generation for client certificates
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 Commits
1 Branch
0 Tags
570 KiB
 
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
Jan Dittberner 30c7ddba80
Update gulp setup 		7 months ago
cmd/goose Change repository URL and module paths 7 months ago
handlers Add support for dynamic set of sub CAs 10 months ago
migrations Add migration for languages 10 months ago
src Implement CSRF protection 3 years ago
templates Implement CSR validation 3 years ago
.gitignore Improve example CA setup 3 years ago
COPYING Add GPL-2 license text 3 years ago
README.md Update gulp setup 7 months ago
active.de-DE.toml Decouple request and response via WebSocket 3 years ago
active.en-US.toml Decouple request and response via WebSocket 3 years ago
active.en.toml Decouple request and response via WebSocket 3 years ago
ca.cnf Setup more CAB forum compliant CA structure 10 months ago
go.mod Change repository URL and module paths 7 months ago
go.sum Tidy dependencies 10 months ago
gulpfile.js Update gulp setup 7 months ago
main.go Change repository URL and module paths 7 months ago
package-lock.json Update gulp setup 7 months ago
package.json Update gulp setup 7 months ago
setup_example_ca.sh Setup more CAB forum compliant CA structure 10 months ago

README.md

Browser PKCS#10 CSR generation PoC

This repository contains a small proof of concept implementation of browser based PKCS#10 certificate signing request and PKCS#12 key store generation using node-forge.

The backend is implemented in Go and utilizes openssl for the signing operations. The instructions below have been tested on Debian 11 (Bullseye). Debian 10 works when you use a manual installation of Go.

Running

  1. Install dependencies

    sudo apt install git npm openssl golang-go

  2. Clone the repository

    git clone https://code.cacert.org/jandd/poc-browser-csr-generation.git

  3. Get dependencies and build assets

    cd poc-browser-csr-generation
npm install --no-save --user gulp-cli
npm install
npm run build

  4. Setup the example CA and a server certificate and key

    ./setup_example_ca.sh
openssl req -new -x509 -days 365 -subj "/CN=localhost" \
  -addext subjectAltName=DNS:localhost -newkey rsa:3072 \
  -nodes -out server.crt.pem -keyout server.key.pem

  5. Run the Go based backend

    go run main.go

    Open https://localhost:8000/ in your browser.

  6. Run gulp watch

    You can run a gulp watch in a second terminal window to automatically publish changes to the files in the src directory:

    npm run watch

Translations

This PoC uses go-i18n for internationalization (i18n) support.

The translation workflow needs the go18n binary which can be installed via

go get -u  github.com/nicksnyder/go-i18n/v2/goi18n

To extract new messages from the code run

goi18n extract

Then use

goi18n merge active.*.toml

to create TOML files for translation as translate.<locale>.toml. After translating the messages run

goi18n merge active.*.toml translate.*.toml

to merge the messages back into the active translation files. To add a new language you need to add the language code to main.go's i18n bundle loading code

for _, lang := range []string{"en-US", "de-DE"} {
    if _, err := bundle.LoadMessageFile(fmt.Sprintf("active.%s.toml", lang)); err != nil {
        log.Panic(err)
    }
}