jan
/
browser_csr_generation
Archived
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
Proof of Concept to generate certificate signing requests in a web browser using node-forge.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
24 Commits
1 Branch
0 Tags
562 KiB
 
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
Jan Dittberner e8778dcb3a
Add notice for new project location 		10 months ago
cmd/goose WIP: migrations 10 months ago
handlers Add support for dynamic set of sub CAs 10 months ago
migrations Add migration for languages 10 months ago
src Implement CSRF protection 3 years ago
templates Implement CSR validation 3 years ago
.gitignore Improve example CA setup 3 years ago
COPYING Add GPL-2 license text 3 years ago
README.md Add notice for new project location 10 months ago
active.de-DE.toml Decouple request and response via WebSocket 3 years ago
active.en-US.toml Decouple request and response via WebSocket 3 years ago
active.en.toml Decouple request and response via WebSocket 3 years ago
ca.cnf Setup more CAB forum compliant CA structure 10 months ago
go.mod Tidy dependencies 10 months ago
go.sum Tidy dependencies 10 months ago
gulpfile.js Add CA chain to download, improve UI 3 years ago
main.go Add support for dynamic set of sub CAs 10 months ago
package-lock.json Update dependency 3 years ago
package.json Implement i18n support 3 years ago
setup_example_ca.sh Setup more CAB forum compliant CA structure 10 months ago

README.md

Browser PKCS#10 CSR generation PoC

Work that started in this repository will continue at code.cacert.org.

This repository contains a small proof of concept implementation of browser based PKCS#10 certificate signing request and PKCS#12 key store generation using node-forge.

The backend is implemented in Go and utilizes openssl for the signing operations. The instructions below have been tested on Debian 11 (Bullseye). Debian 10 works when you use a manual installation of Go.

Running

  1. Install dependencies

    sudo apt install git npm openssl golang-go

  2. Clone the repository

    git clone https://git.dittberner.info/jan/browser_csr_generation.git

  3. Get dependencies and build assets

    cd browser_csr_generation
npm install --user gulp-cli
npm install
./node_modules/.bin/gulp

  4. Setup the example CA and a server certificate and key

    ./setup_example_ca.sh
openssl req -new -x509 -days 365 -subj "/CN=localhost" \
  -addext subjectAltName=DNS:localhost -newkey rsa:3072 \
  -nodes -out server.crt.pem -keyout server.key.pem

  5. Run the Go based backend

    go run main.go

    Open https://localhost:8000/ in your browser.

  6. Run gulp watch

    You can run a gulp watch in a second terminal window to automatically publish changes to the files in the src directory:

    gulp watch

Translations

This PoC uses go-i18n for internationalization (i18n) support.

The translation workflow needs the go18n binary which can be installed via

go get -u  github.com/nicksnyder/go-i18n/v2/goi18n

To extract new messages from the code run

goi18n extract

Then use

goi18n merge active.*.toml

to create TOML files for translation as translate.<locale>.toml. After translating the messages run

goi18n merge active.*.toml translate.*.toml

to merge the messages back into the active translation files. To add a new language you need to add the language code to main.go's i18n bundle loading code

for _, lang := range []string{"en-US", "de-DE"} {
    if _, err := bundle.LoadMessageFile(fmt.Sprintf("active.%s.toml", lang)); err != nil {
        log.Panic(err)
    }
}