search

PeculiarVentures / fortify-examples

Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is a set of examples of how to use Fortify in your own applications.
MIT License
8 stars 5 forks source link

Uncaught (in promise) CryptoServerError: Cannot parse Certificate or Certificate Request from incoming ASN1 #12

Open antonioaraujob opened 2 years ago

antonioaraujob commented 2 years ago

Dear Friends of Fortity, I hope you are fine.

I am testing fortify-examples using a SafeNet 5110 USB token for generating a CSR.

When I open https://peculiarventures.github.io/fortify-examples/example1.html the web page lists the provider (SafeNet eToken 5100), however when I try to create the CSR I see the following in the Browser’s console:

Screen Shot 2021-08-26 at 10 08 13 AM

It seems the CSR object was created but the importCert() function fails. 

// Convert request to DER
const derRequest = request.toSchema(true).toBER(false);
const base64 = DerToPem(derRequest, "CERTIFICATE REQUEST");
console.log(base64);

// import key to crypto
const req = await crypto.certStorage.importCert("request", derRequest, alg, ["sign", "verify"]);

I also checked the Fortify’s log and I could see the following:

Screen Shot 2021-08-26 at 10 19 12 AM

Could you please guide me on how to fix this issue?

Is this related to a dependency version?

I have a little doubt about CSR generation process. Please excuse me if this is a basic question but I understand that WebCrypto is using the Provider to generate the key pair, so I would like to know why we have to import the CSR and keys as follows:

// import key to crypto
const req = await crypto.certStorage.importCert("request", derRequest, alg, ["sign", "verify"]);

// add keys and request to storage
const privateKeyIndex = await crypto.keyStorage.setItem(keys.privateKey);
const publicKeyIndex = await crypto.keyStorage.setItem(keys.publicKey);
const requestIndex = await crypto.certStorage.setItem(req);

Best regards

Antonio

donskov commented 2 years ago

@antonioaraujob Hello and thank you for the issue. Related for me too on NSS Certificate DB provider. We will investigate what happened.

antonioaraujob commented 2 years ago

Hello @donskov, thanks for your comments and your time.

Yes, you are right. I also saw the same behavior for MacOS Crypto provider:

Screen Shot 2021-08-26 at 1 25 15 PM

and NSS Certificate DB provider:

Screen Shot 2021-08-26 at 1 25 40 PM

Best regards

donskov commented 2 years ago

@antonioaraujob I think the problem was fixed. Please try to run the example again.

antonioaraujob commented 2 years ago

Dear @donskov, I hope you are fine. I run the example again and it worked for MacOS Crypto provider:

MacOSCrypto

and SafeNet eToken 5100 provider:

token

For NSS Certificate DB I got the following:

nssCertificateDB

Thank you very much for the support.

Best regards

donskov commented 2 years ago

@microshine Hey. Do you know anything about it? Maybe NSS Certificate DB doesn't support CSR?

microshine commented 2 years ago

We are using CKO_DATA for CSR keeping. As I can remember NSS doesn't support that type of objects

rmhrisk commented 2 years ago

Then sounds like we need to come up with an alternative way for NSS?