[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [pki-devel][PATCH] 0038-Unable-to-select-ECC-Curves-from-EE-fix.patch



Ticket #1446:

Without the crypto object, the user is now presented with a very bared bones
keygen tag powered UI. One can only select a key strength and only use RSA.

This fix adds simple UI to make better use of the keygen tag:

1. Allows the use of ECC.
2. Gives simple info on how the key strengths map to RSA key size and
ECC curves.

When the user selects High, they get RSA 2043, and ECC nistp384.
When the user selects Medium, they get RSA 1024, and ECC nistp256.

Tested work with the server to issue both RSA and ECC certs of the 4 strengths mentioned above.
From 8136c2a87ec78e9ae8d1097f5f57e1d653177ea0 Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne localhost localdomain>
Date: Tue, 30 Jun 2015 17:22:23 -0700
Subject: [PATCH] Unable to select ECC Curves from EE fix.

Ticket #1446:

Without the crypto object, the user is now presented with a very bared bones
keygen tag powered UI. ONe can only select a key strength and only use RSA.

This fix adds simple UI to make better use of the keygen tag:

1. Allows the use of ECC.
2. Gives simple info on how the key strengths map to RSA key size and
ECC curves.

When the user selects High, they get RSA 2043, and ECC nistp384.
When the user selects Medium, they get RSA 1024, and ECC nistp256.
---
 .../shared/webapps/ca/ee/ca/ProfileSelect.template | 81 +++++++++++++++++++++-
 1 file changed, 80 insertions(+), 1 deletion(-)

diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
index 0e68e36..5075962 100644
--- a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
+++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
@@ -47,6 +47,71 @@ var key = new Object();
 key.type = "EC";
 keyList[1] = key;
 
+function getKeyStrengthTableForKeyGen() {
+
+  document.writeln("<table border='1'> <caption> KeyGen Key Strength Info </caption> <tr> <th> Key Type </th> <th> High Grade </th> <th> Medium Grade </th> </tr>");
+  document.writeln("<td> RSA </td> <td> 2048 </td> <td> 1024 </tr> </td>");
+  document.writeln("<td> ECC </td> <td> nistp384 </td> <td> nistp256 </td>");
+  document.writeln("</table>");
+
+}
+
+function getKeyTypesOptionsForKeyGen() {
+    var keyTypesDef = "RSA";
+    var keyTypes = null;
+    for (var i = 0; i < policySetListSet.length; i++) {
+      for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+        if (typeof(policySetListSet[i].policySet[j].constraintSet) != "undefined") {
+          for (var k = 0; k < policySetListSet[i].policySet[j].constraintSet.length; k++) {
+            if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyType") {
+              if (policySetListSet[i].policySet[j].constraintSet[k].value == "-") {
+                  keyTypes = "RSA,EC";
+              } else {
+                 keyTypes = policySetListSet[i].policySet[j].constraintSet[k].value;
+              }
+            }
+          }
+        }
+      }
+    }
+
+    if(keyTypes == null) {
+      keyTypes = keyTypesDef;
+    }
+
+    var keyTypesRet = keyTypes.split(",");
+    var options = "";
+    var optionLabel = "";
+    var selected = "";
+    for(types= 0 ; types < keyTypesRet.length ; types ++) {
+      if(keyTypesRet[types] == "EC") {
+        optionLabel = "ECC"; 
+      } else {
+        optionLabel = keyTypesRet[types];
+      }
+
+      if( types == 0 ) {
+          selected = "SELECTED";
+      } else {
+          selected = "";
+      }
+ 
+      options += '<OPTION value=' + '\"' + keyTypesRet[types] + '\" ' + selected + ' > ' + optionLabel + ' </OPTION> ';
+    }
+
+    return options;
+}
+
+function keyGenKeyTypeSelected(keygenObj,keyTypeSelectObj) {
+
+    if(keygenObj == null || keyTypeSelectObj == null)
+        return;
+
+    var selectedValue = keyTypeSelectObj.options[keyTypeSelectObj.selectedIndex].value;
+
+     keygenObj.setAttribute("keytype", selectedValue);
+}
+
 function keyTypeOptions (keyPurpose)
 {
   var keyType = "RSA";
@@ -682,7 +747,21 @@ for (var m = 0; m < inputPluginListSet.length; m++) {
         }
         document.writeln('<input type=hidden name=cert_request value="">');
       } else {
-        document.writeln('<KEYGEN name=' + inputListSet[n].inputId + '>');
+
+        getKeyStrengthTableForKeyGen();
+
+        var keyTypesOptions = getKeyTypesOptionsForKeyGen();
+
+        var keygendata = '<KEYGEN id=\"keygentag\" ' + ' name= ' + '\"' + inputListSet[n].inputId + '\" ' + ' KEYTYPE=\"EC\" KEYPARAMS=\"none\"   > '  ;
+        document.writeln(keygendata);
+
+        var keygenObj = document.getElementById("keygentag");
+        var selectKeyTypeData = '<SELECT id=\"keyTypeSelectedId\" name=\"selectKeyType\"  onChange=\"keyGenKeyTypeSelected(keygenObj,this);\"   > '   + keyTypesOptions + '</SELECT> ' ;
+
+        document.writeln(selectKeyTypeData);
+
+        var selectKeyTypeObject = document.getElementById("keyTypeSelectedId");
+        keyGenKeyTypeSelected(keygenObj,selectKeyTypeObject);
       }
     } else if (inputListSet[n].inputSyntax == 'dual_keygen_request_type') {
       keygen_request = 'true';
-- 
2.1.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]