signing a CSR with pkijs

Published

I am trying to sign a CSR with a local certificate using pkijs library but CA always returns an error: Failed to parse the PKIOperation request.

I also think sign method in pkijs only returns the signature and not the enveloped data with it as my enveloped data size is quite larger than signed data size.

Here is the code I am using to sign the data:

public signScepCsr(csr: ArrayBuffer, signingCert: Certificate, privateKey: any) {
        let sequence = Promise.resolve();

        //region Create a message digest
        const crypto = getCrypto();
        sequence = sequence.then(() => crypto.digest({ name: this.hashAlg }, new Uint8Array(csr)));

        //region Combine all signed extensions
        sequence.then(result => {
            var signedAttr = [];

            signedAttr.push(new Attribute({
                type: "1.2.840.113549.1.9.3",
                values: [new asn1js.ObjectIdentifier({ value: this.envelopedDataOid })]
            })); // contentType

            signedAttr.push(new Attribute({
                type: "1.2.840.113549.1.9.5",
                values: [new asn1js.UTCTime({ valueDate: new Date() })]
            })); // signingTime

            signedAttr.push(new Attribute({
                type: "1.2.840.113549.1.9.4",
                values: [new asn1js.OctetString({ valueHex: result })]
            })); // messageDigest

            return signedAttr;
        });
        
        sequence.then(result => {
            let certSigned = new SignedData({
                version: 1,
                encapContentInfo: new EncapsulatedContentInfo({
                    eContentType: this.envelopedDataOid
                }),
                signerInfos: [new SignerInfo({
                    version: 1,
                    sid: new IssuerAndSerialNumber({
                        issuer: signingCert.issuer,
                        serialNumber: signingCert.serialNumber
                    }),
                    messageType: 19,
                    transactionID: Guid.create().toString(),
                })],
                certificaes: [signingCert]
            });

            certSigned.signerInfos[0].signedAttrs = new asn1js.SignedAndUnsignedAttributes({
                type: 0,
                attributes: result
            });

            // Sign the CSR buffer with local certificate private key.
            // return certSigned.sign(privateKey, 0, this.hashAlg, csr);
            var contentInfo = new EncapsulatedContentInfo({
                eContent: new asn1js.OctetString({ valueHex: csr })
            });

            certSigned.encapContentInfo.eContent = contentInfo.eContent;

            return certSigned.sign(privateKey, 0, this.hashAlg);
        });
        
       

        let result = '';
        
        return sequence.then((result) => {
            let r2 = result as SignedData;
            let certSignedSchema = r2.toSchema(true);
            let signedContent = new ContentInfo({
                contentType: this.signedDataOid,
                content: certSignedSchema
            });
  
            let finalSignedSchema = signedContent.toSchema();
    
            //region Make length of some elements in "indefinite form"
            finalSignedSchema.lenBlock.isIndefiniteForm = true;
    
            var block1 = finalSignedSchema.valueBlock.value[1];
            block1.lenBlock.isIndefiniteForm = true;
    
            var block2 = block1.valueBlock.value[0];
            block2.lenBlock.isIndefiniteForm = true;
    
            let signedContentBuffer = finalSignedSchema.toBER(false);
    
            //let signedContentBuffer = certSignedSchema.toBER(false);
            let resultStr = window.btoa(String.fromCharCode.apply(null, new Uint8Array(signedContentBuffer)));
            return resultStr;
        },
        () => Promise.reject('Failed to successfully sign the CSR.'));
    }

Is there any suggestion?

Source: Angular Questions

Published
Categorized as angular, javascript, scep Tagged , ,

Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Still Have Questions?


Our dedicated development team is here for you!

We can help you find answers to your question for as low as 5$.

Contact Us
faq