Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new operation: Parse Certificate Signing Request (CSR) #1504

Merged
merged 2 commits into from
Apr 2, 2024

Conversation

jkataja
Copy link
Contributor

@jkataja jkataja commented Jan 22, 2023

Added new operation Parse CSR under Public Key.
The operation parses a PEM formatted Certificate Signing Request (CSR) for an X.509 certificate and visualize it.
It is limited to RSA public key algorithms only as this is the only one supported for CSR in node-forge as of 1.3.1.

Another PR #381 that implements the same operation has been stale for a while.

Sample input:

-----BEGIN CERTIFICATE REQUEST-----
MIIDtzCCAp8CAQAwgZgxCzAJBgNVBAYTAlVLMRcwFQYDVQQIDA5HcmVhdGVyIExv
bmRvbjEPMA0GA1UEBwwGTG9uZG9uMRwwGgYDVQQKDBNHZW5lcmljIENvcnBvcmF0
aW9uMRkwFwYDVQQLDBBTcGVjaWFsIFByb2R1Y3RzMSYwJAYDVQQDDB13d3cuZ2Vu
ZXJpYy1jb3Jwb3JhdGlvbi5jby51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALLy/tgblvngPZ44cKqnVe01KdxTc6DVmdL2SNG1NLNsDS6IidJi2t/S
4JhXdeR0pLl7RzE5SM9t5CcOGTWl1rOcNbBwO71amFbIChu6wGXuvJ6hv8JrLiE5
hfgVPxHSHobsHvynhFexbCBFWZkmwqB9ps0tEfauOaUBBnrp0P5nbYDwwT92BA2D
SjA4lvyVKOko/mIfOTV86r+e+UKL0Zz8tju4sBVl5HuBBK4U/zm8lQUsJrOHghmV
SExUm9Gk0H81WRFwXpe2zOKpKtNZvNEeAmC3RpC/IlMKEeJe+O9kFFlQzltQWhYP
4tkR+CDsyfrTp6pqWFuyKvT/DTimQ8MCAwEAAaCB2DCB1QYJKoZIhvcNAQkOMYHH
MIHEMEcGA1UdEQRAMD6CHXd3dy5nZW5lcmljLWNvcnBvcmF0aW9uLmNvLnVrgh1h
cGkuZ2VuZXJpYy1jb3Jwb3JhdGlvbi5jby51azAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATBGBgNVHR8EPzA9MDugOaA3
hjVodHRwczovL2NybC5nZW5lcmljLWNvcnBvcmF0aW9uLmNvLnVrL3Jldm9jYXRp
b25zLmNybDANBgkqhkiG9w0BAQsFAAOCAQEABZLRCeZ5XMIgbGXt0N1UhhmER4MB
w4De/sRzgxmr5xixHyY8LTAlDFP0L3o9/KHTgwommwbVmGVPrmjLQcn99qDHjlWM
PQN4DhQWvMQOshY4nDIM7GMEg4e8Vs6ZtzVl+EVfVO4FwS1zAK99zSrI7Ok9teHD
576ugBE9Ex7isGFmHTpMiFKx1LiSkafBjbQdE/S74W/rEKeMeCgr+SGLIwWGn0Hp
jSNZ52pjrhdHc98ZoGK8rqoLGzkIXYx6rOipMeVhaeSGoLNxGg7tIFHbq3QJq0/V
ql2PurH0f35A43LIezJA8xAZSnqaL98dBcjRGlkNVAN731nxcmHbDef1vQ==
-----END CERTIFICATE REQUEST----- 

Sample output:

Version:          1 (0x00)
Subject
  C = UK
  ST = Greater London
  L = London
  O = Generic Corporation
  OU = Special Products
  CN = www.generic-corporation.co.uk
Subject Alternative Names
  DNS: www.generic-corporation.co.uk
  DNS: api.generic-corporation.co.uk
Public Key
  Algorithm:      RSA
  Length:         2048 bits
  Modulus:        b2:f2:fe:d8:1b:96:f9:e0:3d:9e:38:70:aa:a7:55:ed:
                  35:29:dc:53:73:a0:d5:99:d2:f6:48:d1:b5:34:b3:6c:
                  0d:2e:88:89:d2:62:da:df:d2:e0:98:57:75:e4:74:a4:
                  b9:7b:47:31:39:48:cf:6d:e4:27:0e:19:35:a5:d6:b3:
                  9c:35:b0:70:3b:bd:5a:98:56:c8:0a:1b:ba:c0:65:ee:
                  bc:9e:a1:bf:c2:6b:2e:21:39:85:f8:15:3f:11:d2:1e:
                  86:ec:1e:fc:a7:84:57:b1:6c:20:45:59:99:26:c2:a0:
                  7d:a6:cd:2d:11:f6:ae:39:a5:01:06:7a:e9:d0:fe:67:
                  6d:80:f0:c1:3f:76:04:0d:83:4a:30:38:96:fc:95:28:
                  e9:28:fe:62:1f:39:35:7c:ea:bf:9e:f9:42:8b:d1:9c:
                  fc:b6:3b:b8:b0:15:65:e4:7b:81:04:ae:14:ff:39:bc:
                  95:05:2c:26:b3:87:82:19:95:48:4c:54:9b:d1:a4:d0:
                  7f:35:59:11:70:5e:97:b6:cc:e2:a9:2a:d3:59:bc:d1:
                  1e:02:60:b7:46:90:bf:22:53:0a:11:e2:5e:f8:ef:64:
                  14:59:50:ce:5b:50:5a:16:0f:e2:d9:11:f8:20:ec:c9:
                  fa:d3:a7:aa:6a:58:5b:b2:2a:f4:ff:0d:38:a6:43:c3
  Exponent:       65537 (0x10001)
Signature
  Algorithm:      sha256WithRSAEncryption
  Signature:      05:92:d1:09:e6:79:5c:c2:20:6c:65:ed:d0:dd:54:86:
                  19:84:47:83:01:c3:80:de:fe:c4:73:83:19:ab:e7:18:
                  b1:1f:26:3c:2d:30:25:0c:53:f4:2f:7a:3d:fc:a1:d3:
                  83:0a:26:9b:06:d5:98:65:4f:ae:68:cb:41:c9:fd:f6:
                  a0:c7:8e:55:8c:3d:03:78:0e:14:16:bc:c4:0e:b2:16:
                  38:9c:32:0c:ec:63:04:83:87:bc:56:ce:99:b7:35:65:
                  f8:45:5f:54:ee:05:c1:2d:73:00:af:7d:cd:2a:c8:ec:
                  e9:3d:b5:e1:c3:e7:be:ae:80:11:3d:13:1e:e2:b0:61:
                  66:1d:3a:4c:88:52:b1:d4:b8:92:91:a7:c1:8d:b4:1d:
                  13:f4:bb:e1:6f:eb:10:a7:8c:78:28:2b:f9:21:8b:23:
                  05:86:9f:41:e9:8d:23:59:e7:6a:63:ae:17:47:73:df:
                  19:a0:62:bc:ae:aa:0b:1b:39:08:5d:8c:7a:ac:e8:a9:
                  31:e5:61:69:e4:86:a0:b3:71:1a:0e:ed:20:51:db:ab:
                  74:09:ab:4f:d5:aa:5d:8f:ba:b1:f4:7f:7e:40:e3:72:
                  c8:7b:32:40:f3:10:19:4a:7a:9a:2f:df:1d:05:c8:d1:
                  1a:59:0d:54:03:7b:df:59:f1:72:61:db:0d:e7:f5:bd
Extensions
  basicConstraints CRITICAL:
    CA = false
  keyUsage CRITICAL:
    Digital signature
    Key encipherment
  extKeyUsage:
    TLS Web Server Authentication
  cRLDistributionPoints:
    (unable to format extension)

@CLAassistant
Copy link

CLAassistant commented Jan 22, 2023

CLA assistant check
All committers have signed the CLA.

@jkataja
Copy link
Contributor Author

jkataja commented May 10, 2023

Rebased on 10.4.0

Edit: Following this UI Tests failing with:

>>     An error occurred while creating a new ChromeDriver session: [SessionNotCreatedError] session not created: This version of ChromeDriver only supports Chrome version 110
>> Current browser version is 113.0.[56](https://github.com/gchq/CyberChef/actions/runs/4941870318/jobs/8834894203#step:8:57)72.63 with binary path /usr/bin/google-chrome

@jkataja
Copy link
Contributor Author

jkataja commented Oct 12, 2023

Rebased on 6ed9d45

Edit: UI Tests continue to fail with:

>> - Starting ChromeDriver on port 9515...
>> Error
>>      Response 500 POST /session (888ms)
   {
     value: {
       error: 'session not created',
       message: 'session not created: This version of ChromeDriver only supports Chrome version 114\n' +
         'Current browser version is 117.0.5938.132 with binary path /usr/bin/google-chrome',
       stacktrace: ''
     }
  }
>> ⚠ Failed to connect to ChromeDriver on localhost with port 9515.

Issue #1638 prevents merging

@pl4nty
Copy link

pl4nty commented Apr 1, 2024

@jkataja any chance you can rebase now that the blocking issue is resolved? the maintainers have been more active recently and this would be a very helpful feature

@jkataja
Copy link
Contributor Author

jkataja commented Apr 1, 2024

Rebased on 8a17aba

The checks now pass

@pl4nty thank you for the reminder!

@a3957273
Copy link
Member

a3957273 commented Apr 1, 2024

Code looks good, tested it with a CSR and verified the output contains all the fields I'd expect it to. Could we add a user facing message to show that it only supports RSA at the moment, that'd definitely confuse me (and all the cool kids are using fancy elliptic curves now)!

Although superfluous for now, perhaps an 'option' selection menu with only a single possible value:

            {
                "name": "Key type",
                "type": "option",
                "value": ["RSA"]
            },

@jkataja
Copy link
Contributor Author

jkataja commented Apr 2, 2024

perhaps an 'option' selection menu with only a single possible value

I have implemented your suggestion in fda77cf

@a3957273
Copy link
Member

a3957273 commented Apr 2, 2024

Looks fantastic, thanks for taking this on!

@a3957273 a3957273 merged commit ccd3839 into gchq:master Apr 2, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants