I have written an input form (in ServiceNow) for admins to request a new certificate via a Cert Authority integration. However prior to submission i want to validate the Certificate Signing request has the correct headers and a keylength of 2048.
Example of CSR:
-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwYDEqMCgGCSqGSIb3DQEJARYbamFtZXN0b21saW5zb25AbmJu
Y28uY29tLmF1MSUwIwYDVQQDDBxTZXJ2aWNlTm93LlRlc3QuSnVseTIxLkxvY2Fs
MQswCQYDVQQGEwJBVTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpd
VbZG3Ph+UdiOYh+zFqH6pIavANGytWcvEnloG/DboW+JxpWQBqmZqvOZgWnPyC06
wS4f/YpElLFX83/+jLc6Gt3B/QDgfxhGaVnurDx56RvTM1LQVfBZJ3l+OYUmAof+
YB25aRhKQ4krWvXGMUujoi5QSl9yNZlAIzgpjgJ7cRHcbUhlOdcQVz/WnC2dcWB3
H/vLPIzciODOrzwIq1lSJ3OkdOJJ23Ifu19e9ySJsWYoC28THm6Ub8Z9gHHlPTfO
im5UxZFBZjLkx/YphQNNqcMxFMCO/CDo1bZlggws61O2liPzC8LpGwkroYIxngoQ
5rbvm/uyG/HelAFZYT0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCouy3b62xV
Bu4Scd38HMgtaTCHOndutsuwNnYF6SpxdSTYYMVQIa+gHy3N4vpQ+lNboPlOhsQd
58Jt9iwnmYCR32d36FVmsIpu5xAwweQUBK5v/GIPx5yjY0k8bTFC3vJUsIxbClwC
UtUE5p7p+Ulm+4olk/+VYeKtvE+l+e89NQ4sBlOE5JVSulRsxLjRfQscvj/0Ln/7
7iZQxfgL/Vv1UUBiLfTEmfSyu5i7IomoAUBSJ9xipbh5OWolqHzIBmpQY504Es3X
Ojs9d6KwyCSu5S2yUoj98C+OidqkHXDSfwWQSCfWn1vCuTFQlFS5viYK2pzIjozE
71owCWT8RpGd
-----END CERTIFICATE REQUEST-----
I plan to write a quick client side script to validate the input, but i'm a little stumped on the syntax. Any help appreciated.
This will be very difficult to do up...
Checking the CSR headers is relatively straight forward... you can do something like the following in an onSubmit script
var totalString = g_form.getValue('fieldName').trim();
var headerString = totalString.slice(0, 35);
var encodedCertString = totalString.substring(35, totalString.length - 33);
var footerString = totalString.slice(totalString.length - 33);
var validCert = true;
validCert &= (headerString == '-----BEGIN CERTIFICATE REQUEST-----');
validCert &= (footerString == '-----END CERTIFICATE REQUEST-----');
if(!validCert){
g_form.addErrorMessage('CSR in field missing correct headers');
return false;
}
Where things get "interesting" is that what is between the headers and footer of the CSR is a Base64 encoded PKCS10 binary block of data. Writing a function to deal with binary data is generally beyond what you will want to do in a client side function... the public key itself is merely a portion of that PCKS10 binary package.. not the whole.. so there is no easy way to "decode" it to iterate through the raw binary bites to find the actual key and measure its bit length. Have a look at the PCKS10 binary package format here: https://en.wikipedia.org/wiki/Certificate_signing_request
Most folks that have online CSR decoders actually pass the input to OpenSSL and have it parse the request and report on all of the data that makes it up... For instance: https://redkestrel.co.uk/products/decoder/. You could do something similar but doing so would require a hackish/creative use of a custom MID Server script that you could call using a custom probe... Again.. not something that you would want to mess with within the bounds of a ServiceNow client script.