Merge pull request #38 from maritimeconnectivity/wasm

Use Go and WASM for cryptographic operations

Author: JinkiJung

.github/workflows/build.yml

@@ -0,0 +1,32 @@
+name: Build project
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+          cache: 'pnpm'
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.24
+          cache-dependency-path: ./go/go.sum
+
+      - name: build
+        run: |
+          pnpm install
+          pnpm run build:go
+          pnpm run build

.github/workflows/deploy-to-test-env.yml

@@ -1,34 +1,39 @@
-name: NodeJS with Webpack
+name: Deploy with Webpack
 
 on:
   push:
     branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+          cache: 'pnpm'
 
-    - uses: pnpm/action-setup@v4
-      with:
-        version: 9
-        
-    - name: Use Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: 18.x
-        cache: 'pnpm'
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.24
+          cache-dependency-path: ./go/go.sum
 
-    - name: Build
-      env:
-        GITHUB_TOKEN: ${{ secrets.PAT }}
-      run: |
-        pnpm install
-        pnpm install -g @angular/cli
-        git config --global user.name "GhPages Deploy Bot"
-        git config --global user.email "[email protected]"
-        ng deploy -c test --repo=https://github.com/maritimeconnectivity/test-management-portal-pages --cname=test-management.maritimeconnectivity.net --dir="dist/management-portal-clr"
+      - name: Build
+        env:
+          GITHUB_TOKEN: ${{ secrets.PAT }}
+        run: |
+          pnpm install
+          pnpm install -g @angular/cli
+          git config --global user.name "GhPages Deploy Bot"
+          git config --global user.email "[email protected]"
+          pnpm run build:go
+          ng deploy -c test --repo=https://github.com/maritimeconnectivity/test-management-portal-pages --cname=test-management.maritimeconnectivity.net --dir="dist/management-portal-clr"

README.md

@@ -11,9 +11,15 @@ This project was generated with [Angular CLI](https://github.com/angular/angular
 You can experience a live demo from [our public demonstrator environment](https://management.maritimeconnectivity.net).
 
 # Development
-## Requirement
-- node v20.17.0
-- pnpm v8.15.4
+## Requirements
+- node v20.17.0+
+- pnpm v9.7.0+
+- Go 1.24+
+
+## Building the Go WASM module
+The Go WASM module, which is used for generating public/private key-pairs, certificate signing request and PKCS#12 keystores, can be built by running `pnpm run build:go`.
+
+This needs to be done before performing any of the following actions.
 
 ## Development server
 

go/go.mod

@@ -0,0 +1,7 @@
+module webcrypto-test
+
+go 1.24.1
+
+require software.sslmate.com/src/go-pkcs12 v0.5.0
+
+require golang.org/x/crypto v0.36.0 // indirect

go/go.sum

@@ -0,0 +1,4 @@
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+software.sslmate.com/src/go-pkcs12 v0.5.0 h1:EC6R394xgENTpZ4RltKydeDUjtlM5drOYIG9c6TVj2M=
+software.sslmate.com/src/go-pkcs12 v0.5.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=

go/main.go

@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 2025 Maritime Connectivity Platform Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"software.sslmate.com/src/go-pkcs12"
+	"syscall/js"
+)
+
+func createCsrWrapper() js.Func {
+	return js.FuncOf(func(this js.Value, args []js.Value) any {
+		promiseHandler := js.FuncOf(func(this js.Value, args []js.Value) any {
+			resolve := args[0]
+			reject := args[1]
+			errorConstructor := js.Global().Get("Error")
+
+			go func() {
+				privKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
+				if err != nil {
+					errorObject := errorConstructor.New("Failed to generate key")
+					reject.Invoke(errorObject)
+					return
+				}
+
+				pkcs8Key, err := x509.MarshalPKCS8PrivateKey(privKey)
+				if err != nil {
+					errorObject := errorConstructor.New(err.Error())
+					reject.Invoke(errorObject)
+					return
+				}
+
+				subject := pkix.Name{
+					CommonName: "Name",
+				}
+
+				template := &x509.CertificateRequest{
+					Subject:            subject,
+					SignatureAlgorithm: x509.ECDSAWithSHA384,
+				}
+
+				csr, err := x509.CreateCertificateRequest(rand.Reader, template, privKey)
+				if err != nil {
+					errorObject := errorConstructor.New("Failed to create CSR: " + err.Error())
+					reject.Invoke(errorObject)
+					return
+				}
+
+				// PEM encode CSR
+				block := &pem.Block{
+					Type:  "CERTIFICATE REQUEST",
+					Bytes: csr,
+				}
+				pemBytes := pem.EncodeToMemory(block)
+				if pemBytes == nil {
+					errorObject := errorConstructor.New("Failed to PEM encode certificate request")
+					reject.Invoke(errorObject)
+					return
+				}
+				pemCsr := string(pemBytes)
+
+				// PEM encode private key
+				block = &pem.Block{
+					Type:  "PRIVATE KEY",
+					Bytes: pkcs8Key,
+				}
+				pemBytes = pem.EncodeToMemory(block)
+				if pemBytes == nil {
+					errorObject := errorConstructor.New("Failed to PEM encode private key")
+					reject.Invoke(errorObject)
+					return
+				}
+				pemPrivKey := string(pemBytes)
+
+				// Extract public key
+				pubKey := privKey.Public()
+				rawPubKey, err := x509.MarshalPKIXPublicKey(pubKey.(*ecdsa.PublicKey))
+				if err != nil {
+					errorObject := errorConstructor.New(err.Error())
+					reject.Invoke(errorObject)
+					return
+				}
+
+				// PEM encode public key
+				block = &pem.Block{
+					Type:  "PUBLIC KEY",
+					Bytes: rawPubKey,
+				}
+				pemBytes = pem.EncodeToMemory(block)
+				if pemBytes == nil {
+					errorObject := errorConstructor.New("Failed to PEM encode public key")
+					reject.Invoke(errorObject)
+					return
+				}
+				pemPubKey := string(pemBytes)
+
+				// Copy the generated private key to a JS Uint8Array
+				jsBytes := js.Global().Get("Uint8Array").New(len(pkcs8Key))
+				js.CopyBytesToJS(jsBytes, pkcs8Key)
+
+				ret := map[string]any{
+					"privateKeyPem": pemPrivKey,
+					"rawPrivateKey": jsBytes,
+					"publicKeyPem":  pemPubKey,
+					"csr":           pemCsr,
+				}
+
+				resolve.Invoke(js.ValueOf(ret))
+			}()
+
+			return nil
+		})
+
+		return js.Global().Get("Promise").New(promiseHandler)
+	})
+}
+
+func createPKCS12KeystoreWrapper() js.Func {
+	return js.FuncOf(func(this js.Value, args []js.Value) any {
+		if len(args) != 2 {
+			return "Invalid number of args"
+		}
+		certs := args[0].String()
+		rawPrivateKey := args[1]
+
+		promiseHandler := js.FuncOf(func(this js.Value, args []js.Value) any {
+			resolve := args[0]
+			reject := args[1]
+			errorConstructor := js.Global().Get("Error")
+
+			go func() {
+				rawPrivateKeyBytes := make([]byte, rawPrivateKey.Get("length").Int())
+				js.CopyBytesToGo(rawPrivateKeyBytes, rawPrivateKey)
+
+				var cert *x509.Certificate
+				var caCert *x509.Certificate
+
+				// PEM decode the first certificate
+				block, rest := pem.Decode([]byte(certs))
+				if block == nil {
+					errorObject := errorConstructor.New("Failed to PEM decode certificate")
+					reject.Invoke(errorObject)
+					return
+				}
+				cert, err := x509.ParseCertificate(block.Bytes)
+				if err != nil {
+					errorObject := errorConstructor.New("Failed to parse certificate: " + err.Error())
+					reject.Invoke(errorObject)
+					return
+				}
+
+				// If there are still more left to decode, we decode the rest as the intermediate CA certificate
+				if len(rest) > 0 {
+					block, _ = pem.Decode(rest)
+					if block == nil {
+						errorObject := errorConstructor.New("Failed to PEM decode CA certificate")
+						reject.Invoke(errorObject)
+						return
+					}
+					caCert, err = x509.ParseCertificate(block.Bytes)
+					if err != nil {
+						errorObject := errorConstructor.New("Failed to parse CA certificate: " + err.Error())
+						reject.Invoke(errorObject)
+						return
+					}
+				}
+
+				privKey, err := x509.ParsePKCS8PrivateKey(rawPrivateKeyBytes)
+
+				// Generate random 26 character password
+				password := rand.Text()
+
+				// Build the PKCS#12 keystore
+				pfx, err := pkcs12.Modern.Encode(privKey, cert, []*x509.Certificate{caCert}, password)
+				if err != nil {
+					errorObject := errorConstructor.New("Failed to encode PKCS12 keystore")
+					reject.Invoke(errorObject)
+					return
+				}
+
+				// Copy the generated keystore to a JS Uint8Array
+				jsBytes := js.Global().Get("Uint8Array").New(len(pfx))
+				js.CopyBytesToJS(jsBytes, pfx)
+
+				ret := map[string]any{
+					"keystore": jsBytes,
+					"password": password,
+				}
+
+				resolve.Invoke(js.ValueOf(ret))
+			}()
+
+			return nil
+		})
+
+		return js.Global().Get("Promise").New(promiseHandler)
+	})
+}
+
+func main() {
+	js.Global().Set("createCsr", createCsrWrapper())
+	js.Global().Set("createPKCS12Keystore", createPKCS12KeystoreWrapper())
+	<-make(chan bool)
+}

package.json

@@ -13,6 +13,7 @@
     "ng": "ng",
     "start": "ng serve",
     "build": "ng build",
+    "build:go": "cd go && GOOS=js GOARCH=wasm go build -o ../src/assets/wasm/main.wasm && cp $(go env GOROOT)/lib/wasm/wasm_exec.js ../src/assets/js/wasm_exec.js",
     "watch": "ng build --watch --configuration development",
     "test": "ng test",
     "lint": "ng lint"
@@ -50,13 +51,9 @@
     "leaflet": "^1.9.4",
     "leaflet-draw": "^1.0.2",
     "lucene-query-string-builder": "^1.0.8",
-    "pkijs": "^3.2.4",
-    "pvtsutils": "^1.3.5",
-    "pvutils": "^1.1.3",
     "rxjs": "~7.8.0",
     "shortid": "^2.2.16",
     "tslib": "^2.3.0",
-    "wkt": "link:@types/@terraformer/wkt",
     "zone.js": "^0.14.10"
   },
   "devDependencies": {
@@ -67,6 +64,7 @@
     "@types/d3-shape": "^3.1.6",
     "@types/file-saver": "^2.0.7",
     "@types/geojson": "^7946.0.14",
+    "@types/golang-wasm-exec": "^1.15.2",
     "@types/jasmine": "~4.3.0",
     "@types/leaflet": "^1.9.14",
     "@types/leaflet-draw": "^1.0.11",