Add support for ECDSA and DSA keys CSR to Parse CSR operation

[robinsandhu]

Description

Updated Parse CSR operation to use jsrsasign package instead of node-forge for parsing CSR's because with current package this operation is limited to CSRs with RSA keys. With the changes in this PR, Parse CSR now supports parsing CSRs with ECDSA and DSA keys.

I have also updated the output format of this operation, which mainly includes removing the Version field and re-ordering some sections of the CSR attributes and extensions in the output box.

Side Effect

Unfortunately I couldn't find any way to parse version number from the CSRs, but I feel that can be considered as an acceptable trade-off since there's only one universally used value for that field i.e. 0 defined in RFC#2986.

Type of change

Please select the option that best describes the change:

• New features/update

How Has This Been Tested?

Tested locally on my machine with various CSRs. Following are some outputs from those tests:

1. CSR with ECDSA key:

   Subject
     C  = CH
     ST = Zurich
     L  = Zurich
     O  = Example RE
     OU = IT Department
     CN = example.com
   Public Key
     Algorithm:      ECDSA
     Length:         521 bits
     Pub:            04:00:a7:f9:05:10:79:ee:cb:df:82:54:73:e5:d3:34:
                     6e:72:40:9e:27:8c:16:33:63:38:57:1a:e7:fa:49:d9:
                     b3:a9:39:19:29:f5:4a:25:c7:ff:e6:1d:8e:56:38:c6:
                     18:0b:fc:6f:33:99:49:45:c9:94:9c:be:fd:d7:34:3a:
                     ad:fe:a9:00:3f:c2:ac:4a:43:17:6b:2f:69:ee:9e:e6:
                     70:3f:7c:dd:97:b0:1f:7c:c6:39:a4:4e:96:19:54:2e:
                     67:15:3f:37:09:ea:3d:27:49:07:6e:f9:62:62:50:0c:
                     b0:43:8e:eb:4a:86:82:1c:96:57:b9:b2:88:38:0e:45:
                     f1:3e:3c:e5:37
     ASN1 OID:       secp521r1
     NIST CURVE:     P-521
   Signature
     Algorithm:      SHA256withECDSA
     Signature:      30:81:87:02:41:0d:e2:29:4a:eb:c8:4f:e9:22:13:46:
                     67:27:03:d2:0d:58:a4:f7:70:8b:aa:31:66:e4:87:aa:
                     d3:67:7c:d4:6c:2e:b1:28:00:03:cd:96:95:96:55:65:
                     1b:13:12:39:19:5e:d9:3d:eb:33:01:9e:1e:7f:bb:19:
                     3e:c0:df:a3:f8:fa:02:42:01:03:99:74:44:c2:2d:01:
                     3e:41:e3:e9:09:64:b4:4f:bb:48:b1:0b:56:4a:dd:ef:
                     90:fd:99:fc:3f:49:5e:99:26:22:e2:2c:84:fd:c9:ea:
                     00:d1:9a:27:ba:17:25:da:b2:bf:0c:b4:2e:b6:e2:45:
                     e8:92:01:7b:9b:3b:96:27:8a:7d
   Requested Extensions
     Basic Constraints: critical
       CA = false
     Key Usage: critical
       Digital Signature
       Key encipherment
     Extended Key Usage:
       TLS Web Server Authentication
     Subject Alternative Name:
       DNS: example.com
       DNS: www.example.com
   

2. CSR with DSA key:

   Subject
     C  = CH
     ST = Zurich
     L  = Zurich
     O  = Example RE
     OU = IT Department
     CN = example.com
   Public Key
     Algorithm:      DSA
     Length:         1024 bits
     Pub:            00:cc:f5:e6:54:4f:54:08:fc:72:37:b7:4a:16:ee:00:
                     21:cf:54:4f:39:77:44:e4:d0:3c:3d:a9:47:10:34:23:
                     52:e8:0d:d2:4d:26:d4:88:b1:8a:7a:24:4c:1a:0d:af:
                     fc:73:3d:8a:f5:7c:b6:ad:6b:cb:09:a0:04:0c:2d:89:
                     d7:10:e8:fe:72:a9:84:99:b3:ac:f7:c7:dc:59:3b:37:
                     90:e6:35:df:b4:14:35:19:77:94:f3:38:b5:7c:2f:7d:
                     8a:71:46:36:2c:5b:3c:55:48:cf:8f:ca:89:5d:3e:4a:
                     8e:38:9f:d9:22:db:29:61:6f:3d:18:42:da:54:c0:c1:
                     7e
     P:              00:fc:be:f0:a6:74:cf:30:b6:d7:5b:ab:79:16:8a:04:
                     c4:9e:7b:a0:e3:ed:92:2c:c9:76:44:d5:eb:94:24:23:
                     9a:e6:5c:ee:d1:8c:c8:fd:6e:82:c4:9c:f4:fc:5d:fe:
                     d3:2b:3c:a4:5a:c0:53:f9:4a:f5:0e:91:9e:1c:22:bb:
                     a3:74:95:53:6f:f8:65:7e:71:87:e1:c5:80:09:ef:04:
                     ba:9c:11:ce:8a:b0:64:1d:71:6b:08:87:17:32:fd:1b:
                     a1:a8:d0:73:b2:ed:b4:9b:45:dc:41:21:8b:b8:e9:f9:
                     f1:36:c0:c5:7f:b9:4c:95:c0:4e:29:da:b8:63:5d:a4:
                     bf
     Q:              00:de:3f:be:d2:bd:2b:18:50:7d:ca:eb:cc:7b:0f:5d:
                     6f:bf:c5:6d:02:31:fa:fe:35:08:ab:f0:f9
     G:              00:88:d7:4c:ec:84:59:85:73:da:19:1b:46:0e:97:a9:
                     4a:84:40:7f:8b:90:2d:66:3d:ab:eb:c5:53:1e:1f:55:
                     14:92:83:02:81:28:b8:d6:f8:1b:f3:13:67:89:ab:4a:
                     57:bf:b3:b4:f5:01:ce:82:1b:5c:c3:36:37:52:b7:4d:
                     f7:9d:ac:8d:49:09:2c:8b:6d:fb:91:71:07:bf:c9:a8:
                     20:4f:46:ba:d5:b3:21:84:8d:1d:fe:59:b7:88:df:09:
                     7a:3a:f4:05:c6:6f:ce:4c:d4:d3:91:e9:85:74:07:e9:
                     4f:f6:03:4b:0f:a7:d7:12:ce:0d:37:de:81:3f:e8:c8:
                     ea
   Signature
     Algorithm:      SHA256withDSA
     Signature:
         R:          00:91:3a:20:51:4c:8a:13:9b:fd:7b:32:ab:38:aa:4f:
                     d3:b8:b6:13:d6:73:d2:7f:f2:8c:8b:f0:e3
         S:          00:c0:79:c9:53:0e:12:02:3c:ef:bb:ce:15:0e:f3:cd:
                     fe:e8:0d:1f:5e:24:c6:25:7f:84:15:da:c4
   Requested Extensions
     Basic Constraints: critical
       CA = false
     Key Usage: critical
       Digital Signature
       Key encipherment
     Extended Key Usage:
       TLS Web Server Authentication
     Subject Alternative Name:
       DNS: example.com
       DNS: www.example.com
   

3. CSR with RSA key:

   Subject
     C  = CH
     ST = Zurich
     L  = Zurich
     O  = Example RE
     OU = IT Department
     CN = example.com
   Public Key
     Algorithm:      RSA
     Length:         2048 bits
     Modulus:        00:a1:d0:5b:1a:ad:74:94:35:97:b0:29:4e:0c:20:b3:
                     2a:cd:fe:44:43:ae:88:3f:0e:c5:25:65:08:37:62:87:
                     58:e1:14:40:80:fa:fe:01:e4:35:06:1b:96:0d:5c:5a:
                     5d:e8:a7:d1:79:97:38:44:87:80:af:59:ed:7f:e1:2e:
                     04:72:da:27:ca:fa:7d:b4:22:3d:fe:93:a5:52:87:a2:
                     ed:96:98:d4:3f:02:bb:3d:60:6d:67:de:bd:0e:e9:01:
                     22:fa:ba:e1:7a:c9:4c:d5:88:24:fb:d7:5d:0c:64:2f:
                     87:64:e4:d7:03:63:84:e3:5d:6b:74:1a:00:d5:47:e1:
                     87:39:4d:49:c1:fc:ef:88:65:51:74:e9:98:f3:e0:a4:
                     7f:17:3e:dd:0c:ad:4d:d3:fa:28:14:1a:89:49:39:b0:
                     11:27:8a:8b:c3:a4:a7:c8:9a:da:a5:ef:62:6c:09:16:
                     c0:f5:6b:9e:ed:7e:04:6d:78:b6:ce:fa:00:94:9e:4d:
                     5c:5d:cf:b3:5a:b6:5e:c5:49:78:8c:7f:98:c0:dc:81:
                     15:bb:b3:90:15:33:d3:50:5b:43:b5:24:ba:00:ed:d6:
                     3e:bd:2a:ca:66:3f:ac:b2:e2:82:21:63:3b:bb:d0:62:
                     83:62:34:9a:21:25:e4:05:eb:0e:5c:19:3c:18:4c:f4:
                     53
     Exponent:       65537 (0x10001)
   Signature
     Algorithm:      SHA256withRSA
     Signature:      3c:ea:fa:8d:fa:bf:99:78:a5:a9:70:35:d4:24:f3:6b:
                     af:58:75:de:1f:be:9e:aa:50:6e:3b:3d:e7:f3:42:a4:
                     a6:62:da:54:ca:dc:19:44:b1:90:d4:81:51:95:87:97:
                     c1:b6:b3:54:b9:11:98:b3:70:a5:b0:7c:0b:97:e1:f4:
                     53:e9:e7:92:42:a4:cf:ce:b6:00:96:da:ea:8b:90:2b:
                     64:40:c5:02:69:27:51:5f:f6:3e:f7:2a:58:85:d0:64:
                     48:db:f5:43:ed:d0:5e:2d:a3:9a:2e:50:32:ac:1e:ac:
                     0c:0d:99:e5:e6:1f:a0:19:b3:03:20:02:1b:a8:2d:2f:
                     4e:ac:8a:87:8c:5a:07:1a:85:ec:81:73:24:6c:ba:fa:
                     9b:a8:60:c8:5b:7c:65:b6:f0:2b:85:a9:55:c8:02:65:
                     f8:6d:06:22:e2:94:22:4d:5e:bf:46:51:72:f7:16:a5:
                     1b:ee:c2:1a:60:a0:1a:82:1a:f6:85:aa:8a:84:5b:08:
                     1f:9e:d7:54:ad:c3:65:88:4e:90:b7:7d:b8:2f:13:2d:
                     d9:76:7b:eb:7d:1d:cc:bd:ca:62:f0:88:81:8c:51:fb:
                     81:40:c3:fc:9d:5b:b7:8c:65:c0:43:93:78:55:5f:88:
                     65:f1:7c:51:a0:45:5b:cb:46:f8:cb:36:4d:e5:ba:f1
   Requested Extensions
     Basic Constraints: critical
       CA = false
     Key Usage: critical
       Digital Signature
       Non-repudiation
       Key encipherment
       Data encipherment
       Key agreement
       Key certificate signing
       CRL signing
     Extended Key Usage:
       TLS Web Server Authentication
     Subject Alternative Name:
       DNS: example.com
       DNS: www.example.com
   

Checklist:

• I have added tests that prove my fix is effective.
• New and existing unit tests pass locally with my changes.

[CLAassistant]

All committers have signed the CLA.

[a3957273]

What's the advantage of using a map here, over a simple object?

[robinsandhu]

Nothing really, refactored the code to use Object instead.

[a3957273]

Woah, this is some really impressive work! I'm going to need to find some time to really properly review this, as it's a rather major change to one of our fundamental operations.

A quick once-over doesn't suggest any major issues. Just one query above about your usage of map when it looks like a simple object would suffice.

[a3957273]

Thanks Robin! This is an amazing PR to improve our CSR parsing capabilities.