[feat] how-to guide: ssl converter; private key inspection; jwt debugger

Author: tedi-software

docs/_includes/head_custom.html

@@ -152,6 +152,27 @@
 {% elsif page.title == "Feedback" %}
 <title>TEDI | how can TEDI support your systems integration needs</title>
 
+
+{% elsif page.title == "How-To Guides" %}
+<title>TEDI | Useful engineering tools and walk-throughs</title>
+
+    {% elsif page.title == "Decode X.509 Certificates" %}
+    <title>TEDI | Use this tool to decode PEM-encoded X.509 certificates</title>
+
+    {% elsif page.title == "Convert Certificate Formats" %}
+    <title>TEDI | Convert Certificate to PEM, DER, and Base64 formats</title>
+
+    {% elsif page.title == "Inspect Private Keys" %}
+    <title>TEDI | Decode RSA private keys and extract public keys</title>
+
+    {% elsif page.title == "JWT Debugger" %}
+    <title>TEDI | Inspect, verify, and create JSON Web Tokens (JWT)</title>
+
+    
+    
+
+
+
 {% else %}
 <title>TEDI | {{ page.title | escape }}</title>
 {% endif %}

docs/assets/js/jwt-debugger.js

@@ -0,0 +1,109 @@
+
+// JWT Debugger
+
+document.addEventListener('DOMContentLoaded', function () {
+    const jwtInput = document.getElementById('jwtInput');
+    const headerInput = document.getElementById('jwtHeaderInput');
+    const payloadInput = document.getElementById('jwtPayloadInput');
+    const secretInput = document.getElementById('jwtSecretInput');
+    const encodedOutput = document.getElementById('jwtEncoded');
+    const encodingSelect = document.getElementById('secretEncoding');
+    const verifyStatus = document.getElementById('jwtVerifyStatus');
+
+    document.getElementById('decode-jwt')?.addEventListener('click', decodeJWT);
+    document.getElementById('verify-jwt')?.addEventListener('click', verifyJWT);
+    document.getElementById('encode-jwt')?.addEventListener('click', encodeJWT);
+
+    function decodeJWT() {
+        const jwt = jwtInput.value.trim();
+        const parts = jwt.split('.');
+        if (parts.length !== 3) {
+            return showError('Invalid JWT format (expected 3 parts)');
+        }
+
+        try {
+            const header = KJUR.jws.JWS.readSafeJSONString(b64urlDecode(parts[0]));
+            const payload = KJUR.jws.JWS.readSafeJSONString(b64urlDecode(parts[1]));
+
+            headerInput.value = JSON.stringify(header, null, 2);
+            payloadInput.value = JSON.stringify(payload, null, 2);
+            showStatus('', '✅ Decoded successfully (not verified)');
+        } catch (err) {
+            showError('Failed to decode JWT: ' + err.message);
+        }
+    }
+
+    function verifyJWT() {
+        try {
+            const jwt = jwtInput.value.trim();
+            const secret = secretInput.value.trim();
+            const encoding = encodingSelect.value;
+            if (!jwt || !secret) {
+                return showError('JWT and secret are required.');
+            }
+
+            const keyObj = {};
+            keyObj[encoding] = secret;
+
+            const isValid = KJUR.jws.JWS.verify(jwt, keyObj, ['HS256']);
+
+            if (isValid) {
+                const [headerB64, payloadB64] = jwt.split('.');
+                const header = KJUR.jws.JWS.readSafeJSONString(b64urlDecode(headerB64));
+                const payload = KJUR.jws.JWS.readSafeJSONString(b64urlDecode(payloadB64));
+
+                headerInput.value = JSON.stringify(header, null, 2);
+                payloadInput.value = JSON.stringify(payload, null, 2);
+                showStatus(true, '✅ Signature is valid');
+            } else {
+                showStatus(false, '❌ Signature is invalid');
+            }
+        } catch (err) {
+            showError('Verification failed: ' + err.message);
+        }
+    }
+
+    function encodeJWT() {
+        try {
+            const header = JSON.parse(headerInput.value.trim());
+            const payload = JSON.parse(payloadInput.value.trim());
+            const secret = secretInput.value.trim();
+            const encoding = encodingSelect.value;
+
+            const sHeader = JSON.stringify(header);
+            const sPayload = JSON.stringify(payload);
+
+            const keyObj = {};
+            keyObj[encoding] = secret;
+
+            const jwt = KJUR.jws.JWS.sign(header.alg || 'HS256', sHeader, sPayload, keyObj);
+
+            jwtInput.value = jwt;
+            showStatus('', '✅ JWT encoded successfully');
+        } catch (err) {
+            showError('Encoding failed: ' + err.message);
+        }
+    }
+
+    function b64urlDecode(str) {
+        str = str.replace(/-/g, '+').replace(/_/g, '/');
+        while (str.length % 4 !== 0) str += '=';
+        return atob(str);
+    }
+
+    function showError(msg) {
+        verifyStatus.innerText = '❌ ' + msg;
+        verifyStatus.className = 'text-danger font-weight-bold';
+    }
+
+    function showStatus(valid, msg) {
+        verifyStatus.innerText = valid === true
+            ? '✅ Signature is valid'
+            : valid === false
+                ? '❌ Signature is invalid'
+                : msg || '';
+        verifyStatus.className = valid === true
+            ? 'text-success font-weight-bold'
+            : 'text-danger font-weight-bold';
+    }
+});

docs/assets/js/private-key-inspector.js

@@ -0,0 +1,145 @@
+// This script is used to inspect and extract public keys from private keys.
+
+document.addEventListener('DOMContentLoaded', function () {
+  const input = document.getElementById('keyInput');
+  const output = document.getElementById('keyOutput');
+
+  const inspectBtn = document.getElementById('inspect-key');
+  const pubKeyBtn = document.getElementById('extract-pubkey');
+  const resetBtn = document.getElementById('reset-btn');
+  const toPKCS8Btn = document.getElementById('convert-to-pkcs8');
+  const toRSA1Btn = document.getElementById('convert-to-rsa');
+
+  if (inspectBtn) inspectBtn.addEventListener('click', inspectPrivateKey);
+  if (pubKeyBtn) pubKeyBtn.addEventListener('click', extractPublicKey);
+  if (resetBtn) resetBtn.addEventListener('click', () => {
+    input.value = '';
+    output.innerText = '';
+  });
+  if (toPKCS8Btn) toPKCS8Btn.addEventListener('click', () => convertFormat('pkcs8'));
+  if (toRSA1Btn) toRSA1Btn.addEventListener('click', () => convertFormat('rsa1'));
+
+  function getOutputFormat() {
+    return document.querySelector('input[name="keyOutputFormat"]:checked')?.value || 'pem';
+  }
+
+  function parsePrivateKey(raw) {
+    try {
+      const cleaned = raw.trim();
+
+      if (cleaned.includes('EC PRIVATE KEY')) {
+        throw new Error('EC keys are not supported. Please use an RSA key.');
+      }
+
+      if (cleaned.includes('PRIVATE KEY')) {
+        const key = forge.pki.privateKeyFromPem(cleaned);
+        if (!key || !key.n || !key.e) {
+          throw new Error('Not a valid RSA private key.');
+        }
+        return key;
+      }
+
+      const isHex = /^[0-9a-f\s]+$/i.test(cleaned);
+      const derBytes = isHex
+        ? forge.util.hexToBytes(cleaned.replace(/\s+/g, ''))
+        : forge.util.decode64(cleaned);
+
+      const asn1 = forge.asn1.fromDer(derBytes);
+      const key = forge.pki.privateKeyFromAsn1(asn1);
+      if (!key || !key.n || !key.e) {
+        throw new Error('Not a valid RSA private key.');
+      }
+
+      return key;
+    } catch (e) {
+      throw new Error('Unable to parse private key: ' + e.message);
+    }
+  }
+
+  function inspectPrivateKey() {
+    output.innerText = '';
+    try {
+      const key = parsePrivateKey(input.value.trim());
+
+      const details = {
+        type: 'RSA',
+        bits: key.n.bitLength(),
+        publicExponent: key.e.toString(10),
+      };
+
+      output.innerText = JSON.stringify(details, null, 2);
+    } catch (err) {
+      output.innerText = '❌ Error: ' + err.message;
+    }
+  }
+
+  function extractPublicKey() {
+    output.innerText = '';
+    try {
+      const privateKey = parsePrivateKey(input.value.trim());
+  
+      if (!privateKey || !privateKey.n || !privateKey.e) {
+        throw new Error('Invalid RSA private key — cannot extract public key.');
+      }
+  
+      const publicKey = forge.pki.setRsaPublicKey(privateKey.n, privateKey.e);
+      const format = getOutputFormat();
+      let result;
+  
+      if (format === 'pem') {
+        result = forge.pki.publicKeyToPem(publicKey);
+      } else {
+        let asn1;
+        try {
+          asn1 = forge.pki.publicKeyToAsn1(publicKey);
+        } catch (err) {
+          throw new Error('Failed to convert public key to ASN.1: ' + err.message);
+        }
+  
+        if (!asn1) {
+          throw new Error('publicKeyToAsn1() returned undefined.');
+        }
+  
+        const der = forge.asn1.toDer(asn1).getBytes();
+  
+        if (format === 'base64') {
+          result = forge.util.encode64(der).match(/.{1,64}/g).join('\n');
+        } else if (format === 'hex') {
+          result = forge.util.bytesToHex(der).match(/.{1,2}/g).join(' ');
+        } else {
+          throw new Error('Unknown output format: ' + format);
+        }
+      }
+  
+      output.innerText = result;
+    } catch (err) {
+      output.innerText = '❌ Error: ' + err.message;
+    }
+  }
+  
+
+  function convertFormat(targetFormat) {
+    output.innerText = '';
+    try {
+      const privateKey = parsePrivateKey(input.value.trim());
+
+      if (!privateKey.n || !privateKey.e) {
+        throw new Error('Invalid RSA private key structure.');
+      }
+
+      let result;
+
+      if (targetFormat === 'pkcs8') {
+        const pkcs8 = forge.pki.privateKeyToAsn1(privateKey);
+        const wrapped = forge.pki.wrapRsaPrivateKey(pkcs8);
+        result = forge.pki.privateKeyInfoToPem(wrapped);
+      } else if (targetFormat === 'rsa1') {
+        result = forge.pki.privateKeyToPem(privateKey);
+      }
+
+      output.innerText = result;
+    } catch (err) {
+      output.innerText = '❌ Error: ' + err.message;
+    }
+  }
+});

docs/assets/js/tls-cert-common.js

@@ -0,0 +1,9 @@
+
+// This script is used to load the forge library if it is not already loaded.
+(function loadForgeIfNeeded() {
+    if (typeof forge === 'undefined') {
+      const script = document.createElement('script');
+      script.src = 'https://cdn.jsdelivr.net/npm/node-forge@1.3.1/dist/forge.min.js';
+      document.head.appendChild(script);
+    }
+  })();

docs/assets/js/tls-cert-converter.js

@@ -0,0 +1,90 @@
+// This script is used to convert TLS certificates between different formats
+
+document.addEventListener('DOMContentLoaded', function () {
+const input = document.getElementById('certInput');
+const output = document.getElementById('certOutput');
+
+const toDERBtn = document.getElementById('convert-der');
+const toB64Btn = document.getElementById('convert-base64');
+const toPEMBtn = document.getElementById('convert-pem');
+const pubKeyBtn = document.getElementById('extract-pubkey');
+const resetBtn = document.getElementById('reset-btn');
+
+if (toDERBtn) toDERBtn.addEventListener('click', () => convertCert('der'));
+if (toB64Btn) toB64Btn.addEventListener('click', () => convertCert('base64'));
+if (toPEMBtn) toPEMBtn.addEventListener('click', convertToPEM);
+if (pubKeyBtn) pubKeyBtn.addEventListener('click', extractPublicKey);
+if (resetBtn) resetBtn.addEventListener('click', () => {
+    input.value = '';
+    output.innerText = '';
+});
+
+function getSelectedFormat() {
+    return document.querySelector('input[name="certFormat"]:checked')?.value || 'pem';
+}
+
+function parseCertificate() {
+    const format = getSelectedFormat();
+    const raw = input.value.trim();
+
+    try {
+    if (format === 'pem') {
+        return forge.pki.certificateFromPem(raw);
+    }
+
+    let bytes;
+    if (format === 'der') {
+        bytes = forge.util.decode64(raw);
+    } else if (format === 'hex') {
+        bytes = forge.util.hexToBytes(raw.replace(/\s+/g, ''));
+    }
+
+    const asn1 = forge.asn1.fromDer(bytes);
+    return forge.pki.certificateFromAsn1(asn1);
+    } catch (e) {
+    throw new Error('Could not parse certificate: ' + e.message);
+    }
+}
+
+function convertCert(type) {
+    output.innerText = '';
+    try {
+    const cert = parseCertificate();
+    const asn1 = forge.pki.certificateToAsn1(cert);
+    const derBytes = forge.asn1.toDer(asn1).getBytes();
+
+    if (type === 'der') {
+        const hex = forge.util.bytesToHex(derBytes);
+        output.innerText = 'DER (hex):\n' + hex.match(/.{1,2}/g).join(' ');
+    } else if (type === 'base64') {
+        const b64 = forge.util.encode64(derBytes);
+        output.innerText = 'Base64:\n' + b64.match(/.{1,64}/g).join('\n');
+    }
+    } catch (e) {
+    output.innerText = '❌ Error: ' + e.message;
+    }
+}
+
+function convertToPEM() {
+    output.innerText = '';
+    try {
+    const cert = parseCertificate();
+    const pem = forge.pki.certificateToPem(cert);
+    output.innerText = pem;
+    } catch (e) {
+    output.innerText = '❌ Error: ' + e.message;
+    }
+}
+
+function extractPublicKey() {
+    output.innerText = '';
+    try {
+    const cert = parseCertificate();
+    const publicKeyPem = forge.pki.publicKeyToPem(cert.publicKey);
+    output.innerText = publicKeyPem;
+    } catch (e) {
+    output.innerText = '❌ Error: ' + e.message;
+    }
+}
+});
+