Description

Alison-Desktop allows the generation of keys and installation of certificates from an external application. It is designed to be accessed from a browser mainly.

Its services can be accessed through its Alison-SDK library, compatible with any browser (IExplorer 11, Edge, Firefox, Chrome, Safari, Opera, Brave).

It can be accessed using Alison-SDK. From Alison-Desktop 3.x a new REST interface is available for generation, installation, and testing.

Platforms

Alison-Desktop was tested on the following platforms:

Available KeyStore List

The following KeyStores are included on any version of Alison-Desktop (+3.x).

Value	Description
WIN-ENH	Native and regular Windows CSP used to generate and store certificates for users.	✔
CSK	Proprietary repository, linked to computer hardware to provide a more secure repository	✔	✔	✔
ETOKEN	Safenet/Gemalto eToken	✔	✔
MTOKEN	Century Longmai mToken	✔	✔
MACOS	Keychain repository of certificates used by OSX		✔
FF-NSS	The repository used by Mozilla Firefox	✔	✔	✔
YUBIKEY	Yubico PIV Required drivers should be downloaded from yubico-piv-tool/Releases/	✔	✔
EPASS	Feitian ePass. Required drivers could be downloaded from: ePass2003_Full_SDK_20210127.rar	✔	✔
ATHEIDP	Athena IDProtect Key	✔	✔
SAFESIGN	SafeSign IC faq-safesign-identity-client	✔	✔
RIJKSPAS	IDEMIA RIJKSPAS SmartCard	✔	✔
GEMP15-1	Gemalto Classic Smart Card	✔	✔	✔
PFX	Repository of the certificate using a PKCS12 file	✔	✔	✔
MEM	Volatile memory keystore	✔	✔	✔

It's also possible to add a new PKCS#11 Keystore just by editing the file keystore.user located into the config directory for each user. This file will include new Keystore entries in each new version of Alison-Desktop.

This is a typical entry to define a new Keystore:

{
    "id": "ETOKEN",
	"status": "enabled",
	"icon": "TOKEN",
	"friendly_name": "Gemalto eToken",
	"capabilities": "SGI",
	"extra_params": "allow_empty_pass",
	"filter_mask": -1,
	"windows": {
		"driver_path_x86": "%WINDRIVER%\\eTPKCS11.dll",
		"driver_path_x64": "%WINDRIVER%\\eTPKCS11.dll"
	},
	"osx": {
		"driver_path": "/usr/local/lib/libeTPkcs11.dylib"
	},
	"linux": {
		"driver_path": "/usr/lib64/libeTPkcs11.so"
	}
}

Alison Desktop is a certificate provider that can be accessed throw an SDK library or its REST interface (available from Alison-Desktop v3.x).

Alison JS

Go to AlisonJS library documentation.

REST interface

Read and Test this interface from Postman.

The following definitions and structures are useful for a better understanding of the interface, library and how to use it.

Some structures share attributes like:

A complete list of KeyStoreId is available on each distribution of Alison-Desktop or Alison-Server.

Users can add your own KeyStoreId following the instruction of Alison-Desktop.

KeyStore is the basic unit of identification of certificate repositories.
Each type of keyStore has a definition that includes a unique identifier, and other attributes used by the library for better representation.

{
	"id": "keyStore Identifier",
	"friendlyName" : "keyStore friendly name",
	"keyStoreType": "type of keystore",
	"providerId": "Certificate provider (usually Alison-Desktop)",
	"capabilities": "string representing capabilities of this keystore to Generate, Import, Export or Sign",
	"profiles" : [ Profile list included inside this keyStore ],
	"status": "keystore status, with the ResultStatus structure described later",
}

Some of these fields are available from Alison-Desktop version 3.1.0+.

.

Each KeyStore has one or more Profiles. This depends on the Keystore type. Some keyStores only have one profile.

Each profile is identified by its profileName, which may depend on the type of KeyStore.

Some of the profileName can remain constant over time, as is the case with PFX, CSK, or MACOS, but others can dynamically change between one execution and other.

Each profile contains certificates installed within it. By looking at the attributes of a profile, you can find how many certificates you have installed (-1 represents that the attribute has not been evaluated), and how many of them are dummy certificate installations (temporarily created to keep the private key, but not functional).

The information contained in a KeyStore is represented by a JSON structure called KeyStoreInfo. The structure has the following information:

{
	"id": "{{profileId}}",
	"name": "{{profileName}}",
	"friendlyName": "{{friendlyName}}",
	"status": {
		{{status}}
	},
	"issuedCerts": -1,
	"dummyCerts": -1,
	"details": {
		{{profileDetails}}
	}
}

It's used to indicate a unique KeyStore and a profile into it.

Some methods, like the migration of certificates between Keystores, use a KeyStoreSelector to indicate the target Keystore where to move the certificate.

{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"providerId": "when the certificate is managed by another certificate provider than Alison-Destkop"
}

This structure is used to reference a unique certificate managed by Alison-Desktop or Alison-Server.

{
	"keyStoreId": "keyStoreId where the certificate is stored",
	"profileName": "profileName where the certificate is stored",
	"thumbPrint": "certificate thumbprint",
	"providerId": "certificate provider (usually Alison-Desktop)"
}

A WebCertificate is the representation of a certificate that is stored in a Keystore.

It contains all the certificate information such as subject, issuer, and thumbprint.

A full description of this structure is located in Debbie documentation.

{
	"serialNumber": "The serial number of the certificate",
	"serialNumberH": "The serial number in hexadecimal",
	"thumbPrint": "A unique identifier of the certificate",
	"notBeforeS": "Not-before value of the certificate, in a string format 
				   YYYY-MM-DD HH:MM:SS GMT-0",
	"notAfterS": "Not-after value of the certificate, in a string format 
                  YYYY-MM-DD HH:MM:SS GMT-0",
	"daysToExpire": "Days before expiration",
	"notBeforeTS": "Not-Before timestamp value of the certificate",
	"notAfterTS": "Not-After timestamp value of the certificate",
	"isDefault": "True is the certificate is the last used 
				  (when the certificate is included in a list of certificates)",
	"status": "Certificate status (valid | revoked ) (-1 is UNDEF)" *,
	"trustLevel": "TrustLevel used during its validation. 
				   It depends on the Debbie validation policy used" *,
	"validationMode": "Indicates the validation mode used by Debbie" *,
	"profile": Basic information about the profile that contains this certificate,
	"subject": {
		"DN": "Distringuished Name of the Subject",
		"parsedDN": "JSON Object that represents de DN"
	},
	"issuer": {
		"DN": "Distringuished Name of the Issuer",
		"parsedDN": "JSON Object that represents the DN"
	},
	"extensions": Some principal extensions defined into the certificate,
	"pkcs7": "Certificate in PEM format",
	"keyStoreId": "KeyStore Identifier",
	"keyStoreType": "KeyStore Type"
}

This structure is used to represent the status of several elements (Keystore, profile, etc).

"status": {
	"resultStatus": "[ 0 | 1 | 2 ] ",
	"resultList": 
		[ 
			{ "code": "result code",
		  	  "detail": "result code detail"
			}, 
		...
		]
	}

ErrorCode responses

Error code responses are returned with the following structure:

{
	"code": 20611,
	"message": "Token is not present or is empty"
}

You can download the last published version of Alison-Desktop accessing ACME Alison Wizard. 

You also can access the current development Alison-Desktop version for each platform.