Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Normal
Revision Log

source: trip-planner-front/node_modules/selfsigned/index.js@ b738035

Last change on this file since b738035 was 6a3a178, checked in by Ema <ema_spirova@…>, 3 years ago
initial commit
Property mode set to `100644`
File size: 6.3 KB

Rev	Line
[6a3a178]	1	var forge = require('node-forge');
	2
	3	// a hexString is considered negative if it's most significant bit is 1
	4	// because serial numbers use ones' complement notation
	5	// this RFC in section 4.1.2.2 requires serial numbers to be positive
	6	// http://www.ietf.org/rfc/rfc5280.txt
	7	function toPositiveHex(hexString){
	8	var mostSiginficativeHexAsInt = parseInt(hexString[0], 16);
	9	if (mostSiginficativeHexAsInt < 8){
	10	return hexString;
	11	}
	12
	13	mostSiginficativeHexAsInt -= 8;
	14	return mostSiginficativeHexAsInt.toString() + hexString.substring(1);
	15	}
	16
	17	function getAlgorithm(key) {
	18	switch (key) {
	19	case 'sha256':
	20	return forge.md.sha256.create();
	21	default:
	22	return forge.md.sha1.create();
	23	}
	24	}
	25
	26	/**
	27	*
	28	* @param {forge.pki.CertificateField[]} attrs Attributes used for subject and issuer.
	29	* @param {object} options
	30	* @param {number} [options.days=365] the number of days before expiration
	31	* @param {number} [options.keySize=1024] the size for the private key in bits
	32	* @param {object} [options.extensions] additional extensions for the certificate
	33	* @param {string} [options.algorithm="sha1"] The signature algorithm sha256 or sha1
	34	* @param {boolean} [options.pkcs7=false] include PKCS#7 as part of the output
	35	* @param {boolean} [options.clientCertificate=false] generate client cert signed by the original key
	36	* @param {string} [options.clientCertificateCN="John Doe jdoe123"] client certificate's common name
	37	* @param {function} [done] Optional callback, if not provided the generation is synchronous
	38	* @returns
	39	*/
	40	exports.generate = function generate(attrs, options, done) {
	41	if (typeof attrs === 'function') {
	42	done = attrs;
	43	attrs = undefined;
	44	} else if (typeof options === 'function') {
	45	done = options;
	46	options = {};
	47	}
	48
	49	options = options \|\| {};
	50
	51	var generatePem = function (keyPair) {
	52	var cert = forge.pki.createCertificate();
	53
	54	cert.serialNumber = toPositiveHex(forge.util.bytesToHex(forge.random.getBytesSync(9))); // the serial number can be decimal or hex (if preceded by 0x)
	55
	56	cert.validity.notBefore = new Date();
	57	cert.validity.notAfter = new Date();
	58	cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + (options.days \|\| 365));
	59
	60	attrs = attrs \|\| [{
	61	name: 'commonName',
	62	value: 'example.org'
	63	}, {
	64	name: 'countryName',
	65	value: 'US'
	66	}, {
	67	shortName: 'ST',
	68	value: 'Virginia'
	69	}, {
	70	name: 'localityName',
	71	value: 'Blacksburg'
	72	}, {
	73	name: 'organizationName',
	74	value: 'Test'
	75	}, {
	76	shortName: 'OU',
	77	value: 'Test'
	78	}];
	79
	80	cert.setSubject(attrs);
	81	cert.setIssuer(attrs);
	82
	83	cert.publicKey = keyPair.publicKey;
	84
	85	cert.setExtensions(options.extensions \|\| [{
	86	name: 'basicConstraints',
	87	cA: true
	88	}, {
	89	name: 'keyUsage',
	90	keyCertSign: true,
	91	digitalSignature: true,
	92	nonRepudiation: true,
	93	keyEncipherment: true,
	94	dataEncipherment: true
	95	}, {
	96	name: 'subjectAltName',
	97	altNames: [{
	98	type: 6, // URI
	99	value: 'http://example.org/webid#me'
	100	}]
	101	}]);
	102
	103	cert.sign(keyPair.privateKey, getAlgorithm(options && options.algorithm));
	104
	105	const fingerprint = forge.md.sha1
	106	.create()
	107	.update(forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes())
	108	.digest()
	109	.toHex()
	110	.match(/.{2}/g)
	111	.join(':');
	112
	113	var pem = {
	114	private: forge.pki.privateKeyToPem(keyPair.privateKey),
	115	public: forge.pki.publicKeyToPem(keyPair.publicKey),
	116	cert: forge.pki.certificateToPem(cert),
	117	fingerprint: fingerprint,
	118	};
	119
	120	if (options && options.pkcs7) {
	121	var p7 = forge.pkcs7.createSignedData();
	122	p7.addCertificate(cert);
	123	pem.pkcs7 = forge.pkcs7.messageToPem(p7);
	124	}
	125
	126	if (options && options.clientCertificate) {
	127	var clientkeys = forge.pki.rsa.generateKeyPair(1024);
	128	var clientcert = forge.pki.createCertificate();
	129	clientcert.serialNumber = toPositiveHex(forge.util.bytesToHex(forge.random.getBytesSync(9)));
	130	clientcert.validity.notBefore = new Date();
	131	clientcert.validity.notAfter = new Date();
	132	clientcert.validity.notAfter.setFullYear(clientcert.validity.notBefore.getFullYear() + 1);
	133
	134	var clientAttrs = JSON.parse(JSON.stringify(attrs));
	135
	136	for(var i = 0; i < clientAttrs.length; i++) {
	137	if(clientAttrs[i].name === 'commonName') {
	138	if( options.clientCertificateCN )
	139	clientAttrs[i] = { name: 'commonName', value: options.clientCertificateCN };
	140	else
	141	clientAttrs[i] = { name: 'commonName', value: 'John Doe jdoe123' };
	142	}
	143	}
	144
	145	clientcert.setSubject(clientAttrs);
	146
	147	// Set the issuer to the parent key
	148	clientcert.setIssuer(attrs);
	149
	150	clientcert.publicKey = clientkeys.publicKey;
	151
	152	// Sign client cert with root cert
	153	clientcert.sign(keyPair.privateKey);
	154
	155	pem.clientprivate = forge.pki.privateKeyToPem(clientkeys.privateKey);
	156	pem.clientpublic = forge.pki.publicKeyToPem(clientkeys.publicKey);
	157	pem.clientcert = forge.pki.certificateToPem(clientcert);
	158
	159	if (options.pkcs7) {
	160	var clientp7 = forge.pkcs7.createSignedData();
	161	clientp7.addCertificate(clientcert);
	162	pem.clientpkcs7 = forge.pkcs7.messageToPem(clientp7);
	163	}
	164	}
	165
	166	var caStore = forge.pki.createCaStore();
	167	caStore.addCertificate(cert);
	168
	169	try {
	170	forge.pki.verifyCertificateChain(caStore, [cert],
	171	function (vfd, depth, chain) {
	172	if (vfd !== true) {
	173	throw new Error('Certificate could not be verified.');
	174	}
	175	return true;
	176	});
	177	}
	178	catch(ex) {
	179	throw new Error(ex);
	180	}
	181
	182	return pem;
	183	};
	184
	185	var keySize = options.keySize \|\| 1024;
	186
	187	if (done) { // async scenario
	188	return forge.pki.rsa.generateKeyPair({ bits: keySize }, function (err, keyPair) {
	189	if (err) { return done(err); }
	190
	191	try {
	192	return done(null, generatePem(keyPair));
	193	} catch (ex) {
	194	return done(ex);
	195	}
	196	});
	197	}
	198
	199	var keyPair = options.keyPair ? {
	200	privateKey: forge.pki.privateKeyFromPem(options.keyPair.privateKey),
	201	publicKey: forge.pki.publicKeyFromPem(options.keyPair.publicKey)
	202	} : forge.pki.rsa.generateKeyPair(keySize);
	203
	204	return generatePem(keyPair);
	205	};

Note: See TracBrowser for help on using the repository browser.

Download in other formats: