selfsigned
Advanced tools
Comparing version 1.2.0 to 1.4.0
61
index.js
var forge = require('node-forge') | ||
var fs = require('fs') | ||
function getAlgorithm(key) { | ||
switch (key) { | ||
case 'sha256': | ||
return forge.md.sha256.create() | ||
case 'sha1': | ||
default: | ||
return forge.md.sha1.create() | ||
} | ||
} | ||
exports.generate = function generate(attrs, options) { | ||
var keys = forge.pki.rsa.generateKeyPair(1024) | ||
@@ -12,3 +21,3 @@ var cert = forge.pki.createCertificate() | ||
cert.validity.notAfter = new Date() | ||
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1) | ||
cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + (options.days || 365)) | ||
@@ -37,3 +46,3 @@ attrs = attrs || [{ | ||
cert.setIssuer(attrs) | ||
cert.setExtensions([{ | ||
@@ -56,6 +65,6 @@ name: 'basicConstraints', | ||
}]) | ||
cert.publicKey = keys.publicKey | ||
cert.sign(keys.privateKey) | ||
cert.sign(keys.privateKey, getAlgorithm(options && options.algorithm)) | ||
@@ -67,3 +76,3 @@ var pem = { | ||
} | ||
if (options && options.pkcs7) { | ||
@@ -75,2 +84,42 @@ var p7 = forge.pkcs7.createSignedData() | ||
if (options && options.clientCertificate) { | ||
var clientkeys = forge.pki.rsa.generateKeyPair(1024) | ||
var clientcert = forge.pki.createCertificate() | ||
clientcert.serialNumber = '02' | ||
clientcert.validity.notBefore = new Date() | ||
clientcert.validity.notAfter = new Date() | ||
clientcert.validity.notAfter.setFullYear(clientcert.validity.notBefore.getFullYear() + 1) | ||
var clientAttrs = JSON.parse(JSON.stringify(attrs)); | ||
for(var i = 0; i < clientAttrs.length; i++) { | ||
if(clientAttrs[i].name === 'commonName') { | ||
if( options.clientCertificateCN ) | ||
clientAttrs[i] = { name: 'commonName', value: options.clientCertificateCN }; | ||
else | ||
clientAttrs[i] = { name: 'commonName', value: 'John Doe jdoe123' }; | ||
} | ||
} | ||
clientcert.setSubject(clientAttrs) | ||
// Set the issuer to the parent key | ||
clientcert.setIssuer(attrs) | ||
clientcert.publicKey = clientkeys.publicKey | ||
// Sign client cert with root cert | ||
clientcert.sign(keys.privateKey) | ||
pem.clientprivate = forge.pki.privateKeyToPem(clientkeys.privateKey); | ||
pem.clientpublic = forge.pki.publicKeyToPem(clientkeys.publicKey); | ||
pem.clientcert = forge.pki.certificateToPem(clientcert); | ||
if (options.pkcs7) { | ||
var clientp7 = forge.pkcs7.createSignedData() | ||
clientp7.addCertificate(clientcert) | ||
pem.clientpkcs7 = forge.pkcs7.messageToPem(clientp7) | ||
} | ||
} | ||
var caStore = forge.pki.createCaStore() | ||
@@ -77,0 +126,0 @@ caStore.addCertificate(cert) |
{ | ||
"name": "selfsigned", | ||
"version": "1.2.0", | ||
"version": "1.4.0", | ||
"description": "Generate self signed certificates private and public keys", | ||
@@ -20,3 +20,3 @@ "main": "index.js", | ||
"author": "José F. Romaniello <jfromaniello@gmail.com> (http://joseoncode.com)", | ||
"contirbutors": [ | ||
"contributors": [ | ||
{ | ||
@@ -26,2 +26,7 @@ "name": "Paolo Fragomeni", | ||
"url": "http://async.ly" | ||
}, | ||
{ | ||
"name": "Charles Bushong", | ||
"email": "bushong1@gmail.com ", | ||
"url": "http://github.com/bushong1" | ||
} | ||
@@ -28,0 +33,0 @@ ], |
@@ -22,3 +22,3 @@ Generate a self signed x509 certificate from node.js. | ||
```js | ||
{ | ||
{ | ||
private: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQCBFMXMYS/+RZz6+qzv+xeqXPdjw4YKZC4y3dPhSwgEwkecrCTX\r\nsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vMTrTx6YwqQ8tceBPoyuuqcYBO\r\nOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKAgY0m5WIuaKrW6mvLXQIDAQAB\r\nAoGAU6ODGxAqSecPdayyG/ml9vSwNAuAMgGB0eHcpZG5i2PbhRAh+0TAIXaoFQXJ\r\naAPeA2ISqlTJyRmQXYAO2uj61FzeyDzYCf0z3+yZEVz3cO7jB5Pl6iBvzbxWuuuA\r\ncbJtWLhWtW5/jioc8F0EAzZ+lkC/XuVJdwKHDmwt2qvJO+ECQQD+dvo1g3Sz9xGw\r\n21n+fDG5i4128+Qh+JPgh5AeLuXSofc1HMHaOXcC6Wu/Cloh7QAD934b7W0A7VoD\r\ndLd/JLyFAkEAgdwjryyvdhy69e516IrPB3b+m4rggtntBlZREMrk9tOzeIucVO3W\r\ntKI3FHm6JebN2gVcG+rZ+FaDPo+ifJkW+QJBAPojrMwEACmUevB2f9246gxx0UsY\r\nbq6yM3No71OsWEEY8/Bi53CEQqg7Gq5+F6H33qcHmBEN8LQTngN9rY+vZh0CQBg0\r\nqJImii5B/LeK03+dICoMDDmCEYdSh9P+ku3GZBd+Lp3xqBpMmxDgi9PNPN2DwCs7\r\nhIfPpwGbXqtyqp7/CkECQB4OdY+2FbCciI473eQkTu310RMf8jElU63iwnx4R/XN\r\n/mgqN589OfF4SS0U/MoRzYk9jF9IAJN1Mi/571T+nw4=\r\n-----END RSA PRIVATE KEY-----\r\n', | ||
@@ -30,4 +30,41 @@ public: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBFMXMYS/+RZz6+qzv+xeqXPdj\r\nw4YKZC4y3dPhSwgEwkecrCTXsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vM\r\nTrTx6YwqQ8tceBPoyuuqcYBOOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKA\r\ngY0m5WIuaKrW6mvLXQIDAQAB\r\n-----END PUBLIC KEY-----\r\n', | ||
## Configuration | ||
You can optionally specify a different algorithm: | ||
```js | ||
var pems = selfsigned.generate({ subj: '/CN=contoso.com', days: 365 }, { algorithm: 'sha256' }); | ||
``` | ||
### Generate Client Certificates | ||
If you are in an environment where servers require client certificates, you can generate client keys signed by the original (server) key. | ||
```js | ||
var selfsigned = require('selfsigned'); | ||
var pems = selfsigned.generate(null, { clientCertificate: true }); | ||
console.log(pems) | ||
``` | ||
You can optionally specify a different algorithm: | ||
Which will generate the following: | ||
```js | ||
{ private: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXQIBAAKBgQCgd/lGfk+0Yfgprcm0pJUiP6Hl3i4GDsGmstW3JBRsUNgE+RpT\r\nhLrDoxr0hvovXvdKLTUfRMkqLNVevv0EP6QP+2yG97FJ9IZb+DX3wHrTvMj3ngcf\r\nE5LpN632c8jK2TF9syozAuBnDiBmU27ys5mP4mf1OPmmZGfNADib85vWYQIDAQAB\r\nAoGASeESnlb3IUhdteqyS/3eP4dmZWuWaumOVM5PQONWl8vcuOVrLnqUdg/5EA24\r\nz+h8F+WaaIwFxeogTl/GI5edU5RrcMsX7yAJahGcV7NG8A1ajCCdlUXUJKKiahAI\r\nU3S9ej+8VCj93NwBtTgcTWDr24lyhZF7MCFpQ6qIoTFP58UCQQD0vx4etezlC5ba\r\nOWK7fLux8JhRsqOhhU7pMtnSc7kStCcXnkMMFgnCQOui5jh6CA9g1VeMGFppQ+00\r\ndh8NTEYrAkEAp9jUuOeXzobgV+f84V6eQ2FU+tB1EfsNSgSHIZRMsMUkVe+HOKed\r\nEyQzduuo8t/RUUmXKvGFtC6DU3t1cT37owJBAJnIOIm9b/NfO9M0uZfqwRkGfv7e\r\nizhjRfj7TaiRtBlPfzy04ZYHhuw61JSPqa7rv5Xtl0vcxXpdBv+utMYrRe8CQCnr\r\njbVgohmCtiU+W3ouF3jcpky+I38KJJeH6fgJAd5kXl7YI/2SXziYogHheaCvJagX\r\nqRmgmLQXqdT/0KUnxeECQQDR4c1sq8imgm82OpGElAZHxaSHQMwOWzo4E8E+XZCo\r\nV4tLzLjGKPwwdNTwGK+oxD3P7Qy1klnAowqj/URGkHE3\r\n-----END RSA PRIVATE KEY-----\r\n', | ||
public: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgd/lGfk+0Yfgprcm0pJUiP6Hl\r\n3i4GDsGmstW3JBRsUNgE+RpThLrDoxr0hvovXvdKLTUfRMkqLNVevv0EP6QP+2yG\r\n97FJ9IZb+DX3wHrTvMj3ngcfE5LpN632c8jK2TF9syozAuBnDiBmU27ys5mP4mf1\r\nOPmmZGfNADib85vWYQIDAQAB\r\n-----END PUBLIC KEY-----\r\n', | ||
cert: '-----BEGIN CERTIFICATE-----\r\nMIICjTCCAfagAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt\r\ncGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTE1\r\nMTAyNTEzNTIwNFoXDTE2MTAyNTEzNTIwNFowaTEUMBIGA1UEAxMLZXhhbXBsZS5v\r\ncmcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxh\r\nY2tzYnVyZzENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDCBnzANBgkqhkiG\r\n9w0BAQEFAAOBjQAwgYkCgYEAoHf5Rn5PtGH4Ka3JtKSVIj+h5d4uBg7BprLVtyQU\r\nbFDYBPkaU4S6w6Ma9Ib6L173Si01H0TJKizVXr79BD+kD/tshvexSfSGW/g198B6\r\n07zI954HHxOS6Tet9nPIytkxfbMqMwLgZw4gZlNu8rOZj+Jn9Tj5pmRnzQA4m/Ob\r\n1mECAwEAAaNFMEMwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAvQwJgYDVR0RBB8w\r\nHYYbaHR0cDovL2V4YW1wbGUub3JnL3dlYmlkI21lMA0GCSqGSIb3DQEBBQUAA4GB\r\nAA508xX8hPhSMcOvgPznM80On0IXBTB6NlnAGd2I89mYnNX2b7/vBt83xCvwcxwo\r\nVaksTm6JbrlPWQ9hQESSkjsXGOJuGQePndKA7z4NwlVTdNyXupAm+zfrYRguajij\r\n3xXyY1ulsjTHhRaFP8fh49rrbAo7RB9D6fydNzHaqLz3\r\n-----END CERTIFICATE-----\r\n', | ||
clientprivate: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQC1EiQnN9GgPPOP5vm5XtJT1pQ7xeTI8/gTaGrCIV49HFWfVQ0h\r\nNVDbuhcKxTFlmnQLWolIxrSwRT5+T+UMiyrvMrErgQE2Tz/qbK7K+5Yl1yu2P39D\r\njdKwmIfBfacWisLxCE53/0WkMD+3uFu+h36Be0FWb+xmQuPHScQ0R1UbBQIDAQAB\r\nAoGAMUjEyl/pEMJGUQ6/PfNPMD6hjjto8EFnbnDnTfujGOMTcxDFSBqo7YWTK/1M\r\nWqlVmJmF8GcVWz0dq2e3olhm0MsOb+AWUsPhPTryXDnZLoJmZpyHYakLP2k7B3I7\r\nMmV2T7QNZY2d0THoAZ8tkO337LGuzZiuALa7Ix/fJGyJiykCQQDjH5+UZwcko/7T\r\nyQ/c2fHV0O1Sk3txyaVUPLB3QHcFBZRQaTIPzyjD6YITpy4+oE8iukZrlkrl+Hua\r\nCQp8d8+fAkEAzBealXUz7Z2ZC6DT1ISv1cVQpcRXYzveve3jOdsPrvJcBjWs4LCf\r\nTj0wACn8L14dirxnFHHBoKjogP/JjoDC2wJAeTcqcwidjlecLCnVtnf3ErdjwbuG\r\nmY8WFqQhRjP4kYyNwHC0UC2uwwh/7L8/9hqWwaEK7maS6LO6O9Zxa0aCXwJAabG/\r\nqK8t2VzIqbD8gw7EUR0CixaHeyjCTfIovwmnsZ5p8f1SLnrJxacCeNNFevJusi6n\r\n43qWIDHZVxUguOAOCQJBAIU/FDEVIc8h/mp2I5vufsMpYGsAMdMh03Wdg3dhxUaT\r\nlOXVzQehotFxyDayyyIr/S8V/SlG0nM7g4UJhKVQzbM=\r\n-----END RSA PRIVATE KEY-----\r\n', | ||
clientpublic: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1EiQnN9GgPPOP5vm5XtJT1pQ7\r\nxeTI8/gTaGrCIV49HFWfVQ0hNVDbuhcKxTFlmnQLWolIxrSwRT5+T+UMiyrvMrEr\r\ngQE2Tz/qbK7K+5Yl1yu2P39DjdKwmIfBfacWisLxCE53/0WkMD+3uFu+h36Be0FW\r\nb+xmQuPHScQ0R1UbBQIDAQAB\r\n-----END PUBLIC KEY-----\r\n', | ||
clientcert: '-----BEGIN CERTIFICATE-----\r\nMIICSzCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt\r\ncGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTE1\r\nMTAyNTEzNTIwNFoXDTE2MTAyNTEzNTIwNFowbjEZMBcGA1UEAxMQSm9obiBEb2Ug\r\namRvZTEyMzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIGfMA0G\r\nCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1EiQnN9GgPPOP5vm5XtJT1pQ7xeTI8/gT\r\naGrCIV49HFWfVQ0hNVDbuhcKxTFlmnQLWolIxrSwRT5+T+UMiyrvMrErgQE2Tz/q\r\nbK7K+5Yl1yu2P39DjdKwmIfBfacWisLxCE53/0WkMD+3uFu+h36Be0FWb+xmQuPH\r\nScQ0R1UbBQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABvI/e+wpprXPTGp72SnoVPB\r\nKJ0AjZt2kYl69xl4KWw/PqN292l6Km/kkTbaPcG9QTjEyfYGCU73bgIp1htBPFcz\r\nssaYLXHtWxkTF6fYSgdR2uJFTWL0BVvr0x4ZS+7kyB7w82igqfL4NTP1XexcsqUx\r\n286cvNgatOWUjJ/Zr3jj\r\n-----END CERTIFICATE-----\r\n' } | ||
``` | ||
var pems = selfsigned.generate({ subj: '/CN=contoso.com', days: 365 }, { algorithm: 'sha256' }); | ||
To override the default client CN of `john doe jdoe123`, add another option for clientCertificateCN: | ||
```js | ||
var selfsigned = require('selfsigned'); | ||
var pems = selfsigned.generate(null, { clientCertificate: true, clientCertificateCN: "FooBar" }); | ||
console.log(pems) | ||
``` | ||
## License | ||
MIT | ||
MIT |
@@ -13,7 +13,16 @@ var assert = require('assert') | ||
assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default') | ||
assert.ok(!pems.clientcert, 'should not include a client cert by default') | ||
assert.ok(!pems.clientprivate, 'should not include a client private key by default') | ||
assert.ok(!pems.clientpublic, 'should not include a client public key by default') | ||
var caStore = forge.pki.createCaStore() | ||
caStore.addCertificate(pems.cert) | ||
//test client cert generation | ||
pems = generate(null, {clientCertificate: true}) | ||
assert.ok(!!pems.clientcert, 'should include a client cert when requested') | ||
assert.ok(!!pems.clientprivate, 'should include a client private key when requested') | ||
assert.ok(!!pems.clientpublic, 'should include a client public key when requested') | ||
//test pkcs7 generation | ||
@@ -33,2 +42,8 @@ pems = generate(null, {pkcs7: true}) | ||
assert.equal(pems.pkcs7, expected) | ||
}); | ||
}); | ||
var pems_sha1 = generate(null, { algorithm: 'sha1' }); | ||
assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid == forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs') | ||
var pems_sha256 = generate(null, { algorithm: 'sha256' }); | ||
assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid == forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs') |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
14371
151
69