selfsigned - npm Package Compare versions

Comparing version 1.2.0 to 1.4.0

index.js

 var forge = require('node-forge')
 var fs = require('fs')
 
+function getAlgorithm(key) {
+  switch (key) {
+    case 'sha256':
+      return forge.md.sha256.create()
+    case 'sha1':
+    default:
+      return forge.md.sha1.create()
+  }
+}
+
 exports.generate = function generate(attrs, options) {
-
   var keys = forge.pki.rsa.generateKeyPair(1024)
@@ -12,3 +21,3 @@ var cert = forge.pki.createCertificate()
   cert.validity.notAfter = new Date()
-  cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1)
+  cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + (options.days || 365))
   
@@ -37,3 +46,3 @@ attrs = attrs || [{
   cert.setIssuer(attrs)
-  
+
   cert.setExtensions([{
@@ -56,6 +65,6 @@ name: 'basicConstraints',
   }])
-  
+
   cert.publicKey = keys.publicKey
 
-  cert.sign(keys.privateKey)
+  cert.sign(keys.privateKey, getAlgorithm(options && options.algorithm))
 
@@ -67,3 +76,3 @@ var pem = {
   }
-  
+
   if (options && options.pkcs7) {
@@ -75,2 +84,42 @@ var p7 = forge.pkcs7.createSignedData()
 
+  if (options && options.clientCertificate) {
+    var clientkeys = forge.pki.rsa.generateKeyPair(1024)
+    var clientcert = forge.pki.createCertificate()
+    clientcert.serialNumber = '02'
+    clientcert.validity.notBefore = new Date()
+    clientcert.validity.notAfter = new Date()
+    clientcert.validity.notAfter.setFullYear(clientcert.validity.notBefore.getFullYear() + 1)
+    
+    var clientAttrs = JSON.parse(JSON.stringify(attrs));
+
+    for(var i = 0; i < clientAttrs.length; i++) {
+      if(clientAttrs[i].name === 'commonName') {
+        if( options.clientCertificateCN )
+          clientAttrs[i] = { name: 'commonName', value: options.clientCertificateCN };
+        else
+          clientAttrs[i] = { name: 'commonName', value: 'John Doe jdoe123' };
+      }
+    }
+
+    clientcert.setSubject(clientAttrs)
+
+    // Set the issuer to the parent key
+    clientcert.setIssuer(attrs)
+
+    clientcert.publicKey = clientkeys.publicKey
+
+    // Sign client cert with root cert
+    clientcert.sign(keys.privateKey)
+
+    pem.clientprivate = forge.pki.privateKeyToPem(clientkeys.privateKey);
+    pem.clientpublic = forge.pki.publicKeyToPem(clientkeys.publicKey);
+    pem.clientcert = forge.pki.certificateToPem(clientcert);
+
+    if (options.pkcs7) {
+      var clientp7 = forge.pkcs7.createSignedData()
+      clientp7.addCertificate(clientcert)
+      pem.clientpkcs7 = forge.pkcs7.messageToPem(clientp7)
+    }
+  }
+
   var caStore = forge.pki.createCaStore()
@@ -77,0 +126,0 @@ caStore.addCertificate(cert)

package.json

 {
   "name": "selfsigned",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "Generate self signed certificates private and public keys",
@@ -20,3 +20,3 @@ "main": "index.js",
   "author": "José F. Romaniello <jfromaniello@gmail.com> (http://joseoncode.com)",
-  "contirbutors": [
+  "contributors": [
     {
@@ -26,2 +26,7 @@ "name": "Paolo Fragomeni",
       "url": "http://async.ly"
+    },
+    {
+      "name": "Charles Bushong",
+      "email": "bushong1@gmail.com  ",
+      "url": "http://github.com/bushong1"
     }
@@ -28,0 +33,0 @@ ],

README.md

@@ -22,3 +22,3 @@ Generate a self signed x509 certificate from node.js.
 ```js
-{ 
+{
   private: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQCBFMXMYS/+RZz6+qzv+xeqXPdjw4YKZC4y3dPhSwgEwkecrCTX\r\nsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vMTrTx6YwqQ8tceBPoyuuqcYBO\r\nOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKAgY0m5WIuaKrW6mvLXQIDAQAB\r\nAoGAU6ODGxAqSecPdayyG/ml9vSwNAuAMgGB0eHcpZG5i2PbhRAh+0TAIXaoFQXJ\r\naAPeA2ISqlTJyRmQXYAO2uj61FzeyDzYCf0z3+yZEVz3cO7jB5Pl6iBvzbxWuuuA\r\ncbJtWLhWtW5/jioc8F0EAzZ+lkC/XuVJdwKHDmwt2qvJO+ECQQD+dvo1g3Sz9xGw\r\n21n+fDG5i4128+Qh+JPgh5AeLuXSofc1HMHaOXcC6Wu/Cloh7QAD934b7W0A7VoD\r\ndLd/JLyFAkEAgdwjryyvdhy69e516IrPB3b+m4rggtntBlZREMrk9tOzeIucVO3W\r\ntKI3FHm6JebN2gVcG+rZ+FaDPo+ifJkW+QJBAPojrMwEACmUevB2f9246gxx0UsY\r\nbq6yM3No71OsWEEY8/Bi53CEQqg7Gq5+F6H33qcHmBEN8LQTngN9rY+vZh0CQBg0\r\nqJImii5B/LeK03+dICoMDDmCEYdSh9P+ku3GZBd+Lp3xqBpMmxDgi9PNPN2DwCs7\r\nhIfPpwGbXqtyqp7/CkECQB4OdY+2FbCciI473eQkTu310RMf8jElU63iwnx4R/XN\r\n/mgqN589OfF4SS0U/MoRzYk9jF9IAJN1Mi/571T+nw4=\r\n-----END RSA PRIVATE KEY-----\r\n',
@@ -30,4 +30,41 @@ public: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBFMXMYS/+RZz6+qzv+xeqXPdj\r\nw4YKZC4y3dPhSwgEwkecrCTXsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vM\r\nTrTx6YwqQ8tceBPoyuuqcYBOOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKA\r\ngY0m5WIuaKrW6mvLXQIDAQAB\r\n-----END PUBLIC KEY-----\r\n',
 
+## Configuration
+
+You can optionally specify a different algorithm:
+
+```js
+var pems = selfsigned.generate({ subj: '/CN=contoso.com', days: 365 }, { algorithm: 'sha256' });
+```
+
+### Generate Client Certificates
+
+If you are in an environment where servers require client certificates, you can generate client keys signed by the original (server) key.
+
+```js
+var selfsigned = require('selfsigned');
+var pems = selfsigned.generate(null, { clientCertificate: true });
+console.log(pems)
+```
+You can optionally specify a different algorithm:
+Which will generate the following:
+
+```js
+{ private: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXQIBAAKBgQCgd/lGfk+0Yfgprcm0pJUiP6Hl3i4GDsGmstW3JBRsUNgE+RpT\r\nhLrDoxr0hvovXvdKLTUfRMkqLNVevv0EP6QP+2yG97FJ9IZb+DX3wHrTvMj3ngcf\r\nE5LpN632c8jK2TF9syozAuBnDiBmU27ys5mP4mf1OPmmZGfNADib85vWYQIDAQAB\r\nAoGASeESnlb3IUhdteqyS/3eP4dmZWuWaumOVM5PQONWl8vcuOVrLnqUdg/5EA24\r\nz+h8F+WaaIwFxeogTl/GI5edU5RrcMsX7yAJahGcV7NG8A1ajCCdlUXUJKKiahAI\r\nU3S9ej+8VCj93NwBtTgcTWDr24lyhZF7MCFpQ6qIoTFP58UCQQD0vx4etezlC5ba\r\nOWK7fLux8JhRsqOhhU7pMtnSc7kStCcXnkMMFgnCQOui5jh6CA9g1VeMGFppQ+00\r\ndh8NTEYrAkEAp9jUuOeXzobgV+f84V6eQ2FU+tB1EfsNSgSHIZRMsMUkVe+HOKed\r\nEyQzduuo8t/RUUmXKvGFtC6DU3t1cT37owJBAJnIOIm9b/NfO9M0uZfqwRkGfv7e\r\nizhjRfj7TaiRtBlPfzy04ZYHhuw61JSPqa7rv5Xtl0vcxXpdBv+utMYrRe8CQCnr\r\njbVgohmCtiU+W3ouF3jcpky+I38KJJeH6fgJAd5kXl7YI/2SXziYogHheaCvJagX\r\nqRmgmLQXqdT/0KUnxeECQQDR4c1sq8imgm82OpGElAZHxaSHQMwOWzo4E8E+XZCo\r\nV4tLzLjGKPwwdNTwGK+oxD3P7Qy1klnAowqj/URGkHE3\r\n-----END RSA PRIVATE KEY-----\r\n',
+  public: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgd/lGfk+0Yfgprcm0pJUiP6Hl\r\n3i4GDsGmstW3JBRsUNgE+RpThLrDoxr0hvovXvdKLTUfRMkqLNVevv0EP6QP+2yG\r\n97FJ9IZb+DX3wHrTvMj3ngcfE5LpN632c8jK2TF9syozAuBnDiBmU27ys5mP4mf1\r\nOPmmZGfNADib85vWYQIDAQAB\r\n-----END PUBLIC KEY-----\r\n',
+    cert: '-----BEGIN CERTIFICATE-----\r\nMIICjTCCAfagAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt\r\ncGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTE1\r\nMTAyNTEzNTIwNFoXDTE2MTAyNTEzNTIwNFowaTEUMBIGA1UEAxMLZXhhbXBsZS5v\r\ncmcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxh\r\nY2tzYnVyZzENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDCBnzANBgkqhkiG\r\n9w0BAQEFAAOBjQAwgYkCgYEAoHf5Rn5PtGH4Ka3JtKSVIj+h5d4uBg7BprLVtyQU\r\nbFDYBPkaU4S6w6Ma9Ib6L173Si01H0TJKizVXr79BD+kD/tshvexSfSGW/g198B6\r\n07zI954HHxOS6Tet9nPIytkxfbMqMwLgZw4gZlNu8rOZj+Jn9Tj5pmRnzQA4m/Ob\r\n1mECAwEAAaNFMEMwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAvQwJgYDVR0RBB8w\r\nHYYbaHR0cDovL2V4YW1wbGUub3JnL3dlYmlkI21lMA0GCSqGSIb3DQEBBQUAA4GB\r\nAA508xX8hPhSMcOvgPznM80On0IXBTB6NlnAGd2I89mYnNX2b7/vBt83xCvwcxwo\r\nVaksTm6JbrlPWQ9hQESSkjsXGOJuGQePndKA7z4NwlVTdNyXupAm+zfrYRguajij\r\n3xXyY1ulsjTHhRaFP8fh49rrbAo7RB9D6fydNzHaqLz3\r\n-----END CERTIFICATE-----\r\n',
+      clientprivate: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQC1EiQnN9GgPPOP5vm5XtJT1pQ7xeTI8/gTaGrCIV49HFWfVQ0h\r\nNVDbuhcKxTFlmnQLWolIxrSwRT5+T+UMiyrvMrErgQE2Tz/qbK7K+5Yl1yu2P39D\r\njdKwmIfBfacWisLxCE53/0WkMD+3uFu+h36Be0FWb+xmQuPHScQ0R1UbBQIDAQAB\r\nAoGAMUjEyl/pEMJGUQ6/PfNPMD6hjjto8EFnbnDnTfujGOMTcxDFSBqo7YWTK/1M\r\nWqlVmJmF8GcVWz0dq2e3olhm0MsOb+AWUsPhPTryXDnZLoJmZpyHYakLP2k7B3I7\r\nMmV2T7QNZY2d0THoAZ8tkO337LGuzZiuALa7Ix/fJGyJiykCQQDjH5+UZwcko/7T\r\nyQ/c2fHV0O1Sk3txyaVUPLB3QHcFBZRQaTIPzyjD6YITpy4+oE8iukZrlkrl+Hua\r\nCQp8d8+fAkEAzBealXUz7Z2ZC6DT1ISv1cVQpcRXYzveve3jOdsPrvJcBjWs4LCf\r\nTj0wACn8L14dirxnFHHBoKjogP/JjoDC2wJAeTcqcwidjlecLCnVtnf3ErdjwbuG\r\nmY8WFqQhRjP4kYyNwHC0UC2uwwh/7L8/9hqWwaEK7maS6LO6O9Zxa0aCXwJAabG/\r\nqK8t2VzIqbD8gw7EUR0CixaHeyjCTfIovwmnsZ5p8f1SLnrJxacCeNNFevJusi6n\r\n43qWIDHZVxUguOAOCQJBAIU/FDEVIc8h/mp2I5vufsMpYGsAMdMh03Wdg3dhxUaT\r\nlOXVzQehotFxyDayyyIr/S8V/SlG0nM7g4UJhKVQzbM=\r\n-----END RSA PRIVATE KEY-----\r\n',
+        clientpublic: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1EiQnN9GgPPOP5vm5XtJT1pQ7\r\nxeTI8/gTaGrCIV49HFWfVQ0hNVDbuhcKxTFlmnQLWolIxrSwRT5+T+UMiyrvMrEr\r\ngQE2Tz/qbK7K+5Yl1yu2P39DjdKwmIfBfacWisLxCE53/0WkMD+3uFu+h36Be0FW\r\nb+xmQuPHScQ0R1UbBQIDAQAB\r\n-----END PUBLIC KEY-----\r\n',
+          clientcert: '-----BEGIN CERTIFICATE-----\r\nMIICSzCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt\r\ncGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTE1\r\nMTAyNTEzNTIwNFoXDTE2MTAyNTEzNTIwNFowbjEZMBcGA1UEAxMQSm9obiBEb2Ug\r\namRvZTEyMzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIGfMA0G\r\nCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1EiQnN9GgPPOP5vm5XtJT1pQ7xeTI8/gT\r\naGrCIV49HFWfVQ0hNVDbuhcKxTFlmnQLWolIxrSwRT5+T+UMiyrvMrErgQE2Tz/q\r\nbK7K+5Yl1yu2P39DjdKwmIfBfacWisLxCE53/0WkMD+3uFu+h36Be0FWb+xmQuPH\r\nScQ0R1UbBQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABvI/e+wpprXPTGp72SnoVPB\r\nKJ0AjZt2kYl69xl4KWw/PqN292l6Km/kkTbaPcG9QTjEyfYGCU73bgIp1htBPFcz\r\nssaYLXHtWxkTF6fYSgdR2uJFTWL0BVvr0x4ZS+7kyB7w82igqfL4NTP1XexcsqUx\r\n286cvNgatOWUjJ/Zr3jj\r\n-----END CERTIFICATE-----\r\n' }
+```
+var pems = selfsigned.generate({ subj: '/CN=contoso.com', days: 365 }, { algorithm: 'sha256' });
+To override the default client CN of `john doe jdoe123`, add another option for clientCertificateCN:
+
+```js
+var selfsigned = require('selfsigned');
+var pems = selfsigned.generate(null, { clientCertificate: true, clientCertificateCN: "FooBar" });
+console.log(pems)
+```
+
 ## License
 
-MIT
+MIT

test/tests.js

@@ -13,7 +13,16 @@ var assert = require('assert')
 assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default')
+assert.ok(!pems.clientcert, 'should not include a client cert by default')
+assert.ok(!pems.clientprivate, 'should not include a client private key by default')
+assert.ok(!pems.clientpublic, 'should not include a client public key by default')
 
-
 var caStore = forge.pki.createCaStore()
 caStore.addCertificate(pems.cert)
 
+//test client cert generation
+pems = generate(null, {clientCertificate: true})
+
+assert.ok(!!pems.clientcert, 'should include a client cert when requested')
+assert.ok(!!pems.clientprivate, 'should include a client private key when requested')
+assert.ok(!!pems.clientpublic, 'should include a client public key when requested')
+
 //test pkcs7 generation
@@ -33,2 +42,8 @@ pems = generate(null, {pkcs7: true})
   assert.equal(pems.pkcs7, expected)
-});
+});
+
+var pems_sha1 = generate(null, { algorithm: 'sha1' });
+assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid == forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs')
+
+var pems_sha256 = generate(null, { algorithm: 'sha256' });
+assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid == forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs')

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14371

increased by131.01%

Lines of code

151

increased by54.08%

Number of lines in readme file

69

increased by122.58%

No dependency changes