From 05cb14d75bbb22f491d9872b6e52cfb1d7e56774 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Sun, 18 Nov 2018 15:53:15 -0700
Subject: [PATCH] WIP more asn1

---
 README.md       |  2 +-
 bin/ecdsacsr.js |  5 +++--
 lib/ecdsacsr.js | 20 --------------------
 test.sh         | 17 ++++++++++-------
 4 files changed, 14 insertions(+), 30 deletions(-)

diff --git a/README.md b/README.md
index 4f68bc4..3740b03 100644
--- a/README.md
+++ b/README.md
@@ -49,7 +49,7 @@ return ecdsacsr({ key: key, domains: domains }).then(function (csr) {
   * PEM may be a plain string or a Buffer&#42;
   * DER must be a Buffer&#42;
 * `domains` must be a list of strings representing domain names
-  * must be plain oldl utf8, not punycode
+  * must be plain old utf8, not punycode
 
 &#42; "Buffer" can be a node Buffer, a JavaScript Uint8Array,
 or a JavaScript Array which contains only numbers between 0 and 255.
diff --git a/bin/ecdsacsr.js b/bin/ecdsacsr.js
index 132cb87..e2eaf64 100755
--- a/bin/ecdsacsr.js
+++ b/bin/ecdsacsr.js
@@ -10,7 +10,8 @@ var domains = process.argv[3].split(/,/);
 var keypem = fs.readFileSync(keyname, 'ascii');
 
 ecdsacsr({ key: keypem, domains: domains }).then(function (csr) {
-  console.error("CN=" + domains[0]);
-  console.error("subjectAltName=" + domains.join(','));
+  // Using error so that we can redirect stdout to file
+  //console.error("CN=" + domains[0]);
+  //console.error("subjectAltName=" + domains.join(','));
   console.log(csr);
 });
diff --git a/lib/ecdsacsr.js b/lib/ecdsacsr.js
index 98b3e7c..223d61c 100644
--- a/lib/ecdsacsr.js
+++ b/lib/ecdsacsr.js
@@ -55,21 +55,6 @@ ASN1.BitStr = function BITSTR() {
   return ASN1('03', '00' + str);
 };
 
-function SEQ() {
-  return ASN1('30', Array.prototype.slice.call(arguments).join(''));
-}
-/*
-function SET() {
-  return ASN1('31', Array.prototype.slice.call(arguments).join(''));
-}
-*/
-
-/*
-function NULL() {
-  return '0500';
-}
-*/
-
 function fromBase64(b64) {
   var buf;
   var ab;
@@ -257,11 +242,6 @@ function fromHex(hex) {
 }
 
 function createCsrBodyEc(domains, xy) {
-  var altnames = domains.map(function (d) {
-    return ASN1('82', strToHex(d));
-  }).join('').replace(/\s+/g, '');
-  var sublen = domains[0].length;
-  var sanlen = (altnames.length/2);
   var publen = xy.x.byteLength;
   var compression = '04';
   var hxy = '';
diff --git a/test.sh b/test.sh
index 22ad594..426b254 100644
--- a/test.sh
+++ b/test.sh
@@ -7,20 +7,23 @@ openssl ecparam -genkey -name prime256v1 -noout -out ./privkey-ec-p256.pem
 # canonical example
 rm csr.pem
 node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com > csr.pem
-cat csr.pem
-openssl req -text -noout -verify -in csr.pem
-sleep 2
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
 
 
 # 100 domains (max allowed by Let's Encrypt)
 rm csr.pem
 node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com,api.example.com,assets.example.com,ftp.example.com,example.org,www.example.org,api.example.org,assets.example.org,ftp.example.org,example.co,www.example.co,api.example.co,assets.example.co,ftp.example.co,example.net,www.example.net,api.example.net,assets.example.net,ftp.example.net,whatever.com,www.whatever.com,api.whatever.com,assets.whatever.com,ftp.whatever.com,whatever.org,www.whatever.org,api.whatever.org,assets.whatever.org,ftp.whatever.org,whatever.net,www.whatever.net,api.whatever.net,assets.whatever.net,ftp.whatever.net,whatever.co,www.whatever.co,api.whatever.co,assets.whatever.co,ftp.whatever.co,sample.com,www.sample.com,api.sample.com,assets.sample.com,ftp.sample.com,sample.org,www.sample.org,api.sample.org,assets.sample.org,ftp.sample.org,sample.net,www.sample.net,api.sample.net,assets.sample.net,ftp.sample.net,sample.co,www.sample.co,api.sample.co,assets.sample.co,ftp.sample.co,foobar.com,www.foobar.com,api.foobar.com,assets.foobar.com,ftp.foobar.com,foobar.org,www.foobar.org,api.foobar.org,assets.foobar.org,ftp.foobar.org,foobar.net,www.foobar.net,api.foobar.net,assets.foobar.net,ftp.foobar.net,foobar.co,www.foobar.co,api.foobar.co,assets.foobar.co,ftp.foobar.co,quux.com,www.quux.com,api.quux.com,assets.quux.com,ftp.quux.com,quux.org,www.quux.org,api.quux.org,assets.quux.org,ftp.quux.org,quux.net,www.quux.net,api.quux.net,assets.quux.net,ftp.quux.net,quux.co,www.quux.co,api.quux.co,assets.quux.co,ftp.quux.co >csr.pem
-cat csr.pem
-openssl req -text -noout -verify -in csr.pem
-sleep 2
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
+
 
 # single domain
 rm csr.pem
 node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com > csr.pem
-cat csr.pem
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
+
+# utf8 domain
+rm csr.pem
+node bin/ecdsacsr.js ./privkey-ec-p256.pem 例.中国,example.com > csr.pem
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
 openssl req -text -noout -verify -in csr.pem
+