WIP more asn1

This commit is contained in:
AJ ONeal 2018-11-18 15:53:15 -07:00
parent 4031cb791b
commit 05cb14d75b
4 changed files with 14 additions and 30 deletions

View File

@ -49,7 +49,7 @@ return ecdsacsr({ key: key, domains: domains }).then(function (csr) {
* PEM may be a plain string or a Buffer* * PEM may be a plain string or a Buffer*
* DER must be a Buffer* * DER must be a Buffer*
* `domains` must be a list of strings representing domain names * `domains` must be a list of strings representing domain names
* must be plain oldl utf8, not punycode * must be plain old utf8, not punycode
* "Buffer" can be a node Buffer, a JavaScript Uint8Array, * "Buffer" can be a node Buffer, a JavaScript Uint8Array,
or a JavaScript Array which contains only numbers between 0 and 255. or a JavaScript Array which contains only numbers between 0 and 255.

View File

@ -10,7 +10,8 @@ var domains = process.argv[3].split(/,/);
var keypem = fs.readFileSync(keyname, 'ascii'); var keypem = fs.readFileSync(keyname, 'ascii');
ecdsacsr({ key: keypem, domains: domains }).then(function (csr) { ecdsacsr({ key: keypem, domains: domains }).then(function (csr) {
console.error("CN=" + domains[0]); // Using error so that we can redirect stdout to file
console.error("subjectAltName=" + domains.join(',')); //console.error("CN=" + domains[0]);
//console.error("subjectAltName=" + domains.join(','));
console.log(csr); console.log(csr);
}); });

View File

@ -55,21 +55,6 @@ ASN1.BitStr = function BITSTR() {
return ASN1('03', '00' + str); return ASN1('03', '00' + str);
}; };
function SEQ() {
return ASN1('30', Array.prototype.slice.call(arguments).join(''));
}
/*
function SET() {
return ASN1('31', Array.prototype.slice.call(arguments).join(''));
}
*/
/*
function NULL() {
return '0500';
}
*/
function fromBase64(b64) { function fromBase64(b64) {
var buf; var buf;
var ab; var ab;
@ -257,11 +242,6 @@ function fromHex(hex) {
} }
function createCsrBodyEc(domains, xy) { function createCsrBodyEc(domains, xy) {
var altnames = domains.map(function (d) {
return ASN1('82', strToHex(d));
}).join('').replace(/\s+/g, '');
var sublen = domains[0].length;
var sanlen = (altnames.length/2);
var publen = xy.x.byteLength; var publen = xy.x.byteLength;
var compression = '04'; var compression = '04';
var hxy = ''; var hxy = '';

17
test.sh
View File

@ -7,20 +7,23 @@ openssl ecparam -genkey -name prime256v1 -noout -out ./privkey-ec-p256.pem
# canonical example # canonical example
rm csr.pem rm csr.pem
node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com > csr.pem node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com > csr.pem
cat csr.pem openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
openssl req -text -noout -verify -in csr.pem
sleep 2
# 100 domains (max allowed by Let's Encrypt) # 100 domains (max allowed by Let's Encrypt)
rm csr.pem rm csr.pem
node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com,api.example.com,assets.example.com,ftp.example.com,example.org,www.example.org,api.example.org,assets.example.org,ftp.example.org,example.co,www.example.co,api.example.co,assets.example.co,ftp.example.co,example.net,www.example.net,api.example.net,assets.example.net,ftp.example.net,whatever.com,www.whatever.com,api.whatever.com,assets.whatever.com,ftp.whatever.com,whatever.org,www.whatever.org,api.whatever.org,assets.whatever.org,ftp.whatever.org,whatever.net,www.whatever.net,api.whatever.net,assets.whatever.net,ftp.whatever.net,whatever.co,www.whatever.co,api.whatever.co,assets.whatever.co,ftp.whatever.co,sample.com,www.sample.com,api.sample.com,assets.sample.com,ftp.sample.com,sample.org,www.sample.org,api.sample.org,assets.sample.org,ftp.sample.org,sample.net,www.sample.net,api.sample.net,assets.sample.net,ftp.sample.net,sample.co,www.sample.co,api.sample.co,assets.sample.co,ftp.sample.co,foobar.com,www.foobar.com,api.foobar.com,assets.foobar.com,ftp.foobar.com,foobar.org,www.foobar.org,api.foobar.org,assets.foobar.org,ftp.foobar.org,foobar.net,www.foobar.net,api.foobar.net,assets.foobar.net,ftp.foobar.net,foobar.co,www.foobar.co,api.foobar.co,assets.foobar.co,ftp.foobar.co,quux.com,www.quux.com,api.quux.com,assets.quux.com,ftp.quux.com,quux.org,www.quux.org,api.quux.org,assets.quux.org,ftp.quux.org,quux.net,www.quux.net,api.quux.net,assets.quux.net,ftp.quux.net,quux.co,www.quux.co,api.quux.co,assets.quux.co,ftp.quux.co >csr.pem node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com,api.example.com,assets.example.com,ftp.example.com,example.org,www.example.org,api.example.org,assets.example.org,ftp.example.org,example.co,www.example.co,api.example.co,assets.example.co,ftp.example.co,example.net,www.example.net,api.example.net,assets.example.net,ftp.example.net,whatever.com,www.whatever.com,api.whatever.com,assets.whatever.com,ftp.whatever.com,whatever.org,www.whatever.org,api.whatever.org,assets.whatever.org,ftp.whatever.org,whatever.net,www.whatever.net,api.whatever.net,assets.whatever.net,ftp.whatever.net,whatever.co,www.whatever.co,api.whatever.co,assets.whatever.co,ftp.whatever.co,sample.com,www.sample.com,api.sample.com,assets.sample.com,ftp.sample.com,sample.org,www.sample.org,api.sample.org,assets.sample.org,ftp.sample.org,sample.net,www.sample.net,api.sample.net,assets.sample.net,ftp.sample.net,sample.co,www.sample.co,api.sample.co,assets.sample.co,ftp.sample.co,foobar.com,www.foobar.com,api.foobar.com,assets.foobar.com,ftp.foobar.com,foobar.org,www.foobar.org,api.foobar.org,assets.foobar.org,ftp.foobar.org,foobar.net,www.foobar.net,api.foobar.net,assets.foobar.net,ftp.foobar.net,foobar.co,www.foobar.co,api.foobar.co,assets.foobar.co,ftp.foobar.co,quux.com,www.quux.com,api.quux.com,assets.quux.com,ftp.quux.com,quux.org,www.quux.org,api.quux.org,assets.quux.org,ftp.quux.org,quux.net,www.quux.net,api.quux.net,assets.quux.net,ftp.quux.net,quux.co,www.quux.co,api.quux.co,assets.quux.co,ftp.quux.co >csr.pem
cat csr.pem openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
openssl req -text -noout -verify -in csr.pem
sleep 2
# single domain # single domain
rm csr.pem rm csr.pem
node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com > csr.pem node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com > csr.pem
cat csr.pem openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
# utf8 domain
rm csr.pem
node bin/ecdsacsr.js ./privkey-ec-p256.pem 例.中国,example.com > csr.pem
openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
openssl req -text -noout -verify -in csr.pem openssl req -text -noout -verify -in csr.pem