generate csr appears to work
This commit is contained in:
parent
2541ca8a9f
commit
c24a7ab922
|
@ -71,11 +71,26 @@ var extrac = module.exports = {
|
||||||
, _forgeImportJwk: require('./rsa-forge')._forgeImportJwk
|
, _forgeImportJwk: require('./rsa-forge')._forgeImportJwk
|
||||||
, _forgeImportPublicJwk: require('./rsa-forge')._forgeImportPublicJwk
|
, _forgeImportPublicJwk: require('./rsa-forge')._forgeImportPublicJwk
|
||||||
, _forgeImportPem: function (keypair) {
|
, _forgeImportPem: function (keypair) {
|
||||||
keypair._forge = keypair._forge || forge.pki.privateKeyFromPem(keypair.privateKeyPem);
|
if (!keypair._forge && keypair.privateKeyPem) {
|
||||||
|
keypair._forge = forge.pki.privateKeyFromPem(keypair.privateKeyPem);
|
||||||
|
}
|
||||||
|
keypair._forge.toJSON = notToJson;
|
||||||
|
|
||||||
|
extrac._forgeImportPublicPem(keypair);
|
||||||
}
|
}
|
||||||
, _forgeImportPublicPem: function (keypair) {
|
, _forgeImportPublicPem: function (keypair) {
|
||||||
|
if (keypair._forgePublic) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (keypair._forge) {
|
||||||
|
keypair._forgePublic = forge.pki.rsa.setPublicKey(keypair._forge.n, keypair._forge.e);
|
||||||
|
}
|
||||||
|
else if (keypair.publicKeyPem) {
|
||||||
keypair._forgePublic = keypair._forgePublic || forge.pki.publicKeyFromPem(keypair.publicKeyPem);
|
keypair._forgePublic = keypair._forgePublic || forge.pki.publicKeyFromPem(keypair.publicKeyPem);
|
||||||
}
|
}
|
||||||
|
keypair._forgePublic.toJSON = notToJson;
|
||||||
|
}
|
||||||
, importForge: function (keypair) {
|
, importForge: function (keypair) {
|
||||||
extrac._forgeImportJwk(keypair);
|
extrac._forgeImportJwk(keypair);
|
||||||
if (keypair.privateKeyPem) {
|
if (keypair.privateKeyPem) {
|
||||||
|
@ -150,7 +165,4 @@ var extrac = module.exports = {
|
||||||
|
|
||||||
throw new Error("None of publicKeyPem privateKeyPem, _ursa, _forge, publicKeyJwk, or privateKeyJwk found. No way to export private key Jwk");
|
throw new Error("None of publicKeyPem privateKeyPem, _ursa, _forge, publicKeyJwk, or privateKeyJwk found. No way to export private key Jwk");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -91,17 +91,30 @@ var forgec = module.exports = {
|
||||||
// Import (no-op)
|
// Import (no-op)
|
||||||
//
|
//
|
||||||
, _forgeImportJwk: function (keypair) {
|
, _forgeImportJwk: function (keypair) {
|
||||||
keypair._forge = keypair._forge || forge.pki.rsa.setPrivateKey.apply(
|
if (!keypair._forge && keypair.privateKeyJwk) {
|
||||||
|
keypair._forge = forge.pki.rsa.setPrivateKey.apply(
|
||||||
forge.pki.rsa
|
forge.pki.rsa
|
||||||
, forgec._privateJwkToComponents(keypair.privateKeyJwk)
|
, forgec._privateJwkToComponents(keypair.privateKeyJwk)
|
||||||
);
|
);
|
||||||
|
}
|
||||||
keypair._forge.toJSON = notToJson;
|
keypair._forge.toJSON = notToJson;
|
||||||
|
|
||||||
|
forgec._forgeImportPublicJwk(keypair);
|
||||||
}
|
}
|
||||||
, _forgeImportPublicJwk: function (keypair) {
|
, _forgeImportPublicJwk: function (keypair) {
|
||||||
keypair._forgePublic = keypair._forgePublic || forge.pki.rsa.setPublicKey.apply(
|
if (keypair._forgePublic) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (keypair._forge) {
|
||||||
|
keypair._forgePublic = forge.pki.rsa.setPublicKey(keypair._forge.n, keypair._forge.e);
|
||||||
|
}
|
||||||
|
else if (keypair.publicKeyJwk) {
|
||||||
|
keypair._forgePublic = forge.pki.rsa.setPublicKey.apply(
|
||||||
forge.pki.rsa
|
forge.pki.rsa
|
||||||
, forgec._publicJwkToComponents(keypair.publicKeyJwk)
|
, forgec._publicJwkToComponents(keypair.publicKeyJwk || keypair.privateKeyJwk)
|
||||||
);
|
);
|
||||||
|
}
|
||||||
keypair._forgePublic.toJSON = notToJson;
|
keypair._forgePublic.toJSON = notToJson;
|
||||||
}
|
}
|
||||||
, import: function (keypair) {
|
, import: function (keypair) {
|
||||||
|
|
58
node.js
58
node.js
|
@ -25,7 +25,7 @@ function create(deps) {
|
||||||
return b64.replace(/[+]/g, "-").replace(/\//g, "_").replace(/=/g,"");
|
return b64.replace(/[+]/g, "-").replace(/\//g, "_").replace(/=/g,"");
|
||||||
};
|
};
|
||||||
|
|
||||||
RSA.utils._bytesToBuffer = function (bytes) {
|
RSA.utils._forgeBytesToBuf = function (bytes) {
|
||||||
var forge = require("node-forge");
|
var forge = require("node-forge");
|
||||||
return new Buffer(forge.util.bytesToHex(bytes), "hex");
|
return new Buffer(forge.util.bytesToHex(bytes), "hex");
|
||||||
};
|
};
|
||||||
|
@ -36,7 +36,7 @@ function create(deps) {
|
||||||
if (!jwk.e || !jwk.n) {
|
if (!jwk.e || !jwk.n) {
|
||||||
throw new Error("You must provide an RSA jwk with 'e' and 'n' (the public components)");
|
throw new Error("You must provide an RSA jwk with 'e' and 'n' (the public components)");
|
||||||
}
|
}
|
||||||
var input = RSA.utils._bytesToBuffer('{"e":"'+ jwk.e + '","kty":"RSA","n":"'+ jwk.n +'"}');
|
var input = RSA.utils._forgeBytesToBuf('{"e":"'+ jwk.e + '","kty":"RSA","n":"'+ jwk.n +'"}');
|
||||||
var base64Digest = crypto.createHash('sha256').update(input).digest('base64');
|
var base64Digest = crypto.createHash('sha256').update(input).digest('base64');
|
||||||
|
|
||||||
return RSA.utils.toWebsafeBase64(base64Digest);
|
return RSA.utils.toWebsafeBase64(base64Digest);
|
||||||
|
@ -161,6 +161,60 @@ function create(deps) {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
//
|
||||||
|
// Generate CSR
|
||||||
|
//
|
||||||
|
RSA._generateCsrForge = function (keypair, names) {
|
||||||
|
var forge = require('node-forge');
|
||||||
|
keypair = RSA._internal.importForge(keypair);
|
||||||
|
|
||||||
|
// Create and sign the CSR
|
||||||
|
var csr = forge.pki.createCertificationRequest();
|
||||||
|
csr.publicKey = keypair._forgePublic;
|
||||||
|
// TODO should the commonName be shift()ed off so that it isn't also in altNames?
|
||||||
|
// http://stackoverflow.com/questions/5935369/ssl-how-do-common-names-cn-and-subject-alternative-names-san-work-together
|
||||||
|
csr.setSubject([{ name: 'commonName', value: names[0] }]);
|
||||||
|
|
||||||
|
var sans = names.map(function (name) {
|
||||||
|
return { type: 2, value: name };
|
||||||
|
});
|
||||||
|
csr.setAttributes([{
|
||||||
|
name: 'extensionRequest',
|
||||||
|
extensions: [{name: 'subjectAltName', altNames: sans}]
|
||||||
|
}]);
|
||||||
|
|
||||||
|
// TODO wrap with node crypto (as done for signature)
|
||||||
|
csr.sign(keypair._forge, forge.md.sha256.create());
|
||||||
|
|
||||||
|
return csr;
|
||||||
|
};
|
||||||
|
RSA.generateCsrAsn1 = function (keypair, names) {
|
||||||
|
var forge = require('node-forge');
|
||||||
|
var csr = RSA._generateCsrForge(keypair, names);
|
||||||
|
var asn1 = forge.pki.certificationRequestToAsn1(csr);
|
||||||
|
|
||||||
|
return RSA.utils._forgeBytesToBuf(asn1);
|
||||||
|
};
|
||||||
|
RSA.generateCsrPem = function (keypair, names) {
|
||||||
|
var forge = require('node-forge');
|
||||||
|
var csr = RSA._generateCsrForge(keypair, names);
|
||||||
|
return forge.pki.certificationRequestToPem(csr);
|
||||||
|
};
|
||||||
|
RSA.generateCsrDer = function (keypair, names) {
|
||||||
|
var forge = require('node-forge');
|
||||||
|
var csr = RSA._generateCsrForge(keypair, names);
|
||||||
|
var asn1 = forge.pki.certificationRequestToAsn1(csr);
|
||||||
|
var der = forge.asn1.toDer(asn1);
|
||||||
|
|
||||||
|
return RSA.utils._forgeBytesToBuf(der);
|
||||||
|
};
|
||||||
|
RSA.generateCsrWeb64 = function (keypair, names) {
|
||||||
|
var buf = RSA.generateCsrDer(keypair, names);
|
||||||
|
var b64 = buf.toString('base64');
|
||||||
|
var web64 = RSA.utils.toWebsafeBase64(b64);
|
||||||
|
return web64;
|
||||||
|
};
|
||||||
|
|
||||||
RSA.exportPrivateKey = RSA._internal.exportPrivatePem;
|
RSA.exportPrivateKey = RSA._internal.exportPrivatePem;
|
||||||
RSA.exportPublicKey = RSA._internal.exportPublicPem;
|
RSA.exportPublicKey = RSA._internal.exportPublicPem;
|
||||||
RSA.exportPrivatePem = RSA._internal.exportPrivatePem;
|
RSA.exportPrivatePem = RSA._internal.exportPrivatePem;
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
var RSA = require('../').RSA;
|
||||||
|
|
||||||
|
var keypair = {
|
||||||
|
privateKeyJwk: {
|
||||||
|
"kty": "RSA",
|
||||||
|
"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK/Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY+2UPUS/GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
|
||||||
|
"e": "AQAB",
|
||||||
|
"d": "HT8DCrv69G3n9uFNovE4yMEMqW7lX0m75eJkMze3Jj5xNOa/4qlrc+4IuuA2uuyfY72IVQRxqqqXOuvS8ZForZZk+kWSd6z45hrpbNAAHH2Rf7XwnwHY8VJrOQF3UtbktTWqHX36ITZb9Hmf18hWsIeEp8Ng7Ru9h7hNuVxKMjk=",
|
||||||
|
"p": "AONjOvZVAvhCM2JnLGWJG3+5Boar3MB5P4ezfExDmuyGET/w0C+PS60jbjB8TivQsSdEcGo7GOaOlmAX6EQtAec=",
|
||||||
|
"q": "ANrllgJsy4rTMfa3mQ50kMIcNahiEOearhAcJgQUCHuOjuEnhU9FfExA/m5FXjmEFQhRwkuhk0QaIqTGbUzxGDs=",
|
||||||
|
"dp": "ALuxHOpYIatqeZ+wKiVllx1GTOy8z+rQKnCI5wDMjQTPZU2yKSYY0g6IQFwlPyFLke8nvuLxBQzKhbWsBjzAKeE=",
|
||||||
|
"dq": "XLhDAmPzE6rBzy+VtXnKl247jEd9wZzTfh9uOuwBa9TG0Lhcz2cvb11YaH0ZnGNGRW/cTQzzxDUN1531TlIRYQ==",
|
||||||
|
"qi": "AI2apz6ECfGwhsvIcU3+yFt+3CA78CUVsX4NUul5m3Cls2m+5MbGQG5K0hGpxjDC3OmXTq1Y5gnep5yUZvVPZI4="
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
var csrPem = RSA.generateCsrPem(keypair, ['example.com', 'www.example.com']);
|
||||||
|
var csr64 = RSA.generateCsrWeb64(keypair, ['example.com', 'www.example.com']);
|
||||||
|
console.log('');
|
||||||
|
console.log('DEBUG csrPem');
|
||||||
|
console.log(csrPem);
|
||||||
|
console.log('');
|
||||||
|
console.log('DEBUG csr64');
|
||||||
|
console.log(csr64);
|
Loading…
Reference in New Issue