generate csr appears to work

This commit is contained in:
AJ ONeal 2016-08-01 05:36:39 -04:00
parent 2541ca8a9f
commit c24a7ab922
4 changed files with 120 additions and 15 deletions

View File

@ -71,10 +71,25 @@ var extrac = module.exports = {
, _forgeImportJwk: require('./rsa-forge')._forgeImportJwk , _forgeImportJwk: require('./rsa-forge')._forgeImportJwk
, _forgeImportPublicJwk: require('./rsa-forge')._forgeImportPublicJwk , _forgeImportPublicJwk: require('./rsa-forge')._forgeImportPublicJwk
, _forgeImportPem: function (keypair) { , _forgeImportPem: function (keypair) {
keypair._forge = keypair._forge || forge.pki.privateKeyFromPem(keypair.privateKeyPem); if (!keypair._forge && keypair.privateKeyPem) {
keypair._forge = forge.pki.privateKeyFromPem(keypair.privateKeyPem);
}
keypair._forge.toJSON = notToJson;
extrac._forgeImportPublicPem(keypair);
} }
, _forgeImportPublicPem: function (keypair) { , _forgeImportPublicPem: function (keypair) {
keypair._forgePublic = keypair._forgePublic || forge.pki.publicKeyFromPem(keypair.publicKeyPem); if (keypair._forgePublic) {
return;
}
if (keypair._forge) {
keypair._forgePublic = forge.pki.rsa.setPublicKey(keypair._forge.n, keypair._forge.e);
}
else if (keypair.publicKeyPem) {
keypair._forgePublic = keypair._forgePublic || forge.pki.publicKeyFromPem(keypair.publicKeyPem);
}
keypair._forgePublic.toJSON = notToJson;
} }
, importForge: function (keypair) { , importForge: function (keypair) {
extrac._forgeImportJwk(keypair); extrac._forgeImportJwk(keypair);
@ -150,7 +165,4 @@ var extrac = module.exports = {
throw new Error("None of publicKeyPem privateKeyPem, _ursa, _forge, publicKeyJwk, or privateKeyJwk found. No way to export private key Jwk"); throw new Error("None of publicKeyPem privateKeyPem, _ursa, _forge, publicKeyJwk, or privateKeyJwk found. No way to export private key Jwk");
} }
}; };

View File

@ -91,17 +91,30 @@ var forgec = module.exports = {
// Import (no-op) // Import (no-op)
// //
, _forgeImportJwk: function (keypair) { , _forgeImportJwk: function (keypair) {
keypair._forge = keypair._forge || forge.pki.rsa.setPrivateKey.apply( if (!keypair._forge && keypair.privateKeyJwk) {
forge.pki.rsa keypair._forge = forge.pki.rsa.setPrivateKey.apply(
, forgec._privateJwkToComponents(keypair.privateKeyJwk) forge.pki.rsa
); , forgec._privateJwkToComponents(keypair.privateKeyJwk)
);
}
keypair._forge.toJSON = notToJson; keypair._forge.toJSON = notToJson;
forgec._forgeImportPublicJwk(keypair);
} }
, _forgeImportPublicJwk: function (keypair) { , _forgeImportPublicJwk: function (keypair) {
keypair._forgePublic = keypair._forgePublic || forge.pki.rsa.setPublicKey.apply( if (keypair._forgePublic) {
forge.pki.rsa return;
, forgec._publicJwkToComponents(keypair.publicKeyJwk) }
);
if (keypair._forge) {
keypair._forgePublic = forge.pki.rsa.setPublicKey(keypair._forge.n, keypair._forge.e);
}
else if (keypair.publicKeyJwk) {
keypair._forgePublic = forge.pki.rsa.setPublicKey.apply(
forge.pki.rsa
, forgec._publicJwkToComponents(keypair.publicKeyJwk || keypair.privateKeyJwk)
);
}
keypair._forgePublic.toJSON = notToJson; keypair._forgePublic.toJSON = notToJson;
} }
, import: function (keypair) { , import: function (keypair) {

58
node.js
View File

@ -25,7 +25,7 @@ function create(deps) {
return b64.replace(/[+]/g, "-").replace(/\//g, "_").replace(/=/g,""); return b64.replace(/[+]/g, "-").replace(/\//g, "_").replace(/=/g,"");
}; };
RSA.utils._bytesToBuffer = function (bytes) { RSA.utils._forgeBytesToBuf = function (bytes) {
var forge = require("node-forge"); var forge = require("node-forge");
return new Buffer(forge.util.bytesToHex(bytes), "hex"); return new Buffer(forge.util.bytesToHex(bytes), "hex");
}; };
@ -36,7 +36,7 @@ function create(deps) {
if (!jwk.e || !jwk.n) { if (!jwk.e || !jwk.n) {
throw new Error("You must provide an RSA jwk with 'e' and 'n' (the public components)"); throw new Error("You must provide an RSA jwk with 'e' and 'n' (the public components)");
} }
var input = RSA.utils._bytesToBuffer('{"e":"'+ jwk.e + '","kty":"RSA","n":"'+ jwk.n +'"}'); var input = RSA.utils._forgeBytesToBuf('{"e":"'+ jwk.e + '","kty":"RSA","n":"'+ jwk.n +'"}');
var base64Digest = crypto.createHash('sha256').update(input).digest('base64'); var base64Digest = crypto.createHash('sha256').update(input).digest('base64');
return RSA.utils.toWebsafeBase64(base64Digest); return RSA.utils.toWebsafeBase64(base64Digest);
@ -161,6 +161,60 @@ function create(deps) {
}; };
}; };
//
// Generate CSR
//
RSA._generateCsrForge = function (keypair, names) {
var forge = require('node-forge');
keypair = RSA._internal.importForge(keypair);
// Create and sign the CSR
var csr = forge.pki.createCertificationRequest();
csr.publicKey = keypair._forgePublic;
// TODO should the commonName be shift()ed off so that it isn't also in altNames?
// http://stackoverflow.com/questions/5935369/ssl-how-do-common-names-cn-and-subject-alternative-names-san-work-together
csr.setSubject([{ name: 'commonName', value: names[0] }]);
var sans = names.map(function (name) {
return { type: 2, value: name };
});
csr.setAttributes([{
name: 'extensionRequest',
extensions: [{name: 'subjectAltName', altNames: sans}]
}]);
// TODO wrap with node crypto (as done for signature)
csr.sign(keypair._forge, forge.md.sha256.create());
return csr;
};
RSA.generateCsrAsn1 = function (keypair, names) {
var forge = require('node-forge');
var csr = RSA._generateCsrForge(keypair, names);
var asn1 = forge.pki.certificationRequestToAsn1(csr);
return RSA.utils._forgeBytesToBuf(asn1);
};
RSA.generateCsrPem = function (keypair, names) {
var forge = require('node-forge');
var csr = RSA._generateCsrForge(keypair, names);
return forge.pki.certificationRequestToPem(csr);
};
RSA.generateCsrDer = function (keypair, names) {
var forge = require('node-forge');
var csr = RSA._generateCsrForge(keypair, names);
var asn1 = forge.pki.certificationRequestToAsn1(csr);
var der = forge.asn1.toDer(asn1);
return RSA.utils._forgeBytesToBuf(der);
};
RSA.generateCsrWeb64 = function (keypair, names) {
var buf = RSA.generateCsrDer(keypair, names);
var b64 = buf.toString('base64');
var web64 = RSA.utils.toWebsafeBase64(b64);
return web64;
};
RSA.exportPrivateKey = RSA._internal.exportPrivatePem; RSA.exportPrivateKey = RSA._internal.exportPrivatePem;
RSA.exportPublicKey = RSA._internal.exportPublicPem; RSA.exportPublicKey = RSA._internal.exportPublicPem;
RSA.exportPrivatePem = RSA._internal.exportPrivatePem; RSA.exportPrivatePem = RSA._internal.exportPrivatePem;

26
tests/generate-csr.js Normal file
View File

@ -0,0 +1,26 @@
'use strict';
var RSA = require('../').RSA;
var keypair = {
privateKeyJwk: {
"kty": "RSA",
"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK/Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY+2UPUS/GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
"e": "AQAB",
"d": "HT8DCrv69G3n9uFNovE4yMEMqW7lX0m75eJkMze3Jj5xNOa/4qlrc+4IuuA2uuyfY72IVQRxqqqXOuvS8ZForZZk+kWSd6z45hrpbNAAHH2Rf7XwnwHY8VJrOQF3UtbktTWqHX36ITZb9Hmf18hWsIeEp8Ng7Ru9h7hNuVxKMjk=",
"p": "AONjOvZVAvhCM2JnLGWJG3+5Boar3MB5P4ezfExDmuyGET/w0C+PS60jbjB8TivQsSdEcGo7GOaOlmAX6EQtAec=",
"q": "ANrllgJsy4rTMfa3mQ50kMIcNahiEOearhAcJgQUCHuOjuEnhU9FfExA/m5FXjmEFQhRwkuhk0QaIqTGbUzxGDs=",
"dp": "ALuxHOpYIatqeZ+wKiVllx1GTOy8z+rQKnCI5wDMjQTPZU2yKSYY0g6IQFwlPyFLke8nvuLxBQzKhbWsBjzAKeE=",
"dq": "XLhDAmPzE6rBzy+VtXnKl247jEd9wZzTfh9uOuwBa9TG0Lhcz2cvb11YaH0ZnGNGRW/cTQzzxDUN1531TlIRYQ==",
"qi": "AI2apz6ECfGwhsvIcU3+yFt+3CA78CUVsX4NUul5m3Cls2m+5MbGQG5K0hGpxjDC3OmXTq1Y5gnep5yUZvVPZI4="
}
};
var csrPem = RSA.generateCsrPem(keypair, ['example.com', 'www.example.com']);
var csr64 = RSA.generateCsrWeb64(keypair, ['example.com', 'www.example.com']);
console.log('');
console.log('DEBUG csrPem');
console.log(csrPem);
console.log('');
console.log('DEBUG csr64');
console.log(csr64);