coolaj86/rsa-csr.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolaj86:master
Branches Tags
coolaj86:master
coolaj86:sync
coolaj86:v1.0.7
coolaj86:v1.0.6
coolaj86:v1.0.5
coolaj86:v1.0.4
coolaj86:v1.0.3
coolaj86:v1.0.2
coolaj86:v1.0.1
coolaj86:v0.0.2
..
compare: coolaj86:sync
Branches Tags
coolaj86:master
coolaj86:sync
coolaj86:v1.0.7
coolaj86:v1.0.6
coolaj86:v1.0.5
coolaj86:v1.0.4
coolaj86:v1.0.3
coolaj86:v1.0.2
coolaj86:v1.0.1
coolaj86:v0.0.2

4 Commits
master ... sync

Author SHA1 Message Date
AJ ONeal
1df3fb901b v1.0.7: bugfix for node v6 2019-06-03 01:37:23 -06:00
AJ ONeal
8fa9f411ae node v6 compat: don't pass new Uint8Array to rsa buffer 2019-06-03 01:25:31 -06:00
AJ ONeal
37ebdc0f62 allow der encoding 2018-12-16 00:45:59 -07:00
AJ ONeal
2e24c43dee sync version for backcompat with rsa-compat 2018-12-16 00:27:00 -07:00
4 changed files with 121 additions and 88 deletions
Show Stats Expand all files Collapse all files

15
README.md
View File

@ -1,9 +1,8 @@
[RSA-CSR.js](https://git.coolaj86.com/coolaj86/rsa-csr.js) [RSA-CSR.js](https://git.coolaj86.com/coolaj86/rsa-csr.js)
========== ==========
A [Root](https://therootcompany.com) Project. Sponsored by [Root](https://therootcompany.com),
built for [ACME.js](https://git.coolaj86.com/coolaj86/acme.js)
Built for [ACME.js](https://git.coolaj86.com/coolaj86/acme.js)
and [Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock-express.js) and [Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock-express.js)
A focused, **zero-dependency** library that can do exactly one thing really, really well: A focused, **zero-dependency** library that can do exactly one thing really, really well:
@ -11,6 +10,10 @@ A focused, **zero-dependency** library that can do exactly one thing really, rea
| < 300 lines of code | 1.7k gzipped | 4.7k minified | 8.5k with comments | | < 300 lines of code | 1.7k gzipped | 4.7k minified | 8.5k with comments |
Need JWK-to-PEM? Try [Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js)
Need to generate an EC CSR? Try [ECSDA-CSR.js](https://git.coolaj86.com/coolaj86/ecdsa-csr.js)
Features Features
======== ========
@ -29,10 +32,6 @@ Features
* [x] Vanilla Node.js * [x] Vanilla Node.js
* no school like the old school * no school like the old school
* easy to read and understand * easy to read and understand
* [ ] JWK-to-PEM
* See [Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js)
* [ ] EC CSR
* See [ECSDA-CSR.js](https://git.coolaj86.com/coolaj86/ecdsa-csr.js)
Usage Usage
----- -----
@ -57,7 +56,7 @@ var key = {
}; };
var domains = [ 'example.com', 'www.example.com' ]; var domains = [ 'example.com', 'www.example.com' ];
return rsacsr({ jwk: key, domains: domains }).then(function (csr) { return rsacsr({ key: key, domains: domains }).then(function (csr) {
console.log('CSR PEM:'); console.log('CSR PEM:');
console.log(csr); console.log(csr);
}); });

6
bin/rsa-csr.js
View File

@ -15,9 +15,13 @@ try {
// ignore // ignore
} }
rsacsr({ jwk: key, domains: domains }).then(function (csr) { var csr = rsacsr.sync({ key: key, domains: domains });
console.log(csr);
/*
.then(function (csr) {
// Using error so that we can redirect stdout to file // Using error so that we can redirect stdout to file
//console.error("CN=" + domains[0]); //console.error("CN=" + domains[0]);
//console.error("subjectAltName=" + domains.join(',')); //console.error("subjectAltName=" + domains.join(','));
console.log(csr); console.log(csr);
}); });
*/

186
lib/csr.js
View File

@ -11,64 +11,84 @@ var RSA = {};
var CSR = module.exports = function rsacsr(opts) { var CSR = module.exports = function rsacsr(opts) {
// We're using a Promise here to be compatible with the browser version // We're using a Promise here to be compatible with the browser version
// which will probably use the webcrypto API for some of the conversions // which will probably use the webcrypto API for some of the conversions
return Promise.resolve().then(function () { opts = CSR._prepare(opts);
var Rasha;
opts = JSON.parse(JSON.stringify(opts));
var pem, jwk;
// We do a bit of extra error checking for user convenience return CSR.create(opts).then(function (bytes) {
if (!opts) { throw new Error("You must pass options with key and domains to rsacsr"); } return CSR._encode(opts, bytes);
if (!Array.isArray(opts.domains) || 0 === opts.domains.length) {
new Error("You must pass options.domains as a non-empty array");
}
// I need to check that 例.中国 is a valid domain name
if (!opts.domains.every(function (d) {
// allow punycode? xn--
if ('string' === typeof d /*&& /\./.test(d) && !/--/.test(d)*/) {
return true;
}
})) {
throw new Error("You must pass options.domains as strings");
}
if (opts.pem) {
pem = opts.pem;
} else if (opts.jwk) {
jwk = opts.jwk;
} else {
if (!opts.key) {
throw new Error("You must pass options.key as a JSON web key");
} else if (opts.key.kty) {
jwk = opts.key;
} else {
pem = opts.key;
}
}
if (pem) {
try {
Rasha = require('rasha');
} catch(e) {
throw new Error("Rasha.js is an optional dependency for PEM-to-JWK.\n"
+ "Install it if you'd like to use it:\n"
+ "\tnpm install --save rasha\n"
+ "Otherwise supply a jwk as the private key."
);
}
jwk = Rasha.importSync({ pem: pem });
}
opts.jwk = jwk;
return CSR.create(opts).then(function (bytes) {
return PEM.packBlock({
type: "CERTIFICATE REQUEST"
, bytes: bytes /* { jwk: jwk, domains: opts.domains } */
});
});
}); });
}; };
CSR._prepare = function (opts) {
var Rasha;
opts = JSON.parse(JSON.stringify(opts));
var pem, jwk;
// We do a bit of extra error checking for user convenience
if (!opts) { throw new Error("You must pass options with key and domains to rsacsr"); }
if (!Array.isArray(opts.domains) || 0 === opts.domains.length) {
new Error("You must pass options.domains as a non-empty array");
}
// I need to check that 例.中国 is a valid domain name
if (!opts.domains.every(function (d) {
// allow punycode? xn--
if ('string' === typeof d /*&& /\./.test(d) && !/--/.test(d)*/) {
return true;
}
})) {
throw new Error("You must pass options.domains as strings");
}
if (opts.pem) {
pem = opts.pem;
} else if (opts.jwk) {
jwk = opts.jwk;
} else {
if (!opts.key) {
throw new Error("You must pass options.key as a JSON web key");
} else if (opts.key.kty) {
jwk = opts.key;
} else {
pem = opts.key;
}
}
if (pem) {
try {
Rasha = require('rasha');
} catch(e) {
throw new Error("Rasha.js is an optional dependency for PEM-to-JWK.\n"
+ "Install it if you'd like to use it:\n"
+ "\tnpm install --save rasha\n"
+ "Otherwise supply a jwk as the private key."
);
}
jwk = Rasha.importSync({ pem: pem });
}
opts.jwk = jwk;
return opts;
};
CSR.sync = function (opts) {
opts = CSR._prepare(opts);
var bytes = CSR.createSync(opts);
return CSR._encode(opts, bytes);
};
CSR._encode = function (opts, bytes) {
if ('der' === (opts.encoding||'').toLowerCase()) {
return bytes;
}
return PEM.packBlock({
type: "CERTIFICATE REQUEST"
, bytes: bytes /* { jwk: jwk, domains: opts.domains } */
});
};
CSR.createSync = function createCsr(opts) {
var hex = CSR.request(opts.jwk, opts.domains);
var csr = CSR.signSync(opts.jwk, hex);
return Enc.hexToBuf(csr);
};
CSR.create = function createCsr(opts) { CSR.create = function createCsr(opts) {
var hex = CSR.request(opts.jwk, opts.domains); var hex = CSR.request(opts.jwk, opts.domains);
return CSR.sign(opts.jwk, hex).then(function (csr) { return CSR.sign(opts.jwk, hex).then(function (csr) {
@ -81,42 +101,52 @@ CSR.request = function createCsrBodyEc(jwk, domains) {
return X509.packCsr(asn1pub, domains); return X509.packCsr(asn1pub, domains);
}; };
CSR.signSync = function csrEcSig(jwk, request) {
var keypem = PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: X509.packPkcs1(jwk) });
var sig = RSA.signSync(keypem, Enc.hexToBuf(request));
return CSR.toDer({ request: request, signature: sig });
};
CSR.sign = function csrEcSig(jwk, request) { CSR.sign = function csrEcSig(jwk, request) {
var keypem = PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: X509.packPkcs1(jwk) }); var keypem = PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: X509.packPkcs1(jwk) });
return RSA.sign(keypem, Enc.hexToBuf(request)).then(function (sig) { return RSA.sign(keypem, Enc.hexToBuf(request)).then(function (sig) {
var sty = ASN1('30' return CSR.toDer({ request: request, signature: sig });
// 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
, ASN1('06', '2a864886f70d01010b')
, ASN1('05')
);
return ASN1('30'
// The Full CSR Request Body
, request
// The Signature Type
, sty
// The Signature
, ASN1.BitStr(Enc.bufToHex(sig))
);
}); });
}; };
CSR.toDer = function encode(opts) {
var sty = ASN1('30'
// 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
, ASN1('06', '2a864886f70d01010b')
, ASN1('05')
);
return ASN1('30'
// The Full CSR Request Body
, opts.request
// The Signature Type
, sty
// The Signature
, ASN1.BitStr(Enc.bufToHex(opts.signature))
);
};
// //
// RSA // RSA
// //
// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a // Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
RSA.signSync = function signRsaSync(keypem, ab) {
// Signer is a stream
var sign = crypto.createSign('SHA256');
sign.write(ab);
sign.end();
// The signature is ASN1 encoded, as it turns out
var sig = sign.sign(keypem);
// Convert to a JavaScript ArrayBuffer just because
return sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength);
};
RSA.sign = function signRsa(keypem, ab) { RSA.sign = function signRsa(keypem, ab) {
return Promise.resolve().then(function () { return Promise.resolve().then(function () {
// Signer is a stream return RSA.signSync(keypem, ab);
var sign = crypto.createSign('SHA256');
sign.write(ab);
sign.end();
// The signature is ASN1 encoded, as it turns out
var sig = sign.sign(keypem);
// Convert to a JavaScript ArrayBuffer just because
return sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength);
}); });
}; };

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "rsa-csr", "name": "rsa-csr",
"version": "1.0.6", "version": "1.0.7",
"description": "💯 A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!", "description": "💯 A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!",
"homepage": "https://git.coolaj86.com/coolaj86/rsa-csr.js", "homepage": "https://git.coolaj86.com/coolaj86/rsa-csr.js",
"main": "index.js", "main": "index.js",