-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcertificates.js
More file actions
121 lines (105 loc) · 4.14 KB
/
Copy pathcertificates.js
File metadata and controls
121 lines (105 loc) · 4.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
const forge = require('node-forge');
const fs = require('fs');
const path = require('path');
const os = require('os');
module.exports = {
generate: function(options, ...domains) {
return new Promise((resolve, reject) => {
if(!options) {
options = {
useAvailableIps: true
}
}
const mainDomain = domains.pop();
let validFrom = new Date();
// If no attributes passed in, generate them automatically
if(!options.attributes) {
options.attributes = [{ name: 'commonName', value: mainDomain }]
}
var keys = forge.pki.rsa.generateKeyPair({ bits: 2048, workers: -1}, function(err, keypair) {
if(err) {
return reject(err);
}
let signingKey = keypair.privateKey;
let issuer = options.attributes;
if(options.ca) {
const caPrivateKey = forge.pki.privateKeyFromPem(options.ca.privateKey)
const caCertificate = forge.pki.certificateFromPem(options.ca.certificate);
signingKey = caPrivateKey;
issuer = caCertificate.issuer.attributes;
}
let cert = forge.pki.createCertificate();
cert.publicKey = keypair.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notAfter.getFullYear() + 1);
cert.setSubject(options.attributes);
cert.setIssuer(issuer);
let subjectAlternateName = {
name: 'subjectAltName',
altNames: [{
type: 2, // DNS
value: mainDomain
}]
}
domains.forEach(domain => {
subjectAlternateName.altNames.push({
type: 2,
value: domain
})
});
if(options.useAvailableIps) {
let networks = os.networkInterfaces();
Object.values(networks).forEach(cardNetworks => {
cardNetworks
.filter(cn => {
return cn.family == 'IPv4'
})
.forEach(cn => {
let address = cn.address;
subjectAlternateName.altNames.push({
type: 7,
ip: address
})
})
});
}
cert.setExtensions([{
name: 'basicConstraints',
cA: true
}, {
name: 'keyUsage',
keyCertSign: true,
digitalSignature: true,
nonRepudiation: true,
keyEncipherment: true,
dataEncipherment: true
}, {
name: 'extKeyUsage',
serverAuth: true,
clientAuth: true,
codeSigning: true,
emailProtection: true,
timeStamping: true
}, {
name: 'nsCertType',
client: true,
server: true,
email: true,
objsign: true,
sslCA: true,
emailCA: true,
objCA: true
}, subjectAlternateName, {
name: 'subjectKeyIdentifier'
}]);
cert.sign(signingKey, forge.md.sha256.create());
resolve({
key: forge.pki.privateKeyToPem(keypair.privateKey),
certificate: forge.pki.certificateToPem(cert)
});
});
});
}
}