1 | "use strict";
|
2 |
|
3 | const forge = require('node-forge');
|
4 |
|
5 | const fs = require('fs');
|
6 |
|
7 | const mkdirp = require('mkdirp');
|
8 |
|
9 | const path = require('path');
|
10 |
|
11 | const logger = require('@parcel/logger');
|
12 |
|
13 | function generateCertificate(options = {}) {
|
14 | const privateKeyPath = path.join(options.cacheDir, 'private.pem');
|
15 | const certPath = path.join(options.cacheDir, 'primary.crt');
|
16 |
|
17 | if (options.cache) {
|
18 | const cachedKey = fs.existsSync(privateKeyPath) && fs.readFileSync(privateKeyPath);
|
19 | const cachedCert = fs.existsSync(certPath) && fs.readFileSync(certPath);
|
20 |
|
21 | if (cachedKey && cachedCert) {
|
22 | return {
|
23 | key: cachedKey,
|
24 | cert: cachedCert
|
25 | };
|
26 | }
|
27 | }
|
28 |
|
29 | logger.progress('Generating SSL Certificate...');
|
30 | const pki = forge.pki;
|
31 | const keys = pki.rsa.generateKeyPair(2048);
|
32 | const cert = pki.createCertificate();
|
33 | cert.publicKey = keys.publicKey;
|
34 | cert.serialNumber = Date.now().toString();
|
35 | cert.validity.notBefore = new Date();
|
36 | cert.validity.notAfter = new Date();
|
37 | cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
|
38 | const attrs = [{
|
39 | name: 'commonName',
|
40 | value: 'parceljs.org'
|
41 | }, {
|
42 | name: 'countryName',
|
43 | value: 'US'
|
44 | }, {
|
45 | shortName: 'ST',
|
46 | value: 'Virginia'
|
47 | }, {
|
48 | name: 'localityName',
|
49 | value: 'Blacksburg'
|
50 | }, {
|
51 | name: 'organizationName',
|
52 | value: 'parcelBundler'
|
53 | }, {
|
54 | shortName: 'OU',
|
55 | value: 'Test'
|
56 | }];
|
57 | cert.setSubject(attrs);
|
58 | cert.setIssuer(attrs);
|
59 | cert.setExtensions([{
|
60 | name: 'basicConstraints',
|
61 | cA: true
|
62 | }, {
|
63 | name: 'keyUsage',
|
64 | keyCertSign: true,
|
65 | digitalSignature: true,
|
66 | nonRepudiation: true,
|
67 | keyEncipherment: true,
|
68 | dataEncipherment: true
|
69 | }, {
|
70 | name: 'extKeyUsage',
|
71 | serverAuth: true,
|
72 | clientAuth: true,
|
73 | codeSigning: true,
|
74 | emailProtection: true,
|
75 | timeStamping: true
|
76 | }, {
|
77 | name: 'nsCertType',
|
78 | client: true,
|
79 | server: true,
|
80 | email: true,
|
81 | objsign: true,
|
82 | sslCA: true,
|
83 | emailCA: true,
|
84 | objCA: true
|
85 | }, {
|
86 | name: 'subjectAltName',
|
87 | altNames: [{
|
88 | type: 6,
|
89 |
|
90 | value: 'http://example.org/webid#me'
|
91 | }, {
|
92 | type: 7,
|
93 |
|
94 | ip: '127.0.0.1'
|
95 | }]
|
96 | }, {
|
97 | name: 'subjectKeyIdentifier'
|
98 | }]);
|
99 | cert.sign(keys.privateKey, forge.md.sha256.create());
|
100 | const privPem = pki.privateKeyToPem(keys.privateKey);
|
101 | const certPem = pki.certificateToPem(cert);
|
102 |
|
103 | if (options.cache) {
|
104 | mkdirp.sync(options.cacheDir);
|
105 | fs.writeFileSync(privateKeyPath, privPem);
|
106 | fs.writeFileSync(certPath, certPem);
|
107 | }
|
108 |
|
109 | return {
|
110 | key: privPem,
|
111 | cert: certPem
|
112 | };
|
113 | }
|
114 |
|
115 | module.exports = generateCertificate; |
\ | No newline at end of file |