1 | var forge = require('node-forge')
|
2 | var fs = require('fs')
|
3 |
|
4 | exports.generate = function generate(attrs, options) {
|
5 |
|
6 | var keys = forge.pki.rsa.generateKeyPair(1024)
|
7 | var cert = forge.pki.createCertificate()
|
8 |
|
9 | cert.serialNumber = '01'
|
10 | cert.validity.notBefore = new Date()
|
11 | cert.validity.notAfter = new Date()
|
12 | cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1)
|
13 |
|
14 | attrs = attrs || [{
|
15 | name: 'commonName',
|
16 | value: 'example.org'
|
17 | }, {
|
18 | name: 'countryName',
|
19 | value: 'US'
|
20 | }, {
|
21 | shortName: 'ST',
|
22 | value: 'Virginia'
|
23 | }, {
|
24 | name: 'localityName',
|
25 | value: 'Blacksburg'
|
26 | }, {
|
27 | name: 'organizationName',
|
28 | value: 'Test'
|
29 | }, {
|
30 | shortName: 'OU',
|
31 | value: 'Test'
|
32 | }]
|
33 |
|
34 | cert.setSubject(attrs)
|
35 | cert.setIssuer(attrs)
|
36 |
|
37 | cert.setExtensions([{
|
38 | name: 'basicConstraints',
|
39 | cA: true
|
40 | }, {
|
41 | name: 'keyUsage',
|
42 | keyCertSign: true,
|
43 | digitalSignature: true,
|
44 | nonRepudiation: true,
|
45 | keyEncipherment: true,
|
46 | dataEncipherment: true
|
47 | }, {
|
48 | name: 'subjectAltName',
|
49 | altNames: [{
|
50 | type: 6,
|
51 | value: 'http://example.org/webid#me'
|
52 | }]
|
53 | }])
|
54 |
|
55 | cert.publicKey = keys.publicKey
|
56 |
|
57 | cert.sign(keys.privateKey)
|
58 |
|
59 | var pem = {
|
60 | private: forge.pki.privateKeyToPem(keys.privateKey),
|
61 | public: forge.pki.publicKeyToPem(keys.publicKey),
|
62 | cert: forge.pki.certificateToPem(cert)
|
63 | }
|
64 |
|
65 | if (options && options.pkcs7) {
|
66 | var p7 = forge.pkcs7.createSignedData()
|
67 | p7.addCertificate(cert)
|
68 | pem.pkcs7 = forge.pkcs7.messageToPem(p7)
|
69 | }
|
70 |
|
71 | var caStore = forge.pki.createCaStore()
|
72 | caStore.addCertificate(cert)
|
73 |
|
74 | try {
|
75 | forge.pki.verifyCertificateChain(caStore, [cert],
|
76 | function(vfd, depth, chain) {
|
77 | if(vfd !== true) {
|
78 | throw new Error('Certificate could not be verified.')
|
79 | }
|
80 | return true
|
81 | })
|
82 | }
|
83 | catch(ex) {
|
84 | throw new Error(ex)
|
85 | }
|
86 |
|
87 | return pem
|
88 | }
|