1 | var { assert } = require('chai');
|
2 | var forge = require('node-forge');
|
3 | var fs = require('fs');
|
4 | var exec = require('child_process').exec;
|
5 |
|
6 | describe('generate', function () {
|
7 |
|
8 | var generate = require('../index').generate;
|
9 |
|
10 | it('should work without attrs/options', function (done) {
|
11 | var pems = generate();
|
12 | assert.ok(!!pems.private, 'has a private key');
|
13 | assert.ok(!!pems.fingerprint, 'has fingerprint');
|
14 | assert.ok(!!pems.public, 'has a public key');
|
15 | assert.ok(!!pems.cert, 'has a certificate');
|
16 | assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');
|
17 | assert.ok(!pems.clientcert, 'should not include a client cert by default');
|
18 | assert.ok(!pems.clientprivate, 'should not include a client private key by default');
|
19 | assert.ok(!pems.clientpublic, 'should not include a client public key by default');
|
20 |
|
21 | var caStore = forge.pki.createCaStore();
|
22 | caStore.addCertificate(pems.cert);
|
23 | done();
|
24 | });
|
25 |
|
26 | it('should generate client cert', function (done) {
|
27 | var pems = generate(null, {clientCertificate: true});
|
28 |
|
29 | assert.ok(!!pems.clientcert, 'should include a client cert when requested');
|
30 | assert.ok(!!pems.clientprivate, 'should include a client private key when requested');
|
31 | assert.ok(!!pems.clientpublic, 'should include a client public key when requested');
|
32 | done();
|
33 | });
|
34 |
|
35 | it('should include pkcs7', function (done) {
|
36 | var pems = generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true});
|
37 |
|
38 | assert.ok(!!pems.pkcs7, 'has a pkcs7');
|
39 |
|
40 | try {
|
41 | fs.unlinkSync('/tmp/tmp.pkcs7');
|
42 | } catch (er) {}
|
43 |
|
44 | fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);
|
45 | exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {
|
46 | if (err) {
|
47 | return done(err);
|
48 | }
|
49 |
|
50 | const errorMessage = stderr.toString();
|
51 | if (errorMessage.length) {
|
52 | return done(new Error(errorMessage));
|
53 | }
|
54 |
|
55 | const expected = stdout.toString();
|
56 | let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);
|
57 | cert = cert.filter(c => c);
|
58 | assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);
|
59 | assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);
|
60 | assert.strictEqual(
|
61 | pems.cert,
|
62 | cert.join('\r\n') + '\r\n'
|
63 | );
|
64 |
|
65 | done();
|
66 | });
|
67 | });
|
68 |
|
69 | it('should support sha1 algorithm', function (done) {
|
70 | var pems_sha1 = generate(null, { algorithm: 'sha1' });
|
71 | assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');
|
72 | done();
|
73 | });
|
74 |
|
75 | it('should support sha256 algorithm', function (done) {
|
76 | var pems_sha256 = generate(null, { algorithm: 'sha256' });
|
77 | assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');
|
78 | done();
|
79 | });
|
80 |
|
81 | describe('with callback', function () {
|
82 | it('should work without attrs/options', function (done) {
|
83 | generate(function (err, pems) {
|
84 | if (err) done(err);
|
85 | assert.ok(!!pems.private, 'has a private key');
|
86 | assert.ok(!!pems.public, 'has a public key');
|
87 | assert.ok(!!pems.cert, 'has a certificate');
|
88 | assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');
|
89 | assert.ok(!pems.clientcert, 'should not include a client cert by default');
|
90 | assert.ok(!pems.clientprivate, 'should not include a client private key by default');
|
91 | assert.ok(!pems.clientpublic, 'should not include a client public key by default');
|
92 | done();
|
93 | });
|
94 | });
|
95 |
|
96 | it('should generate client cert', function (done) {
|
97 | generate(null, {clientCertificate: true}, function (err, pems) {
|
98 | if (err) done(err);
|
99 | assert.ok(!!pems.clientcert, 'should include a client cert when requested');
|
100 | assert.ok(!!pems.clientprivate, 'should include a client private key when requested');
|
101 | assert.ok(!!pems.clientpublic, 'should include a client public key when requested');
|
102 | done();
|
103 | });
|
104 | });
|
105 |
|
106 | it('should include pkcs7', function (done) {
|
107 | generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true}, function (err, pems) {
|
108 | if (err) done(err);
|
109 | assert.ok(!!pems.pkcs7, 'has a pkcs7');
|
110 |
|
111 | try {
|
112 | fs.unlinkSync('/tmp/tmp.pkcs7');
|
113 | } catch (er) {}
|
114 |
|
115 | fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);
|
116 | exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {
|
117 | if (err) {
|
118 | return done(err);
|
119 | }
|
120 |
|
121 | const errorMessage = stderr.toString();
|
122 | if (errorMessage.length) {
|
123 | return done(new Error(errorMessage));
|
124 | }
|
125 |
|
126 | const expected = stdout.toString();
|
127 | let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);
|
128 | assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);
|
129 | assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);
|
130 | assert.strictEqual(
|
131 | pems.cert,
|
132 | cert.join('\r\n') + '\r\n'
|
133 | );
|
134 |
|
135 | done();
|
136 | });
|
137 | });
|
138 | });
|
139 |
|
140 | it('should support sha1 algorithm', function (done) {
|
141 | generate(null, { algorithm: 'sha1' }, function (err, pems_sha1) {
|
142 | if (err) done(err);
|
143 | assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');
|
144 | done();
|
145 | });
|
146 | });
|
147 |
|
148 | it('should support sha256 algorithm', function (done) {
|
149 | generate(null, { algorithm: 'sha256' }, function (err, pems_sha256) {
|
150 | if (err) done(err);
|
151 | assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');
|
152 | done();
|
153 | });
|
154 | });
|
155 | });
|
156 | });
|