forked from svrjs/svrjs
110 lines
2.8 KiB
JavaScript
110 lines
2.8 KiB
JavaScript
var ocsp = require('../../');
|
|
|
|
var fs = require('fs');
|
|
var rfc2560 = require('asn1.js-rfc2560');
|
|
var rfc5280 = require('asn1.js-rfc5280');
|
|
var keyGen = require('selfsigned.js').create();
|
|
|
|
/*
|
|
AuthorityInfoAccessSyntax ::=
|
|
SEQUENCE SIZE (1..MAX) OF AccessDescription
|
|
|
|
AccessDescription ::= SEQUENCE {
|
|
accessMethod OBJECT IDENTIFIER,
|
|
accessLocation GeneralName }
|
|
*/
|
|
|
|
exports.google = fs.readFileSync(__dirname + '/google-cert.pem');
|
|
exports.googleIssuer = fs.readFileSync(__dirname + '/google-issuer.pem');
|
|
exports.noExts = fs.readFileSync(__dirname + '/no-exts-cert.pem');
|
|
|
|
exports.certs = {};
|
|
|
|
[ 'issuer', 'good', 'revoked' ].forEach(function(name) {
|
|
exports.certs[name] = {
|
|
cert: fs.readFileSync(__dirname + '/' + name + '-cert.pem'),
|
|
key: fs.readFileSync(__dirname + '/' + name + '-key.pem')
|
|
};
|
|
});
|
|
|
|
exports.getOCSPCert = function getOCSPCert(options, cb) {
|
|
if (!options)
|
|
options = {};
|
|
|
|
var size = options.size || 256;
|
|
var commonName = options.commonName || 'local.host';
|
|
var OCSPEndPoint = options.OCSPEndPoint || 'http://127.0.0.1:8000/ocsp';
|
|
|
|
var issuer = options.issuer;
|
|
if (issuer)
|
|
issuer = ocsp.utils.toDER(issuer, 'CERTIFICATE');
|
|
if (issuer)
|
|
issuer = rfc5280.Certificate.decode(issuer, 'der');
|
|
|
|
var issuerKeyData = options.issuerKey;
|
|
|
|
if (issuerKeyData)
|
|
issuerKeyData = ocsp.utils.toDER(options.issuerKey, 'RSA PRIVATE KEY');
|
|
|
|
if (issuerKeyData)
|
|
issuerKeyData = ocsp.utils.RSAPrivateKey.decode(issuerKeyData, 'der');
|
|
else
|
|
issuerKeyData = options.issuerKeyData;
|
|
|
|
function getPrime(cb) {
|
|
keyGen.getPrime(size >> 1, function(err, prime) {
|
|
if (err)
|
|
return getPrime(cb);
|
|
|
|
cb(prime);
|
|
});
|
|
}
|
|
|
|
function getTwoPrimes(cb) {
|
|
var primes = [];
|
|
getPrime(done);
|
|
getPrime(done);
|
|
|
|
function done(prime) {
|
|
primes.push(prime);
|
|
if (primes.length === 2)
|
|
return cb(primes[0], primes[1]);
|
|
}
|
|
}
|
|
|
|
function getKeyData(cb) {
|
|
getTwoPrimes(function(p, q) {
|
|
var keyData = keyGen.getKeyData(p, q);
|
|
if (!keyData)
|
|
return getKeyData(cb);
|
|
|
|
cb(keyData);
|
|
});
|
|
}
|
|
|
|
var ext = rfc5280.AuthorityInfoAccessSyntax.encode([ {
|
|
accessMethod: rfc2560['id-pkix-ocsp'],
|
|
accessLocation: {
|
|
type: 'uniformResourceIdentifier',
|
|
value: OCSPEndPoint
|
|
}
|
|
} ], 'der');
|
|
|
|
getKeyData(function(keyData) {
|
|
var certData = keyGen.getCertData({
|
|
serial: options.serial,
|
|
keyData: keyData,
|
|
commonName: commonName,
|
|
issuer: issuer,
|
|
issuerKeyData: issuerKeyData,
|
|
extensions: [ {
|
|
extnID: rfc5280['id-pe-authorityInfoAccess'],
|
|
critical: false,
|
|
extnValue: ext
|
|
} ]
|
|
});
|
|
|
|
var pem = keyGen.getCert(certData, 'pem');
|
|
return cb(pem, keyGen.getPrivate(keyData, 'pem'));
|
|
});
|
|
};
|