diff options
Diffstat (limited to 'school/node_modules/node-forge/tests/nodejs-create-pkcs12.js')
-rw-r--r-- | school/node_modules/node-forge/tests/nodejs-create-pkcs12.js | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/school/node_modules/node-forge/tests/nodejs-create-pkcs12.js b/school/node_modules/node-forge/tests/nodejs-create-pkcs12.js new file mode 100644 index 0000000..e52eefa --- /dev/null +++ b/school/node_modules/node-forge/tests/nodejs-create-pkcs12.js @@ -0,0 +1,160 @@ +var forge = require('../js/forge'); + +try { + // generate a keypair + console.log('Generating 1024-bit key-pair...'); + var keys = forge.pki.rsa.generateKeyPair(1024); + console.log('Key-pair created.'); + + // create a certificate + console.log('Creating self-signed certificate...'); + var cert = forge.pki.createCertificate(); + cert.publicKey = keys.publicKey; + cert.serialNumber = '01'; + cert.validity.notBefore = new Date(); + cert.validity.notAfter = new Date(); + cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1); + var attrs = [{ + name: 'commonName', + value: 'example.org' + }, { + name: 'countryName', + value: 'US' + }, { + shortName: 'ST', + value: 'Virginia' + }, { + name: 'localityName', + value: 'Blacksburg' + }, { + name: 'organizationName', + value: 'Test' + }, { + shortName: 'OU', + value: 'Test' + }]; + cert.setSubject(attrs); + cert.setIssuer(attrs); + cert.setExtensions([{ + name: 'basicConstraints', + cA: true + }, { + name: 'keyUsage', + keyCertSign: true, + digitalSignature: true, + nonRepudiation: true, + keyEncipherment: true, + dataEncipherment: true + }, { + name: 'subjectAltName', + altNames: [{ + type: 6, // URI + value: 'http://example.org/webid#me' + }] + }]); + + // self-sign certificate + cert.sign(keys.privateKey); + console.log('Certificate created.'); + + // create PKCS12 + console.log('\nCreating PKCS#12...'); + var password = 'password'; + var newPkcs12Asn1 = forge.pkcs12.toPkcs12Asn1( + keys.privateKey, [cert], password, + {generateLocalKeyId: true, friendlyName: 'test'}); + var newPkcs12Der = forge.asn1.toDer(newPkcs12Asn1).getBytes(); + + console.log('\nBase64-encoded new PKCS#12:'); + console.log(forge.util.encode64(newPkcs12Der)); + + // create CA store (w/own certificate in this example) + var caStore = forge.pki.createCaStore([cert]); + + console.log('\nLoading new PKCS#12 to confirm...'); + loadPkcs12(newPkcs12Der, password, caStore); +} catch(ex) { + if(ex.stack) { + console.log(ex.stack); + } else { + console.log('Error', ex); + } +} + +function loadPkcs12(pkcs12Der, password, caStore) { + var pkcs12Asn1 = forge.asn1.fromDer(pkcs12Der); + var pkcs12 = forge.pkcs12.pkcs12FromAsn1(pkcs12Asn1, false, password); + + // load keypair and cert chain from safe content(s) and map to key ID + var map = {}; + for(var sci = 0; sci < pkcs12.safeContents.length; ++sci) { + var safeContents = pkcs12.safeContents[sci]; + console.log('safeContents ' + (sci + 1)); + + for(var sbi = 0; sbi < safeContents.safeBags.length; ++sbi) { + var safeBag = safeContents.safeBags[sbi]; + console.log('safeBag.type: ' + safeBag.type); + + var localKeyId = null; + if(safeBag.attributes.localKeyId) { + localKeyId = forge.util.bytesToHex( + safeBag.attributes.localKeyId[0]); + console.log('localKeyId: ' + localKeyId); + if(!(localKeyId in map)) { + map[localKeyId] = { + privateKey: null, + certChain: [] + }; + } + } else { + // no local key ID, skip bag + continue; + } + + // this bag has a private key + if(safeBag.type === forge.pki.oids.pkcs8ShroudedKeyBag) { + console.log('found private key'); + map[localKeyId].privateKey = safeBag.key; + } else if(safeBag.type === forge.pki.oids.certBag) { + // this bag has a certificate + console.log('found certificate'); + map[localKeyId].certChain.push(safeBag.cert); + } + } + } + + console.log('\nPKCS#12 Info:'); + + for(var localKeyId in map) { + var entry = map[localKeyId]; + console.log('\nLocal Key ID: ' + localKeyId); + if(entry.privateKey) { + var privateKeyP12Pem = forge.pki.privateKeyToPem(entry.privateKey); + var encryptedPrivateKeyP12Pem = forge.pki.encryptRsaPrivateKey( + entry.privateKey, password); + + console.log('\nPrivate Key:'); + console.log(privateKeyP12Pem); + console.log('Encrypted Private Key (password: "' + password + '"):'); + console.log(encryptedPrivateKeyP12Pem); + } else { + console.log(''); + } + if(entry.certChain.length > 0) { + console.log('Certificate chain:'); + var certChain = entry.certChain; + for(var i = 0; i < certChain.length; ++i) { + var certP12Pem = forge.pki.certificateToPem(certChain[i]); + console.log(certP12Pem); + } + + var chainVerified = false; + try { + chainVerified = forge.pki.verifyCertificateChain(caStore, certChain); + } catch(ex) { + chainVerified = ex; + } + console.log('Certificate chain verified: ', chainVerified); + } + } +} |