summaryrefslogtreecommitdiff
path: root/school/node_modules/node-forge/tests/nodejs-create-pkcs12.js
diff options
context:
space:
mode:
Diffstat (limited to 'school/node_modules/node-forge/tests/nodejs-create-pkcs12.js')
-rw-r--r--school/node_modules/node-forge/tests/nodejs-create-pkcs12.js160
1 files changed, 160 insertions, 0 deletions
diff --git a/school/node_modules/node-forge/tests/nodejs-create-pkcs12.js b/school/node_modules/node-forge/tests/nodejs-create-pkcs12.js
new file mode 100644
index 0000000..e52eefa
--- /dev/null
+++ b/school/node_modules/node-forge/tests/nodejs-create-pkcs12.js
@@ -0,0 +1,160 @@
+var forge = require('../js/forge');
+
+try {
+ // generate a keypair
+ console.log('Generating 1024-bit key-pair...');
+ var keys = forge.pki.rsa.generateKeyPair(1024);
+ console.log('Key-pair created.');
+
+ // create a certificate
+ console.log('Creating self-signed certificate...');
+ var cert = forge.pki.createCertificate();
+ cert.publicKey = keys.publicKey;
+ cert.serialNumber = '01';
+ cert.validity.notBefore = new Date();
+ cert.validity.notAfter = new Date();
+ cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
+ var attrs = [{
+ name: 'commonName',
+ value: 'example.org'
+ }, {
+ name: 'countryName',
+ value: 'US'
+ }, {
+ shortName: 'ST',
+ value: 'Virginia'
+ }, {
+ name: 'localityName',
+ value: 'Blacksburg'
+ }, {
+ name: 'organizationName',
+ value: 'Test'
+ }, {
+ shortName: 'OU',
+ value: 'Test'
+ }];
+ cert.setSubject(attrs);
+ cert.setIssuer(attrs);
+ cert.setExtensions([{
+ name: 'basicConstraints',
+ cA: true
+ }, {
+ name: 'keyUsage',
+ keyCertSign: true,
+ digitalSignature: true,
+ nonRepudiation: true,
+ keyEncipherment: true,
+ dataEncipherment: true
+ }, {
+ name: 'subjectAltName',
+ altNames: [{
+ type: 6, // URI
+ value: 'http://example.org/webid#me'
+ }]
+ }]);
+
+ // self-sign certificate
+ cert.sign(keys.privateKey);
+ console.log('Certificate created.');
+
+ // create PKCS12
+ console.log('\nCreating PKCS#12...');
+ var password = 'password';
+ var newPkcs12Asn1 = forge.pkcs12.toPkcs12Asn1(
+ keys.privateKey, [cert], password,
+ {generateLocalKeyId: true, friendlyName: 'test'});
+ var newPkcs12Der = forge.asn1.toDer(newPkcs12Asn1).getBytes();
+
+ console.log('\nBase64-encoded new PKCS#12:');
+ console.log(forge.util.encode64(newPkcs12Der));
+
+ // create CA store (w/own certificate in this example)
+ var caStore = forge.pki.createCaStore([cert]);
+
+ console.log('\nLoading new PKCS#12 to confirm...');
+ loadPkcs12(newPkcs12Der, password, caStore);
+} catch(ex) {
+ if(ex.stack) {
+ console.log(ex.stack);
+ } else {
+ console.log('Error', ex);
+ }
+}
+
+function loadPkcs12(pkcs12Der, password, caStore) {
+ var pkcs12Asn1 = forge.asn1.fromDer(pkcs12Der);
+ var pkcs12 = forge.pkcs12.pkcs12FromAsn1(pkcs12Asn1, false, password);
+
+ // load keypair and cert chain from safe content(s) and map to key ID
+ var map = {};
+ for(var sci = 0; sci < pkcs12.safeContents.length; ++sci) {
+ var safeContents = pkcs12.safeContents[sci];
+ console.log('safeContents ' + (sci + 1));
+
+ for(var sbi = 0; sbi < safeContents.safeBags.length; ++sbi) {
+ var safeBag = safeContents.safeBags[sbi];
+ console.log('safeBag.type: ' + safeBag.type);
+
+ var localKeyId = null;
+ if(safeBag.attributes.localKeyId) {
+ localKeyId = forge.util.bytesToHex(
+ safeBag.attributes.localKeyId[0]);
+ console.log('localKeyId: ' + localKeyId);
+ if(!(localKeyId in map)) {
+ map[localKeyId] = {
+ privateKey: null,
+ certChain: []
+ };
+ }
+ } else {
+ // no local key ID, skip bag
+ continue;
+ }
+
+ // this bag has a private key
+ if(safeBag.type === forge.pki.oids.pkcs8ShroudedKeyBag) {
+ console.log('found private key');
+ map[localKeyId].privateKey = safeBag.key;
+ } else if(safeBag.type === forge.pki.oids.certBag) {
+ // this bag has a certificate
+ console.log('found certificate');
+ map[localKeyId].certChain.push(safeBag.cert);
+ }
+ }
+ }
+
+ console.log('\nPKCS#12 Info:');
+
+ for(var localKeyId in map) {
+ var entry = map[localKeyId];
+ console.log('\nLocal Key ID: ' + localKeyId);
+ if(entry.privateKey) {
+ var privateKeyP12Pem = forge.pki.privateKeyToPem(entry.privateKey);
+ var encryptedPrivateKeyP12Pem = forge.pki.encryptRsaPrivateKey(
+ entry.privateKey, password);
+
+ console.log('\nPrivate Key:');
+ console.log(privateKeyP12Pem);
+ console.log('Encrypted Private Key (password: "' + password + '"):');
+ console.log(encryptedPrivateKeyP12Pem);
+ } else {
+ console.log('');
+ }
+ if(entry.certChain.length > 0) {
+ console.log('Certificate chain:');
+ var certChain = entry.certChain;
+ for(var i = 0; i < certChain.length; ++i) {
+ var certP12Pem = forge.pki.certificateToPem(certChain[i]);
+ console.log(certP12Pem);
+ }
+
+ var chainVerified = false;
+ try {
+ chainVerified = forge.pki.verifyCertificateChain(caStore, certChain);
+ } catch(ex) {
+ chainVerified = ex;
+ }
+ console.log('Certificate chain verified: ', chainVerified);
+ }
+ }
+}