-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Expand file tree
/
Copy pathcertUtils.ts
More file actions
81 lines (67 loc) · 2.31 KB
/
Copy pathcertUtils.ts
File metadata and controls
81 lines (67 loc) · 2.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
/*---------------------------------------------------------------------------------------------
* Copyright (c) Microsoft Corporation. All rights reserved.
*--------------------------------------------------------------------------------------------*/
import tls from "tls";
import forge from "node-forge";
export interface CaData {
certPem: string;
keyPem: string;
caCert: forge.pki.Certificate;
caKey: forge.pki.rsa.PrivateKey;
}
export function generateCA(): CaData {
const keys = forge.pki.rsa.generateKeyPair(2048);
const cert = forge.pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = "01";
const now = new Date();
const oneYearLater = new Date();
oneYearLater.setFullYear(oneYearLater.getFullYear() + 1);
cert.validity.notBefore = now;
cert.validity.notAfter = oneYearLater;
const attrs: forge.pki.CertificateField[] = [
{ name: "commonName", value: "SDK E2E Test CA" },
{ name: "organizationName", value: "Copilot SDK Tests" },
];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.setExtensions([
{ name: "basicConstraints", cA: true, critical: true },
{ name: "keyUsage", keyCertSign: true, cRLSign: true, critical: true },
]);
cert.sign(keys.privateKey, forge.md.sha256.create());
return {
certPem: forge.pki.certificateToPem(cert),
keyPem: forge.pki.privateKeyToPem(keys.privateKey),
caCert: cert,
caKey: keys.privateKey,
};
}
export function createSecureContextForHost(
hostname: string,
ca: CaData,
): tls.SecureContext {
const keys = forge.pki.rsa.generateKeyPair(2048);
const cert = forge.pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = String(Date.now());
const now = new Date();
const oneYearLater = new Date();
oneYearLater.setFullYear(oneYearLater.getFullYear() + 1);
cert.validity.notBefore = now;
cert.validity.notAfter = oneYearLater;
cert.setSubject([{ name: "commonName", value: hostname }]);
cert.setIssuer(ca.caCert.subject.attributes);
cert.setExtensions([
{
name: "subjectAltName",
altNames: [{ type: 2, value: hostname }],
},
]);
cert.sign(ca.caKey, forge.md.sha256.create());
return tls.createSecureContext({
key: forge.pki.privateKeyToPem(keys.privateKey),
cert: forge.pki.certificateToPem(cert),
ca: ca.certPem,
});
}