-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.js
executable file
·265 lines (254 loc) · 6.42 KB
/
main.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
#!/usr/bin/env node
/*
* Copyright (c) 2019 PaperCut Software International Pty. Ltd.
*
* https://www.papercut.com
*
* Use of this source code is governed by an GNU GPLv3 license.
* See the project's LICENSE file for more information.
*/
const forge = require("node-forge");
const fs = require("fs");
const chalk = require("chalk");
const yargs = require("yargs");
const packageJson = require("./package.json");
const { networkInterfaces } = require("os");
// Yargs declaration for handling command-line arguments
const options = yargs
.usage(
`cert-tool v${packageJson.version}\nUsage: cert-tool -t <certificate type>`
)
.option("f", {
alias: "file",
describe: "The name of the certificate file(s)",
type: "string"
})
.option("t", {
alias: "type",
describe: "The module type to generate the certificate for",
choices: ["pem", "pfx"],
type: "string",
demandOption: true
})
.option("o", {
alias: "output",
describe: "The output directory for the certificates",
type: "string"
})
.option("c", {
alias: "combined",
describe:
"Whether to combine certificate and key in the same file(PEM certificate type only)",
type: "boolean"
})
.option("p", {
alias: "password",
describe: "The password for our pfx file",
type: "string"
})
.option("i", {
alias: "ip",
describe:
"Sets the IP of subject alternate name, if null it will be set to your external IP",
type: "string"
})
.option("h", {
alias: "hostname",
describe: "Sets the hostname of the subject alternate name",
type: "string"
})
.check(function(argv, options) {
if (argv.type.toLowerCase() === "pfx") {
if (argv.combined) {
throw new Error("Cannot use combine flag on PFX certificate");
} else if ( ! argv.password ) {
throw new Error("Please enter a valid password for PFX certificate");
}
}
return true;
}).argv;
// Helper function(s)
const getLocalExternalIP = () => {
return []
.concat(...Object.values(networkInterfaces()))
.filter(details => details.family === "IPv4" && !details.internal)
.pop().address;
};
// ---
// Extract file name out other set default
const fileName = options.file ? options.file : "certificate";
// generate a keypair
console.log("Generating 2048-bit key-pair...");
var keys = forge.pki.rsa.generateKeyPair(2048);
console.log("Key-pair created.");
// create a certificate
console.log("Creating self-signed certificate...");
var cert = forge.pki.createCertificate();
cert.publicKey = keys.publicKey;
// Serial isn't important in this instance
cert.serialNumber = "01";
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
var attrs = [
{
name: "commonName",
value: "localhost"
},
{
name: "countryName",
value: "AU"
},
{
shortName: "ST",
value: "Victoria"
},
{
name: "localityName",
value: "Melbourne"
},
{
name: "organizationName",
value: "PaperCut Software"
},
{
shortName: "OU",
value: "Development"
}
];
cert.setSubject(attrs);
cert.setIssuer(attrs);
// Determine alt names based on our cli flags
var altNames = [];
// Always add localhost entries
altNames.push(
{
type: 2, // DNS
value: "localhost"
},
{
type: 7, // IP
ip: "127.0.0.1"
}
);
// Use provided ip
if (options.ip) {
altNames.push({
type: 7, // IP
ip: options.ip
});
// Determine external IP and use that
} else {
if (options.ip === "") {
altNames.push({
type: 7, // IP
ip: getLocalExternalIP()
});
}
}
if (options.hostname) {
altNames.push({
type: 2, // DNS
value: options.hostname
});
}
cert.setExtensions([
{
name: "subjectAltName",
altNames: altNames
}
]);
// self-sign certificate
cert.sign(keys.privateKey);
console.log("Certificate created.");
// Use sync because we need this directory before we do anything
if (!fs.existsSync(`${process.cwd()}/certificates`)) {
fs.mkdirSync(`${process.cwd()}/certificates`);
console.log("Creating certificates directory");
} else {
console.log("Found certificates directory");
}
if (options.type.toUpperCase() === "PEM") {
const pemPkey = forge.pki.privateKeyToPem(keys.privateKey);
const pemCert = forge.pki.certificateToPem(cert);
if (options.combined) {
// Create stream writer
const writeStream = fs.createWriteStream(
`${process.cwd()}/certificates/${fileName}.pem`
);
writeStream.write(pemPkey, "binary");
writeStream.write(pemCert, "binary");
writeStream.on("error", err => {
console.error(chalk.red(err));
});
// the finish event is emitted when all data has been flushed from the stream
writeStream.on("finish", () => {
console.log(
chalk.green(
`Successfully saved certificate: ${process.cwd()}/certificates/${fileName}.pem`
)
);
});
// close the stream
writeStream.end();
} else {
// Use async writing as it has more elegant error handling
fs.writeFile(
`${process.cwd()}/certificates/${fileName}_key.pem`,
pemPkey,
err => {
if (err) {
console.error(chalk.red(err));
return;
}
console.log(
chalk.green(
`Successfully saved pem key: ${process.cwd()}/certificates/certificates/${fileName}_key.pem`
)
);
}
);
fs.writeFile(
`${process.cwd()}/certificates/${fileName}_cert.pem`,
pemCert,
err => {
if (err) {
console.error(chalk.red(err));
return;
}
console.log(
chalk.green(
`Successfully saved pem certificate: ${process.cwd()}/certificates/certificates/${fileName}_cert.pem`
)
);
}
);
}
} else if (options.type.toUpperCase() === "PFX") {
console.log("Outputting as PFX format");
var newPkcs12Asn1 = forge.pkcs12.toPkcs12Asn1(
keys.privateKey,
[cert],
options.password,
{
algorithm: "3des"
}
);
var newPkcs12Der = forge.asn1.toDer(newPkcs12Asn1).getBytes();
fs.writeFile(
`${process.cwd()}/certificates/${fileName}.pfx`,
newPkcs12Der,
"binary",
err => {
if (err) {
console.error(chalk.red(err));
return;
}
console.log(
chalk.green(
`Successfully saved certificate: ${process.cwd()}/certificates/${fileName}.pfx`
)
);
}
);
}