UNPKG

@cto.af/ca

Version:

Testing-only Certificate Authority (CA) for your local development environment ONLY. This is in no way suitable for production of any kind.

github.com/cto-af/ca

cto-af/ca

80 lines (75 loc) 2.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import { Logger } from '@cto.af/log'; import rs from 'jsrsasign'; interface CertOptions { /** * Subject Distinguished Name for CA. */ caSubject?: string; /** * Minimum number of days the serve can run. Ensure the cert will good * at least this long. */ minRunDays?: number; /** Certificate invalid after this many days, server restart required. */ notAfterDays?: number; /** Relative to cwd. */ certDir?: string; /** Relative to cwd. */ caDir?: string; /** Hostname for cert. Used for subject CN, DNS subjectAltName. */ host?: string; /** Always create a new CA cert, even if one exists and is valid. */ forceCA?: boolean; /** Always create a new certificate, even if one exists and is valid. */ forceCert?: boolean; /** * 0 for info. +verbose, -quiet. */ logLevel?: number; /** * Log to a file instead. */ logFile?: string | null; /** * Already have a log file? */ log?: Logger | null; /** * If true, do not read the key. */ noKey?: boolean; } type RequiredCertOptions = Required<CertOptions>; type AnyKey = rs.RSAKey | rs.KJUR.crypto.DSA | rs.KJUR.crypto.ECDSA; declare class KeyCert { #private; readonly name: string; readonly key: string | undefined; readonly cert: string; readonly notAfter: Date; readonly notBefore: Date; readonly subject: string; readonly issuer: string; readonly serial: string; readonly ca: KeyCert | undefined; constructor(name: string, key: AnyKey | string | undefined, cert: rs.KJUR.asn1.x509.Certificate | string, ca?: KeyCert); static read(opts: RequiredCertOptions, name: string, ca?: KeyCert): Promise<KeyCert | null>; delete(opts: RequiredCertOptions): Promise<void>; write(opts: RequiredCertOptions): Promise<void>; } declare const DEFAULT_CERT_OPTIONS: RequiredCertOptions; /** * Read a valid CA cert, or create a new one, writing it. * * @param options Cert options. * @returns Private Key / Certificate for CA. */ declare function createCA(options: CertOptions): Promise<KeyCert>; /** * Create a CA-signed localhost certificate. * * @param options Certificate options. * @returns Cert and private key. */ declare function createCert(options: CertOptions): Promise<KeyCert>; export { type AnyKey, type CertOptions, DEFAULT_CERT_OPTIONS, KeyCert, type RequiredCertOptions, createCA, createCert };