UNPKG

fastify

Version:

Fast and low overhead web framework, for Node.js

fastify.dev

fastify/fastify

110 lines (97 loc) 3.19 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
'use strict' const os = require('os') const forge = require('node-forge') // from self-cert module function selfCert (opts) { const options = opts || {} const log = opts.logger || require('abstract-logging') const now = new Date() if (!options.attrs) options.attrs = {} if (!options.expires) { options.expires = new Date( now.getFullYear() + 5, now.getMonth() + 1, now.getDate() ) } log.debug('generating key pair') const keys = forge.pki.rsa.generateKeyPair(options.bits || 2048) log.debug('key pair generated') log.debug('generating self-signed certificate') const cert = forge.pki.createCertificate() cert.publicKey = keys.publicKey cert.serialNumber = '01' cert.validity.notBefore = now cert.validity.notAfter = options.expires const attrs = [ { name: 'commonName', value: options.attrs.commonName || os.hostname() }, { name: 'countryName', value: options.attrs.countryName || 'US' }, { name: 'stateOrProvinceName', value: options.attrs.stateName || 'Georgia' }, { name: 'localityName', value: options.attrs.locality || 'Atlanta' }, { name: 'organizationName', value: options.attrs.orgName || 'None' }, { shortName: 'OU', value: options.attrs.shortName || 'example' } ] cert.setSubject(attrs) cert.setIssuer(attrs) cert.setExtensions([ { name: 'basicConstraints', cA: true }, { name: 'keyUsage', keyCertSign: true, digitalSignature: true, nonRepudiation: true, keyEncipherment: true, dataEncipherment: true }, { name: 'extKeyUsage', serverAuth: true, clientAuth: true, codeSigning: true, emailProtection: true, timeStamping: true }, { name: 'nsCertType', client: true, server: true, email: true, objsign: true, sslCA: true, emailCA: true, objCA: true }, { name: 'subjectKeyIdentifier' }, { name: 'subjectAltName', altNames: [{ type: 6 /* URI */, value: 'DNS: ' + attrs[0].value }].concat((function () { const interfaces = os.networkInterfaces() // fix citgm: skip invalid ips (aix72-ppc64) const ips = Object.values(interfaces).flat() .filter(i => !!forge.util.bytesFromIP(i.address)) .map(i => ({ type: 7 /* IP */, ip: i.address })) return ips }())) } ]) cert.sign(keys.privateKey) log.debug('certificate generated') return { privateKey: forge.pki.privateKeyToPem(keys.privateKey), publicKey: forge.pki.publicKeyToPem(keys.publicKey), certificate: forge.pki.certificateToPem(cert) } } async function buildCertificate () { // "global" is used in here because "t.context" is only supported by "t.beforeEach" and "t.afterEach" // For the test case which execute this code which will be using `t.before` and it can reduce the // number of times executing it. if (!global.context || !global.context.cert || !global.context.key) { const certs = selfCert({ expires: new Date(Date.now() + 86400000) }) global.context = { cert: certs.certificate, key: certs.privateKey } } } module.exports = { buildCertificate }