UNPKG

node-red-contrib-trustpoint

Version:

Node-RED nodes for EST (Enrollment over Secure Transport) and certificate operations.

github.com/ibrahimsambare/node-red-contrib-trustpoint

ibrahimsambare/node-red-contrib-trustpoint

82 lines (68 loc) 3.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
const forge = require('node-forge'); const fs = require('fs'); const path = require('path'); module.exports = function (RED) { function TrustpointKeygenNode(config) { RED.nodes.createNode(this, config); const node = this; node.on('input', function (msg, send, done) { const algorithm = config.algorithm || msg.algorithm || 'RSA'; const keySize = parseInt(config.keySize || msg.keySize || '2048', 10); const curve = config.ecCurve || msg.ecCurve || 'prime256v1'; const persist = config.persist === true || msg.persist === true; const filenamePrefix = config.filenamePrefix || msg.filenamePrefix || 'keypair'; try { let privateKey, publicKey; let privateKeyPem, publicKeyPem; if (algorithm === 'RSA') { const keys = forge.pki.rsa.generateKeyPair(keySize); privateKey = keys.privateKey; publicKey = keys.publicKey; privateKeyPem = forge.pki.privateKeyToPem(privateKey); publicKeyPem = forge.pki.publicKeyToPem(publicKey); } else if (algorithm === 'EC' || algorithm === 'ECC') { const ec = forge.pki.ec; const keys = ec.generateKeyPair({ namedCurve: curve }); privateKey = keys.privateKey; publicKey = keys.publicKey; privateKeyPem = forge.pki.privateKeyToPem(privateKey); publicKeyPem = forge.pki.publicKeyToPem(publicKey); } else { return done(new Error(`Unsupported algorithm: ${algorithm}`)); } if (persist) { const dir = path.join(__dirname, '..', 'keys'); if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true }); fs.writeFileSync(path.join(dir, `${filenamePrefix}_private.pem`), privateKeyPem); fs.writeFileSync(path.join(dir, `${filenamePrefix}_public.pem`), publicKeyPem); } const rawDeviceId = msg.deviceId || config.deviceId || (msg.payload && msg.payload.deviceId) || "default"; const sanitizedDeviceId = rawDeviceId.replace(/[^a-zA-Z0-9_-]/g, ''); // Ajout de la promotion des credentials msg.estUsername = msg.payload?.estUsername; msg.estPassword = msg.payload?.estPassword; msg.keystore = msg.keystore || {}; msg.keystore.privateKey = privateKeyPem; msg.keystore.publicKey = publicKeyPem; msg.keystore.deviceId = rawDeviceId; msg.keystore.estUsername = msg.estUsername; msg.keystore.estPassword = msg.estPassword; msg.subject = { commonName: sanitizedDeviceId, countryName: 'NE', organizationName: 'Trustpoint' }; msg.privateKeyPem = privateKeyPem; msg.publicKeyPem = publicKeyPem; msg.payload = msg.payload || {}; msg.payload.privateKey = privateKeyPem; msg.payload.deviceId = sanitizedDeviceId; send(msg); done(); } catch (err) { done(new Error(`Key generation failed: ${err.message}`)); } }); } RED.nodes.registerType("trustpoint-keygen", TrustpointKeygenNode); };