WiP: feat(self-signed): genSignedCert

2021-05-20 22:41:59 +02:00
parent cf9f0da6e5
commit 48c8d25774
1 changed files with 30 additions and 4 deletions
--- a/@xen-orchestra/self-signed/index.js
+++ b/@xen-orchestra/self-signed/index.js
@@ -1,4 +1,7 @@
 const { execFile } = require('child_process')
+const { promisify } = require('util')
+
+const randomBytes = promisify(require('crypto').randomBytes)

 const openssl = (cmd, args, { input, ...opts } = {}) =>
  new Promise((resolve, reject) => {
@@ -10,12 +13,35 @@ const openssl = (cmd, args, { input, ...opts } = {}) =>
    }
  })

-exports.genSelfSignedCert = async ({ days = 360 } = {}) => {
+const req = (key, selfSigned, { days = 360 } = {}) => {
+  const args = ['-batch', '-new', '-key', '-', '-nodes']
+  if (selfSigned) {
+    args.push('-x509', '-days', String(days))
+  }
+  return openssl('req', args, { input: key })
+}
+
+exports.genSelfSignedCert = async opts => {
  const key = await openssl('genrsa', ['2048'])
  return {
-    cert: await openssl('req', ['-batch', '-new', '-key', '-', '-x509', '-days', String(days), '-nodes'], {
-      input: key,
-    }),
+    cert: await req(key, true, opts),
+    key,
+  }
+}
+
+exports.genSignedCert = async (ca, { days = 360 } = {}) => {
+  const key = await openssl('genrsa', ['2048'])
+  const csr = await req(key, false)
+  const serial = '0x' + (await randomBytes(40)).toString('hex')
+  const input = [csr, ca.cert, ca.key].join('\n')
+  return {
+    cert: await openssl(
+      'x509',
+      ['-req', '-in', '-', '-CA', '-', '-CAkey', '-', '-days', String(days), '-set_serial', serial],
+      {
+        input,
+      }
+    ),
    key,
  }
 }