From 48c8d257741fa2b733832218ff6dc0e459e6cab3 Mon Sep 17 00:00:00 2001
From: Julien Fontanet <julien.fontanet@isonoe.net>
Date: Thu, 20 May 2021 22:41:59 +0200
Subject: [PATCH] WiP: feat(self-signed): genSignedCert

---
 @xen-orchestra/self-signed/index.js | 34 +++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/@xen-orchestra/self-signed/index.js b/@xen-orchestra/self-signed/index.js
index 1aebe7534..46d7b84dc 100644
--- a/@xen-orchestra/self-signed/index.js
+++ b/@xen-orchestra/self-signed/index.js
@@ -1,4 +1,7 @@
 const { execFile } = require('child_process')
+const { promisify } = require('util')
+
+const randomBytes = promisify(require('crypto').randomBytes)
 
 const openssl = (cmd, args, { input, ...opts } = {}) =>
   new Promise((resolve, reject) => {
@@ -10,12 +13,35 @@ const openssl = (cmd, args, { input, ...opts } = {}) =>
     }
   })
 
-exports.genSelfSignedCert = async ({ days = 360 } = {}) => {
+const req = (key, selfSigned, { days = 360 } = {}) => {
+  const args = ['-batch', '-new', '-key', '-', '-nodes']
+  if (selfSigned) {
+    args.push('-x509', '-days', String(days))
+  }
+  return openssl('req', args, { input: key })
+}
+
+exports.genSelfSignedCert = async opts => {
   const key = await openssl('genrsa', ['2048'])
   return {
-    cert: await openssl('req', ['-batch', '-new', '-key', '-', '-x509', '-days', String(days), '-nodes'], {
-      input: key,
-    }),
+    cert: await req(key, true, opts),
+    key,
+  }
+}
+
+exports.genSignedCert = async (ca, { days = 360 } = {}) => {
+  const key = await openssl('genrsa', ['2048'])
+  const csr = await req(key, false)
+  const serial = '0x' + (await randomBytes(40)).toString('hex')
+  const input = [csr, ca.cert, ca.key].join('\n')
+  return {
+    cert: await openssl(
+      'x509',
+      ['-req', '-in', '-', '-CA', '-', '-CAkey', '-', '-days', String(days), '-set_serial', serial],
+      {
+        input,
+      }
+    ),
     key,
   }
 }