How to use the node-forge.pki.certificateFromPem function in node-forge
To help you get started, we’ve selected a few node-forge examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mgcrea / node-easyrsa / test / spec / ssl.spec.js View on Github 
it('should have correct basicConstraints and keyUsage', () => {
const {cert} = res.cert;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.cert;
// d(getCertificateShortSubject(expectedCert));
const extensions = groupBy(resultCert.extensions, 'name');
const expectedExtensions = groupBy(expectedCert.extensions, 'name');
expect(extensions.basicConstraints).toEqual(expectedExtensions.basicConstraints);
expect(extensions.keyUsage).toEqual(expectedExtensions.keyUsage);
// expect(extensions.extKeyUsage).toEqual(expectedExtensions.extKeyUsage);
});
});it('should have correct extensions', () => {
const {cert} = res.cert;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.cert;
expect(getCertificateIssuer(resultCert)).toEqual(getCertificateSubject(res.ca.cert));
// expect(getCertificateIssuer(resultCert)).toEqual(getCertificateIssuer(expectedCert)); // @TODO chain
expect(getCertificateSubject(resultCert)).toEqual(getCertificateSubject(expectedCert));
expect(parseInt(resultCert.serialNumber, 16).length).toEqual(parseInt(expectedCert.serialNumber, 16).length);
expect(map(resultCert.extensions, 'name').sort()).toEqual(map(expectedCert.extensions, 'name').sort());
expect(map(resultCert.extensions, 'id').sort()).toEqual(map(expectedCert.extensions, 'id').sort());
});
it('should have correct basicConstraints and keyUsage', () => {module.exports = function validate (pem_cert) {
try {
var cert = pki.certificateFromPem(pem_cert)
// check that cert has a Subject Alternative Names (SANs) section
var altNameExt = cert.getExtension("subjectAltName")
if (!altNameExt)
return 'invalid certificate validity (subjectAltName extension not present)'
// check that the domain echo-api.amazon.com is present in SANs section
var domainExists = altNameExt.altNames.some(function(name) {
return name.value === VALID_CERT_SAN
})
if(!domainExists)
return 'invalid certificate validity (correct domain not found in subject alternative names)'
var currTime = new Date().getTime()
var notAfterTime = new Date(cert.validity.notAfter).getTime()
if (notAfterTime <= currTime)export const extractDomainsFromCertificateContent = (certificateContent: string) => {
try {
// 1. wildcard multiple domains
// 2. alt name multiple domains
// https://medium.com/@pubudu538/how-to-create-a-self-signed-ssl-certificate-for-multiple-domains-25284c91142b
// https://www.rpkamp.com/2014/08/25/setting-up-a-multi-domain-self-signed-ssl-certificate/
const cert = pki.certificateFromPem(certificateContent);
let domains = Immutable.List([]);
// multiple domains
if (cert.extensions.length > 0) {
cert.extensions.map((attribute) => {
if (attribute.altNames && attribute.altNames.length > 0) {
attribute.altNames.map((altName: any) => {
domains = domains.push(altName.value);
return altName;
});
}
return attribute;
});
}it('should have correct extensions', () => {
const {cert} = res.ca;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.ca;
expect(getCertificateSubject(resultCert)).toEqual(getCertificateSubject(expectedCert));
expect(resultCert.serialNumber.length).toEqual(expectedCert.serialNumber.length);
expect(map(resultCert.extensions, 'name').sort()).toEqual(map(expectedCert.extensions, 'name').sort());
expect(map(resultCert.extensions, 'id').sort()).toEqual(map(expectedCert.extensions, 'id').sort());
});
it('should have correct basicConstraints and keyUsage', () => {it('should have correct extensions', () => {
const {cert} = res.cert;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.clientCert;
expect(getCertificateIssuer(resultCert)).toEqual(getCertificateSubject(res.ca.cert));
expect(getCertificateIssuer(resultCert)).toEqual(getCertificateIssuer(expectedCert));
expect(getCertificateSubject(resultCert)).toEqual(getCertificateSubject(expectedCert));
expect(parseInt(resultCert.serialNumber, 16).length).toEqual(parseInt(expectedCert.serialNumber, 16).length);
expect(map(resultCert.extensions, 'name').sort()).toEqual(map(expectedCert.extensions, 'name').sort());
expect(map(resultCert.extensions, 'id').sort()).toEqual(map(expectedCert.extensions, 'id').sort());
});
it('should have correct basicConstraints and keyUsage', () => {it('should have correct extensions', () => {
const {cert} = res.ca;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.ca;
expect(getCertificateSubject(resultCert)).toEqual(getCertificateSubject(expectedCert));
expect(resultCert.serialNumber.length).toEqual(expectedCert.serialNumber.length);
expect(map(resultCert.extensions, 'name').sort()).toEqual(map(expectedCert.extensions, 'name').sort());
expect(map(resultCert.extensions, 'id').sort()).toEqual(map(expectedCert.extensions, 'id').sort());
});
it('should have correct basicConstraints and keyUsage', () => {it('should have correct basicConstraints and keyUsage', () => {
const {cert} = res.cert;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.clientCert;
const extensions = groupBy(resultCert.extensions, 'name');
const expectedExtensions = groupBy(expectedCert.extensions, 'name');
expect(extensions.basicConstraints).toEqual(expectedExtensions.basicConstraints);
expect(extensions.keyUsage).toEqual(expectedExtensions.keyUsage);
expect(extensions.extKeyUsage).toEqual(expectedExtensions.extKeyUsage);
});
it('should properly verify', () => {).then(cert => xtend(cert, {
domains: options.domain,
repository: options.repository,
pagesUrl: `${gitlabBaseUrl}/${options.repository}/pages`,
notAfter: pki.certificateFromPem(cert.cert).validity.notAfter
}));
});constructor (opts = {}) {
super(opts)
/** options */
this.opts = opts
if (!this.opts.ca) {
throw new Error('ca not provided')
}
/** root ca certificate in forge format */
this.ca = pki.certificateFromPem(this.opts.ca)
/** ca store in forge format*/
this.caStore = pki.createCaStore([this.ca])
if (!this.opts.cert) {
throw new Error('client certificate not provided')
}
/**
* client cert in PEM format
* @type {string}
*/
this.certPem = this.opts.cert
/**
* client cert in forge format node-forge
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Package Health Score
77 / 100Popular node-forge functions
- node-forge.asn1
- node-forge.cipher
- node-forge.jsbn
- node-forge.md
- node-forge.pem
- node-forge.pkcs12
- node-forge.pkcs5
- node-forge.pkcs7
- node-forge.pki
- node-forge.pki.certificateFromPem
- node-forge.pki.certificateToPem
- node-forge.pki.createCertificate
- node-forge.pki.privateKeyFromPem
- node-forge.pki.privateKeyToPem
- node-forge.pki.publicKeyFromPem
- node-forge.pki.publicKeyToPem
- node-forge.pki.rsa
- node-forge.random
- node-forge.rsa
- node-forge.util