How to use node-forge - 10 common examples
To help you get started, we’ve selected a few node-forge examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mgcrea / node-easyrsa / test / spec / ssl.spec.js View on Github 
it('should have correct basicConstraints and keyUsage', () => {
const {cert} = res.cert;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.cert;
// d(getCertificateShortSubject(expectedCert));
const extensions = groupBy(resultCert.extensions, 'name');
const expectedExtensions = groupBy(expectedCert.extensions, 'name');
expect(extensions.basicConstraints).toEqual(expectedExtensions.basicConstraints);
expect(extensions.keyUsage).toEqual(expectedExtensions.keyUsage);
// expect(extensions.extKeyUsage).toEqual(expectedExtensions.extKeyUsage);
});
});it('should have correct extensions', () => {
const {cert} = res.cert;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.cert;
expect(getCertificateIssuer(resultCert)).toEqual(getCertificateSubject(res.ca.cert));
// expect(getCertificateIssuer(resultCert)).toEqual(getCertificateIssuer(expectedCert)); // @TODO chain
expect(getCertificateSubject(resultCert)).toEqual(getCertificateSubject(expectedCert));
expect(parseInt(resultCert.serialNumber, 16).length).toEqual(parseInt(expectedCert.serialNumber, 16).length);
expect(map(resultCert.extensions, 'name').sort()).toEqual(map(expectedCert.extensions, 'name').sort());
expect(map(resultCert.extensions, 'id').sort()).toEqual(map(expectedCert.extensions, 'id').sort());
});
it('should have correct basicConstraints and keyUsage', () => {it('should have correct extensions', () => {
const {cert} = res.ca;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.ca;
// expect(getSubjectFromAttrs(cert.issuer.attributes.attributes)).toEqual(getCertificateSubject(res.ca.cert));
expect(getCertificateSubject(resultCert)).toEqual(getCertificateSubject(expectedCert));
expect(resultCert.serialNumber.length).toEqual(expectedCert.serialNumber.length);
expect(map(resultCert.extensions, 'name').sort()).toEqual(map(expectedCert.extensions, 'name').sort());
expect(map(resultCert.extensions, 'id').sort()).toEqual(map(expectedCert.extensions, 'id').sort());
});
it('should have correct basicConstraints and keyUsage', () => {it('should have correct extensions', () => {
const {cert} = res.cert;
const certPem = pki.certificateToPem(cert);
const resultCert = pki.certificateFromPem(certPem);
const expectedCert = fixtures.cert;
expect(getCertificateIssuer(resultCert)).toEqual(getCertificateSubject(res.ca.cert));
// expect(getCertificateIssuer(resultCert)).toEqual(getCertificateIssuer(expectedCert)); // @TODO chain
expect(getCertificateSubject(resultCert)).toEqual(getCertificateSubject(expectedCert));
expect(parseInt(resultCert.serialNumber, 16).length).toEqual(parseInt(expectedCert.serialNumber, 16).length);
// expect(map(resultCert.extensions, 'name').sort()).toEqual(map(expectedCert.extensions, 'name').sort());
// expect(map(resultCert.extensions, 'id').sort()).toEqual(map(expectedCert.extensions, 'id').sort());
});
it('should have correct basicConstraints and keyUsage', () => {// Create and sign the CSR
var csr = forge.pki.createCertificationRequest();
csr.publicKey = publicKey;
csr.setSubject([{ name: 'commonName', value: names[0] }]);
var sans = [];
for (i in names) {
sans.push({ type: 2, value: names[i] });
}
csr.setAttributes([{
name: 'extensionRequest',
extensions: [{name: 'subjectAltName', altNames: sans}]
}]);
csr.sign(privateKey, forge.md.sha256.create());
// Convert CSR -> DER -> Base64
var der = forge.asn1.toDer(forge.pki.certificationRequestToAsn1(csr));
return util.b64enc(bytesToBuffer(der));
},name: 'subjectAltName',
altNames: [{
type: 6, // URI
value: 'http://example.org/webid#me'
}, {
type: 7, // IP
ip: '127.0.0.1'
}]
}, {
name: 'subjectKeyIdentifier'
}])
// self-sign certificate
cert.sign(keys.privateKey)
return pki.certificateToPem(cert)
}function createInvalidCert () {
var keys = pki.rsa.generateKeyPair(512)
var cert = pki.createCertificate()
cert.publicKey = keys.publicKey
// alternatively set public key from a csr
//cert.publicKey = csr.publicKey
cert.serialNumber = '01'
cert.validity.notBefore = new Date()
cert.validity.notAfter = new Date()
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1)
var attrs = [{
name: 'commonName',
value: 'example.org'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',function createInvalidCert () {
var keys = pki.rsa.generateKeyPair(512)
var cert = pki.createCertificate()
cert.publicKey = keys.publicKey
// alternatively set public key from a csr
//cert.publicKey = csr.publicKey
cert.serialNumber = '01'
cert.validity.notBefore = new Date()
cert.validity.notAfter = new Date()
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1)
var attrs = [{
name: 'commonName',
value: 'example.org'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Virginia'logger.info(moduleName, 'Certificate created.');
var userPriKey = forge.pki.privateKeyToPem(keys.privateKey);
var userCert = forge.pki.certificateToPem(cert);
var caCert = loadCaCert();
var certArray = [userCert, caCert];
// create PKCS12
logger.info(moduleName, 'Creating PKCS#12...');
var newPkcs12Asn1 = forge.pkcs12.toPkcs12Asn1(
keys.privateKey, certArray, authorPassword,
{generateLocalKeyId: true, friendlyName: authorCertName});
var newPkcs12Der = forge.asn1.toDer(newPkcs12Asn1).getBytes();
fs.writeFileSync(authorCertPath, newPkcs12Der);
logger.info(moduleName, authorCertPath + ' created.');
} catch(ex) {
if(ex.stack) {
console.log(ex.stack);
} else {
console.log('Error', ex);
}
}
}
exports.createCert = createCert;decrypt(encrypted, password) {
const key = forge.pkcs5.pbkdf2(password, this.salt, 10, 16); // numIterations set to 10
const decipher = forge.cipher.createDecipher(setting.cipherMode, key);
decipher.start({ iv: this.iv, tag: this.tag });
decipher.update(encrypted);
const pass = decipher.finish();
// const result = decipher.finish(); // check 'result' for true/false
// outputs decrypted hex
// console.log(decipher.output.toHex());
if (pass) {
return decipher.output.data;
}
console.log('Authentication failed.');
return false;
}node-forge
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Package Health Score
77 / 100Popular node-forge functions
- node-forge.asn1
- node-forge.cipher
- node-forge.jsbn
- node-forge.md
- node-forge.pem
- node-forge.pkcs12
- node-forge.pkcs5
- node-forge.pkcs7
- node-forge.pki
- node-forge.pki.certificateFromPem
- node-forge.pki.certificateToPem
- node-forge.pki.createCertificate
- node-forge.pki.privateKeyFromPem
- node-forge.pki.privateKeyToPem
- node-forge.pki.publicKeyFromPem
- node-forge.pki.publicKeyToPem
- node-forge.pki.rsa
- node-forge.random
- node-forge.rsa
- node-forge.util