fix(ts_node): Fixed issues in HTTPS certificate generation for TapNodeTools

2024-09-18 17:56:53 +02:00
parent 22ec504b0f
commit 0e80700481
7 changed files with 63 additions and 38 deletions
--- a/ts_node/classes.tapnodetools.ts
+++ b/ts_node/classes.tapnodetools.ts
@@ -1,5 +1,4 @@
 import * as plugins from './plugins.js';
-import { createSign } from 'crypto';

 class TapNodeTools {
  private smartshellInstance: plugins.smartshell.Smartshell;
@@ -19,47 +18,40 @@ class TapNodeTools {
  public async createHttpsCert(
    commonName: string = 'localhost'
  ): Promise<{ key: string; cert: string }> {
-    // Generate RSA key pair
-    const { publicKey, privateKey } = plugins.crypto.generateKeyPairSync('rsa', {
-      modulusLength: 2048,
-      publicExponent: 65537,
-    });
+    // Generate a key pair
+    const keys = plugins.smartcrypto.nodeForge.pki.rsa.generateKeyPair(2048);

    // Create a self-signed certificate
-    const cert = this.generateSelfSignedCert(publicKey, privateKey, commonName);
+    const cert = plugins.smartcrypto.nodeForge.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = '01';
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);

-    // Export the private key and return the cert and key
-    const keyContent = privateKey.export({
-      type: 'pkcs8',
-      format: 'pem',
-    });
+    const attrs = [
+      { name: 'commonName', value: commonName },
+      { name: 'countryName', value: 'US' },
+      { shortName: 'ST', value: 'California' },
+      { name: 'localityName', value: 'San Francisco' },
+      { name: 'organizationName', value: 'My Company' },
+      { shortName: 'OU', value: 'Dev' },
+    ];
+    cert.setSubject(attrs);
+    cert.setIssuer(attrs);
+
+    // Sign the certificate with its own private key (self-signed)
+    cert.sign(keys.privateKey, plugins.smartcrypto.nodeForge.md.sha256.create());
+
+    // PEM encode the private key and certificate
+    const pemKey = plugins.smartcrypto.nodeForge.pki.privateKeyToPem(keys.privateKey);
+    const pemCert = plugins.smartcrypto.nodeForge.pki.certificateToPem(cert);

    return {
-      key: keyContent as string,
-      cert: cert,
+      key: pemKey,
+      cert: pemCert,
    };
  }
-
-  private generateSelfSignedCert(publicKey, privateKey, commonName: string): string {
-    const sign = createSign('SHA256');
-    const certData = {
-      subject: `/CN=${commonName}`,
-      publicKey: publicKey.export({ type: 'spki', format: 'pem' }),
-    };
-
-    sign.update(JSON.stringify(certData));
-    sign.end();
-
-    const signature = sign.sign(privateKey, 'base64');
-
-    return (
-      '-----BEGIN CERTIFICATE-----\n' +
-      Buffer.from(certData.publicKey).toString('base64') +
-      '\n' +
-      signature +
-      '\n-----END CERTIFICATE-----\n'
-    );
-  }
 }

 export const tapNodeTools = new TapNodeTools();
--- a/ts_node/plugins.ts
+++ b/ts_node/plugins.ts
@@ -5,6 +5,7 @@ import * as fs from 'fs';
 export { crypto,fs };

 // @push.rocks scope
+import * as smartcrypto from '@push.rocks/smartcrypto';
 import * as smartshell from '@push.rocks/smartshell';

-export { smartshell };
+export { smartcrypto, smartshell };