( hostname: string, ca: CaData, )
| 48 | } |
| 49 | |
| 50 | export function createSecureContextForHost( |
| 51 | hostname: string, |
| 52 | ca: CaData, |
| 53 | ): tls.SecureContext { |
| 54 | const keys = forge.pki.rsa.generateKeyPair(2048); |
| 55 | const cert = forge.pki.createCertificate(); |
| 56 | cert.publicKey = keys.publicKey; |
| 57 | cert.serialNumber = String(Date.now()); |
| 58 | |
| 59 | const now = new Date(); |
| 60 | const oneYearLater = new Date(); |
| 61 | oneYearLater.setFullYear(oneYearLater.getFullYear() + 1); |
| 62 | cert.validity.notBefore = now; |
| 63 | cert.validity.notAfter = oneYearLater; |
| 64 | |
| 65 | cert.setSubject([{ name: "commonName", value: hostname }]); |
| 66 | cert.setIssuer(ca.caCert.subject.attributes); |
| 67 | cert.setExtensions([ |
| 68 | { |
| 69 | name: "subjectAltName", |
| 70 | altNames: [{ type: 2, value: hostname }], |
| 71 | }, |
| 72 | ]); |
| 73 | |
| 74 | cert.sign(ca.caKey, forge.md.sha256.create()); |
| 75 | |
| 76 | return tls.createSecureContext({ |
| 77 | key: forge.pki.privateKeyToPem(keys.privateKey), |
| 78 | cert: forge.pki.certificateToPem(cert), |
| 79 | ca: ca.certPem, |
| 80 | }); |
| 81 | } |
no test coverage detected
searching dependent graphs…