mirror of https://github.com/boxyhq/jackson.git
46 lines
1.2 KiB
TypeScript
46 lines
1.2 KiB
TypeScript
import * as x509 from '@peculiar/x509';
|
|
import { Crypto } from '@peculiar/webcrypto';
|
|
|
|
const crypto = new Crypto();
|
|
x509.cryptoProvider.set(crypto);
|
|
|
|
const alg = {
|
|
name: 'RSASSA-PKCS1-v1_5',
|
|
hash: 'SHA-256',
|
|
publicExponent: new Uint8Array([1, 0, 1]),
|
|
modulusLength: 2048,
|
|
};
|
|
|
|
const generate = async () => {
|
|
const keys = await crypto.subtle.generateKey(alg, true, ['sign', 'verify']);
|
|
|
|
const extensions: x509.Extension[] = [new x509.BasicConstraintsExtension(false, undefined, true)];
|
|
|
|
extensions.push(new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature, true));
|
|
if (keys.publicKey) {
|
|
extensions.push(await x509.SubjectKeyIdentifierExtension.create(keys.publicKey));
|
|
}
|
|
|
|
const cert = await x509.X509CertificateGenerator.createSelfSigned({
|
|
serialNumber: '01',
|
|
name: 'CN=BoxyHQ Jackson',
|
|
notBefore: new Date(),
|
|
notAfter: new Date('3021/01/01'), // TODO: set shorter expiry and rotate ceritifcates
|
|
signingAlgorithm: alg,
|
|
keys: keys,
|
|
extensions,
|
|
});
|
|
if (keys.privateKey) {
|
|
const pkcs8 = await crypto.subtle.exportKey('pkcs8', keys.privateKey);
|
|
|
|
return {
|
|
publicKey: cert.toString('pem'),
|
|
privateKey: x509.PemConverter.encode(pkcs8, 'private key'),
|
|
};
|
|
}
|
|
};
|
|
|
|
export default {
|
|
generate,
|
|
};
|