forked from nodejs/node
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: add script to create 0-dns-cert.pem
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key` directory, but the cert file cannot be created with the openssl command via Makefile. Added a script to create it with using `asn1.js` and `asn1.js-rfc5280` and moved them out of key directory and put into `test/fixtures/0-dns`. The domains listed in the cert were also changed into example.com and example.org to show the use for only testing. Fixes: nodejs#10228 PR-URL: nodejs#11579 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
- Loading branch information
Showing
9 changed files
with
170 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIDGDCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5jYS5l | ||
eGFtcGxlLmNvbTAeFw0xNzAzMDIwMTMxMjJaFw0yNzAyMjgwMTMxMjJaMBsxGTAX | ||
BgNVBAMTEGV2aWwuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw | ||
ggEKAoIBAQDFyJT0kv2P9L6iNY6TL7IZonAR8R9ev7iD1tR5ycMEpM/y6WTefIco | ||
civMcBGVZWtCgkoePHiveH9UIep7HFGB4gxCYDZFYB46yGS0YH2fB5GWXTLYObYa | ||
zxuEhgFRG0DLIwNDRLW0+0FG3disp7YdRHBtdbL58F/qNORqPEjIpoQxOJc2UqX2 | ||
/gfomJRdFW/PSgN7uH2QwMzRQRIrKmyAFzeuEWVP+UAV4853Yg66PmYpAASyt069 | ||
sE8QNTNE75KrerMmYzH7AmTEGvY8bukrDuVQZce2/lcK2rAE+G6at2eBNMZKOnzR | ||
y9kWIiJ3rR7+WK55EKelLz0doZFKteu1AgMBAAGjaTBnMGUGA1UdEQReMFyCImdv | ||
b2QuZXhhbXBsZS5vcmcALmV2aWwuZXhhbXBsZS5jb22CGGp1c3QtYW5vdGhlci5l | ||
eGFtcGxlLmNvbYcECAgICIcECAgEBIIQbGFzdC5leGFtcGxlLmNvbTANBgkqhkiG | ||
9w0BAQsFAAOCAQEAvreVoOZO2gpM4Dmzp70D30XZjsK9i0BCsRHBvPLPw3y8B2xg | ||
BRtOREOI69NU0WGpj5Lbqww5M8M1hjHshiGEu2aXfZ6qM3lENaIMCpKlF9jbm02/ | ||
wmxNaAnS8bDSZyO5rbsGr2tJb4ds7DazmMEKWhOBEpJoOp9rG6SAey+a6MkZ7NEN | ||
0p3THCqNf3lL1KblPrMvdsyhHPEzv4uT7+YAnLKHwGzbihcWJRsRo5oipWL8ZDhn | ||
bd3SMWtfRTSWDmghJaHke2xIjDtTwSjHjjPTFsK+rl227W8r4/EQI/X6fTQV2j3T | ||
7zqrJLF9h9F/v3mo57k6sxsQNZ12XvhuTHC2dA== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEowIBAAKCAQEAxciU9JL9j/S+ojWOky+yGaJwEfEfXr+4g9bUecnDBKTP8ulk | ||
3nyHKHIrzHARlWVrQoJKHjx4r3h/VCHqexxRgeIMQmA2RWAeOshktGB9nweRll0y | ||
2Dm2Gs8bhIYBURtAyyMDQ0S1tPtBRt3YrKe2HURwbXWy+fBf6jTkajxIyKaEMTiX | ||
NlKl9v4H6JiUXRVvz0oDe7h9kMDM0UESKypsgBc3rhFlT/lAFePOd2IOuj5mKQAE | ||
srdOvbBPEDUzRO+Sq3qzJmMx+wJkxBr2PG7pKw7lUGXHtv5XCtqwBPhumrdngTTG | ||
Sjp80cvZFiIid60e/liueRCnpS89HaGRSrXrtQIDAQABAoIBABcGA3j5B3VTi0F8 | ||
tI0jtzrOsvcTt5AjB0qpnnBS8VXADcj8LFbN7jniGIEi5pkahkLmwdQFPBNJFqFn | ||
lVEheceB1eWAJ7EpwDsdisOIm/cAPY1gagPLrAww4cYqh0q2vnMnL0EMZY6c1Pt3 | ||
5borh8KebewAEIaR2ch8wb4wKFTbAM0DftYBFzHAF88OeCuIpdsk2Tz0sVQbA3/1 | ||
XNLOVcJvDOVIRPEpo2l7RIN33KvDhzpMoV3qVzWxqdccPRZZFU5KmJ6DtouIPT3S | ||
3WauIL5oVpAyYNJETTyxjBQE4DgFeNX1Wyycgk27EoLcn6Trcs0kNVrmXXblNAtJ | ||
Nko6g10CgYEA+TjzNjyAXPrOpY88uiPVMAgepEQOnDYtMwasdDVaW3xK9KH1rrhU | ||
dx1IDTMmOUfyU2qsj5txmJtReQz//1bpd7e73VO8mHQDUubhs2TivgGs+fqzAdmT | ||
vJsjerfNsxf+4JENzzWmqT/Ybc976Tu55VH5mcRG9Q66fTxdAJ51+8MCgYEAyymF | ||
gntRMBd9e/KIiqlvcxelo0ahyKEzaJC7/FkZotuSB+kAwpdJ5Unb0FeVQZxNhDPg | ||
xgsrGOOOvHvfhv7DPU0TQ/vp6VDPdg+N6m/Ow2vr79A2v6s+7gZj3MLiLRFyEF6l | ||
bxQNGe3qavnm3owUQQCY2RLBKYCFfv/cykYlGycCgYB6etKMRQ+QonIMS2i80f9j | ||
q5njgM7tVnLAMPdv5QiTDXKI50+mnlBkea9/TTPr0r/03ugPa4VYSnyv0QO+qSfz | ||
/ggFrbFx+xHnHDCvyVTlrE0mTV7L+fHxLw0wskQVUCWil6cBvow5gXcMAHwVE5U4 | ||
biEMwLlele5wvcm3FClHoQKBgACV/RGUQ3atCqqZ13T26iBd2Bdxc7P9awWJLVGb | ||
/CvxECm/rUXiY88qeFzQc9i9l6ei8qn/jD9FILtAbDOadnutxjly94i5t+9yOgmM | ||
Cv+bRxHo+s9wsfzDvfP8B+TzYO3VKAr69tK1UfC/CcBojQJm+wndOPtiqH/mQv++ | ||
VgsPAoGBAJ0aNJe3zb+blvAQ3W4iPSjhyxdMC00x46pr6ds+Y8WygbN6lzCvNDw6 | ||
FFTINBckOs5Z/UWUNbExWYjBHZhLlhhxTezCzvIrwNvgUB8Y4sPk3S4KDsnkyy6f | ||
/qMmEHlVyKjh2BCNs7PVnWDlfl3vECE7n8dBizFHgja76l1ia+0z | ||
-----END RSA PRIVATE KEY----- |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
## Purpose | ||
The test cert file for use `test/parallel/test-tls-0-dns-altname.js` | ||
can be created by using `asn1.js` and `asn1.js-rfc5280`, | ||
|
||
## How to create a test cert. | ||
|
||
```sh | ||
$ openssl genrsa -out 0-dns-key.pem 2048 | ||
Generating RSA private key, 2048 bit long modulus | ||
...................+++ | ||
..............................................................................................+++ | ||
e is 65537 (0x10001) | ||
$ openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der -out 0-dns-rsapub.der | ||
writing RSA key | ||
$ npm install | ||
0-dns@1.0.0 /home/github/node/test/fixtures/0-dns | ||
+-- asn1.js@4.9.1 | ||
| +-- bn.js@4.11.6 | ||
| +-- inherits@2.0.3 | ||
| `-- minimalistic-assert@1.0.0 | ||
`-- asn1.js-rfc5280@1.2.2 | ||
|
||
$ node ./createCert.js | ||
$ openssl x509 -text -in 0-dns-cert.pem | ||
(You can not see evil.example.com in subjectAltName field) | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
'use strict'; | ||
const asn1 = require('asn1.js'); | ||
const crypto = require('crypto'); | ||
const fs = require('fs'); | ||
const rfc5280 = require('asn1.js-rfc5280'); | ||
const BN = asn1.bignum; | ||
|
||
const id_at_commonName = [ 2, 5, 4, 3 ]; | ||
const rsaEncryption = [1, 2, 840, 113549, 1, 1, 1]; | ||
const sha256WithRSAEncryption = [1, 2, 840, 113549, 1, 1, 11]; | ||
const sigalg = 'RSA-SHA256'; | ||
|
||
const private_key = fs.readFileSync('./0-dns-key.pem'); | ||
// public key file can be generated from the private key with | ||
// openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der | ||
// -out 0-dns-rsapub.der | ||
const public_key = fs.readFileSync('./0-dns-rsapub.der'); | ||
|
||
const now = Date.now(); | ||
const days = 3650; | ||
|
||
const Null_ = asn1.define('Null_', function() { | ||
this.null_(); | ||
}); | ||
const null_ = Null_.encode('der'); | ||
|
||
const PrintStr = asn1.define('PrintStr', function() { | ||
this.printstr(); | ||
}); | ||
const issuer = PrintStr.encode('ca.example.com', 'der'); | ||
const subject = PrintStr.encode('evil.example.com', 'der'); | ||
|
||
const tbs = { | ||
version: 'v3', | ||
serialNumber: new BN('01', 16), | ||
signature: { algorithm: sha256WithRSAEncryption, parameters: null_}, | ||
issuer: { type: 'rdnSequence', | ||
value: [ [{type: id_at_commonName, value: issuer}] ] }, | ||
validity: | ||
{ notBefore: { type: 'utcTime', value: now }, | ||
notAfter: { type: 'utcTime', value: now + days * 86400000} }, | ||
subject: { type: 'rdnSequence', | ||
value: [ [{type: id_at_commonName, value: subject}] ] }, | ||
subjectPublicKeyInfo: | ||
{ algorithm: { algorithm: rsaEncryption, parameters: null_}, | ||
subjectPublicKey: { unused: 0, data: public_key} }, | ||
extensions: | ||
[ { extnID: 'subjectAlternativeName', | ||
critical: false, | ||
// subjectAltName which contains '\0' character to check CVE-2009-2408 | ||
extnValue: [ | ||
{ type: 'dNSName', value: 'good.example.org\u0000.evil.example.com' }, | ||
{ type: 'dNSName', value: 'just-another.example.com' }, | ||
{ type: 'iPAddress', value: Buffer.from('08080808', 'hex') }, | ||
{ type: 'iPAddress', value: Buffer.from('08080404', 'hex') }, | ||
{ type: 'dNSName', value: 'last.example.com' } ] } | ||
] | ||
}; | ||
|
||
const tbs_der = rfc5280.TBSCertificate.encode(tbs, 'der'); | ||
|
||
const sign = crypto.createSign(sigalg); | ||
sign.update(tbs_der); | ||
const signature = sign.sign(private_key); | ||
|
||
const cert = { | ||
tbsCertificate: tbs, | ||
signatureAlgorithm: { algorithm: sha256WithRSAEncryption, parameters: null_ }, | ||
signature: | ||
{ unused: 0, | ||
data: signature } | ||
}; | ||
const pem = rfc5280.Certificate.encode(cert, 'pem', {label: 'CERTIFICATE'}); | ||
|
||
fs.writeFileSync('./0-dns-cert.pem', pem + '\n'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"name": "0-dns", | ||
"version": "1.0.0", | ||
"description": "create certificate for 0-dns test", | ||
"main": "createCert.js", | ||
"scripts": { | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"author": "", | ||
"license": "SEE LICENSE IN ../../../LICENSE", | ||
"private": true, | ||
"dependencies": { | ||
"asn1.js": "^4.9.1", | ||
"asn1.js-rfc5280": "^1.2.2" | ||
} | ||
} |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters