fixed errors

README.md

@@ -54,7 +54,7 @@ Use `createPrivateKey` for creating private keys
 
 Where
 
-  * **keyBitsize** is an optional size of the key, defaults to 1024 (bit)
+  * **keyBitsize** is an optional size of the key, defaults to 2048 (bit)
   * **callback** is a callback function with an error object and `{key}`
 
 ### Create a Certificate Signing Request
@@ -71,8 +71,8 @@ Where
 Possible options are the following
 
   * **clientKey** is an optional client key to use
-  * **keyBitsize** - if `clientKey` is undefined, bit size to use for generating a new key (defaults to 1024)
-  * **hash** is a hash function to use (either `md5` or `sha1`, defaults to `sha1`)
+  * **keyBitsize** - if `clientKey` is undefined, bit size to use for generating a new key (defaults to 2048)
+  * **hash** is a hash function to use (either `md5`, `sha1` or `sha256`, defaults to `sha256`)
   * **country** is a CSR country field
   * **state** is a CSR state field
   * **locality** is a CSR locality field
@@ -123,7 +123,9 @@ Use `readCertificateInfo` for reading subject data from a certificate or a CSR
 Where
 
   * **certificate** is a PEM encoded CSR or a certificate
-  * **callback** is a callback function with an error object and `{country, state, locality, organization, organizationUnit, commonName, emailAddress, validity{start, end} }`
+  * **callback** is a callback function with an error object and `{country, state, locality, organization, organizationUnit, commonName, emailAddress, validity{start, end}, san{dns, ip}? }`
+
+? *san* is only present if the CSR or certificate has SAN entries.
 
 ### Get fingerprint
 

lib/pem.js

@@ -21,7 +21,7 @@ module.exports.getModulus = getModulus;
 /**
  * Creates a private key
  *
- * @param {Number} [keyBitsize=1024] Size of the key, defaults to 1024bit
+ * @param {Number} [keyBitsize=2048] Size of the key, defaults to 2048bit
  * @param {Function} callback Callback function with an error object and {key}
  */
 function createPrivateKey(keyBitsize, callback){
@@ -30,7 +30,7 @@ function createPrivateKey(keyBitsize, callback){
         keyBitsize = undefined;
     }
 
-    keyBitsize = Number(keyBitsize) || 1024;
+    keyBitsize = Number(keyBitsize) || 2048;
 
     var params = ["genrsa",
                   "-rand",
@@ -54,8 +54,8 @@ function createPrivateKey(keyBitsize, callback){
  *
  * @param {Object} [options] Optional options object
  * @param {String} [options.clientKey] Optional client key to use
- * @param {Number} [options.keyBitsize] If clientKey is undefined, bit size to use for generating a new key (defaults to 1024)
- * @param {String} [options.hash] Hash function to use (either md5 or sha1, defaults to sha1)
+ * @param {Number} [options.keyBitsize] If clientKey is undefined, bit size to use for generating a new key (defaults to 2048)
+ * @param {String} [options.hash] Hash function to use (either md5 sha1 or sha256, defaults to sha256)
  * @param {String} [options.country] CSR country field
  * @param {String} [options.state] CSR state field
  * @param {String} [options.locality] CSR locality field
@@ -86,7 +86,7 @@ function createCSR(options, callback){
     }
 
     if(!options.clientKey){
-        createPrivateKey(options.keyBitsize || 1024, function(error, keyData){
+        createPrivateKey(options.keyBitsize || 2048, function(error, keyData){
             if(error){
                 return callback(error);
             }
@@ -98,7 +98,7 @@ function createCSR(options, callback){
 
     var params = ["req",
                   "-new",
-                  "-" + (options.hash || "sha1"),
+                  "-" + (options.hash || "sha256"),
                   "-subj",
                   generateCSRSubject(options),
                   "-key",
@@ -183,7 +183,7 @@ function createCertificate(options, callback){
         if(options.selfSigned){
             options.serviceKey = options.clientKey;
         }else{
-            createPrivateKey(options.keyBitsize || 1024, function(error, keyData){
+            createPrivateKey(options.keyBitsize || 2048, function(error, keyData){
                 if(error){
                     return callback(error);
                 }
@@ -259,7 +259,7 @@ function getPublicKey(certificate, callback){
 
     var params;
 
-    if(certificate.match(/BEGIN CERTIFICATE REQUEST/)){
+    if(certificate.match(/BEGIN(\sNEW)? CERTIFICATE REQUEST/)){
         params = ["req",
                   "-in",
                   "--TMPFILE--",
@@ -300,7 +300,7 @@ function readCertificateInfo(certificate, callback){
 
     certificate = (certificate || "").toString();
 
-    var type = certificate.match(/BEGIN CERTIFICATE REQUEST/)?"req":"x509",
+    var type = certificate.match(/BEGIN(\sNEW)? CERTIFICATE REQUEST/)?"req":"x509",
         params = [type,
                   "-noout",
                   "-text",
@@ -323,7 +323,7 @@ function readCertificateInfo(certificate, callback){
  */
 function getModulus(certificate, callback){
     var type = "";
-    if ( certificate.match(/BEGIN CERTIFICATE REQUEST/)){
+    if ( certificate.match(/BEGIN(\sNEW)? CERTIFICATE REQUEST/)){
         type="req";
     }else if ( certificate.match(/BEGIN RSA PRIVATE KEY/)){
         type="rsa";
@@ -380,50 +380,48 @@ function getFingerprint(certificate, callback){
 function fetchCertificateData(certData, callback){
     certData = (certData || "").toString();
 
-    var subject, extra, tmp, certValues = {};
+    var subject,subject2, extra, tmp, certValues = {};
     var validity = {};
     var san;
 
     if((subject = certData.match(/Subject:([^\n]*)\n/)) && subject.length>1){
+        subject2 = linebrakes(subject[1]+'\n');
         subject = subject[1];
         extra = subject.split("/");
         subject = extra.shift()+"\n";
         extra = extra.join("/")+"\n";
 
         // country
-        tmp = subject.match(/\sC=([^,\n].*?)[,\n]/);
+        tmp = subject2.match(/\sC=([^\n].*?)[\n]/);
         certValues.country = tmp && tmp[1] || "";
         // state
-        tmp = subject.match(/\sST=([^,\n].*?)[,\n]/);
+        tmp = subject2.match(/\sST=([^\n].*?)[\n]/);
         certValues.state = tmp && tmp[1] || "";
         // locality
-        tmp = subject.match(/\sL=([^,\n].*?)[,\n]/);
+        tmp = subject2.match(/\sL=([^\n].*?)[\n]/);
         certValues.locality = tmp && tmp[1] || "";
         // organization
-        tmp = subject.match(/\sO=([^,\n].*?)[,\n]/);
+        tmp = subject2.match(/\sO=([^\n].*?)[\n]/);
         certValues.organization = tmp && tmp[1] || "";
         // unit
-        tmp = subject.match(/\sOU=([^,\n].*?)[,\n]/);
+        tmp = subject2.match(/\sOU=([^\n].*?)[\n]/);
         certValues.organizationUnit = tmp && tmp[1] || "";
         // common name
-        tmp = subject.match(/\sCN=([^,\n].*?)[,\n]/);
+        tmp = subject2.match(/\sCN=([^\n].*?)[\n]/);
         certValues.commonName = tmp && tmp[1] || "";
         //email
-        tmp = extra.match(/emailAddress=([^,\n\/].*?)[,\n\/]/);
+        tmp = extra.match(/emailAddress=([^\n\/].*?)[\n\/]/);
         certValues.emailAddress = tmp && tmp[1] || "";
     }
     if((san = certData.match(/X509v3 Subject Alternative Name: \n([^\n]*)\n/)) && san.length>1){
         san = san[1].trim()+'\n';
-        extra = subject.split("/");
-        subject = extra.shift()+"\n";
-        extra = extra.join("/")+"\n";
-
+        certValues.san = {};
         // country
         tmp = preg_match_all('DNS:([^,\\n].*?)[,\\n]',san);
-        certValues.SAN_DNS = tmp || "";
+        certValues.san.dns = tmp || "";
         // country
         tmp = preg_match_all('IP Address:([^,\\n].*?)[,\\n\\s]',san);
-        certValues.SAN_IP = tmp || "";
+        certValues.san.ip = tmp || "";
     }
     if ((tmp = certData.match(/Not Before\s?:\s?([^\n]*)\n/)) && tmp.length>1)
        validity.start = Date.parse(tmp && tmp[1] || "");
@@ -435,6 +433,29 @@ function fetchCertificateData(certData, callback){
     callback(null, certValues);
 }
 
+
+
+function linebrakes (content){
+var helper_x, p,subject;
+helper_x = content.replace(/(C|L|O|OU|ST|CN)=/g, "\n$1=");
+helper_x = preg_match_all('((C|L|O|OU|ST|CN)=[^\n].*)',helper_x);
+for(p in helper_x){
+    subject = helper_x[p].trim();
+    content = subject.split("/");
+    subject = content.shift();
+    helper_x[p] = rtrim(subject,',');
+}
+return " " + helper_x.join('\n') + "\n";
+}
+
+function rtrim(str, charlist) {
+  charlist = !charlist ? ' \\s\u00A0' : (charlist + '')
+    .replace(/([\[\]\(\)\.\?\/\*\{\}\+\$\^\:])/g, '\\$1');
+  var re = new RegExp('[' + charlist + ']+$', 'g');
+  return (str + '')
+    .replace(re, '');
+}
+
 function preg_match_all(regex, haystack) {
    var globalRegex = new RegExp(regex, 'g');
    var globalMatch = haystack.match(globalRegex);

test/pem.js

@@ -15,7 +15,7 @@ exports["General Tests"] = {
             test.ok(key);
             test.ok(key.match(/^\n*\-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-\n/));
             test.ok(key.match(/\n\-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-\n*$/));
-            test.ok(key.trim().length > 850 && key.trim().length < 900);
+            test.ok(key.trim().length > 850 && key.trim().length < 1900);
             test.ok(fs.readdirSync("./tmp").length == 0);
             test.done();
         });