Support csr config (#75)

* add support for csr config file * test support for csr config file
Dexus · May 2, 2016 · 25871e5 · 25871e5
1 parent e72a48c
commit 25871e5
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -96,6 +96,7 @@ Possible options are the following
   * **commonName** is a CSR common name field (defaults to `localhost`)
   * **altNames** is a list (`Array`) of subjectAltNames in the subjectAltName field (optional)
   * **emailAddress** is a CSR email address field
+  * **csrConfigFile** is a CSR config file
 
 ### Create a certificate
 

diff --git a/lib/pem.js b/lib/pem.js
@@ -134,6 +134,7 @@ function createDhparam(keyBitsize, callback) {
  * @param {String} [options.organizationUnit] CSR organizational unit field
  * @param {String} [options.commonName='localhost'] CSR common name field
  * @param {String} [options.emailAddress] CSR email address field
+ * @param {String} [options.csrConfigFile] CSR config file
  * @param {Array}  [options.altNames] is a list of subjectAltNames in the subjectAltName field
  * @param {Function} callback Callback function with an error object and {csr, clientKey}
  */
@@ -167,12 +168,21 @@ function createCSR(options, callback) {
 
     var params = ['req',
         '-new',
-        '-' + (options.hash || 'sha256'),
-        '-subj',
-        generateCSRSubject(options),
-        '-key',
-        '--TMPFILE--'
+        '-' + (options.hash || 'sha256')
     ];
+
+    if (options.csrConfigFile) {
+        params.push('-config');
+        params.push(options.csrConfigFile);
+    }
+    else {
+        params.push('-subj');
+        params.push(generateCSRSubject(options));
+    }
+
+    params.push('-key');
+    params.push('--TMPFILE--');
+
     var tmpfiles = [options.clientKey];
     var config = null;
 

diff --git a/test/fixtures/test.cnf b/test/fixtures/test.cnf
@@ -0,0 +1,26 @@
+[ req ]
+default_bits           = 4096
+days                   = 9999
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+prompt                 = no
+x509_extensions        = v3_ca
+
+[ req_distinguished_name ]
+C                      = EE
+ST                     = Harjumaa
+L                      = Tallinn
+O                      = Node.ee
+OU                     = test
+CN                     = www.node.ee
+emailAddress           = andris@node.ee
+
+[ req_attributes ]
+challengePassword      = challengePass
+
+[ v3_ca ]
+authorityInfoAccess = @issuer_info
+
+[ issuer_info ]
+OCSP;URI.0 = http://ocsp.node.ee/
+caIssuers;URI.0 = http://node.ee/ca.cert
diff --git a/test/pem.js b/test/pem.js
@@ -92,6 +92,37 @@ exports['General Tests'] = {
         });
     },
 
+    'Create CSR using config file': function(test) {
+        var certInfo = {
+            issuer : {},
+            country: 'EE',
+            state: 'Harjumaa',
+            locality: 'Tallinn',
+            organization: 'Node.ee',
+            organizationUnit: 'test',
+            commonName: 'www.node.ee',
+            emailAddress: 'andris@node.ee'
+        };
+
+        pem.createCSR({ csrConfigFile: './test/fixtures/test.cnf' }, function(error, data) {
+            var csr = (data && data.csr || '').toString();
+            test.ifError(error);
+            test.ok(csr);
+            test.ok(csr.match(/^\n*\-\-\-\-\-BEGIN CERTIFICATE REQUEST\-\-\-\-\-\n/));
+            test.ok(csr.match(/\n\-\-\-\-\-END CERTIFICATE REQUEST\-\-\-\-\-\n*$/));
+
+            test.ok(data && data.clientKey);
+            test.ok(fs.readdirSync('./tmp').length === 0);
+
+            pem.readCertificateInfo(csr, function(error, data) {
+                test.ifError(error);
+                test.deepEqual(data, certInfo);
+                test.ok(fs.readdirSync('./tmp').length === 0);
+                test.done();
+            });
+        });
+    },
+
     'Create CSR with own key': function(test) {
         pem.createPrivateKey(function(error, data) {
             var key = (data && data.key || '').toString();