fix(SSO): SAMLのメタデータに使われる証明書を保存するように
This commit is contained in:
まっちゃとーにゅ
parent
fa4db2c420
commit
29e8fe419f
6 changed files with 85 additions and 52 deletions
33
packages/backend/src/misc/gen-x509-cert-from-jwk.ts
Normal file
33
packages/backend/src/misc/gen-x509-cert-from-jwk.ts
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
import forge from 'node-forge';
|
||||
import * as jose from 'jose';
|
||||
|
||||
export async function genX509CertFromJWK(
|
||||
hostname: string,
|
||||
notBefore: Date,
|
||||
notAfter: Date,
|
||||
publicKey: string,
|
||||
privateKey: string,
|
||||
): Promise<string> {
|
||||
const cert = forge.pki.createCertificate();
|
||||
cert.serialNumber = '01';
|
||||
cert.validity.notBefore = notBefore;
|
||||
cert.validity.notAfter = notAfter;
|
||||
|
||||
const attrs = [{ name: 'commonName', value: hostname }];
|
||||
cert.setSubject(attrs);
|
||||
cert.setIssuer(attrs);
|
||||
cert.publicKey = await jose
|
||||
.importJWK(JSON.parse(publicKey))
|
||||
.then((k) => jose.exportSPKI(k as jose.KeyLike))
|
||||
.then((k) => forge.pki.publicKeyFromPem(k));
|
||||
|
||||
cert.sign(
|
||||
await jose
|
||||
.importJWK(JSON.parse(privateKey))
|
||||
.then((k) => jose.exportPKCS8(k as jose.KeyLike))
|
||||
.then((k) => forge.pki.privateKeyFromPem(k)),
|
||||
forge.md.sha256.create(),
|
||||
);
|
||||
|
||||
return forge.pki.certificateToPem(cert);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue