backend-only-api/extract-keys.js at main · StantonMatt/backend-only-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
'use strict';

const path = require('path');
const forge = require('node-forge');
const fs = require('fs-extra');

const paths = require('./paths.js');

const projectRoot = path.resolve(__dirname);

const privateKeyPath = paths.getPrivateKeyPath();
const publicCertPath = paths.getPublicCertPath();
const pfxPasswordPath = paths.getPfxPasswordPath();
const pfxPath = paths.getPfxPath();
const cerPath = paths.getCerPath();

async function generateCer() {
  try {
    const pfxPassword = await fs.readFile(pfxPasswordPath, 'utf8');

    const pfxData = await fs.readFile(pfxPath, 'binary');

    // Parse the PFX file using node-forge
    const p12Asn1 = forge.asn1.fromDer(pfxData, false);
    const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, pfxPassword);

    // Extract the certificate(s)
    const certBags = p12.getBags({ bagType: forge.pki.oids.certBag });
    // This example assumes there is at least one certificate
    const cert = certBags[forge.pki.oids.certBag][0].cert;
    const pem = forge.pki.certificateToPem(cert);

    // Write the certificate to a file
    await fs.writeFile(cerPath, pem, 'utf8');

    console.log('Certificate extracted successfully:', path.relative(projectRoot, cerPath));
  } catch (error) {
    console.log(`Failed to generate certificate: ${error}`);
  }
}

async function extractPrivateKey() {
  try {
    const pfxFile = await fs.readFile(pfxPath);
    const pfxPassword = (await fs.readFile(pfxPasswordPath, 'utf8')).trim();

    const p12Asn1 = forge.asn1.fromDer(pfxFile.toString('binary'));
    const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, pfxPassword);

    let privateKey = null;

    for (const safeContents of p12.safeContents) {
      for (const safeBag of safeContents.safeBags) {
        if (safeBag.type === forge.pki.oids.pkcs8ShroudedKeyBag) {
          privateKey = forge.pki.privateKeyToPem(safeBag.key);
          console.log('Private Key extracted');
          break;
        }
      }
      if (privateKey) break;
    }

    if (privateKey) {
      await fs.writeFile(privateKeyPath, privateKey);
      console.log('Private key has been saved successfully.');
      return privateKey;
    } else {
      console.log('Private key not found in the .pfx file.');
      return null;
    }
  } catch (error) {
    console.error('Failed to process PFX file:', error);
  }
}

async function extractPublicCertificate() {
  try {
    const pfxPassword = (await fs.readFile(pfxPasswordPath, 'utf8')).trim();
    const pfx = await fs.readFile(pfxPath);

    // Directly use the Buffer from readFile without Base64 decoding
    const p12Asn1 = forge.asn1.fromDer(forge.util.createBuffer(pfx.toString('binary')));
    const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, pfxPassword);

    let certBags = p12.getBags({ bagType: forge.pki.oids.certBag });
    let certBag = certBags[forge.pki.oids.certBag][0];

    if (!certBag) {
      console.error('No certificate found in PFX file.');
      return null;
    }
    console.log('Public Certificate extracted');

    let certPem = forge.pki.certificateToPem(certBag.cert);
    await fs.writeFile(publicCertPath, certPem);
    console.log('Public Certificate has been saved successfully.');
    return certPem;
  } catch (error) {
    console.error('Failed to extract Public Certificate from PFX:', error);
    return null;
  }
}

async function extractModulus() {
  try {
    const publicKey = await extractPublicKey();
    const modulusBuffer = Buffer.from(publicKey.n.toByteArray());
    return modulusBuffer.toString('base64');
  } catch (error) {
    console.log(`Error extracting Modulus: ${error}`);
  }
}

async function extractExponent() {
  try {
    const publicKey = await extractPublicKey();
    const modulusBuffer = Buffer.from(publicKey.e.toByteArray());
    return modulusBuffer.toString('base64');
  } catch (error) {
    console.log(`Error extracting Exponent: ${error}`);
  }
}

async function extractPublicKey() {
  try {
    // Load the certificate
    const certPem = await fs.readFile(publicCertPath, 'utf8');
    const certificate = forge.pki.certificateFromPem(certPem);

    // Extract the public key from the certificate
    return certificate.publicKey;
  } catch (error) {
    console.log(`Error extracting Public Key: ${error}`);
  }
}

module.exports = { extractPrivateKey, extractPublicCertificate, extractModulus, extractExponent, generateCer };