Created
December 14, 2012 18:57
-
-
Save blakmatrix/4287680 to your computer and use it in GitHub Desktop.
Using unix socket to test cert, key, and ca for validity/cert was issued by ca, and domain on per certificate matches given domain name
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var path = require('path'), | |
fs = require('fs'), | |
net = require('net'), | |
crypto = require('crypto'), | |
tls = require('tls'), | |
util = require('util'); | |
function checkCertDomain(certPem, keyPem, caPem, domain, cb) { | |
var sockPath = 'tls.sock', | |
options = { | |
key: keyPem, | |
cert: certPem, | |
ca: caPem | |
}; | |
fs.unlink(sockPath, function () { | |
var server = tls.createServer(options, function(c) { | |
console.log('server connected'); | |
c.end("The end."); | |
/*c.on('end', function() { | |
console.log('server disconnected'); | |
});*/ | |
}).listen(sockPath); | |
var sock = new net.Socket({ type: 'unix'}); | |
sock.connect(sockPath); | |
var socket = tls.connect({ | |
socket: sock, | |
rejectUnauthorized: false | |
}, function() { | |
var peerCert = socket.getPeerCertificate(); | |
if(!socket.authorized) { | |
var str = "Authorization Failure: " + util.inspect(socket.authorizationError); | |
console.log(str); | |
/* might need to let 'Hostname/IP doesn\'t match certificate\'s altnames' errors pass? */ | |
cb(new Error(str)); | |
} | |
console.log(util.inspect(socket.getCipher())); | |
console.log(util.inspect(peerCert)); | |
server.close(); | |
if(peerCert.subject.CN === domain) { | |
cb(null, true ); | |
}else{ | |
return cb(new Error('Domain does not match the domain in the Certifcate.\n domain:'+ domain +', certificate: ' + peerCert.subject.CN)); | |
} | |
}); | |
}); | |
} | |
var sep = '-----END CERTIFICATE-----'; | |
checkCertDomain(fs.readFileSync('cert.pem'), | |
fs.readFileSync('key.pem'), | |
fs.readFileSync('ca.pem').toString().split(sep) | |
.filter( function(i) { if(i !== '') {return true;} }) | |
.map( function(i) { return i.concat(sep); }), | |
'domain.com', | |
function(err) { | |
if(err) { | |
console.log(err); | |
} | |
console.log('DONE!'); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment