panarom/certSign.js

## certSign.js
const http = require('http');
const execFile = require('child_process').execFileSync;
const qs = require('querystring');

const SPKAC = `SPKAC=
CN=Firstname Lastname
emailAddress=first.last@example.com
OU=orgUnit
organizationName=Organization
countryName=US
stateOrProvinceName=State
localityName=City
`;

var challenge = Math.floor(1e12*Math.random());
const FORM = `<form method="post">
   <keygen name="pubkey" challenge="${challenge}">
   <input type="submit" name="createcert" value="Generate">
</form>`;

var signKey = function(key) {
  var spkacInstance = SPKAC.replace('SPKAC=', `SPKAC=${key}`);

  var tmpSPKAC = execFile('mktemp');
  require('fs').writeFileSync(tmpSPKAC, spkacInstance);
  var tmpRes = execFile('mktemp');

  try {
    execFile('/usr/bin/openssl',
             `ca -days 3650 -cert /path/to/CA.crt -keyfile /path/to/CA.key -utf8 -notext -batch -key _passphrase_for_CA_ -out ${tmpRes} -spkac ${tmpSPKAC}`.split(' '),
             {/*cwd: '/path/to/certs/location/', //use this if openssl.cnf is misconfigured; rootless access; or other special circumstances */
              input: spkacInstance}
            );
  } catch(e) {
    console.log(e.stderr.toString());
  }

  return require('fs').readFileSync(tmpRes);
};

var writeResponse = function(res, body) {
  res.writeHead(201, {'Content-Type': 'application/x-x509-user-cert'});
  res.end(body);
}

var serverFunction = function(req, res) {
  if(req.method=='GET') {
    res.end(FORM);
  } else {
    var body = '';
    req.on('data', chunk => body += chunk);
    req.on('end', () => writeResponse(res, signKey(qs.parse(body).pubkey.replace(/\s/g, ''))));
  }
};

http.createServer(serverFunction).listen(10012);
	const http = require('http');
	const execFile = require('child_process').execFileSync;
	const qs = require('querystring');

	const SPKAC = `SPKAC=
	CN=Firstname Lastname
	emailAddress=first.last@example.com
	OU=orgUnit
	organizationName=Organization
	countryName=US
	stateOrProvinceName=State
	localityName=City
	`;

	var challenge = Math.floor(1e12*Math.random());
	const FORM = `<form method="post">
	<keygen name="pubkey" challenge="${challenge}">
	<input type="submit" name="createcert" value="Generate">
	</form>`;

	var signKey = function(key) {
	var spkacInstance = SPKAC.replace('SPKAC=', `SPKAC=${key}`);

	var tmpSPKAC = execFile('mktemp');
	require('fs').writeFileSync(tmpSPKAC, spkacInstance);
	var tmpRes = execFile('mktemp');

	try {
	execFile('/usr/bin/openssl',
	`ca -days 3650 -cert /path/to/CA.crt -keyfile /path/to/CA.key -utf8 -notext -batch -key _passphrase_for_CA_ -out ${tmpRes} -spkac ${tmpSPKAC}`.split(' '),
	{/cwd: '/path/to/certs/location/', //use this if openssl.cnf is misconfigured; rootless access; or other special circumstances /
	input: spkacInstance}
	);
	} catch(e) {
	console.log(e.stderr.toString());
	}

	return require('fs').readFileSync(tmpRes);
	};

	var writeResponse = function(res, body) {
	res.writeHead(201, {'Content-Type': 'application/x-x509-user-cert'});
	res.end(body);
	}

	var serverFunction = function(req, res) {
	if(req.method=='GET') {
	res.end(FORM);
	} else {
	var body = '';
	req.on('data', chunk => body += chunk);
	req.on('end', () => writeResponse(res, signKey(qs.parse(body).pubkey.replace(/\s/g, ''))));
	}
	};

	http.createServer(serverFunction).listen(10012);