misskey/packages/backend/src/misc/gen-x509-cert-from-jwk.ts

import forge from 'node-forge';
import * as jose from 'jose';

export async function genX509CertFromJWK(
	hostname: string,
	notBefore: Date,
	notAfter: Date,
	publicKey: string,
	privateKey: string,
): Promise<string> {
	const cert = forge.pki.createCertificate();
	cert.serialNumber = '01';
	cert.validity.notBefore = notBefore;
	cert.validity.notAfter = notAfter;

	const attrs = [{ name: 'commonName', value: hostname }];
	cert.setSubject(attrs);
	cert.setIssuer(attrs);
	cert.publicKey = await jose
		.importJWK(JSON.parse(publicKey))
		.then((k) => jose.exportSPKI(k as jose.KeyLike))
		.then((k) => forge.pki.publicKeyFromPem(k));

	cert.sign(
		await jose
			.importJWK(JSON.parse(privateKey))
			.then((k) => jose.exportPKCS8(k as jose.KeyLike))
			.then((k) => forge.pki.privateKeyFromPem(k)),
		forge.md.sha256.create(),
	);

	return forge.pki.certificateToPem(cert);
}
fix(SSO): SAMLのメタデータに使われる証明書を保存するように 2024-03-18 01:19:16 +09:00			`import forge from 'node-forge';`
			`import * as jose from 'jose';`

			`export async function genX509CertFromJWK(`
			`hostname: string,`
			`notBefore: Date,`
			`notAfter: Date,`
			`publicKey: string,`
			`privateKey: string,`
			`): Promise<string> {`
			`const cert = forge.pki.createCertificate();`
			`cert.serialNumber = '01';`
			`cert.validity.notBefore = notBefore;`
			`cert.validity.notAfter = notAfter;`

			`const attrs = [{ name: 'commonName', value: hostname }];`
			`cert.setSubject(attrs);`
			`cert.setIssuer(attrs);`
			`cert.publicKey = await jose`
			`.importJWK(JSON.parse(publicKey))`
			`.then((k) => jose.exportSPKI(k as jose.KeyLike))`
			`.then((k) => forge.pki.publicKeyFromPem(k));`

			`cert.sign(`
			`await jose`
			`.importJWK(JSON.parse(privateKey))`
			`.then((k) => jose.exportPKCS8(k as jose.KeyLike))`
			`.then((k) => forge.pki.privateKeyFromPem(k)),`
			`forge.md.sha256.create(),`
			`);`

			`return forge.pki.certificateToPem(cert);`
			`}`