Closed ukrocks007 closed 1 year ago
looks like this is working with node-forge
var forge = require('node-forge');
const { X509Certificate } = require('crypto');
var pki = forge.pki;
function createPEM(date) {
var keys = pki.rsa.generateKeyPair(2048);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = date ? new Date(date) : new Date('2049-12-31T23:59:59Z');
var attrs = [{
name: 'commonName',
value: 'demo.com'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Virginia'
}, {
name: 'localityName',
value: 'Blacksburg'
}, {
name: 'organizationName',
value: 'Test'
}, {
shortName: 'OU',
value: 'Test'
}];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.setExtensions([{
name: 'basicConstraints',
cA: false
}, {
name: 'keyUsage',
keyCertSign: true,
digitalSignature: true,
nonRepudiation: true,
keyEncipherment: true,
dataEncipherment: true
}, {
name: 'extKeyUsage',
serverAuth: true,
clientAuth: true,
codeSigning: true,
emailProtection: true,
timeStamping: true
}, {
name: 'nsCertType',
client: true,
server: true,
email: true,
objsign: true,
sslCA: true,
emailCA: true,
objCA: true
}, {
name: 'subjectAltName',
altNames: [{
type: 6,
value: 'http://example.org/webid#me'
}, {
type: 7,
ip: '127.0.0.1'
}]
}, {
name: 'subjectKeyIdentifier'
}]);
// self-sign certificate
cert.sign(keys.privateKey);
// convert a Forge certificate to PEM
var pem = pki.certificateToPem(cert);
return pem;
}
var pem = createPEM();
var { validTo } = new X509Certificate(pem);
console.log(validTo, validTo == 'Bad time value', new Date(validTo));
console.log(pem);
var pem = createPEM('2100-12-31T23:59:59Z');
var { validTo } = new X509Certificate(pem);
console.log(validTo, validTo == 'Bad time value', new Date(validTo));
console.log(pem);
var pem = createPEM('3000-12-31T23:59:59Z');
var { validTo } = new X509Certificate(pem);
console.log(validTo, validTo == 'Bad time value', new Date(validTo));
console.log(pem);
Fixed in @peculiar/x509@1.8.4
If I create a certificate with the following code snippet and check the notAfter of the resulting publicKey it returns
'Bad time value'
.So the max notAfter is
new Date('2049-12-31T23:59:59Z')
can we make this work for dates after 2049-12-31T23:59:59Z