Creating a CSR for an encrypted key

Added the ability to specify the password for a private key when creating a CSR.
Dexus · Feb 25, 2015 · e46481a · e46481a
1 parent dbae78a
commit e46481a
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,4 +14,5 @@ results
 node_modules
 npm-debug.log
 .DS_Store
-tmp
+tmp
+.idea
diff --git a/README.md b/README.md
@@ -84,6 +84,7 @@ Where
 Possible options are the following
 
   * **clientKey** is an optional client key to use
+  * **clientKeyPassword** the optional password for `clientKey`
   * **keyBitsize** - if `clientKey` is undefined, bit size to use for generating a new key (defaults to 2048)
   * **hash** is a hash function to use (either `md5`, `sha1` or `sha256`, defaults to `sha256`)
   * **country** is a CSR country field

diff --git a/lib/pem.js b/lib/pem.js
@@ -186,6 +186,11 @@ function createCSR(options, callback) {
         ].join('\n'));
     }
 
+    if (options.clientKeyPassword) {
+        params.push('-passin');
+        params.push('pass:' + options.clientKeyPassword);
+    }
+
     execOpenSSL(params, 'CERTIFICATE REQUEST', tmpfiles, function(error, data) {
         if (error) {
             return callback(error);

diff --git a/package.json b/package.json
@@ -17,7 +17,8 @@
   "devDependencies": {
     "grunt": "^0.4.5",
     "grunt-contrib-jshint": "^0.11.0",
-    "grunt-contrib-nodeunit": "^0.4.1"
+    "grunt-contrib-nodeunit": "^0.4.1",
+    "nodeunit": "^0.9.0"
   },
   "optionalDependencies": {},
   "engines": {

diff --git a/test/pem.js b/test/pem.js
@@ -112,7 +112,31 @@ exports['General Tests'] = {
             });
         });
     },
+
+    'Create CSR with own encrypted key': function(test) {
+        var password = 'Some pass-phrase';
+        pem.createPrivateKey(2048, { cipher: 'des3', password: password }, function(error, data) {
+            var key = (data && data.key || '').toString();
+
+            pem.createCSR({
+                clientKey: key,
+                clientKeyPassword: password
+            }, function(error, data) {
+                var csr = (data && data.csr || '').toString();
+                test.ifError(error);
+                test.ok(csr);
+                test.ok(csr.match(/^\n*\-\-\-\-\-BEGIN CERTIFICATE REQUEST\-\-\-\-\-\n/));
+                test.ok(csr.match(/\n\-\-\-\-\-END CERTIFICATE REQUEST\-\-\-\-\-\n*$/));
 
+                test.equal(data && data.clientKey, key);
+
+                test.ok(data && data.clientKey);
+                test.ok(fs.readdirSync('./tmp').length === 0);
+                test.done();
+            });
+        });
+    },
+
     'Create default certificate': function(test) {
         pem.createCertificate(function(error, data) {
             var certificate = (data && data.certificate || '').toString();