FABN-1513: Add a new "extensions" param to generateCSR (#167)

Signed-off-by: bk201- <[email protected]>
hyperledger · Mar 13, 2020 · 18f110f · 18f110f
1 parent 2ea18d3
commit 18f110f
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 4 deletions.
diff --git a/fabric-common/lib/impl/ecdsa/key.js b/fabric-common/lib/impl/ecdsa/key.js
@@ -104,11 +104,12 @@ module.exports = class ECDSA_KEY extends Key {
 	/**
 	 * Generates a CSR/PKCS#10 certificate signing request for this key
 	 * @param {string} subjectDN The X500Name for the certificate request in LDAP(RFC 2253) format
+	 * @param {Object[]} [extensions] Additional X.509v3 extensions for the certificate signing request
 	 * @returns {string} PEM-encoded PKCS#10 certificate signing request
 	 * @throws Will throw an error if this is not a private key
 	 * @throws Will throw an error if CSR generation fails for any other reason
 	 */
-	generateCSR(subjectDN) {
+	generateCSR(subjectDN, extensions) {
 
 		// check to see if this is a private key
 		if (!this.isPrivate()) {
@@ -119,7 +120,8 @@ module.exports = class ECDSA_KEY extends Key {
 			subject: {str: asn1.x509.X500Name.ldapToOneline(subjectDN)},
 			sbjpubkey: this.getPublicKey()._key,
 			sigalg: 'SHA256withECDSA',
-			sbjprvkey: this._key
+			sbjprvkey: this._key,
+			ext: extensions
 		});
 		return csr;
 	}

diff --git a/fabric-common/lib/impl/ecdsa/pkcs11_key.js b/fabric-common/lib/impl/ecdsa/pkcs11_key.js
@@ -136,7 +136,7 @@ const PKCS11_ECDSA_KEY = class extends Key {
 		throw new Error('Not implemented');
 	}
 
-	generateCSR(subjectDN) {
+	generateCSR(subjectDN, extensions) {
 		// check to see if this is a private key
 		if (!this.isPrivate()) {
 			throw new Error('A CSR cannot be generated from a public key');
@@ -146,7 +146,8 @@ const PKCS11_ECDSA_KEY = class extends Key {
 			subject: {str: asn1.x509.X500Name.ldapToOneline(subjectDN)},
 			sbjpubkey: this._pub,
 			sigalg: 'SHA256withECDSA',
-			sbjprvkey: this
+			sbjprvkey: this,
+			ext: extensions
 		});
 		return csr;
 	}

diff --git a/fabric-common/test/impl/ecdsa/key.js b/fabric-common/test/impl/ecdsa/key.js
@@ -181,6 +181,33 @@ describe('ECDSA_KEY', () => {
 			csr.should.equal('your PEM sir');
 			sinon.assert.calledOnce(pemStub);
 		});
+
+		it('should call into jsrsa lib if extensions are passed', () => {
+
+			const extensions = [{subjectAltName: {array: [{dns: 'host1'}, {dns: 'host2'}]}}];
+			const pemStub = sinon.stub().returns('your PEM sir');
+			const fakeAnsn1 = {
+				csr: {
+					CSRUtil: {
+						newCSRPEM: pemStub
+					}
+				},
+				x509: {
+					X500Name: {
+						ldapToOneline: sinon.stub()
+					}
+				}
+			};
+
+			revert = ECDSA_KEY_REWIRE.__set__('asn1', fakeAnsn1);
+			const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'};
+			const myKey = new ECDSA_KEY_REWIRE(fakeKey);
+			myKey.isPrivate = sinon.stub().returns(true);
+			const csr = myKey.generateCSR('CN=publickey', extensions);
+
+			csr.should.equal('your PEM sir');
+			sinon.assert.calledOnceWithExactly(pemStub, sinon.match.has('ext', extensions));
+		});
 	});
 
 	describe('#generateX509Certificate', () => {