mirror of
				https://github.com/therootcompany/acme.js.git
				synced 2024-11-16 17:29:00 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			60 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			60 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| 'use strict';
 | |
| 
 | |
| var native = module.exports;
 | |
| // XXX added by caller: _stance, neuter
 | |
| var RSA = native;
 | |
| 
 | |
| native.generate = function(opts) {
 | |
| 	var wcOpts = {};
 | |
| 	if (!opts) {
 | |
| 		opts = {};
 | |
| 	}
 | |
| 	if (!opts.kty) {
 | |
| 		opts.kty = 'RSA';
 | |
| 	}
 | |
| 
 | |
| 	// Support PSS? I don't think it's used for Let's Encrypt
 | |
| 	wcOpts.name = 'RSASSA-PKCS1-v1_5';
 | |
| 	if (!opts.modulusLength) {
 | |
| 		opts.modulusLength = 2048;
 | |
| 	}
 | |
| 	wcOpts.modulusLength = opts.modulusLength;
 | |
| 	if (wcOpts.modulusLength >= 2048 && wcOpts.modulusLength < 3072) {
 | |
| 		// erring on the small side... for no good reason
 | |
| 		wcOpts.hash = { name: 'SHA-256' };
 | |
| 	} else if (wcOpts.modulusLength >= 3072 && wcOpts.modulusLength < 4096) {
 | |
| 		wcOpts.hash = { name: 'SHA-384' };
 | |
| 	} else if (wcOpts.modulusLength < 4097) {
 | |
| 		wcOpts.hash = { name: 'SHA-512' };
 | |
| 	} else {
 | |
| 		// Public key thumbprints should be paired with a hash of similar length,
 | |
| 		// so anything above SHA-512's keyspace would be left under-represented anyway.
 | |
| 		return Promise.Reject(
 | |
| 			new Error(
 | |
| 				"'" +
 | |
| 					wcOpts.modulusLength +
 | |
| 					"' is not within the safe and universally" +
 | |
| 					' acceptable range of 2048-4096. Typically you should pick 2048, 3072, or 4096, though other values' +
 | |
| 					' divisible by 8 are allowed. ' +
 | |
| 					RSA._stance
 | |
| 			)
 | |
| 		);
 | |
| 	}
 | |
| 	// TODO maybe allow this to be set to any of the standard values?
 | |
| 	wcOpts.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
 | |
| 
 | |
| 	var extractable = true;
 | |
| 	return window.crypto.subtle
 | |
| 		.generateKey(wcOpts, extractable, ['sign', 'verify'])
 | |
| 		.then(function(result) {
 | |
| 			return window.crypto.subtle
 | |
| 				.exportKey('jwk', result.privateKey)
 | |
| 				.then(function(privJwk) {
 | |
| 					return {
 | |
| 						private: privJwk,
 | |
| 						public: RSA.neuter({ jwk: privJwk })
 | |
| 					};
 | |
| 				});
 | |
| 		});
 | |
| };
 |