ssl-root-cas.js/ca-store-generator.js

'use strict';

// Explained here: https://groups.google.com/d/msg/nodejs/AjkHSYmiGYs/1LfNHbMhd48J

var fs = require('fs')
  , path = require('path')
  , request = require('request')
  , CERTDB_URL = 'https://mxr.mozilla.org/nss/source/lib/ckfw/builtins/certdata.txt?raw=1'
  , outputFile
  , outputPemsDir
  ;

function Certificate() {
  this.name = null;
  this.body = '';
  this.trusted = true;
}

Certificate.prototype.quasiPEM = function quasiPEM() {
  var bytes = this.body.split('\\')
    , offset = 0
    , converted
    ;

  bytes.shift();
  converted = new Buffer(bytes.length);
  while(bytes.length > 0) {
    converted.writeUInt8(parseInt(bytes.shift(), 8), offset++);
  }

  return {
    name: this.name
  , value: '  // ' + this.name + '\n'
      + '  "-----BEGIN CERTIFICATE-----\\n" +\n'
      + converted.toString('base64').replace(/(.{1,76})/g, '  "$1\\n" +\n')
      + '  "-----END CERTIFICATE-----\\n"'
  };
};

function parseBody(current, lines) {
  var line
    ;

  while (lines.length > 0) {
    line = lines.shift();
    if (line.match(/^END/)) { break; }
    current.body += line;
  }

  while (lines.length > 0) {
    line = lines.shift();
    if (line.match(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/)) { break; }
  }

  while (lines.length > 0) {
    line = lines.shift();
    if (line.match(/^#|^\s*$/)) { break; }
    if (line.match(/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/) ||
        line.match(/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/)) {
      current.trusted = false;
    }
  }

  if (current.trusted) return current;
}

function parseCertData(lines) {
  var certs = []
    , current
    , skipped = 0
    , match
    , finished
    ;

  function parseLine(line) {
    //
    // Find & nuke whitespace and comments
    //
    if (line.match(/^#|^\s*$/)) {
      return;
    }

    //
    // Find CERT
    //
    if (line.match(/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/)) {
      current = new Certificate();
      return;
    }

    if (!current) {
      return;
    }

    //
    // Find Name
    //
    match = line.match(/^CKA_LABEL UTF8 \"(.*)\"/);
    if (match) {
      current.name = decodeURIComponent(match[1]);
      return;
    }

    //
    // Find Body
    //
    if (line.match(/^CKA_VALUE MULTILINE_OCTAL/)) {
      finished = parseBody(current, lines);
      if (finished) {
        certs.push(finished);
      } else {
        skipped += 1;
      }
      current = null;
      return;
    }
  }

  while (lines.length > 0) {
    parseLine(lines.shift());
  }

  console.info("Skipped %s untrusted certificates.", skipped);
  console.info("Processed %s certificates.", certs.length);

  return certs;
}

function dumpCerts(certs, filename, pemsDir) {
  certs.forEach(function (cert) {
    var pem = cert.quasiPEM()
      , pemName = pem.name.toLowerCase().replace(/[\\\s\/\(\)\.]+/g, '-').replace(/-+/g, '-')
      , pemsFile = path.join(pemsDir, pemName + '.pem')
      ;

    /*
    if (/[^\w\-]/.test(pemName)) {
      //pemName = pemName.replace(/\\/g, '-');
      //pemName = pemName.replace(/[^\w-]/g, '-');
      console.log(pemName);
    }
    */
    fs.writeFileSync(pemsFile, pem.value);
  });

  console.info("Wrote " + certs.length + " certificates in '"
    + path.join(__dirname, 'pems/').replace(/'/g, "\\'") + "'.");

  fs.writeFileSync(
    filename
  , fs.readFileSync(path.join(__dirname, 'ssl-root-cas.tpl.js'), 'utf8')
      .replace(/\/\*TPL\*\//, certs.map(function (cert) { return cert.quasiPEM().value; }).join(',\n\n'))
  , 'utf8'
  );
  console.info("Wrote '" + filename.replace(/'/g, "\\'") + "'.");
}

function run(filename) {
  var PromiseA = require('bluebird').Promise;

  return new PromiseA(function (resolve, reject) {
    if (!filename) {
      console.error("Error: No file specified");
      console.info("Usage: %s <outputfile>", process.argv[1]);
      console.info("   where <outputfile> is the name of the file to write to, relative to %s", process.argv[1]);
      console.info("Note that a 'pems/' directory will also be created at the same location as the <outputfile>, containing individual .pem files.");
      reject(3);
      return;
    }

    // main (combined) output file location, relative to this script's location
    outputFile = path.resolve(__dirname, filename);

    // pems/ output directory, in the same directory as the outputFile
    outputPemsDir = path.resolve(outputFile, '../pems');

    if (!fs.existsSync(outputPemsDir)) {
      fs.mkdirSync(outputPemsDir);
    }

    console.info("Loading latest certificates from " + CERTDB_URL);
    request.get(CERTDB_URL, function (error, response, body) {
      if (error) {
        console.error(error);
        console.error(error.stacktrace);
        reject({ code: 1, error: error });
        return;
      }

      if (response.statusCode !== 200) {
        console.error("Fetching failed with status code %s", response.statusCode);
        reject({ code: 2, error: "Fetching failed with status code " + response.statusCode });
        return;
      }

      if (response.headers['content-type'].indexOf('text/plain') !== 0) {
        console.error("Fetching failed with incorrect content type %s", response.headers['content-type']);
        reject({ code: 2, error: "Fetching failed with incorrect content type " + response.headers['content-type'] });
        return;
      }

      var lines = body.split("\n")
        , certs = parseCertData(lines)
        , pemsFile = path.join(outputPemsDir, 'mozilla-certdata.txt')
        ;

      fs.writeFileSync(pemsFile, body);
      dumpCerts(certs, outputFile, outputPemsDir);

      resolve();
    });
  });
}

module.exports.generate = run;

if (require.main === module) {
  run(process.argv[2])
    .then
      (function () {
        // something
      }
    , function (errcode) {
        process.exit(errcode);
      }
    );
}
created module. yay. 2014-03-07 17:14:13 -07:00			`'use strict';`

			`// Explained here: https://groups.google.com/d/msg/nodejs/AjkHSYmiGYs/1LfNHbMhd48J`

			`var fs = require('fs')`
			`, path = require('path')`
			`, request = require('request')`
			`, CERTDB_URL = 'https://mxr.mozilla.org/nss/source/lib/ckfw/builtins/certdata.txt?raw=1'`
updated some style stuff 2014-06-17 20:07:25 -06:00			`, outputFile`
			`, outputPemsDir`
created module. yay. 2014-03-07 17:14:13 -07:00			`;`

			`function Certificate() {`
			`this.name = null;`
			`this.body = '';`
			`this.trusted = true;`
			`}`

			`Certificate.prototype.quasiPEM = function quasiPEM() {`
			`var bytes = this.body.split('\\')`
			`, offset = 0`
			`, converted`
			`;`

			`bytes.shift();`
			`converted = new Buffer(bytes.length);`
			`while(bytes.length > 0) {`
			`converted.writeUInt8(parseInt(bytes.shift(), 8), offset++);`
			`}`

save pems by name 2014-06-17 20:03:47 -06:00			`return {`
			`name: this.name`
			`, value: ' // ' + this.name + '\n'`
			`+ ' "-----BEGIN CERTIFICATE-----\\n" +\n'`
			`+ converted.toString('base64').replace(/(.{1,76})/g, ' "$1\\n" +\n')`
			`+ ' "-----END CERTIFICATE-----\\n"'`
			`};`
created module. yay. 2014-03-07 17:14:13 -07:00			`};`

			`function parseBody(current, lines) {`
			`var line`
			`;`

			`while (lines.length > 0) {`
			`line = lines.shift();`
			`if (line.match(/^END/)) { break; }`
			`current.body += line;`
			`}`

			`while (lines.length > 0) {`
			`line = lines.shift();`
			`if (line.match(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/)) { break; }`
			`}`

			`while (lines.length > 0) {`
			`line = lines.shift();`
			`if (line.match(/^#\|^\s*$/)) { break; }`
			`if (line.match(/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/) \|\|`
			`line.match(/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/)) {`
			`current.trusted = false;`
			`}`
			`}`

			`if (current.trusted) return current;`
			`}`

			`function parseCertData(lines) {`
			`var certs = []`
			`, current`
			`, skipped = 0`
			`, match`
			`, finished`
			`;`

move loop to function 2014-06-17 20:11:50 -06:00			`function parseLine(line) {`
updated some style 2014-06-17 20:36:53 -06:00			`//`
			`// Find & nuke whitespace and comments`
			`//`
move loop to function 2014-06-17 20:11:50 -06:00			`if (line.match(/^#\|^\s*$/)) {`
			`return;`
			`}`
created module. yay. 2014-03-07 17:14:13 -07:00
updated some style 2014-06-17 20:36:53 -06:00			`//`
			`// Find CERT`
			`//`
created module. yay. 2014-03-07 17:14:13 -07:00			`if (line.match(/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/)) {`
			`current = new Certificate();`
updated some style 2014-06-17 20:36:53 -06:00			`return;`
created module. yay. 2014-03-07 17:14:13 -07:00			`}`

updated some style 2014-06-17 20:36:53 -06:00			`if (!current) {`
			`return;`
			`}`
created module. yay. 2014-03-07 17:14:13 -07:00
updated some style 2014-06-17 20:36:53 -06:00			`//`
			`// Find Name`
			`//`
			`match = line.match(/^CKA_LABEL UTF8 \"(.*)\"/);`
			`if (match) {`
			`current.name = decodeURIComponent(match[1]);`
			`return;`
			`}`

			`//`
			`// Find Body`
			`//`
			`if (line.match(/^CKA_VALUE MULTILINE_OCTAL/)) {`
			`finished = parseBody(current, lines);`
			`if (finished) {`
			`certs.push(finished);`
			`} else {`
			`skipped += 1;`
created module. yay. 2014-03-07 17:14:13 -07:00			`}`
updated some style 2014-06-17 20:36:53 -06:00			`current = null;`
			`return;`
created module. yay. 2014-03-07 17:14:13 -07:00			`}`
			`}`

move loop to function 2014-06-17 20:11:50 -06:00			`while (lines.length > 0) {`
			`parseLine(lines.shift());`
			`}`

created module. yay. 2014-03-07 17:14:13 -07:00			`console.info("Skipped %s untrusted certificates.", skipped);`
			`console.info("Processed %s certificates.", certs.length);`

			`return certs;`
			`}`

Create pems/ directory in same location as outputfile 2014-06-16 14:26:45 -04:00			`function dumpCerts(certs, filename, pemsDir) {`
replace non-word chars with - 2014-06-17 20:05:45 -06:00			`certs.forEach(function (cert) {`
save pems by name 2014-06-17 20:03:47 -06:00			`var pem = cert.quasiPEM()`
remove special chars (including slashes) from pemfile names 2014-07-30 10:22:41 -07:00			`, pemName = pem.name.toLowerCase().replace(/[\\\s\/\(\)\.]+/g, '-').replace(/-+/g, '-')`
save pems by name 2014-06-17 20:03:47 -06:00			`, pemsFile = path.join(pemsDir, pemName + '.pem')`
			`;`

remove special chars (including slashes) from pemfile names 2014-07-30 10:22:41 -07:00			`/*`
			`if (/[^\w\-]/.test(pemName)) {`
			`//pemName = pemName.replace(/\\/g, '-');`
			`//pemName = pemName.replace(/[^\w-]/g, '-');`
			`console.log(pemName);`
			`}`
			`*/`
save pems by name 2014-06-17 20:03:47 -06:00			`fs.writeFileSync(pemsFile, pem.value);`
added certs as individual files 2014-03-07 17:48:44 -07:00			`});`
fix #6 2014-07-16 11:57:51 -06:00
added certs as individual files 2014-03-07 17:48:44 -07:00			`console.info("Wrote " + certs.length + " certificates in '"`
			`+ path.join(__dirname, 'pems/').replace(/'/g, "\\'") + "'.");`

created module. yay. 2014-03-07 17:14:13 -07:00			`fs.writeFileSync(`
Pass parameters to ca-store-generator.js to avoid platform differences in command-line execution of multiple commands 2014-06-16 14:11:15 -04:00			`filename`
use tpl file, add .create(), minor cleanup 2016-10-20 11:57:26 -06:00			`, fs.readFileSync(path.join(__dirname, 'ssl-root-cas.tpl.js'), 'utf8')`
			`.replace(/\/\TPL\\//, certs.map(function (cert) { return cert.quasiPEM().value; }).join(',\n\n'))`
			`, 'utf8'`
created module. yay. 2014-03-07 17:14:13 -07:00			`);`
Pass parameters to ca-store-generator.js to avoid platform differences in command-line execution of multiple commands 2014-06-16 14:11:15 -04:00			`console.info("Wrote '" + filename.replace(/'/g, "\\'") + "'.");`
created module. yay. 2014-03-07 17:14:13 -07:00			`}`

fix #6 2014-07-16 11:57:51 -06:00			`function run(filename) {`
es6-promise -> bluebird 2016-06-21 17:18:27 +08:00			`var PromiseA = require('bluebird').Promise;`
move Promise requirement 2016-06-21 17:16:55 +08:00
			`return new PromiseA(function (resolve, reject) {`
fix #6 2014-07-16 11:57:51 -06:00			`if (!filename) {`
			`console.error("Error: No file specified");`
			`console.info("Usage: %s <outputfile>", process.argv[1]);`
			`console.info(" where <outputfile> is the name of the file to write to, relative to %s", process.argv[1]);`
			`console.info("Note that a 'pems/' directory will also be created at the same location as the <outputfile>, containing individual .pem files.");`
			`reject(3);`
			`return;`
			`}`
Pass parameters to ca-store-generator.js to avoid platform differences in command-line execution of multiple commands 2014-06-16 14:11:15 -04:00
fix #6 2014-07-16 11:57:51 -06:00			`// main (combined) output file location, relative to this script's location`
			`outputFile = path.resolve(__dirname, filename);`
Require outputfile command line argument, display usage info if missing, and always make relative to script location 2014-06-16 14:21:06 -04:00
fix #6 2014-07-16 11:57:51 -06:00			`// pems/ output directory, in the same directory as the outputFile`
			`outputPemsDir = path.resolve(outputFile, '../pems');`
Create pems/ directory in same location as outputfile 2014-06-16 14:26:45 -04:00
checkout for outputPemsDir 2014-07-17 17:53:47 -06:00			`if (!fs.existsSync(outputPemsDir)) {`
			`fs.mkdirSync(outputPemsDir);`
move Promise requirement 2016-06-21 17:16:55 +08:00			`}`
Create pems/ directory in same location as outputfile 2014-06-16 14:26:45 -04:00
fix #6 2014-07-16 11:57:51 -06:00			`console.info("Loading latest certificates from " + CERTDB_URL);`
			`request.get(CERTDB_URL, function (error, response, body) {`
			`if (error) {`
			`console.error(error);`
			`console.error(error.stacktrace);`
			`reject({ code: 1, error: error });`
			`return;`
			`}`
created module. yay. 2014-03-07 17:14:13 -07:00
fix #6 2014-07-16 11:57:51 -06:00			`if (response.statusCode !== 200) {`
			`console.error("Fetching failed with status code %s", response.statusCode);`
			`reject({ code: 2, error: "Fetching failed with status code " + response.statusCode });`
			`return;`
			`}`
created module. yay. 2014-03-07 17:14:13 -07:00
Improved checking for content type to allow for charset, etc. 2016-06-28 14:34:48 -07:00			`if (response.headers['content-type'].indexOf('text/plain') !== 0) {`
Added check for the correct content type in addition to the response status code. 2016-06-18 16:41:26 -07:00			`console.error("Fetching failed with incorrect content type %s", response.headers['content-type']);`
			`reject({ code: 2, error: "Fetching failed with incorrect content type " + response.headers['content-type'] });`
			`return;`
			`}`

fix #6 2014-07-16 11:57:51 -06:00			`var lines = body.split("\n")`
			`, certs = parseCertData(lines)`
			`, pemsFile = path.join(outputPemsDir, 'mozilla-certdata.txt')`
			`;`
updated some style stuff 2014-06-17 20:07:25 -06:00
fix #6 2014-07-16 11:57:51 -06:00			`fs.writeFileSync(pemsFile, body);`
			`dumpCerts(certs, outputFile, outputPemsDir);`

			`resolve();`
			`});`
			`});`
			`}`

			`module.exports.generate = run;`

			`if (require.main === module) {`
			`run(process.argv[2])`
			`.then`
			`(function () {`
			`// something`
			`}`
			`, function (errcode) {`
			`process.exit(errcode);`
			`}`
			`);`
			`}`