Basic wrapper for the Java keytool.
To include node-keytool
in Node, first install it using npm:
npm install node-keytool
Second, require the library:
var Keytool = require('node-keytool');
Then, open / create your keystore file:
// Keytool(filename, storepass, options)
var store = Keytool('example.keystore', 'changeit', {debug: false, storetype: 'JCEKS'});
Finally, execute the desired functions on the Keytool
object.
Keytool(filename, storepass, options)
Constructs a Keytool object from a keystore file (filename
) using the password from storepass
.
debug
(boolean, if true all keytool output is piped to stdout/stderr)
storetype
: keystore type (defaults to JKS
, some actions require other storage types), executable (see below)
The library assumes that the keytool executable is on your PATH
.
In other cases, you can specify a path to the executable by passing the appropriate option:
var store = Keytool(filename, storepass, {executable: '/usr/bin/keytool'});
Most keytool actions are supported with their stdin input method or file-based operations.
All operations expect a callback (cb
) of the form function(err, result)
as the last argument.
See the manpage for keytool for more details.
certreq(alias, keypass, dname, outfile, sigalg, cb)
Generates a certificate request for the given alias.
If outfile
is omitted or null, res.outdata
will contain the certificate data.
changealias(alias, keypass, destalias, cb)
Renames alias
to destalias
.
exportcert(alias, filename, rfcoutput, cb)
Exports the given certificate to the output file filename
.
If rfcoutput
is true the result is output in RFC 1421 compliant base64 encoding.
Binary DER is the default.
genkeypair(alias, keypass, dname, validity, keysize, keyalg, sigalg, destalias, startdate, x509ext, cb)
Generates a keypair.
dname
: Distinguished name, e.g. CN=abc,OU=dev
validity
: Integer, Number of days this certificate should be valid
x509ext
: String-Array, multiple extensions can be specified
startdate
: JavaScript Date object
gencert(alias, keypass, dname, infile, datain, outfile, rfcoutput, validity, sigalg, startdate, cb)
Generates a certificate from the request given as a) an input file (parameter infile
) or b) as a string in-memory (parameter datain
).
If the parameter outfile
is omitted or null, the result object contains the certificate data.
If the parameter dname
is specified, this will be used in favor of the distinguished name used to generate the request.
startdate
: JavaScript Date object
importcert(alias, keypass, infile, datain, trustcacerts, cb)
Imports a certificate from a file (parameter infile
) or from a string (parameter datain
).
trustcacerts
: Boolean
importpass(alias, keypass, data, keyalg, keysize, cb)
Imports a passphrase into the keystore.
Note: This operation is not supported by the default keystore type (JKS
).
Use JCEKS
or similar if you need this.
keypasswd(alias, keypass, newkeypass, cb)
Changes the password for the given alias
from keypass
to newkeypass
.
storepasswd(newstorepass, cb)
Changes the password for the keystore itself.
getcert(file, data, sslserver, jarfile, rfcoutput, cb)
If rfcoutput
is true, the callback will contain the BASE64 encoded representation of the certificate given in file
(string, filename) or data
(string).
If rfcoutput is false, basic certificate information will be parsed from the keytool output (signature algorithms, validity information, issuer / owner - where applicable).
deletealias(alias, keypass, cb)
Removes an alias completely.
getlist(cb)
Reads the content of the keystore. See examples/listcontent.js for an example on how to use the results.
create(cb)
Creates an empty keystore at the previously specified location. Fails if the targeted file already exists.