Skip to content

githoniel/node-https-hsm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.vscode
.vscode
 
 
node-forge
node-forge
 
 
test
test
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

node-https-hsm

Nodejs's native https is a wrap of OpenSSL. If you want to use HSM(hardware security module), you need to use openSSL's SetEngine function and you need to write C code.

This lib is based on node-forge (A pure JS implementation of TLS via Nodejs net.socket). You can make Certificate Signature by RSA in JS. This in a very common use in bank's USBkey.

Tested in Node v8.9.3

install

npm install https-hsm

API

/**
 * HTTPS Request, call hardware security module to make Certificate Signature
 * @param {Object} options
 * @property {string} host A domain name or IP address of the server to issue the request to. Default: 'localhost'
 * @property {number} port Port of remote server, default 443
 * @property {string} method A string specifying the HTTP request method. Default: 'POST'.
 * @property {path} path Request path. Should include query string if any. E.G. '/index.html?page=12'.Default: '/'.
 * @property {Object} headers An object containing request headers.
 * @property {Object} body An object containing request body.
 * @property {function} getCA get Array of CA cert string in PEM format, support Async
 * @property {function} getCert get client cert string in PEM format or client cert Buffer in CRT format, support Async
 * @property {function} rsaSign get Certificate Signature in Buffer format,only support RSA
 * @property {Boolean} debug debug mode will console.log more info. Default: false
 */
module.exports = async function httpsHSM

Example

const fs = require('fs')
const httpsHSM = require('https-hsm')

httpsHSM.request({
    host: '127.0.0.1',
    port: 8000,
    path: '/t',
    headers: {
        'content-type': 'application/json;charset=UTF-8'
    },
    body: {
        name: 'Hello World!',
        age: 2046
    },
    async getCA() {
        return [fs.readFileSync('./test/ca-crt.pem').toString()]
    },
    async getCert() {
        return fs.readFileSync('./test/client1-crt.pem').toString()
    },
    async rsaSign(b) {
        const privateKeyStr = fs.readFileSync('./test/client1-key.pem').toString()
        const privateKey = httpsHSM.forge.pki.privateKeyFromPem(privateKeyStr)
        return privateKey.sign(b, null)
    },
    debug: false
}).then((r) => {
    console.log(r)
}, (e) => {
    console.error(e)
})

Notice

the original node-forge current does not support Tls v1.2 but this lib does and I had made PR to it.Once node-forge support Tls v1.2 I will use original node-forge

About

make https request using HSM in pure JS

Topics

nodejs tls hsm

Resources

Readme
Activity

Stars

5 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages