Skip to content

Commit

Permalink
Merge pull request #105 from Nikoo00o/master
Browse files Browse the repository at this point in the history
Added a new param for the "Not Before" flag of self signed x.509 certificates
  • Loading branch information
Ephenodrom authored Oct 6, 2023
2 parents e03ba49 + 7aebce4 commit 42e43ce
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 2 deletions.
8 changes: 6 additions & 2 deletions lib/src/X509Utils.dart
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,8 @@ class X509Utils {
/// * [extKeyUsage] = The extended key usage definition
/// * [serialNumber] = The serialnumber. If not set the default will be 1.
/// * [issuer] = The issuer. If null, the issuer will be the subject of the given csr.
/// * [notBefore] = The Timestamp after when the certificate is valid. If null, this will be [DateTime.now].
/// The "Not After" property of the certificate will have the [days] added to [notBefore].
///
static String generateSelfSignedCertificate(
PrivateKey privateKey,
Expand All @@ -302,6 +304,7 @@ class X509Utils {
List<ExtendedKeyUsage>? extKeyUsage,
String serialNumber = '1',
Map<String, String>? issuer,
DateTime? notBefore,
}) {
var csrData = csrFromPem(csr);

Expand Down Expand Up @@ -348,8 +351,9 @@ class X509Utils {

// Add Validity
var validitySeq = ASN1Sequence();
validitySeq.add(ASN1UtcTime(DateTime.now()));
validitySeq.add(ASN1UtcTime(DateTime.now().add(Duration(days: days))));
final DateTime from = notBefore ?? DateTime.now();
validitySeq.add(ASN1UtcTime(from));
validitySeq.add(ASN1UtcTime(from.add(Duration(days: days))));
data.add(validitySeq);

// Add Subject
Expand Down
32 changes: 32 additions & 0 deletions test/x509_utils_test.dart
Original file line number Diff line number Diff line change
Expand Up @@ -1628,6 +1628,38 @@ SEQUENCE (1 elem)
});
});

test('Test generateSelfSignedCertificate custom validity', () {
final int days = 365;
final DateTime notBefore = DateTime.now();
final DateTime notAfter = notBefore.add(Duration(days: days));
var pair = CryptoUtils.generateRSAKeyPair();
var dn = {
'CN': 'basic-utils.dev',
'O': 'Magic Company',
'L': 'Fäkecity',
'S': 'FakeState',
'C': 'DE',
};
var csr = X509Utils.generateRsaCsrPem(
dn, pair.privateKey as RSAPrivateKey, pair.publicKey as RSAPublicKey,
san: ['san1.basic-utils.dev', 'san2.basic-utils.dev']);
var pem = X509Utils.generateSelfSignedCertificate(
pair.privateKey,
csr,
days,
sans: ['san1.basic-utils.dev', 'san2.basic-utils.dev'],
extKeyUsage: [ExtendedKeyUsage.SERVER_AUTH, ExtendedKeyUsage.CLIENT_AUTH],
notBefore: notBefore,
);
var x509 = X509Utils.x509CertificateFromPem(pem);
expect(x509.tbsCertificate?.validity.notBefore.toIso8601String().substring(0, 10),
notBefore.toUtc().toIso8601String().substring(0, 10),
reason: "notBefore match except milliseconds as utc");
expect(x509.tbsCertificate?.validity.notAfter.toIso8601String().substring(0, 10),
notAfter.toUtc().toIso8601String().substring(0, 10),
reason: "notAfter match except milliseconds as utc");
});

test('Test generateSelfSignedCertificate with ECC', () {
var pair = CryptoUtils.generateEcKeyPair();
var dn = {
Expand Down

0 comments on commit 42e43ce

Please sign in to comment.