tls: add derCertToPemCert()

When calling getPeerCertificate(), the cert is returned as a raw DER buffer. I often need to convert these to PEM format. This was modeled after Python's ssl.der_cert_to_pem_cert
nodejs · May 26, 2018 · 3e8fffc · 3e8fffc
1 parent 39f2096
commit 3e8fffc
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/lib/_tls_common.js b/lib/_tls_common.js
@@ -24,6 +24,7 @@
 const { parseCertString } = require('internal/tls');
 const { isArrayBufferView } = require('internal/util/types');
 const tls = require('tls');
+const { Buffer } = require('buffer');
 const {
   ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED,
   ERR_INVALID_ARG_TYPE
@@ -249,3 +250,16 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
   }
   return c;
 };
+
+exports.derCertToPemCert = function derCertToPemCert(cert) {
+  const chars = Buffer.from(cert).toString('base64').split('');
+  let formattedCert = '-----BEGIN CERTIFICATE-----';
+  for (var i = 0; i < chars.length; i++) {
+    if (i % 64 === 0) {
+      formattedCert += '\n';
+    }
+    formattedCert += chars[i];
+  }
+  formattedCert += '\n-----END CERTIFICATE-----\n';
+  return formattedCert;
+};
diff --git a/lib/tls.js b/lib/tls.js
@@ -275,6 +275,7 @@ exports.parseCertString = internalUtil.deprecate(
 
 exports.createSecureContext = _tls_common.createSecureContext;
 exports.SecureContext = _tls_common.SecureContext;
+exports.derCertToPemCert = _tls_common.derCertToPemCert;
 exports.TLSSocket = _tls_wrap.TLSSocket;
 exports.Server = _tls_wrap.Server;
 exports.createServer = _tls_wrap.createServer;

diff --git a/test/parallel/test-tls-der-cert-to-pem-cert.js b/test/parallel/test-tls-der-cert-to-pem-cert.js
@@ -0,0 +1,26 @@
+'use strict';
+const common = require('../common');
+const fixtures = require('../common/fixtures');
+if (!common.hasCrypto) {
+  common.skip('missing crypto');
+}
+const tls = require('tls');
+
+// Verify that detailed getPeerCertificate() return value has all certs.
+
+const {
+  assert, connect, keys
+} = require(fixtures.path('tls-connect'));
+
+connect({
+  client: { rejectUnauthorized: false },
+  server: keys.agent1,
+}, function(err, pair, cleanup) {
+  assert.ifError(err);
+  const socket = pair.client.conn;
+  const peerCert = socket.getPeerCertificate();
+  const pemCert = tls.derCertToPemCert(peerCert.raw);
+  assert.strictEqual(pemCert, keys.agent1.cert);
+
+  return cleanup();
+});