Merge pull request #105 from Nikoo00o/master

Added a new param for the "Not Before" flag of self signed x.509 certificates
Ephenodrom · Oct 6, 2023 · 42e43ce · 42e43ce
2 parents e03ba49 + 7aebce4
commit 42e43ce
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/lib/src/X509Utils.dart b/lib/src/X509Utils.dart
@@ -292,6 +292,8 @@ class X509Utils {
   /// * [extKeyUsage] = The extended key usage definition
   /// * [serialNumber] = The serialnumber. If not set the default will be 1.
   /// * [issuer] = The issuer. If null, the issuer will be the subject of the given csr.
+  /// * [notBefore] = The Timestamp after when the certificate is valid. If null, this will be [DateTime.now].
+  /// The "Not After" property of the certificate will have the [days] added to [notBefore].
   ///
   static String generateSelfSignedCertificate(
     PrivateKey privateKey,
@@ -302,6 +304,7 @@ class X509Utils {
     List<ExtendedKeyUsage>? extKeyUsage,
     String serialNumber = '1',
     Map<String, String>? issuer,
+    DateTime? notBefore,
   }) {
     var csrData = csrFromPem(csr);
 
@@ -348,8 +351,9 @@ class X509Utils {
 
     // Add Validity
     var validitySeq = ASN1Sequence();
-    validitySeq.add(ASN1UtcTime(DateTime.now()));
-    validitySeq.add(ASN1UtcTime(DateTime.now().add(Duration(days: days))));
+    final DateTime from = notBefore ?? DateTime.now();
+    validitySeq.add(ASN1UtcTime(from));
+    validitySeq.add(ASN1UtcTime(from.add(Duration(days: days))));
     data.add(validitySeq);
 
     // Add Subject

diff --git a/test/x509_utils_test.dart b/test/x509_utils_test.dart
@@ -1628,6 +1628,38 @@ SEQUENCE (1 elem)
         });
   });
 
+  test('Test generateSelfSignedCertificate custom validity', () {
+    final int days = 365;
+    final DateTime notBefore = DateTime.now();
+    final DateTime notAfter = notBefore.add(Duration(days: days));
+    var pair = CryptoUtils.generateRSAKeyPair();
+    var dn = {
+      'CN': 'basic-utils.dev',
+      'O': 'Magic Company',
+      'L': 'Fäkecity',
+      'S': 'FakeState',
+      'C': 'DE',
+    };
+    var csr = X509Utils.generateRsaCsrPem(
+        dn, pair.privateKey as RSAPrivateKey, pair.publicKey as RSAPublicKey,
+        san: ['san1.basic-utils.dev', 'san2.basic-utils.dev']);
+    var pem = X509Utils.generateSelfSignedCertificate(
+      pair.privateKey,
+      csr,
+      days,
+      sans: ['san1.basic-utils.dev', 'san2.basic-utils.dev'],
+      extKeyUsage: [ExtendedKeyUsage.SERVER_AUTH, ExtendedKeyUsage.CLIENT_AUTH],
+      notBefore: notBefore,
+    );
+    var x509 = X509Utils.x509CertificateFromPem(pem);
+    expect(x509.tbsCertificate?.validity.notBefore.toIso8601String().substring(0, 10),
+        notBefore.toUtc().toIso8601String().substring(0, 10),
+        reason: "notBefore match except milliseconds as utc");
+    expect(x509.tbsCertificate?.validity.notAfter.toIso8601String().substring(0, 10),
+        notAfter.toUtc().toIso8601String().substring(0, 10),
+        reason: "notAfter match except milliseconds as utc");
+  });
+
   test('Test generateSelfSignedCertificate with ECC', () {
     var pair = CryptoUtils.generateEcKeyPair();
     var dn = {