Initial commit (by create-cloudflare CLI)

7 files changed, 606 insertions, 0 deletions

diff --git a/node_modules/selfsigned/.jshintrc b/node_modules/selfsigned/.jshintrc
new file mode 100644
index 0000000..8d1504a
--- /dev/null
+++ b/node_modules/selfsigned/.jshintrc
@@ -0,0 +1,39 @@
+{
+  "camelcase": false,
+  "curly": false,
+
+  "node": true,
+  "esnext": true,
+  "bitwise": true,
+  "eqeqeq": true,
+  "immed": true,
+  "indent": 2,
+  "latedef": true,
+  "newcap": true,
+  "noarg": true,
+  "regexp": true,
+  "undef": true,
+  "strict": false,
+  "smarttabs": true,
+  "expr": true,
+
+  "evil": true,
+  "browser": true,
+  "regexdash": true,
+  "wsh": true,
+  "trailing": true,
+  "sub": true,
+  "unused": true,
+  "laxcomma": true,
+
+  "globals": {
+    "after": false,
+    "before": false,
+    "afterEach": false,
+    "beforeEach": false,
+    "describe": false,
+    "it": false,
+    "DOMParser": true,
+    "XMLSerializer": true
+  }
+}
diff --git a/node_modules/selfsigned/LICENSE b/node_modules/selfsigned/LICENSE
new file mode 100644
index 0000000..d17477e
--- /dev/null
+++ b/node_modules/selfsigned/LICENSE
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2013 José F. Romaniello
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/node_modules/selfsigned/README.md b/node_modules/selfsigned/README.md
new file mode 100644
index 0000000..98a8066
--- /dev/null
+++ b/node_modules/selfsigned/README.md
@@ -0,0 +1,83 @@
+Generate a self signed x509 certificate from node.js.
+
+## Install
+
+```bash
+  npm install selfsigned
+```
+
+## Usage
+
+```js
+var selfsigned = require('selfsigned');
+var attrs = [{ name: 'commonName', value: 'contoso.com' }];
+var pems = selfsigned.generate(attrs, { days: 365 });
+console.log(pems)
+```
+
+#### Async
+
+```js
+selfsigned.generate(attrs, { days: 365 }, function (err, pems) {
+  console.log(pems)
+});
+```
+
+Will return the following like this:
+
+```js
+{
+  private: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQCBFMXMYS/+RZz6+qzv+xeqXPdjw4YKZC4y3dPhSwgEwkecrCTX\r\nsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vMTrTx6YwqQ8tceBPoyuuqcYBO\r\nOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKAgY0m5WIuaKrW6mvLXQIDAQAB\r\nAoGAU6ODGxAqSecPdayyG/ml9vSwNAuAMgGB0eHcpZG5i2PbhRAh+0TAIXaoFQXJ\r\naAPeA2ISqlTJyRmQXYAO2uj61FzeyDzYCf0z3+yZEVz3cO7jB5Pl6iBvzbxWuuuA\r\ncbJtWLhWtW5/jioc8F0EAzZ+lkC/XuVJdwKHDmwt2qvJO+ECQQD+dvo1g3Sz9xGw\r\n21n+fDG5i4128+Qh+JPgh5AeLuXSofc1HMHaOXcC6Wu/Cloh7QAD934b7W0A7VoD\r\ndLd/JLyFAkEAgdwjryyvdhy69e516IrPB3b+m4rggtntBlZREMrk9tOzeIucVO3W\r\ntKI3FHm6JebN2gVcG+rZ+FaDPo+ifJkW+QJBAPojrMwEACmUevB2f9246gxx0UsY\r\nbq6yM3No71OsWEEY8/Bi53CEQqg7Gq5+F6H33qcHmBEN8LQTngN9rY+vZh0CQBg0\r\nqJImii5B/LeK03+dICoMDDmCEYdSh9P+ku3GZBd+Lp3xqBpMmxDgi9PNPN2DwCs7\r\nhIfPpwGbXqtyqp7/CkECQB4OdY+2FbCciI473eQkTu310RMf8jElU63iwnx4R/XN\r\n/mgqN589OfF4SS0U/MoRzYk9jF9IAJN1Mi/571T+nw4=\r\n-----END RSA PRIVATE KEY-----\r\n',
+  public: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBFMXMYS/+RZz6+qzv+xeqXPdj\r\nw4YKZC4y3dPhSwgEwkecrCTXsR6boue+1MjIqPqWggXZnotIGldfEN0kn0Jbh2vM\r\nTrTx6YwqQ8tceBPoyuuqcYBOOONAcKOB3MLnZbyOgVtbyT3j68JE5V/lx6LhpIKA\r\ngY0m5WIuaKrW6mvLXQIDAQAB\r\n-----END PUBLIC KEY-----\r\n',
+  cert: '-----BEGIN CERTIFICATE-----\r\nMIICjTCCAfagAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt\r\ncGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTEz\r\nMDgxMzA1NDAyN1oXDTE0MDgxMzA1NDAyN1owaTEUMBIGA1UEAxMLZXhhbXBsZS5v\r\ncmcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxh\r\nY2tzYnVyZzENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDCBnzANBgkqhkiG\r\n9w0BAQEFAAOBjQAwgYkCgYEAgRTFzGEv/kWc+vqs7/sXqlz3Y8OGCmQuMt3T4UsI\r\nBMJHnKwk17Eem6LnvtTIyKj6loIF2Z6LSBpXXxDdJJ9CW4drzE608emMKkPLXHgT\r\n6MrrqnGATjjjQHCjgdzC52W8joFbW8k94+vCROVf5cei4aSCgIGNJuViLmiq1upr\r\ny10CAwEAAaNFMEMwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAvQwJgYDVR0RBB8w\r\nHYYbaHR0cDovL2V4YW1wbGUub3JnL3dlYmlkI21lMA0GCSqGSIb3DQEBBQUAA4GB\r\nAC9hGQlDh8anNo1YDJdG2mYqOQ5uybJV++kixblGaOkoDROPsWepUpL6kMDUtbAM\r\n4uXTyFkvlUQSaQkhNgOY5w/BRIAkCIu6u4D4XcjlCdwFq6vcKMEuWTHMAlBWFla3\r\nXJZAPO10PHuDen7JeMOUf1Re7lRFtwfRGAvVYmrvYFKv\r\n-----END CERTIFICATE-----\r\n'
+}
+```
+
+## Attributes
+
+for attributes, please refer to: https://github.com/digitalbazaar/forge/blob/master/lib/x509.js
+
+## Options
+
+```js
+var pems = selfsigned.generate(null, {
+  keySize: 2048, // the size for the private key in bits (default: 1024)
+  days: 30, // how long till expiry of the signed certificate (default: 365)
+  algorithm: 'sha256', // sign the certificate with specified algorithm (default: 'sha1')
+  extensions: [{ name: 'basicConstraints', cA: true }], // certificate extensions array
+  pkcs7: true, // include PKCS#7 as part of the output (default: false)
+  clientCertificate: true, // generate client cert signed by the original key (default: false)
+  clientCertificateCN: 'jdoe' // client certificate's common name (default: 'John Doe jdoe123')
+});
+```
+
+> You can avoid key pair generation specifying your own keys (`{ keyPair: { publicKey: '-----BEGIN PUBLIC KEY-----...', privateKey: '-----BEGIN RSA PRIVATE KEY-----...' }`)
+
+### Generate Client Certificates
+
+If you are in an environment where servers require client certificates, you can generate client keys signed by the original (server) key.
+
+```js
+var pems = selfsigned.generate(null, { clientCertificate: true });
+console.log(pems)
+```
+Will return the following like this:
+
+```js
+{ private: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXQIBAAKBgQDLg/kS4dCPVu96sbK6MQuUPmhqnF8SeBXVHH18h+0BTj7HqnrA\r\nA75hNVIiSLTChvpzQ0qi2Ju7O2ESUOdx7cvGiftGuZLiI8uL2HVlYuX+wQTIoRHx\r\n9nxv56TIiqnPg5d05vSTLXoiJg5uac3a6+4vnhhTo0XRRXVVboZsfNpuGQIDAQAB\r\nAoGAfhCd9QhUPLZJWeNBJvzCg221GHUMn1Arlfsz8DPyp+BkGyKLLu4iu+xfmEUZ\r\nU3ZxJX0FeqJatTwvAT2EYJpAovx+F37PWFTLAS6T57WI1O5Lj1pTIKVkLrasNQgF\r\nl6qFD3cvEtCZve4LiwDoJ52FO2OtcDcMJ0r2oqbCXSDIlAECQQDnkkxKcTejBZGH\r\nyYEXG9hAznnEZ63LLzlHHF2cIPfxT+9826Wm0IzBxn8Wr4hcAbNx3bVKgsU9p7xA\r\nfKnSqObhAkEA4PwCjPQqxFpiYUmNt7htb8nCEvUDD/QSDyxAH/uJzfr6gOJOD5nT\r\n5gZYblC+CCMDkgDUpro6oATNyeRNoU3GOQJBANdaW26DWZ1WqV9hCpcGAxdJrT30\r\nuVASq66w93Ehy9LzZqFz1tqKacwvH7NmLGZ8AngrGdSgRnOvEMfb50aMYqECQDcG\r\nzCTnbzJZHOjIkaXWsMV/pjz2ugoD2wrk+sYXwoujj/NH5mnAaOhAsw5AJ0pcLfpe\r\nw6QHtmD+68ouUaJbIFkCQQDeu0AXAp6Kbk6570i2DpGUSnkRdGCGS+3ekqqJUpE7\r\nfVUSx1nCF1sPD0p+pO8Rj3i87iI4MlblQRm/wVkrkjiR\r\n-----END RSA PRIVATE KEY-----\r\n',
+  public: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLg/kS4dCPVu96sbK6MQuUPmhq\r\nnF8SeBXVHH18h+0BTj7HqnrAA75hNVIiSLTChvpzQ0qi2Ju7O2ESUOdx7cvGiftG\r\nuZLiI8uL2HVlYuX+wQTIoRHx9nxv56TIiqnPg5d05vSTLXoiJg5uac3a6+4vnhhT\r\no0XRRXVVboZsfNpuGQIDAQAB\r\n-----END PUBLIC KEY-----\r\n',
+  cert: '-----BEGIN CERTIFICATE-----\r\nMIIClTCCAf6gAwIBAgIJdMZqoEeGMVYKMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMTUxMDI5MTMwNjA1WhcNMTYxMDI4MTMwNjA1WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIGf\r\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLg/kS4dCPVu96sbK6MQuUPmhqnF8S\r\neBXVHH18h+0BTj7HqnrAA75hNVIiSLTChvpzQ0qi2Ju7O2ESUOdx7cvGiftGuZLi\r\nI8uL2HVlYuX+wQTIoRHx9nxv56TIiqnPg5d05vSTLXoiJg5uac3a6+4vnhhTo0XR\r\nRXVVboZsfNpuGQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAm\r\nBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcN\r\nAQEFBQADgYEAj1Yyyb0R9KRFjIWNFi6RErB/riWylW4CdOK1hOyJZ+VRBWeYLKfX\r\ni///V+tqRvLlYY5x5DnrjXbDjBy0CZuN/J772/Srgp7Nl5cn92zynMJK1q4MEEs3\r\nAE/FO85R0HbGEp+IrwUwDOLR6omBFVdh1EUOTcQU2jLZNbWvLDiWbDo=\r\n-----END CERTIFICATE-----\r\n',
+  clientprivate: '-----BEGIN RSA PRIVATE KEY-----\r\nMIICWwIBAAKBgQDjR5FrrdZ1jirqkx3KMPnGjrcObj/vmztWTEZ1kX6gTskQugJU\r\noxktzwDZza4jYODC6Ud2jouFLWeAi5BDSAeLwAQb951qVD9zVsmQ+63V/mvSJUoj\r\nigwj7YjcxyReJ17F0YgjceqrkZaPM8YRo8h1fj1JdPc4ZOUgA5ASZ0h2ewIDAQAB\r\nAoGAfB5DbjibG8ut6Di7VgX1AdhCY+EVjXaKqxAwklgIfOdJqpbKWwpO39NiNY+7\r\nf5qSZB8dZcNmsi4fjfWprPSTGVkk1Qp2uibtFS4MhbLEeyy4cgZfMIBQY+HD0Asf\r\n1NU7WTY5QfzgH3HAKuWpUEWdar/jE+hDPA+wnsMg+TgGARECQQDzlc+5WA9JsG9f\r\nwNRzhMGRxDP4QLmL0iLWupF4BMP/k4OLMjDtzWl725WJ4FjCzML7mSmkWWe/P8f5\r\nwrbR+e8lAkEA7t0CEsiIw8BE55YMuGIz5xI0QDnuwNWmCEmq6+ZziW3L+EuAr1S4\r\nDORqBYm5DuRvBWkWE9Sld0a8vNqWh58tHwJAP1ZYEhicuQuAmkRYucTuVEnRPZ8O\r\n4BV+65jNlIigskcYMEyXvm3oHMWnJ5fHXLfDh4p28n4w5ODfzcjcotK7ZQJAE7bX\r\n8fbtGsLmrPp8aEdqozqkZ1ygsPexMWPrIHcvt/sA56hLoazrV90ORxC73lfKNfcb\r\nZF2bnoGPGEMuQ1lG3wJAPnHysm3DgbSHZQiXWMjF4YDRRV2AeOqX1fmlSeMErwdj\r\ncwIs+ikIBnOwUOh6liJ7yK1YnckDTZTOfUDyG+vdFQ==\r\n-----END RSA PRIVATE KEY-----\r\n',
+  clientpublic: '-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjR5FrrdZ1jirqkx3KMPnGjrcO\r\nbj/vmztWTEZ1kX6gTskQugJUoxktzwDZza4jYODC6Ud2jouFLWeAi5BDSAeLwAQb\r\n951qVD9zVsmQ+63V/mvSJUojigwj7YjcxyReJ17F0YgjceqrkZaPM8YRo8h1fj1J\r\ndPc4ZOUgA5ASZ0h2ewIDAQAB\r\n-----END PUBLIC KEY-----\r\n',
+  clientcert: '-----BEGIN CERTIFICATE-----\r\nMIICSzCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt\r\ncGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTE1\r\nMTAyOTEzMDYwNVoXDTE2MTAyOTEzMDYwNVowbjEZMBcGA1UEAxMQSm9obiBEb2Ug\r\namRvZTEyMzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH\r\nEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIGfMA0G\r\nCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjR5FrrdZ1jirqkx3KMPnGjrcObj/vmztW\r\nTEZ1kX6gTskQugJUoxktzwDZza4jYODC6Ud2jouFLWeAi5BDSAeLwAQb951qVD9z\r\nVsmQ+63V/mvSJUojigwj7YjcxyReJ17F0YgjceqrkZaPM8YRo8h1fj1JdPc4ZOUg\r\nA5ASZ0h2ewIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACOUglBxJ80jzR3DSSMrgRav\r\n7deKUPShEPC3tbVrc3LHPGpCEJUC309aK2mbMwz2jX78tr/ezePELKbyRggUvVgN\r\nB0XdIQkpR9X4mPdtFYkMiWKNVYKd79r0kolprgFPryhT3jsICIOnwE1Ur23Q+Fk2\r\nnizRS0HY4Q25JLCmsWWy\r\n-----END CERTIFICATE-----\r\n' }
+```
+
+To override the default client CN of `john doe jdoe123`, add another option for `clientCertificateCN`:
+
+```js
+var pems = selfsigned.generate(null, { clientCertificate: true, clientCertificateCN: 'FooBar' });
+```
+
+## License
+
+MIT
diff --git a/node_modules/selfsigned/index.d.ts b/node_modules/selfsigned/index.d.ts
new file mode 100644
index 0000000..e5b368e
--- /dev/null
+++ b/node_modules/selfsigned/index.d.ts
@@ -0,0 +1,57 @@
+import { pki } from 'node-forge'
+
+declare interface SelfsignedOptions {
+  /**
+   * The number of days before expiration
+   *
+   * @default 365 */
+  days?: number
+  /**
+   * the size for the private key in bits
+   * @default 1024
+   */
+  keySize?: number
+  /**
+   * additional extensions for the certificate
+   */
+  extensions?: any[];
+  /**
+   * The signature algorithm sha256 or sha1
+   * @default "sha1"
+   */
+  algorithm?: string
+  /**
+   * include PKCS#7 as part of the output
+   * @default false
+   */
+  pkcs7?: boolean
+  /**
+   * generate client cert signed by the original key
+   * @default false
+   */
+  clientCertificate?: undefined
+  /**
+   * client certificate's common name
+   * @default "John Doe jdoe123"
+   */
+  clientCertificateCN?: string
+}
+
+declare interface GenerateResult {
+  private: string
+  public: string
+  cert: string
+  fingerprint: string
+}
+
+declare function generate(
+  attrs?: pki.CertificateField[],
+  opts?: SelfsignedOptions
+): GenerateResult
+
+declare function generate(
+  attrs?: pki.CertificateField[],
+  opts?: SelfsignedOptions,
+  /** Optional callback, if not provided the generation is synchronous */
+  done?: (err: undefined | Error, result: GenerateResult) => any
+): void
diff --git a/node_modules/selfsigned/index.js b/node_modules/selfsigned/index.js
new file mode 100644
index 0000000..f114d20
--- /dev/null
+++ b/node_modules/selfsigned/index.js
@@ -0,0 +1,205 @@
+var forge = require('node-forge');
+
+// a hexString is considered negative if it's most significant bit is 1
+// because serial numbers use ones' complement notation
+// this RFC in section 4.1.2.2 requires serial numbers to be positive
+// http://www.ietf.org/rfc/rfc5280.txt
+function toPositiveHex(hexString){
+  var mostSiginficativeHexAsInt = parseInt(hexString[0], 16);
+  if (mostSiginficativeHexAsInt < 8){
+    return hexString;
+  }
+
+  mostSiginficativeHexAsInt -= 8;
+  return mostSiginficativeHexAsInt.toString() + hexString.substring(1);
+}
+
+function getAlgorithm(key) {
+  switch (key) {
+    case 'sha256':
+      return forge.md.sha256.create();
+    default:
+      return forge.md.sha1.create();
+  }
+}
+
+/**
+ *
+ * @param {forge.pki.CertificateField[]} attrs Attributes used for subject and issuer.
+ * @param {object} options
+ * @param {number} [options.days=365] the number of days before expiration
+ * @param {number} [options.keySize=1024] the size for the private key in bits
+ * @param {object} [options.extensions] additional extensions for the certificate
+ * @param {string} [options.algorithm="sha1"] The signature algorithm sha256 or sha1
+ * @param {boolean} [options.pkcs7=false] include PKCS#7 as part of the output
+ * @param {boolean} [options.clientCertificate=false] generate client cert signed by the original key
+ * @param {string} [options.clientCertificateCN="John Doe jdoe123"] client certificate's common name
+ * @param {function} [done] Optional callback, if not provided the generation is synchronous
+ * @returns
+ */
+exports.generate = function generate(attrs, options, done) {
+  if (typeof attrs === 'function') {
+    done = attrs;
+    attrs = undefined;
+  } else if (typeof options === 'function') {
+    done = options;
+    options = {};
+  }
+
+  options = options || {};
+
+  var generatePem = function (keyPair) {
+    var cert = forge.pki.createCertificate();
+
+    cert.serialNumber = toPositiveHex(forge.util.bytesToHex(forge.random.getBytesSync(9))); // the serial number can be decimal or hex (if preceded by 0x)
+
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setDate(cert.validity.notBefore.getDate() + (options.days || 365));
+
+    attrs = attrs || [{
+      name: 'commonName',
+      value: 'example.org'
+    }, {
+      name: 'countryName',
+      value: 'US'
+    }, {
+      shortName: 'ST',
+      value: 'Virginia'
+    }, {
+      name: 'localityName',
+      value: 'Blacksburg'
+    }, {
+      name: 'organizationName',
+      value: 'Test'
+    }, {
+      shortName: 'OU',
+      value: 'Test'
+    }];
+
+    cert.setSubject(attrs);
+    cert.setIssuer(attrs);
+
+    cert.publicKey = keyPair.publicKey;
+
+    cert.setExtensions(options.extensions || [{
+      name: 'basicConstraints',
+      cA: true
+    }, {
+      name: 'keyUsage',
+      keyCertSign: true,
+      digitalSignature: true,
+      nonRepudiation: true,
+      keyEncipherment: true,
+      dataEncipherment: true
+    }, {
+      name: 'subjectAltName',
+      altNames: [{
+        type: 6, // URI
+        value: 'http://example.org/webid#me'
+      }]
+    }]);
+
+    cert.sign(keyPair.privateKey, getAlgorithm(options && options.algorithm));
+
+    const fingerprint = forge.md.sha1
+                          .create()
+                          .update(forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes())
+                          .digest()
+                          .toHex()
+                          .match(/.{2}/g)
+                          .join(':');
+
+    var pem = {
+      private:     forge.pki.privateKeyToPem(keyPair.privateKey),
+      public:      forge.pki.publicKeyToPem(keyPair.publicKey),
+      cert:        forge.pki.certificateToPem(cert),
+      fingerprint: fingerprint,
+    };
+
+    if (options && options.pkcs7) {
+      var p7 = forge.pkcs7.createSignedData();
+      p7.addCertificate(cert);
+      pem.pkcs7 = forge.pkcs7.messageToPem(p7);
+    }
+
+    if (options && options.clientCertificate) {
+      var clientkeys = forge.pki.rsa.generateKeyPair(1024);
+      var clientcert = forge.pki.createCertificate();
+      clientcert.serialNumber = toPositiveHex(forge.util.bytesToHex(forge.random.getBytesSync(9)));
+      clientcert.validity.notBefore = new Date();
+      clientcert.validity.notAfter = new Date();
+      clientcert.validity.notAfter.setFullYear(clientcert.validity.notBefore.getFullYear() + 1);
+
+      var clientAttrs = JSON.parse(JSON.stringify(attrs));
+
+      for(var i = 0; i < clientAttrs.length; i++) {
+        if(clientAttrs[i].name === 'commonName') {
+          if( options.clientCertificateCN )
+            clientAttrs[i] = { name: 'commonName', value: options.clientCertificateCN };
+          else
+            clientAttrs[i] = { name: 'commonName', value: 'John Doe jdoe123' };
+        }
+      }
+
+      clientcert.setSubject(clientAttrs);
+
+      // Set the issuer to the parent key
+      clientcert.setIssuer(attrs);
+
+      clientcert.publicKey = clientkeys.publicKey;
+
+      // Sign client cert with root cert
+      clientcert.sign(keyPair.privateKey);
+
+      pem.clientprivate = forge.pki.privateKeyToPem(clientkeys.privateKey);
+      pem.clientpublic = forge.pki.publicKeyToPem(clientkeys.publicKey);
+      pem.clientcert = forge.pki.certificateToPem(clientcert);
+
+      if (options.pkcs7) {
+        var clientp7 = forge.pkcs7.createSignedData();
+        clientp7.addCertificate(clientcert);
+        pem.clientpkcs7 = forge.pkcs7.messageToPem(clientp7);
+      }
+    }
+
+    var caStore = forge.pki.createCaStore();
+    caStore.addCertificate(cert);
+
+    try {
+      forge.pki.verifyCertificateChain(caStore, [cert],
+        function (vfd, depth, chain) {
+          if (vfd !== true) {
+            throw new Error('Certificate could not be verified.');
+          }
+          return true;
+        });
+    }
+    catch(ex) {
+      throw new Error(ex);
+    }
+
+    return pem;
+  };
+
+  var keySize = options.keySize || 1024;
+
+  if (done) { // async scenario
+    return forge.pki.rsa.generateKeyPair({ bits: keySize }, function (err, keyPair) {
+      if (err) { return done(err); }
+
+      try {
+        return done(null, generatePem(keyPair));
+      } catch (ex) {
+        return done(ex);
+      }
+    });
+  }
+
+  var keyPair = options.keyPair ? {
+    privateKey: forge.pki.privateKeyFromPem(options.keyPair.privateKey),
+    publicKey: forge.pki.publicKeyFromPem(options.keyPair.publicKey)
+  } : forge.pki.rsa.generateKeyPair(keySize);
+
+  return generatePem(keyPair);
+};
diff --git a/node_modules/selfsigned/package.json b/node_modules/selfsigned/package.json
new file mode 100644
index 0000000..9dd1b0d
--- /dev/null
+++ b/node_modules/selfsigned/package.json
@@ -0,0 +1,44 @@
+{
+  "name": "selfsigned",
+  "version": "2.1.1",
+  "description": "Generate self signed certificates private and public keys",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "scripts": {
+    "test": "mocha -t 5000"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/jfromaniello/selfsigned.git"
+  },
+  "keywords": [
+    "openssl",
+    "self",
+    "signed",
+    "certificates"
+  ],
+  "author": "José F. Romaniello <jfromaniello@gmail.com> (http://joseoncode.com)",
+  "contributors": [
+    {
+      "name": "Paolo Fragomeni",
+      "email": "paolo@async.ly",
+      "url": "http://async.ly"
+    },
+    {
+      "name": "Charles Bushong",
+      "email": "bushong1@gmail.com",
+      "url": "http://github.com/bushong1"
+    }
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "node-forge": "^1"
+  },
+  "devDependencies": {
+    "chai": "^4.3.4",
+    "mocha": "^9.1.1"
+  },
+  "engines": {
+    "node": ">=10"
+  }
+}
diff --git a/node_modules/selfsigned/test/tests.js b/node_modules/selfsigned/test/tests.js
new file mode 100644
index 0000000..be003fb
--- /dev/null
+++ b/node_modules/selfsigned/test/tests.js
@@ -0,0 +1,156 @@
+var { assert } = require('chai');
+var forge      = require('node-forge');
+var fs         = require('fs');
+var exec       = require('child_process').exec;
+
+describe('generate', function () {
+
+  var generate = require('../index').generate;
+
+  it('should work without attrs/options', function (done) {
+    var pems = generate();
+    assert.ok(!!pems.private, 'has a private key');
+    assert.ok(!!pems.fingerprint, 'has fingerprint');
+    assert.ok(!!pems.public, 'has a public key');
+    assert.ok(!!pems.cert, 'has a certificate');
+    assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');
+    assert.ok(!pems.clientcert, 'should not include a client cert by default');
+    assert.ok(!pems.clientprivate, 'should not include a client private key by default');
+    assert.ok(!pems.clientpublic, 'should not include a client public key by default');
+
+    var caStore = forge.pki.createCaStore();
+    caStore.addCertificate(pems.cert);
+    done();
+  });
+
+  it('should generate client cert', function (done) {
+    var pems = generate(null, {clientCertificate: true});
+
+    assert.ok(!!pems.clientcert, 'should include a client cert when requested');
+    assert.ok(!!pems.clientprivate, 'should include a client private key when requested');
+    assert.ok(!!pems.clientpublic, 'should include a client public key when requested');
+    done();
+  });
+
+  it('should include pkcs7', function (done) {
+    var pems = generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true});
+
+    assert.ok(!!pems.pkcs7, 'has a pkcs7');
+
+    try {
+      fs.unlinkSync('/tmp/tmp.pkcs7');
+    } catch (er) {}
+
+    fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);
+    exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {
+      if (err) {
+        return done(err);
+      }
+
+      const errorMessage = stderr.toString();
+      if (errorMessage.length) {
+        return done(new Error(errorMessage));
+      }
+
+      const expected = stdout.toString();
+      let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);
+      cert = cert.filter(c => c);
+      assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);
+      assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);
+      assert.strictEqual(
+        pems.cert,
+        cert.join('\r\n') + '\r\n'
+      );
+
+      done();
+    });
+  });
+
+  it('should support sha1 algorithm', function (done) {
+    var pems_sha1 = generate(null, { algorithm: 'sha1' });
+    assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');
+    done();
+  });
+
+  it('should support sha256 algorithm', function (done) {
+    var pems_sha256 = generate(null, { algorithm: 'sha256' });
+    assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');
+    done();
+  });
+
+  describe('with callback', function () {
+    it('should work without attrs/options', function (done) {
+      generate(function (err, pems) {
+        if (err) done(err);
+        assert.ok(!!pems.private, 'has a private key');
+        assert.ok(!!pems.public, 'has a public key');
+        assert.ok(!!pems.cert, 'has a certificate');
+        assert.ok(!pems.pkcs7, 'should not include a pkcs7 by default');
+        assert.ok(!pems.clientcert, 'should not include a client cert by default');
+        assert.ok(!pems.clientprivate, 'should not include a client private key by default');
+        assert.ok(!pems.clientpublic, 'should not include a client public key by default');
+        done();
+      });
+    });
+
+    it('should generate client cert', function (done) {
+      generate(null, {clientCertificate: true}, function (err, pems) {
+        if (err) done(err);
+        assert.ok(!!pems.clientcert, 'should include a client cert when requested');
+        assert.ok(!!pems.clientprivate, 'should include a client private key when requested');
+        assert.ok(!!pems.clientpublic, 'should include a client public key when requested');
+        done();
+      });
+    });
+
+    it('should include pkcs7', function (done) {
+      generate([{ name: 'commonName', value: 'contoso.com' }], {pkcs7: true}, function (err, pems) {
+        if (err) done(err);
+        assert.ok(!!pems.pkcs7, 'has a pkcs7');
+
+        try {
+          fs.unlinkSync('/tmp/tmp.pkcs7');
+        } catch (er) {}
+
+        fs.writeFileSync('/tmp/tmp.pkcs7', pems.pkcs7);
+        exec('openssl pkcs7 -print_certs -in /tmp/tmp.pkcs7', function (err, stdout, stderr) {
+          if (err) {
+            return done(err);
+          }
+
+          const errorMessage = stderr.toString();
+          if (errorMessage.length) {
+            return done(new Error(errorMessage));
+          }
+
+          const expected = stdout.toString();
+          let [ subjectLine,issuerLine, ...cert ] = expected.split(/\r?\n/).filter(c => c);
+          assert.match(subjectLine, /subject=\/?CN\s?=\s?contoso.com/i);
+          assert.match(issuerLine, /issuer=\/?CN\s?=\s?contoso.com/i);
+          assert.strictEqual(
+            pems.cert,
+            cert.join('\r\n') + '\r\n'
+          );
+
+          done();
+        });
+      });
+    });
+
+    it('should support sha1 algorithm', function (done) {
+      generate(null, { algorithm: 'sha1' }, function (err, pems_sha1) {
+        if (err) done(err);
+        assert.ok(forge.pki.certificateFromPem(pems_sha1.cert).siginfo.algorithmOid === forge.pki.oids['sha1WithRSAEncryption'], 'can generate sha1 certs');
+        done();
+      });
+    });
+
+    it('should support sha256 algorithm', function (done) {
+      generate(null, { algorithm: 'sha256' }, function (err, pems_sha256) {
+        if (err) done(err);
+        assert.ok(forge.pki.certificateFromPem(pems_sha256.cert).siginfo.algorithmOid === forge.pki.oids['sha256WithRSAEncryption'], 'can generate sha256 certs');
+        done();
+      });
+    });
+  });
+});