Simple way to generate certificate signing request (CSR) with X.509 using Javascript

pkcs10Generator.js

import * as asn1js from 'asn1js';
import { getCrypto, getAlgorithmParameters, CertificationRequest, AttributeTypeAndValue } from 'pkijs/build'
import { arrayBufferToString, toBase64 } from 'pvutils';
//https://github.com/PeculiarVentures/PKI.js/blob/31c10e9bb879cac59d710102adf4fd7bd61cd66c/src/CryptoEngine.js#L1300
const hashAlg = 'SHA-256'
const signAlg = 'ECDSA'

/**
 * @example 
 * createPKCS10({ enrollmentID: 'user1', organizationUnit: 'Marketing', organization: 'Farmer Market', state: 'M', country: 'V' })
 *  .then(({csr, privateKey} => {...}))
 */
export async function createPKCS10({ enrollmentID, organizationUnit, organization, state, country })
{
  const crypto = getWebCrypto()

  const keyPair = await generateKeyPair(crypto, getAlgorithm(signAlg, hashAlg))

  return {
    csr: `-----BEGIN CERTIFICATE REQUEST-----\n${
      formatPEM(
        toBase64(
          arrayBufferToString(
            await createCSR(keyPair, hashAlg, { enrollmentID, organizationUnit, organization, state, country })
          )
        )
      )}\n-----END CERTIFICATE REQUEST-----`,
    privateKey: `-----BEGIN PRIVATE KEY-----\n${
      toBase64(arrayBufferToString(await crypto.exportKey('pkcs8', keyPair.privateKey)))
    }\n-----END PRIVATE KEY-----`
  }
}

async function createCSR(keyPair, hashAlg, { enrollmentID, organizationUnit, organization, state, country })
{
  const pkcs10 = new CertificationRequest()
  pkcs10.version = 0
  //list of OID reference: http://oidref.com/2.5.4
	pkcs10.subject.typesAndValues.push(new AttributeTypeAndValue({
		type: '2.5.4.6', //countryName
		value: new asn1js.PrintableString({ value: country })
  }))
  pkcs10.subject.typesAndValues.push(new AttributeTypeAndValue({
		type: '2.5.4.8', //stateOrProvinceName
		value: new asn1js.Utf8String({ value: state })
  }))
  pkcs10.subject.typesAndValues.push(new AttributeTypeAndValue({
		type: '2.5.4.10', //organizationName
		value: new asn1js.Utf8String({ value: organization })
  }))
  pkcs10.subject.typesAndValues.push(new AttributeTypeAndValue({
		type: '2.5.4.11', //organizationUnitName
		value: new asn1js.Utf8String({ value: organizationUnit })
	}))
	pkcs10.subject.typesAndValues.push(new AttributeTypeAndValue({
		type: '2.5.4.3', //commonName
		value: new asn1js.Utf8String({ value: enrollmentID })
  }))

  //add attributes to make CSR valid
  //Attributes must be "a0:00" if empty
  pkcs10.attributes = []
	
  await pkcs10.subjectPublicKeyInfo.importKey(keyPair.publicKey)
  //signing final PKCS#10 request
  await pkcs10.sign(keyPair.privateKey, hashAlg)
	
	return pkcs10.toSchema().toBER(false)
}

// add line break every 64th character
function formatPEM(pemString)
{
  return pemString.replace(/(.{64})/g, '$1\n')
}

function getWebCrypto() {
  const crypto = getCrypto()
	if(typeof crypto === 'undefined')
    throw 'No WebCrypto extension found'
  return crypto
}

function getAlgorithm(signAlg, hashAlg) {
  const algorithm = getAlgorithmParameters(signAlg, 'generatekey')
  if('hash' in algorithm.algorithm)
    algorithm.algorithm.hash.name = hashAlg
  return algorithm
}

function generateKeyPair(crypto, algorithm) {		
  return crypto.generateKey(algorithm.algorithm, true, algorithm.usages)
}

/**
 * to learn more about asn1, ber & der, attributes & types used in pkcs#10
 * http://luca.ntop.org/Teaching/Appunti/asn1.html
 * 
 * guides to SubtleCrypto (which PKIjs is built upon):
 * https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto
 */