2017-01-14 13:14:50 +00:00
|
|
|
"use strict";
|
2017-01-15 21:30:33 +00:00
|
|
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
|
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
|
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
|
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
|
|
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
|
|
|
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
|
|
});
|
|
|
|
};
|
2017-01-14 17:36:33 +00:00
|
|
|
const q = require("q");
|
|
|
|
const plugins = require("./smartacme.plugins");
|
|
|
|
const helpers = require("./smartacme.helpers");
|
2017-01-15 21:30:33 +00:00
|
|
|
// Dnsly instance (we really just need one)
|
|
|
|
let myDnsly = new plugins.dnsly.Dnsly('google');
|
2017-01-14 17:36:33 +00:00
|
|
|
/**
|
|
|
|
* class AcmeCert represents a cert for domain
|
|
|
|
*/
|
2017-01-14 13:14:50 +00:00
|
|
|
class AcmeCert {
|
2017-01-15 11:21:29 +00:00
|
|
|
constructor(optionsArg, parentAcmeAccount) {
|
|
|
|
this.domainName = optionsArg.domain;
|
|
|
|
this.parentAcmeAccount = parentAcmeAccount;
|
2017-01-14 17:36:33 +00:00
|
|
|
this.keypair = helpers.createKeypair(optionsArg.bit);
|
|
|
|
let privateKeyForged = plugins.nodeForge.pki.privateKeyFromPem(this.keypair.privateKey);
|
|
|
|
let publicKeyForged = plugins.nodeForge.pki.publicKeyToPem(plugins.nodeForge.pki.setRsaPublicKey(privateKeyForged.n, privateKeyForged.e));
|
|
|
|
this.keyPairFinal = {
|
|
|
|
privateKey: privateKeyForged,
|
|
|
|
publicKey: publicKeyForged
|
|
|
|
};
|
|
|
|
// set dates
|
|
|
|
this.validFrom = new Date();
|
|
|
|
this.validTo = new Date();
|
|
|
|
this.validTo.setDate(this.validFrom.getDate() + 90);
|
|
|
|
// set attributes
|
|
|
|
this.attributes = [
|
|
|
|
{ name: 'commonName', value: optionsArg.domain },
|
|
|
|
{ name: 'countryName', value: optionsArg.country },
|
|
|
|
{ shortName: 'ST', value: optionsArg.country_short },
|
|
|
|
{ name: 'localityName', value: optionsArg.locality },
|
|
|
|
{ name: 'organizationName', value: optionsArg.organization },
|
|
|
|
{ shortName: 'OU', value: optionsArg.organization_short },
|
|
|
|
{ name: 'challengePassword', value: optionsArg.password },
|
|
|
|
{ name: 'unstructuredName', value: optionsArg.unstructured }
|
|
|
|
];
|
|
|
|
// set up csr
|
|
|
|
this.csr = plugins.nodeForge.pki.createCertificationRequest();
|
|
|
|
this.csr.setSubject(this.attributes);
|
|
|
|
this.csr.setAttributes(this.attributes);
|
|
|
|
}
|
|
|
|
/**
|
|
|
|
* requests a challenge for a domain
|
|
|
|
* @param domainNameArg - the domain name to request a challenge for
|
|
|
|
* @param challengeType - the challenge type to request
|
|
|
|
*/
|
2017-01-15 11:21:29 +00:00
|
|
|
requestChallenge(challengeTypeArg = 'dns-01') {
|
2017-01-14 17:36:33 +00:00
|
|
|
let done = q.defer();
|
|
|
|
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.newAuthz({
|
|
|
|
identifier: {
|
|
|
|
type: 'dns',
|
2017-01-15 11:21:29 +00:00
|
|
|
value: this.domainName
|
2017-01-14 17:36:33 +00:00
|
|
|
}
|
|
|
|
}, this.parentAcmeAccount.parentSmartAcme.keyPair, (err, res) => {
|
|
|
|
if (err) {
|
|
|
|
console.error('smartacme: something went wrong:');
|
|
|
|
console.log(err);
|
|
|
|
done.reject(err);
|
|
|
|
}
|
|
|
|
let dnsChallenge = res.body.challenges.filter(x => {
|
|
|
|
return x.type === challengeTypeArg;
|
|
|
|
})[0];
|
|
|
|
this.acceptChallenge(dnsChallenge)
|
|
|
|
.then((x) => {
|
|
|
|
done.resolve(x);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
return done.promise;
|
|
|
|
}
|
2017-01-15 21:30:33 +00:00
|
|
|
/**
|
|
|
|
* checks if DNS records are set
|
|
|
|
*/
|
|
|
|
checkDns() {
|
|
|
|
return __awaiter(this, void 0, void 0, function* () {
|
|
|
|
let myRecord;
|
|
|
|
try {
|
|
|
|
myRecord = yield myDnsly.getRecord(helpers.prefixName(this.domainName), 'TXT');
|
|
|
|
}
|
|
|
|
catch (err) {
|
|
|
|
yield this.checkDns();
|
|
|
|
}
|
|
|
|
return myRecord[0][0];
|
|
|
|
});
|
|
|
|
}
|
2017-01-14 17:36:33 +00:00
|
|
|
/**
|
|
|
|
* validates a challenge, only call after you have set the challenge at the expected location
|
|
|
|
*/
|
2017-01-15 12:33:55 +00:00
|
|
|
requestValidation() {
|
2017-01-14 17:36:33 +00:00
|
|
|
let done = q.defer();
|
2017-01-15 12:33:55 +00:00
|
|
|
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.poll(this.acceptedChallenge.uri, (err, res) => {
|
2017-01-14 17:36:33 +00:00
|
|
|
if (err) {
|
|
|
|
console.log(err);
|
|
|
|
done.reject(err);
|
|
|
|
}
|
2017-01-15 12:33:55 +00:00
|
|
|
console.log(`Validation response:`);
|
2017-01-14 17:36:33 +00:00
|
|
|
console.log(JSON.stringify(res.body));
|
2017-01-15 12:33:55 +00:00
|
|
|
if (res.body.status === 'pending' || 'invalid') {
|
|
|
|
setTimeout(() => {
|
|
|
|
this.requestValidation().then(x => { done.resolve(x); });
|
|
|
|
}, 2000);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
done.resolve(res.body);
|
|
|
|
}
|
2017-01-14 17:36:33 +00:00
|
|
|
});
|
|
|
|
return done.promise;
|
|
|
|
}
|
|
|
|
/**
|
|
|
|
* requests a certificate
|
|
|
|
*/
|
|
|
|
requestCert() {
|
|
|
|
let done = q.defer();
|
|
|
|
let payload = {
|
|
|
|
csr: plugins.rawacme.base64.encode(plugins.rawacme.toDer(plugins.nodeForge.pki.certificationRequestToPem(this.csr))),
|
|
|
|
notBefore: this.validFrom.toISOString(),
|
|
|
|
notAfter: this.validTo.toISOString()
|
|
|
|
};
|
|
|
|
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.newCert(payload, helpers.createKeypair(), (err, res) => {
|
|
|
|
if (err) {
|
|
|
|
console.log(err);
|
|
|
|
done.reject(err);
|
|
|
|
}
|
2017-01-15 12:33:55 +00:00
|
|
|
console.log(res.body);
|
|
|
|
done.resolve(res.body);
|
2017-01-14 17:36:33 +00:00
|
|
|
});
|
|
|
|
return done.promise;
|
|
|
|
}
|
|
|
|
/**
|
|
|
|
* getCertificate - takes care of cooldown, validation polling and certificate retrieval
|
|
|
|
*/
|
|
|
|
getCertificate() {
|
|
|
|
}
|
|
|
|
/**
|
|
|
|
* accept a challenge - for private use only
|
|
|
|
*/
|
2017-01-15 12:33:55 +00:00
|
|
|
acceptChallenge(challengeArg) {
|
2017-01-14 17:36:33 +00:00
|
|
|
let done = q.defer();
|
|
|
|
/**
|
|
|
|
* the key is needed to accept the challenge
|
|
|
|
*/
|
2017-01-15 12:33:55 +00:00
|
|
|
let authKey = plugins.rawacme.keyAuthz(challengeArg.token, this.parentAcmeAccount.parentSmartAcme.keyPair.publicKey);
|
2017-01-14 17:36:33 +00:00
|
|
|
/**
|
|
|
|
* needed in case selected challenge is of type dns-01
|
|
|
|
*/
|
|
|
|
let keyHash = plugins.rawacme.dnsKeyAuthzHash(authKey); // needed if dns challenge is chosen
|
2017-01-15 12:33:55 +00:00
|
|
|
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.post(challengeArg.uri, {
|
2017-01-14 17:36:33 +00:00
|
|
|
resource: 'challenge',
|
|
|
|
keyAuthorization: authKey
|
|
|
|
}, this.parentAcmeAccount.parentSmartAcme.keyPair, (err, res) => {
|
|
|
|
if (err) {
|
|
|
|
console.log(err);
|
|
|
|
done.reject(err);
|
|
|
|
}
|
2017-01-15 11:21:29 +00:00
|
|
|
/**
|
|
|
|
* the return challenge
|
|
|
|
*/
|
|
|
|
let returnDNSChallenge = {
|
|
|
|
uri: res.body.uri,
|
|
|
|
type: res.body.type,
|
|
|
|
token: res.body.token,
|
|
|
|
keyAuthorization: res.body.keyAuthorization,
|
2017-01-15 21:30:33 +00:00
|
|
|
status: res.body.status,
|
|
|
|
dnsKeyHash: keyHash,
|
|
|
|
domainName: this.domainName,
|
|
|
|
domainNamePrefixed: helpers.prefixName(this.domainName)
|
2017-01-15 11:21:29 +00:00
|
|
|
};
|
2017-01-15 12:33:55 +00:00
|
|
|
this.acceptedChallenge = returnDNSChallenge;
|
2017-01-14 17:36:33 +00:00
|
|
|
done.resolve(returnDNSChallenge);
|
|
|
|
});
|
|
|
|
return done.promise;
|
|
|
|
}
|
2017-01-14 13:14:50 +00:00
|
|
|
}
|
|
|
|
exports.AcmeCert = AcmeCert;
|
2017-01-15 21:30:33 +00:00
|
|
|
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmNsYXNzZXMuYWNtZWNlcnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUuY2xhc3Nlcy5hY21lY2VydC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7QUFBQSx1QkFBc0I7QUFFdEIsK0NBQThDO0FBQzlDLCtDQUE4QztBQTJDOUMsMkNBQTJDO0FBQzNDLElBQUksT0FBTyxHQUFHLElBQUksT0FBTyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUE7QUFFL0M7O0dBRUc7QUFDSDtJQVdJLFlBQVksVUFBc0MsRUFBRSxpQkFBOEI7UUFDOUUsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFBO1FBQ25DLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxpQkFBaUIsQ0FBQTtRQUMxQyxJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ3BELElBQUksZ0JBQWdCLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQTtRQUN2RixJQUFJLGVBQWUsR0FBRyxPQUFPLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQ3RELE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQ2hGLENBQUE7UUFDRCxJQUFJLENBQUMsWUFBWSxHQUFHO1lBQ2hCLFVBQVUsRUFBRSxnQkFBZ0I7WUFDNUIsU0FBUyxFQUFFLGVBQWU7U0FDN0IsQ0FBQTtRQUVELFlBQVk7UUFDWixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksSUFBSSxFQUFFLENBQUE7UUFDM0IsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFJLElBQUksRUFBRSxDQUFBO1FBQ3pCLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUE7UUFFbkQsaUJBQWlCO1FBQ2pCLElBQUksQ0FBQyxVQUFVLEdBQUc7WUFDZCxFQUFFLElBQUksRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLFVBQVUsQ0FBQyxNQUFNLEVBQUU7WUFDaEQsRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLEtBQUssRUFBRSxVQUFVLENBQUMsT0FBTyxFQUFFO1lBQ2xELEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsVUFBVSxDQUFDLGFBQWEsRUFBRTtZQUNwRCxFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsS0FBSyxFQUFFLFVBQVUsQ0FBQyxRQUFRLEVBQUU7WUFDcEQsRUFBRSxJQUFJLEVBQUUsa0JBQWtCLEVBQUUsS0FBSyxFQUFFLFVBQVUsQ0FBQyxZQUFZLEVBQUU7WUFDNUQsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxVQUFVLENBQUMsa0JBQWtCLEVBQUU7WUFDekQsRUFBRSxJQUFJLEVBQUUsbUJBQW1CLEVBQUUsS0FBSyxFQUFFLFVBQVUsQ0FBQyxRQUFRLEVBQUU7WUFDekQsRUFBRSxJQUFJLEVBQUUsa0JBQWtCLEVBQUUsS0FBSyxFQUFFLFVBQVUsQ0FBQyxZQUFZLEVBQUU7U0FDL0QsQ0FBQTtRQUVELGFBQWE7UUFDYixJQUFJLENBQUMsR0FBRyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLDBCQUEwQixFQUFFLENBQUE7UUFDN0QsSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBQ3BDLElBQUksQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUMzQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILGdCQUFnQixDQUFDLG1CQUFtQyxRQUFRO1FBQ3hELElBQUksSUFBSSxHQUFHLENBQUMsQ0FBQyxLQUFLLEVBQStCLENBQUE7UUFDakQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUN6RDtZQUNJLFVBQVUsRUFBRTtnQkFDUixJQUFJLEVBQUUsS0FBSztnQkFDWCxLQUFLLEVBQUUsSUFBSSxDQUFDLFVBQVU7YUFDekI7U0FDSixFQUNELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUM5QyxDQUFDLEdBQUcsRUFBRSxHQUFHO1lBQ0wsRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztnQkFDTixPQUFPLENBQUMsS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUE7Z0JBQ2pELE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUE7Z0JBQ2hCLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDcEIsQ0FBQztZQUNELElBQUksWUFBWSxHQUFHLEdBQUcsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUMzQyxNQUFNLENBQUMsQ0FBQyxDQUFDLElBQUksS0FBSyxnQkFBZ0IsQ0FBQTtZQUN0QyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtZQUNMLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxDQUFDO2lCQUM3QixJQUFJLENBQUMsQ0FBQyxDQUE4QjtnQkFDakMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQTtZQUNuQixDQUFDLENBQUMsQ0FBQTtRQUNWLENBQUMsQ0FDSixDQUFBO1FBQ0QsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUE7SUFDdkIsQ0FBQztJQUVEOztPQUVHO0lBQ0csUUFBUTs7WUFDVixJQUFJLFFBQVEsQ0FBQTtZQUNaLElBQUksQ0FBQztnQkFDRCxRQUFRLEdBQUcsTUFBTSxPQUFPLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFBO1lBQ2xGLENBQUM7WUFBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNYLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFBO1lBQ3pCLENBQUM7WUFDRCxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBQ3pCLENBQUM7S0FBQTtJQUVEOztPQUVHO0lBQ0gsaUJBQWlCO1FBQ2IsSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ3BCLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxlQUFlLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQ
|