feat(server): add an embedded ACME directory server and certificate authority with challenge, order, and certificate endpoints

2026-03-19 09:19:15 +00:00
parent 77d40985f3
commit 74ad7cd6c4
26 changed files with 11257 additions and 4906 deletions
--- a/ts_server/server.handlers.cert.ts
+++ b/ts_server/server.handlers.cert.ts
@@ -0,0 +1,32 @@
+import type * as http from 'node:http';
+import type { JwsVerifier } from './server.classes.jws.verifier.js';
+import { AcmeServerError } from './server.classes.jws.verifier.js';
+import type { IServerOrderStore } from './server.interfaces.js';
+
+/**
+ * POST /cert/:id — Download certificate chain (POST-as-GET).
+ */
+export function createCertHandler(
+  baseUrl: string,
+  jwsVerifier: JwsVerifier,
+  orderStore: IServerOrderStore,
+) {
+  return async (
+    req: http.IncomingMessage,
+    res: http.ServerResponse,
+    params: Record<string, string>,
+    body: any,
+  ): Promise<void> => {
+    const orderId = params.id;
+    const requestUrl = `${baseUrl}/cert/${orderId}`;
+    await jwsVerifier.verify(body, requestUrl);
+
+    const certPem = await orderStore.getCertPem(orderId);
+    if (!certPem) {
+      throw new AcmeServerError(404, 'urn:ietf:params:acme:error:malformed', 'Certificate not found');
+    }
+
+    res.writeHead(200, { 'Content-Type': 'application/pem-certificate-chain' });
+    res.end(certPem);
+  };
+}