feat(server): add an embedded ACME directory server and certificate authority with challenge, order, and certificate endpoints

ts_server/server.interfaces.ts

@@ -0,0 +1,98 @@
+import type { IAcmeIdentifier } from '../ts/acme/acme.interfaces.js';
+
+// ============================================================================
+// Server configuration
+// ============================================================================
+
+export interface IAcmeServerOptions {
+  port?: number;
+  hostname?: string;
+  baseUrl?: string;
+  /** When false, challenges auto-approve on trigger (useful for testing) */
+  challengeVerification?: boolean;
+  caOptions?: {
+    commonName?: string;
+    validityDays?: number;
+    certValidityDays?: number;
+  };
+}
+
+// ============================================================================
+// Pluggable storage interfaces
+// ============================================================================
+
+export interface IServerAccountStore {
+  create(account: IServerAccount): Promise<IServerAccount>;
+  getByThumbprint(thumbprint: string): Promise<IServerAccount | null>;
+  getByUrl(url: string): Promise<IServerAccount | null>;
+}
+
+export interface IServerOrderStore {
+  createOrder(order: IServerOrder): Promise<IServerOrder>;
+  getOrder(id: string): Promise<IServerOrder | null>;
+  updateOrder(id: string, updates: Partial<IServerOrder>): Promise<void>;
+  createAuthorization(authz: IServerAuthorization): Promise<IServerAuthorization>;
+  getAuthorization(id: string): Promise<IServerAuthorization | null>;
+  updateAuthorization(id: string, updates: Partial<IServerAuthorization>): Promise<void>;
+  createChallenge(challenge: IServerChallenge): Promise<IServerChallenge>;
+  getChallenge(id: string): Promise<IServerChallenge | null>;
+  updateChallenge(id: string, updates: Partial<IServerChallenge>): Promise<void>;
+  storeCertPem(orderId: string, pem: string): Promise<void>;
+  getCertPem(orderId: string): Promise<string | null>;
+}
+
+// ============================================================================
+// Internal server models
+// ============================================================================
+
+export interface IServerAccount {
+  id: string;
+  thumbprint: string;
+  url: string;
+  jwk: Record<string, string>;
+  status: string;
+  contact: string[];
+  createdAt: string;
+}
+
+export interface IServerOrder {
+  id: string;
+  accountUrl: string;
+  status: string;
+  identifiers: IAcmeIdentifier[];
+  authorizationIds: string[];
+  expires: string;
+  finalize: string;
+  certificate?: string;
+}
+
+export interface IServerAuthorization {
+  id: string;
+  orderId: string;
+  identifier: IAcmeIdentifier;
+  status: string;
+  expires: string;
+  challengeIds: string[];
+  wildcard?: boolean;
+}
+
+export interface IServerChallenge {
+  id: string;
+  authorizationId: string;
+  type: string;
+  token: string;
+  status: string;
+  validated?: string;
+  error?: { type: string; detail: string };
+}
+
+// ============================================================================
+// Route handler type
+// ============================================================================
+
+export type TRouteHandler = (
+  req: import('node:http').IncomingMessage,
+  res: import('node:http').ServerResponse,
+  params: Record<string, string>,
+  body: any,
+) => Promise<void>;