start with certificate signing process

2017-01-14 14:14:50 +01:00
parent 89d628bd37
commit 98cc70dbfb
18 changed files with 295 additions and 102 deletions
--- a/ts/smartacme.classes.acmeaccount.ts
+++ b/ts/smartacme.classes.acmeaccount.ts
@ -1,5 +1,8 @@
 import 'typings-global'

+/**
+ * class AcmeAccount represents an AcmeAccount
+ */
 export class AcmeAccount {
    
 }
--- a/ts/smartacme.classes.acmecert.ts
+++ b/ts/smartacme.classes.acmecert.ts
@ -1,5 +1,8 @@
 import 'typings-global'

+/**
+ * class AcmeCert represents a cert for domain
+ */
 export class AcmeCert {
-    
+    fullchain: string
 }
--- a/ts/smartacme.classes.acmecsr.ts
+++ b/ts/smartacme.classes.acmecsr.ts
@ -0,0 +1,52 @@
+import * as plugins from './smartacme.plugins'
+import * as helpers from './smartacme.helpers'
+
+import { IRsaKeypair } from './smartacme.classes.smartacme'
+
+export interface IAcmeCsrConstructorOptions {
+    bit: number,
+    key: string,
+    domain: string,
+    country: string,
+    country_short: string,
+    locality: string,
+    organization: string,
+    organization_short: string,
+    password: string,
+    unstructured: string,
+    subject_alt_names: string[]
+}
+
+export class AcmeCsr {
+    validFrom: Date
+    validTo: Date
+    keypair: IRsaKeypair
+    keyPairForged: IRsaKeypair
+    constructor(optionsArg: IAcmeCsrConstructorOptions) {
+        this.keypair = helpers.createKeypair(optionsArg.bit)
+        let privateKeyForged = plugins.nodeForge.pki.privateKeyFromPem(this.keypair.privateKey)
+        let publicKeyForged = plugins.nodeForge.pki.publicKeyToPem(
+            plugins.nodeForge.pki.setRsaPublicKey(privateKeyForged.n, privateKeyForged.e)
+        )
+        this.keyPairForged = {
+            privateKey: privateKeyForged,
+            publicKey: publicKeyForged
+        }
+
+        // set dates
+        this.validFrom = new Date()
+        this.validTo = new Date()
+        this.validTo.setDate(this.validFrom.getDate() + 90)
+
+        // create the csr
+        let attributes = [
+            { name: "commonName", value: domain },
+            { name: "countryName", value: country },
+            { shortName: "ST", value: country_short },
+            { name: "localityName", value: locality },
+            { name: "organizationName", value: organization },
+            { shortName: "OU", value: organization_short }
+        ]
+
+    }
+}
--- a/ts/smartacme.classes.helper.ts
+++ b/ts/smartacme.classes.helper.ts
@ -1,53 +0,0 @@
-import 'typings-global'
-import * as q from 'q'
-let rsaKeygen = require('rsa-keygen')
-
-import { SmartAcme } from './smartacme.classes.smartacme'
-
-export interface IRsaKeypair {
-    publicKey: string
-    privateKey: string
-}
-
-export class SmartacmeHelper {
-    parentSmartAcme: SmartAcme
-
-    constructor(smartAcmeArg: SmartAcme) {
-        this.parentSmartAcme = smartAcmeArg
-    }
-
-    /**
-     * creates a keypair to use with requests and to generate JWK from
-     */
-    createKeypair(bit = 2048): IRsaKeypair {
-        let result = rsaKeygen.generate(bit)
-        return {
-            publicKey: result.public_key,
-            privateKey: result.private_key
-        }
-    }
-
-    /**
-     * getReg
-     * @executes ASYNC
-     */
-    getReg() {
-        let done = q.defer()
-        let body = { resource: 'reg' }
-        this.parentSmartAcme.rawacmeClient.post(
-            this.parentSmartAcme.location,
-            body, this.parentSmartAcme.keyPair,
-            (err, res) => {
-                if (err) {
-                    console.error('smartacme: something went wrong:')
-                    console.log(err)
-                    done.reject(err)
-                    return
-                }
-                console.log(JSON.stringify(res.body))
-                done.resolve()
-            }
-        )
-        return done.promise
-    }
-}
--- a/ts/smartacme.classes.smartacme.ts
+++ b/ts/smartacme.classes.smartacme.ts
@ -1,22 +1,32 @@
-import 'typings-global'
-import * as q from 'q'
-import * as path from 'path'
-let rsaKeygen = require('rsa-keygen')
-import * as smartfile from 'smartfile'
-import * as smartstring from 'smartstring'
-let rawacme = require('rawacme')
-import * as paths from './smartacme.paths'
+// third party modules
+import * as q from 'q' // promises
+import * as plugins from './smartacme.plugins'
+import * as helpers from './smartacme.helpers'

-import { SmartacmeHelper, IRsaKeypair } from './smartacme.classes.helper'
+export interface IRsaKeypair {
+    publicKey: string
+    privateKey: string
+}

-export type TChallenge = 'dns-01' | 'http-01'
+export type TChallengeType = 'dns-01' | 'http-01'
+export type TChallengeStatus = 'pending'

+export interface ISmartAcmeChallenge {
+    uri: string
+    status: TChallengeStatus
+    type: TChallengeType
+    token: string
+    keyAuthorization: string
+}
+
+export interface ISmartAcmeChallengeAccepted extends ISmartAcmeChallenge {
+    keyHash: string
+}

 /**
 * class SmartAcme exports methods for maintaining SSL Certificates
 */
 export class SmartAcme {
-    helper: SmartacmeHelper // bundles helper methods that would clutter the main SmartAcme class
    acmeUrl: string // the acme url to use
    productionBool: boolean // a boolean to quickly know wether we are in production or not
    keyPair: IRsaKeypair // the keyPair needed for account creation
@ -30,12 +40,11 @@ export class SmartAcme {
     */
    constructor(productionArg: boolean = false) {
        this.productionBool = productionArg
-        this.helper = new SmartacmeHelper(this)
-        this.keyPair = this.helper.createKeypair()
+        this.keyPair = helpers.createKeypair()
        if (this.productionBool) {
-            this.acmeUrl = rawacme.LETSENCRYPT_URL
+            this.acmeUrl = plugins.rawacme.LETSENCRYPT_URL
        } else {
-            this.acmeUrl = rawacme.LETSENCRYPT_STAGING_URL
+            this.acmeUrl = plugins.rawacme.LETSENCRYPT_STAGING_URL
        }
    }

@ -45,7 +54,7 @@ export class SmartAcme {
     */
    createAccount() {
        let done = q.defer()
-        rawacme.createClient(
+        plugins.rawacme.createClient(
            {
                url: this.acmeUrl,
                publicKey: this.keyPair.publicKey,
@ -107,8 +116,8 @@ export class SmartAcme {
     * @param domainNameArg - the domain name to request a challenge for
     * @param challengeType - the challenge type to request
     */
-    requestChallenge(domainNameArg: string, challengeTypeArg: TChallenge = 'dns-01') {
-        let done = q.defer()
+    requestChallenge(domainNameArg: string, challengeTypeArg: TChallengeType = 'dns-01') {
+        let done = q.defer<ISmartAcmeChallengeAccepted>()
        this.rawacmeClient.newAuthz(
            {
                identifier: {
@ -128,7 +137,7 @@ export class SmartAcme {
                    return x.type === challengeTypeArg
                })[0]
                this.acceptChallenge(dnsChallenge)
-                    .then(x => {
+                    .then((x: ISmartAcmeChallengeAccepted) => {
                        done.resolve(x)
                    })
            }
@ -143,16 +152,51 @@ export class SmartAcme {

    }

+    /**
+     * validates a challenge
+     */
+    validate(challenge: ISmartAcmeChallengeAccepted) {
+        let done = q.defer()
+        this.rawacmeClient.poll(challenge.uri, function(err, res) {
+            if (err) {
+                console.log(err)
+                done.reject(err)
+            }
+            console.log(res.status)
+            console.log(JSON.stringify(res.body))
+            done.resolve()
+        })
+        return done.promise
+    }
+
+
    /**
     * accept a challenge - for private use only
     */
-    private acceptChallenge(challenge) {
+    private acceptChallenge(challenge: ISmartAcmeChallenge) {
        let done = q.defer()

-        let authKey: string = rawacme.keyAuthz(challenge.token, this.keyPair.publicKey)
-        let dnsKeyHash: string = rawacme.dnsKeyAuthzHash(authKey) // needed if dns challenge is chosen
+        /**
+         * the key is needed to accept the challenge
+         */
+        let authKey: string = plugins.rawacme.keyAuthz(challenge.token, this.keyPair.publicKey)

-        console.log(authKey)
+        /**
+         * needed in case selected challenge is of type dns-01
+         */
+        let keyHash: string = plugins.rawacme.dnsKeyAuthzHash(authKey) // needed if dns challenge is chosen
+
+        /**
+         * the return challenge
+         */
+        let returnDNSChallenge: ISmartAcmeChallengeAccepted = {
+            uri: challenge.uri,
+            type: challenge.type,
+            token: challenge.token,
+            keyAuthorization: challenge.keyAuthorization,
+            keyHash: keyHash,
+            status: challenge.status
+        }

        this.rawacmeClient.post(
            challenge.uri,
@ -166,9 +210,7 @@ export class SmartAcme {
                    console.log(err)
                    done.reject(err)
                }
-                console.log('acceptChallenge:')
-                console.log(JSON.stringify(res.body))
-                done.resolve(dnsKeyHash)
+                done.resolve(returnDNSChallenge)
            }
        )
        return done.promise
--- a/ts/smartacme.helpers.ts
+++ b/ts/smartacme.helpers.ts
@ -0,0 +1,43 @@
+import 'typings-global'
+import * as q from 'q'
+
+import * as plugins from './smartacme.plugins'
+
+import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
+
+
+
+/**
+ * creates a keypair to use with requests and to generate JWK from
+ */
+export let createKeypair = (bit = 2048): IRsaKeypair => {
+    let result = plugins.rsaKeygen.generate(bit)
+    return {
+        publicKey: result.public_key,
+        privateKey: result.private_key
+    }
+}
+
+/**
+ * gets an existing registration
+ * @executes ASYNC
+ */
+let getReg = (smartAcmeArg: SmartAcme) => {
+    let done = q.defer()
+    let body = { resource: 'reg' }
+    smartAcmeArg.rawacmeClient.post(
+        smartAcmeArg.location,
+        body, smartAcmeArg.keyPair,
+        (err, res) => {
+            if (err) {
+                console.error('smartacme: something went wrong:')
+                console.log(err)
+                done.reject(err)
+                return
+            }
+            console.log(JSON.stringify(res.body))
+            done.resolve()
+        }
+    )
+    return done.promise
+}
--- a/ts/smartacme.plugins.ts
+++ b/ts/smartacme.plugins.ts
@ -0,0 +1,20 @@
+import 'typings-global' // typings for node
+
+import * as path from 'path' // native node path module
+let rsaKeygen = require('rsa-keygen') // rsa keygen
+let rawacme = require('rawacme') // acme helper functions
+let nodeForge = require('node-forge')
+
+// push.rocks modules here
+import * as smartfile from 'smartfile'
+import * as smartstring from 'smartstring'
+import * as paths from './smartacme.paths'
+
+export {
+    rsaKeygen,
+    rawacme,
+    nodeForge,
+    smartfile,
+    smartstring,
+    paths
+}