start with certificate signing process

This commit is contained in:
Philipp Kunz 2017-01-14 14:14:50 +01:00
parent 89d628bd37
commit 98cc70dbfb
18 changed files with 295 additions and 102 deletions

View File

@ -0,0 +1,3 @@
import 'typings-global';
export declare class AcmeAccount {
}

View File

@ -1 +1,6 @@
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmNsYXNzZXMuYWNtZWFjY291bnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUuY2xhc3Nlcy5hY21lYWNjb3VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=
"use strict";
require("typings-global");
class AcmeAccount {
}
exports.AcmeAccount = AcmeAccount;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmNsYXNzZXMuYWNtZWFjY291bnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUuY2xhc3Nlcy5hY21lYWNjb3VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQXVCO0FBRXZCO0NBRUM7QUFGRCxrQ0FFQyJ9

View File

@ -0,0 +1,3 @@
import 'typings-global';
export declare class AcmeCert {
}

View File

@ -1 +1,6 @@
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmNsYXNzZXMuYWNtZWNlcnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUuY2xhc3Nlcy5hY21lY2VydC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=
"use strict";
require("typings-global");
class AcmeCert {
}
exports.AcmeCert = AcmeCert;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmNsYXNzZXMuYWNtZWNlcnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUuY2xhc3Nlcy5hY21lY2VydC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQXVCO0FBRXZCO0NBRUM7QUFGRCw0QkFFQyJ9

View File

@ -14,7 +14,7 @@ export declare class SmartacmeHelper {
*/
createKeypair(bit?: number): IRsaKeypair;
/**
* getReg
* gets an existing registration
* @executes ASYNC
*/
getReg(): q.Promise<{}>;

View File

@ -17,7 +17,7 @@ class SmartacmeHelper {
};
}
/**
* getReg
* gets an existing registration
* @executes ASYNC
*/
getReg() {

View File

@ -2,7 +2,18 @@
import 'typings-global';
import * as q from 'q';
import { SmartacmeHelper, IRsaKeypair } from './smartacme.classes.helper';
export declare type TChallenge = 'dns-01' | 'http-01';
export declare type TChallengeType = 'dns-01' | 'http-01';
export declare type TChallengeStatus = 'pending';
export interface ISmartAcmeChallenge {
uri: string;
status: TChallengeStatus;
type: TChallengeType;
token: string;
keyAuthorization: string;
}
export interface ISmartAcmeChallengeAccepted extends ISmartAcmeChallenge {
keyHash: string;
}
/**
* class SmartAcme exports methods for maintaining SSL Certificates
*/
@ -30,11 +41,15 @@ export declare class SmartAcme {
* @param domainNameArg - the domain name to request a challenge for
* @param challengeType - the challenge type to request
*/
requestChallenge(domainNameArg: string, challengeTypeArg?: TChallenge): q.Promise<{}>;
requestChallenge(domainNameArg: string, challengeTypeArg?: TChallengeType): q.Promise<ISmartAcmeChallengeAccepted>;
/**
* getCertificate - takes care of cooldown, validation polling and certificate retrieval
*/
getCertificate(): void;
/**
* validates a challenge
*/
validate(challenge: ISmartAcmeChallengeAccepted): q.Promise<{}>;
/**
* accept a challenge - for private use only
*/

File diff suppressed because one or more lines are too long

View File

@ -23,7 +23,9 @@
},
"homepage": "https://gitlab.com/pushrocks/smartacme#README",
"dependencies": {
"@types/node-forge": "^0.6.5",
"@types/q": "0.x.x",
"node-forge": "^0.6.46",
"q": "^1.4.1",
"rawacme": "^0.2.1",
"rsa-keygen": "^1.0.6",

View File

@ -5,6 +5,7 @@ const should = require("should");
const smartacme = require("../dist/index");
describe('smartacme', function () {
let testAcme;
let testChallenge;
it('should create a valid instance', function () {
this.timeout(10000);
testAcme = new smartacme.SmartAcme();
@ -30,9 +31,17 @@ describe('smartacme', function () {
});
it('should request a challenge for a domain', function (done) {
this.timeout(10000);
testAcme.requestChallenge('bleu.de').then(() => {
testAcme.requestChallenge('bleu.de').then((challengeAccepted) => {
console.log(challengeAccepted);
testChallenge = challengeAccepted;
done();
});
});
it('should poll for validation of a challenge', function (done) {
this.timeout(10000);
testAcme.validate(testChallenge).then(x => {
done();
});
});
});
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLHdCQUFxQjtBQUNyQixpQ0FBZ0M7QUFFaEMsNEJBQTRCO0FBQzVCLDJDQUEwQztBQUUxQyxRQUFRLENBQUMsV0FBVyxFQUFFO0lBQ2xCLElBQUksUUFBNkIsQ0FBQTtJQUVqQyxFQUFFLENBQUMsZ0NBQWdDLEVBQUU7UUFDakMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQTtRQUNuQixRQUFRLEdBQUcsSUFBSSxTQUFTLENBQUMsU0FBUyxFQUFFLENBQUE7UUFDcEMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFBO0lBQ3ZELENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLDZCQUE2QixFQUFFO1FBQzlCLE1BQU0sQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDakQsQ0FBQyxDQUFDLENBQUE7SUFFRixFQUFFLENBQUMsK0JBQStCLEVBQUUsVUFBVSxJQUFJO1FBQzlDLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsUUFBUSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQzNCLElBQUksRUFBRSxDQUFBO1FBQ1YsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEdBQUc7WUFDUixPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFBO1lBQ2hCLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUNiLENBQUMsQ0FBQyxDQUFBO0lBQ04sQ0FBQyxDQUFDLENBQUE7SUFFRixFQUFFLENBQUMscUJBQXFCLEVBQUUsVUFBUyxJQUFJO1FBQ25DLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsUUFBUSxDQUFDLFFBQVEsRUFBRSxDQUFDLElBQUksQ0FBQztZQUNyQixJQUFJLEVBQUUsQ0FBQTtRQUNWLENBQUMsQ0FBQyxDQUFBO0lBQ04sQ0FBQyxDQUFDLENBQUE7SUFFRixFQUFFLENBQUMseUNBQXlDLEVBQUUsVUFBUyxJQUFJO1FBQ3ZELElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsUUFBUSxDQUFDLGdCQUFnQixDQUFDLFNBQVMsQ0FBQyxDQUFDLElBQUksQ0FBQztZQUN0QyxJQUFJLEVBQUUsQ0FBQTtRQUNWLENBQUMsQ0FBQyxDQUFBO0lBQ04sQ0FBQyxDQUFDLENBQUE7QUFDTixDQUFDLENBQUMsQ0FBQSJ9
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLHdCQUFxQjtBQUNyQixpQ0FBZ0M7QUFFaEMsNEJBQTRCO0FBQzVCLDJDQUEwQztBQUUxQyxRQUFRLENBQUMsV0FBVyxFQUFFO0lBQ2xCLElBQUksUUFBNkIsQ0FBQTtJQUNqQyxJQUFJLGFBQW9ELENBQUE7SUFDeEQsRUFBRSxDQUFDLGdDQUFnQyxFQUFFO1FBQ2pDLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsUUFBUSxHQUFHLElBQUksU0FBUyxDQUFDLFNBQVMsRUFBRSxDQUFBO1FBQ3BDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQTtJQUN2RCxDQUFDLENBQUMsQ0FBQTtJQUVGLEVBQUUsQ0FBQyw2QkFBNkIsRUFBRTtRQUM5QixNQUFNLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFBO0lBQ2pELENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLCtCQUErQixFQUFFLFVBQVUsSUFBSTtRQUM5QyxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFBO1FBQ25CLFFBQVEsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUMzQixJQUFJLEVBQUUsQ0FBQTtRQUNWLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxHQUFHO1lBQ1IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQTtZQUNoQixJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDYixDQUFDLENBQUMsQ0FBQTtJQUNOLENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLHFCQUFxQixFQUFFLFVBQVMsSUFBSTtRQUNuQyxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFBO1FBQ25CLFFBQVEsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDckIsSUFBSSxFQUFFLENBQUE7UUFDVixDQUFDLENBQUMsQ0FBQTtJQUNOLENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLHlDQUF5QyxFQUFFLFVBQVMsSUFBSTtRQUN2RCxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFBO1FBQ25CLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxpQkFBaUI7WUFDeEQsT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFBO1lBQzlCLGFBQWEsR0FBRyxpQkFBaUIsQ0FBQTtZQUNqQyxJQUFJLEVBQUUsQ0FBQTtRQUNWLENBQUMsQ0FBQyxDQUFBO0lBQ04sQ0FBQyxDQUFDLENBQUE7SUFFRixFQUFFLENBQUMsMkNBQTJDLEVBQUMsVUFBUyxJQUFJO1FBQ3hELElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsUUFBUSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUNuQyxJQUFJLEVBQUUsQ0FBQTtRQUNWLENBQUMsQ0FBQyxDQUFBO0lBQ04sQ0FBQyxDQUFDLENBQUE7QUFDTixDQUFDLENBQUMsQ0FBQSJ9

View File

@ -6,7 +6,7 @@ import * as smartacme from '../dist/index'
describe('smartacme', function () {
let testAcme: smartacme.SmartAcme
let testChallenge: smartacme.ISmartAcmeChallengeAccepted
it('should create a valid instance', function () {
this.timeout(10000)
testAcme = new smartacme.SmartAcme()
@ -36,7 +36,16 @@ describe('smartacme', function () {
it('should request a challenge for a domain', function(done) {
this.timeout(10000)
testAcme.requestChallenge('bleu.de').then(() => {
testAcme.requestChallenge('bleu.de').then((challengeAccepted) => {
console.log(challengeAccepted)
testChallenge = challengeAccepted
done()
})
})
it('should poll for validation of a challenge',function(done) {
this.timeout(10000)
testAcme.validate(testChallenge).then(x => {
done()
})
})

View File

@ -1,5 +1,8 @@
import 'typings-global'
/**
* class AcmeAccount represents an AcmeAccount
*/
export class AcmeAccount {
}

View File

@ -1,5 +1,8 @@
import 'typings-global'
/**
* class AcmeCert represents a cert for domain
*/
export class AcmeCert {
fullchain: string
}

View File

@ -0,0 +1,52 @@
import * as plugins from './smartacme.plugins'
import * as helpers from './smartacme.helpers'
import { IRsaKeypair } from './smartacme.classes.smartacme'
export interface IAcmeCsrConstructorOptions {
bit: number,
key: string,
domain: string,
country: string,
country_short: string,
locality: string,
organization: string,
organization_short: string,
password: string,
unstructured: string,
subject_alt_names: string[]
}
export class AcmeCsr {
validFrom: Date
validTo: Date
keypair: IRsaKeypair
keyPairForged: IRsaKeypair
constructor(optionsArg: IAcmeCsrConstructorOptions) {
this.keypair = helpers.createKeypair(optionsArg.bit)
let privateKeyForged = plugins.nodeForge.pki.privateKeyFromPem(this.keypair.privateKey)
let publicKeyForged = plugins.nodeForge.pki.publicKeyToPem(
plugins.nodeForge.pki.setRsaPublicKey(privateKeyForged.n, privateKeyForged.e)
)
this.keyPairForged = {
privateKey: privateKeyForged,
publicKey: publicKeyForged
}
// set dates
this.validFrom = new Date()
this.validTo = new Date()
this.validTo.setDate(this.validFrom.getDate() + 90)
// create the csr
let attributes = [
{ name: "commonName", value: domain },
{ name: "countryName", value: country },
{ shortName: "ST", value: country_short },
{ name: "localityName", value: locality },
{ name: "organizationName", value: organization },
{ shortName: "OU", value: organization_short }
]
}
}

View File

@ -1,53 +0,0 @@
import 'typings-global'
import * as q from 'q'
let rsaKeygen = require('rsa-keygen')
import { SmartAcme } from './smartacme.classes.smartacme'
export interface IRsaKeypair {
publicKey: string
privateKey: string
}
export class SmartacmeHelper {
parentSmartAcme: SmartAcme
constructor(smartAcmeArg: SmartAcme) {
this.parentSmartAcme = smartAcmeArg
}
/**
* creates a keypair to use with requests and to generate JWK from
*/
createKeypair(bit = 2048): IRsaKeypair {
let result = rsaKeygen.generate(bit)
return {
publicKey: result.public_key,
privateKey: result.private_key
}
}
/**
* getReg
* @executes ASYNC
*/
getReg() {
let done = q.defer()
let body = { resource: 'reg' }
this.parentSmartAcme.rawacmeClient.post(
this.parentSmartAcme.location,
body, this.parentSmartAcme.keyPair,
(err, res) => {
if (err) {
console.error('smartacme: something went wrong:')
console.log(err)
done.reject(err)
return
}
console.log(JSON.stringify(res.body))
done.resolve()
}
)
return done.promise
}
}

View File

@ -1,22 +1,32 @@
import 'typings-global'
import * as q from 'q'
import * as path from 'path'
let rsaKeygen = require('rsa-keygen')
import * as smartfile from 'smartfile'
import * as smartstring from 'smartstring'
let rawacme = require('rawacme')
import * as paths from './smartacme.paths'
// third party modules
import * as q from 'q' // promises
import * as plugins from './smartacme.plugins'
import * as helpers from './smartacme.helpers'
import { SmartacmeHelper, IRsaKeypair } from './smartacme.classes.helper'
export interface IRsaKeypair {
publicKey: string
privateKey: string
}
export type TChallenge = 'dns-01' | 'http-01'
export type TChallengeType = 'dns-01' | 'http-01'
export type TChallengeStatus = 'pending'
export interface ISmartAcmeChallenge {
uri: string
status: TChallengeStatus
type: TChallengeType
token: string
keyAuthorization: string
}
export interface ISmartAcmeChallengeAccepted extends ISmartAcmeChallenge {
keyHash: string
}
/**
* class SmartAcme exports methods for maintaining SSL Certificates
*/
export class SmartAcme {
helper: SmartacmeHelper // bundles helper methods that would clutter the main SmartAcme class
acmeUrl: string // the acme url to use
productionBool: boolean // a boolean to quickly know wether we are in production or not
keyPair: IRsaKeypair // the keyPair needed for account creation
@ -30,12 +40,11 @@ export class SmartAcme {
*/
constructor(productionArg: boolean = false) {
this.productionBool = productionArg
this.helper = new SmartacmeHelper(this)
this.keyPair = this.helper.createKeypair()
this.keyPair = helpers.createKeypair()
if (this.productionBool) {
this.acmeUrl = rawacme.LETSENCRYPT_URL
this.acmeUrl = plugins.rawacme.LETSENCRYPT_URL
} else {
this.acmeUrl = rawacme.LETSENCRYPT_STAGING_URL
this.acmeUrl = plugins.rawacme.LETSENCRYPT_STAGING_URL
}
}
@ -45,7 +54,7 @@ export class SmartAcme {
*/
createAccount() {
let done = q.defer()
rawacme.createClient(
plugins.rawacme.createClient(
{
url: this.acmeUrl,
publicKey: this.keyPair.publicKey,
@ -107,8 +116,8 @@ export class SmartAcme {
* @param domainNameArg - the domain name to request a challenge for
* @param challengeType - the challenge type to request
*/
requestChallenge(domainNameArg: string, challengeTypeArg: TChallenge = 'dns-01') {
let done = q.defer()
requestChallenge(domainNameArg: string, challengeTypeArg: TChallengeType = 'dns-01') {
let done = q.defer<ISmartAcmeChallengeAccepted>()
this.rawacmeClient.newAuthz(
{
identifier: {
@ -128,7 +137,7 @@ export class SmartAcme {
return x.type === challengeTypeArg
})[0]
this.acceptChallenge(dnsChallenge)
.then(x => {
.then((x: ISmartAcmeChallengeAccepted) => {
done.resolve(x)
})
}
@ -143,16 +152,51 @@ export class SmartAcme {
}
/**
* validates a challenge
*/
validate(challenge: ISmartAcmeChallengeAccepted) {
let done = q.defer()
this.rawacmeClient.poll(challenge.uri, function(err, res) {
if (err) {
console.log(err)
done.reject(err)
}
console.log(res.status)
console.log(JSON.stringify(res.body))
done.resolve()
})
return done.promise
}
/**
* accept a challenge - for private use only
*/
private acceptChallenge(challenge) {
private acceptChallenge(challenge: ISmartAcmeChallenge) {
let done = q.defer()
let authKey: string = rawacme.keyAuthz(challenge.token, this.keyPair.publicKey)
let dnsKeyHash: string = rawacme.dnsKeyAuthzHash(authKey) // needed if dns challenge is chosen
/**
* the key is needed to accept the challenge
*/
let authKey: string = plugins.rawacme.keyAuthz(challenge.token, this.keyPair.publicKey)
console.log(authKey)
/**
* needed in case selected challenge is of type dns-01
*/
let keyHash: string = plugins.rawacme.dnsKeyAuthzHash(authKey) // needed if dns challenge is chosen
/**
* the return challenge
*/
let returnDNSChallenge: ISmartAcmeChallengeAccepted = {
uri: challenge.uri,
type: challenge.type,
token: challenge.token,
keyAuthorization: challenge.keyAuthorization,
keyHash: keyHash,
status: challenge.status
}
this.rawacmeClient.post(
challenge.uri,
@ -166,9 +210,7 @@ export class SmartAcme {
console.log(err)
done.reject(err)
}
console.log('acceptChallenge:')
console.log(JSON.stringify(res.body))
done.resolve(dnsKeyHash)
done.resolve(returnDNSChallenge)
}
)
return done.promise

43
ts/smartacme.helpers.ts Normal file
View File

@ -0,0 +1,43 @@
import 'typings-global'
import * as q from 'q'
import * as plugins from './smartacme.plugins'
import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
/**
* creates a keypair to use with requests and to generate JWK from
*/
export let createKeypair = (bit = 2048): IRsaKeypair => {
let result = plugins.rsaKeygen.generate(bit)
return {
publicKey: result.public_key,
privateKey: result.private_key
}
}
/**
* gets an existing registration
* @executes ASYNC
*/
let getReg = (smartAcmeArg: SmartAcme) => {
let done = q.defer()
let body = { resource: 'reg' }
smartAcmeArg.rawacmeClient.post(
smartAcmeArg.location,
body, smartAcmeArg.keyPair,
(err, res) => {
if (err) {
console.error('smartacme: something went wrong:')
console.log(err)
done.reject(err)
return
}
console.log(JSON.stringify(res.body))
done.resolve()
}
)
return done.promise
}

20
ts/smartacme.plugins.ts Normal file
View File

@ -0,0 +1,20 @@
import 'typings-global' // typings for node
import * as path from 'path' // native node path module
let rsaKeygen = require('rsa-keygen') // rsa keygen
let rawacme = require('rawacme') // acme helper functions
let nodeForge = require('node-forge')
// push.rocks modules here
import * as smartfile from 'smartfile'
import * as smartstring from 'smartstring'
import * as paths from './smartacme.paths'
export {
rsaKeygen,
rawacme,
nodeForge,
smartfile,
smartstring,
paths
}