start better segregation of concerns
This commit is contained in:
@@ -1,8 +1,68 @@
|
||||
import 'typings-global'
|
||||
import * as q from 'q'
|
||||
|
||||
import * as plugins from './smartacme.plugins'
|
||||
import * as helpers from './smartacme.helpers'
|
||||
|
||||
import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
|
||||
import { AcmeCert } from './smartacme.classes.acmecert'
|
||||
|
||||
/**
|
||||
* class AcmeAccount represents an AcmeAccount
|
||||
*/
|
||||
export class AcmeAccount {
|
||||
|
||||
}
|
||||
parentSmartAcme: SmartAcme
|
||||
location: string
|
||||
link: string
|
||||
JWK
|
||||
constructor(smartAcmeParentArg: SmartAcme) {
|
||||
this.parentSmartAcme = smartAcmeParentArg
|
||||
}
|
||||
|
||||
/**
|
||||
* register the account with letsencrypt
|
||||
*/
|
||||
register() {
|
||||
let done = q.defer()
|
||||
this.parentSmartAcme.rawacmeClient.newReg(
|
||||
{
|
||||
contact: ['mailto:domains@lossless.org']
|
||||
},
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.error('smartacme: something went wrong:')
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
return
|
||||
}
|
||||
this.JWK = res.body.key
|
||||
this.link = res.headers.link
|
||||
console.log(this.link)
|
||||
this.location = res.headers.location
|
||||
done.resolve()
|
||||
})
|
||||
return done.promise
|
||||
}
|
||||
|
||||
/**
|
||||
* agree to letsencrypr terms of service
|
||||
*/
|
||||
agreeTos() {
|
||||
let done = q.defer()
|
||||
let tosPart = this.link.split(',')[1]
|
||||
let tosLinkPortion = tosPart.split(';')[0]
|
||||
let url = tosLinkPortion.split(';')[0].trim().replace(/[<>]/g, '')
|
||||
this.parentSmartAcme.rawacmeClient.post(this.location, { Agreement: url, resource: 'reg' }, (err, res) => {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
return
|
||||
}
|
||||
done.resolve()
|
||||
})
|
||||
return done.promise
|
||||
}
|
||||
|
||||
createAcmeCert(domainNameArg: string) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,226 @@
|
||||
import 'typings-global'
|
||||
import * as q from 'q'
|
||||
|
||||
import * as plugins from './smartacme.plugins'
|
||||
import * as helpers from './smartacme.helpers'
|
||||
|
||||
import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
|
||||
import { AcmeAccount } from './smartacme.classes.acmeaccount'
|
||||
|
||||
/**
|
||||
* types of challenges supported by letsencrypt and this module
|
||||
*/
|
||||
export type TChallengeType = 'dns-01' | 'http-01'
|
||||
|
||||
/**
|
||||
* values that a challenge's status can have
|
||||
*/
|
||||
export type TChallengeStatus = 'pending'
|
||||
|
||||
export interface ISmartAcmeChallenge {
|
||||
uri: string
|
||||
status: TChallengeStatus
|
||||
type: TChallengeType
|
||||
token: string
|
||||
keyAuthorization: string
|
||||
}
|
||||
|
||||
export interface ISmartAcmeChallengeAccepted extends ISmartAcmeChallenge {
|
||||
keyHash: string
|
||||
}
|
||||
|
||||
export interface IAcmeCsrConstructorOptions {
|
||||
bit: number,
|
||||
key: string,
|
||||
domain: string,
|
||||
country: string,
|
||||
country_short: string,
|
||||
locality: string,
|
||||
organization: string,
|
||||
organization_short: string,
|
||||
password: string,
|
||||
unstructured: string,
|
||||
subject_alt_names: string[]
|
||||
}
|
||||
|
||||
/**
|
||||
* class AcmeCert represents a cert for domain
|
||||
*/
|
||||
export class AcmeCert {
|
||||
attributes
|
||||
fullchain: string
|
||||
}
|
||||
parentAcmeAccount: AcmeAccount
|
||||
csr
|
||||
validFrom: Date
|
||||
validTo: Date
|
||||
keypair: IRsaKeypair
|
||||
keyPairFinal: IRsaKeypair
|
||||
constructor(optionsArg: IAcmeCsrConstructorOptions, parentSmartAcmeArg) {
|
||||
this.parentAcmeAccount = parentSmartAcmeArg
|
||||
this.keypair = helpers.createKeypair(optionsArg.bit)
|
||||
let privateKeyForged = plugins.nodeForge.pki.privateKeyFromPem(this.keypair.privateKey)
|
||||
let publicKeyForged = plugins.nodeForge.pki.publicKeyToPem(
|
||||
plugins.nodeForge.pki.setRsaPublicKey(privateKeyForged.n, privateKeyForged.e)
|
||||
)
|
||||
this.keyPairFinal = {
|
||||
privateKey: privateKeyForged,
|
||||
publicKey: publicKeyForged
|
||||
}
|
||||
|
||||
// set dates
|
||||
this.validFrom = new Date()
|
||||
this.validTo = new Date()
|
||||
this.validTo.setDate(this.validFrom.getDate() + 90)
|
||||
|
||||
// set attributes
|
||||
this.attributes = [
|
||||
{ name: 'commonName', value: optionsArg.domain },
|
||||
{ name: 'countryName', value: optionsArg.country },
|
||||
{ shortName: 'ST', value: optionsArg.country_short },
|
||||
{ name: 'localityName', value: optionsArg.locality },
|
||||
{ name: 'organizationName', value: optionsArg.organization },
|
||||
{ shortName: 'OU', value: optionsArg.organization_short },
|
||||
{ name: 'challengePassword', value: optionsArg.password },
|
||||
{ name: 'unstructuredName', value: optionsArg.unstructured }
|
||||
]
|
||||
|
||||
// set up csr
|
||||
this.csr = plugins.nodeForge.pki.createCertificationRequest()
|
||||
this.csr.setSubject(this.attributes)
|
||||
this.csr.setAttributes(this.attributes)
|
||||
}
|
||||
|
||||
/**
|
||||
* requests a challenge for a domain
|
||||
* @param domainNameArg - the domain name to request a challenge for
|
||||
* @param challengeType - the challenge type to request
|
||||
*/
|
||||
requestChallenge(domainNameArg: string, challengeTypeArg: TChallengeType = 'dns-01') {
|
||||
let done = q.defer<ISmartAcmeChallengeAccepted>()
|
||||
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.newAuthz(
|
||||
{
|
||||
identifier: {
|
||||
type: 'dns',
|
||||
value: domainNameArg
|
||||
}
|
||||
},
|
||||
this.parentAcmeAccount.parentSmartAcme.keyPair,
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.error('smartacme: something went wrong:')
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
}
|
||||
console.log(JSON.stringify(res.body))
|
||||
let dnsChallenge = res.body.challenges.filter(x => {
|
||||
return x.type === challengeTypeArg
|
||||
})[0]
|
||||
this.acceptChallenge(dnsChallenge)
|
||||
.then((x: ISmartAcmeChallengeAccepted) => {
|
||||
done.resolve(x)
|
||||
})
|
||||
}
|
||||
)
|
||||
return done.promise
|
||||
}
|
||||
|
||||
/**
|
||||
* validates a challenge, only call after you have set the challenge at the expected location
|
||||
*/
|
||||
validate(challenge: ISmartAcmeChallengeAccepted) {
|
||||
let done = q.defer()
|
||||
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.poll(challenge.uri, function (err, res) {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
}
|
||||
console.log(res.status)
|
||||
console.log(JSON.stringify(res.body))
|
||||
done.resolve()
|
||||
})
|
||||
return done.promise
|
||||
}
|
||||
|
||||
/**
|
||||
* requests a certificate
|
||||
*/
|
||||
requestCert() {
|
||||
let done = q.defer()
|
||||
let payload = {
|
||||
csr: plugins.rawacme.base64.encode(
|
||||
plugins.rawacme.toDer(
|
||||
plugins.nodeForge.pki.certificationRequestToPem(
|
||||
this.csr
|
||||
)
|
||||
)
|
||||
),
|
||||
notBefore: this.validFrom.toISOString(),
|
||||
notAfter: this.validTo.toISOString()
|
||||
}
|
||||
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.newCert(
|
||||
payload,
|
||||
helpers.createKeypair(),
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
}
|
||||
})
|
||||
return done.promise
|
||||
}
|
||||
|
||||
/**
|
||||
* getCertificate - takes care of cooldown, validation polling and certificate retrieval
|
||||
*/
|
||||
getCertificate() {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* accept a challenge - for private use only
|
||||
*/
|
||||
private acceptChallenge(challenge: ISmartAcmeChallenge) {
|
||||
let done = q.defer()
|
||||
|
||||
/**
|
||||
* the key is needed to accept the challenge
|
||||
*/
|
||||
let authKey: string = plugins.rawacme.keyAuthz(
|
||||
challenge.token,
|
||||
this.parentAcmeAccount.parentSmartAcme.keyPair.publicKey
|
||||
)
|
||||
|
||||
/**
|
||||
* needed in case selected challenge is of type dns-01
|
||||
*/
|
||||
let keyHash: string = plugins.rawacme.dnsKeyAuthzHash(authKey) // needed if dns challenge is chosen
|
||||
|
||||
/**
|
||||
* the return challenge
|
||||
*/
|
||||
let returnDNSChallenge: ISmartAcmeChallengeAccepted = {
|
||||
uri: challenge.uri,
|
||||
type: challenge.type,
|
||||
token: challenge.token,
|
||||
keyAuthorization: challenge.keyAuthorization,
|
||||
keyHash: keyHash,
|
||||
status: challenge.status
|
||||
}
|
||||
|
||||
this.parentAcmeAccount.parentSmartAcme.rawacmeClient.post(
|
||||
challenge.uri,
|
||||
{
|
||||
resource: 'challenge',
|
||||
keyAuthorization: authKey
|
||||
},
|
||||
this.parentAcmeAccount.parentSmartAcme.keyPair,
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
}
|
||||
done.resolve(returnDNSChallenge)
|
||||
}
|
||||
)
|
||||
return done.promise
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,52 +0,0 @@
|
||||
import * as plugins from './smartacme.plugins'
|
||||
import * as helpers from './smartacme.helpers'
|
||||
|
||||
import { IRsaKeypair } from './smartacme.classes.smartacme'
|
||||
|
||||
export interface IAcmeCsrConstructorOptions {
|
||||
bit: number,
|
||||
key: string,
|
||||
domain: string,
|
||||
country: string,
|
||||
country_short: string,
|
||||
locality: string,
|
||||
organization: string,
|
||||
organization_short: string,
|
||||
password: string,
|
||||
unstructured: string,
|
||||
subject_alt_names: string[]
|
||||
}
|
||||
|
||||
export class AcmeCsr {
|
||||
validFrom: Date
|
||||
validTo: Date
|
||||
keypair: IRsaKeypair
|
||||
keyPairForged: IRsaKeypair
|
||||
constructor(optionsArg: IAcmeCsrConstructorOptions) {
|
||||
this.keypair = helpers.createKeypair(optionsArg.bit)
|
||||
let privateKeyForged = plugins.nodeForge.pki.privateKeyFromPem(this.keypair.privateKey)
|
||||
let publicKeyForged = plugins.nodeForge.pki.publicKeyToPem(
|
||||
plugins.nodeForge.pki.setRsaPublicKey(privateKeyForged.n, privateKeyForged.e)
|
||||
)
|
||||
this.keyPairForged = {
|
||||
privateKey: privateKeyForged,
|
||||
publicKey: publicKeyForged
|
||||
}
|
||||
|
||||
// set dates
|
||||
this.validFrom = new Date()
|
||||
this.validTo = new Date()
|
||||
this.validTo.setDate(this.validFrom.getDate() + 90)
|
||||
|
||||
// create the csr
|
||||
let attributes = [
|
||||
{ name: "commonName", value: domain },
|
||||
{ name: "countryName", value: country },
|
||||
{ shortName: "ST", value: country_short },
|
||||
{ name: "localityName", value: locality },
|
||||
{ name: "organizationName", value: organization },
|
||||
{ shortName: "OU", value: organization_short }
|
||||
]
|
||||
|
||||
}
|
||||
}
|
||||
@@ -3,37 +3,27 @@ import * as q from 'q' // promises
|
||||
import * as plugins from './smartacme.plugins'
|
||||
import * as helpers from './smartacme.helpers'
|
||||
|
||||
import { AcmeAccount } from './smartacme.classes.acmeaccount'
|
||||
|
||||
/**
|
||||
* a rsa keypair needed for account creation and subsequent requests
|
||||
*/
|
||||
export interface IRsaKeypair {
|
||||
publicKey: string
|
||||
privateKey: string
|
||||
}
|
||||
|
||||
export type TChallengeType = 'dns-01' | 'http-01'
|
||||
export type TChallengeStatus = 'pending'
|
||||
|
||||
export interface ISmartAcmeChallenge {
|
||||
uri: string
|
||||
status: TChallengeStatus
|
||||
type: TChallengeType
|
||||
token: string
|
||||
keyAuthorization: string
|
||||
}
|
||||
|
||||
export interface ISmartAcmeChallengeAccepted extends ISmartAcmeChallenge {
|
||||
keyHash: string
|
||||
}
|
||||
export { AcmeAccount } from './smartacme.classes.acmeaccount'
|
||||
export { AcmeCert, ISmartAcmeChallenge, ISmartAcmeChallengeAccepted } from './smartacme.classes.acmecert'
|
||||
|
||||
/**
|
||||
* class SmartAcme exports methods for maintaining SSL Certificates
|
||||
*/
|
||||
export class SmartAcme {
|
||||
acmeUrl: string // the acme url to use
|
||||
acmeUrl: string // the acme url to use for this instance
|
||||
productionBool: boolean // a boolean to quickly know wether we are in production or not
|
||||
keyPair: IRsaKeypair // the keyPair needed for account creation
|
||||
location: string
|
||||
link: string
|
||||
rawacmeClient
|
||||
JWK
|
||||
|
||||
/**
|
||||
* the constructor for class SmartAcme
|
||||
@@ -49,10 +39,9 @@ export class SmartAcme {
|
||||
}
|
||||
|
||||
/**
|
||||
* creates an account if not currently present in module
|
||||
* @executes ASYNC
|
||||
* init the smartacme instance
|
||||
*/
|
||||
createAccount() {
|
||||
init() {
|
||||
let done = q.defer()
|
||||
plugins.rawacme.createClient(
|
||||
{
|
||||
@@ -70,151 +59,24 @@ export class SmartAcme {
|
||||
|
||||
// make client available in class
|
||||
this.rawacmeClient = client
|
||||
|
||||
// create the registration
|
||||
client.newReg(
|
||||
{
|
||||
contact: ['mailto:domains@lossless.org']
|
||||
},
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.error('smartacme: something went wrong:')
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
return
|
||||
}
|
||||
this.JWK = res.body.key
|
||||
this.link = res.headers.link
|
||||
console.log(this.link)
|
||||
this.location = res.headers.location
|
||||
done.resolve()
|
||||
})
|
||||
|
||||
done.resolve()
|
||||
}
|
||||
)
|
||||
return done.promise
|
||||
}
|
||||
|
||||
agreeTos() {
|
||||
let done = q.defer()
|
||||
let tosPart = this.link.split(',')[1]
|
||||
let tosLinkPortion = tosPart.split(';')[0]
|
||||
let url = tosLinkPortion.split(';')[0].trim().replace(/[<>]/g, '')
|
||||
this.rawacmeClient.post(this.location, { Agreement: url, resource: 'reg' }, (err, res) => {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
return
|
||||
}
|
||||
done.resolve()
|
||||
/**
|
||||
* creates an account if not currently present in module
|
||||
* @executes ASYNC
|
||||
*/
|
||||
createAccount() {
|
||||
let done = q.defer<AcmeAccount>()
|
||||
let acmeAccount = new AcmeAccount(this)
|
||||
acmeAccount.register().then(() => {
|
||||
return acmeAccount.agreeTos()
|
||||
}).then(() => {
|
||||
done.resolve(acmeAccount)
|
||||
})
|
||||
return done.promise
|
||||
}
|
||||
|
||||
/**
|
||||
* requests a challenge for a domain
|
||||
* @param domainNameArg - the domain name to request a challenge for
|
||||
* @param challengeType - the challenge type to request
|
||||
*/
|
||||
requestChallenge(domainNameArg: string, challengeTypeArg: TChallengeType = 'dns-01') {
|
||||
let done = q.defer<ISmartAcmeChallengeAccepted>()
|
||||
this.rawacmeClient.newAuthz(
|
||||
{
|
||||
identifier: {
|
||||
type: 'dns',
|
||||
value: domainNameArg
|
||||
}
|
||||
},
|
||||
this.keyPair,
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.error('smartacme: something went wrong:')
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
}
|
||||
console.log(JSON.stringify(res.body))
|
||||
let dnsChallenge = res.body.challenges.filter(x => {
|
||||
return x.type === challengeTypeArg
|
||||
})[0]
|
||||
this.acceptChallenge(dnsChallenge)
|
||||
.then((x: ISmartAcmeChallengeAccepted) => {
|
||||
done.resolve(x)
|
||||
})
|
||||
}
|
||||
)
|
||||
return done.promise
|
||||
}
|
||||
|
||||
/**
|
||||
* getCertificate - takes care of cooldown, validation polling and certificate retrieval
|
||||
*/
|
||||
getCertificate() {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* validates a challenge
|
||||
*/
|
||||
validate(challenge: ISmartAcmeChallengeAccepted) {
|
||||
let done = q.defer()
|
||||
this.rawacmeClient.poll(challenge.uri, function(err, res) {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
}
|
||||
console.log(res.status)
|
||||
console.log(JSON.stringify(res.body))
|
||||
done.resolve()
|
||||
})
|
||||
return done.promise
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* accept a challenge - for private use only
|
||||
*/
|
||||
private acceptChallenge(challenge: ISmartAcmeChallenge) {
|
||||
let done = q.defer()
|
||||
|
||||
/**
|
||||
* the key is needed to accept the challenge
|
||||
*/
|
||||
let authKey: string = plugins.rawacme.keyAuthz(challenge.token, this.keyPair.publicKey)
|
||||
|
||||
/**
|
||||
* needed in case selected challenge is of type dns-01
|
||||
*/
|
||||
let keyHash: string = plugins.rawacme.dnsKeyAuthzHash(authKey) // needed if dns challenge is chosen
|
||||
|
||||
/**
|
||||
* the return challenge
|
||||
*/
|
||||
let returnDNSChallenge: ISmartAcmeChallengeAccepted = {
|
||||
uri: challenge.uri,
|
||||
type: challenge.type,
|
||||
token: challenge.token,
|
||||
keyAuthorization: challenge.keyAuthorization,
|
||||
keyHash: keyHash,
|
||||
status: challenge.status
|
||||
}
|
||||
|
||||
this.rawacmeClient.post(
|
||||
challenge.uri,
|
||||
{
|
||||
resource: 'challenge',
|
||||
keyAuthorization: authKey
|
||||
},
|
||||
this.keyPair,
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.log(err)
|
||||
done.reject(err)
|
||||
}
|
||||
done.resolve(returnDNSChallenge)
|
||||
}
|
||||
)
|
||||
return done.promise
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -4,8 +4,7 @@ import * as q from 'q'
|
||||
import * as plugins from './smartacme.plugins'
|
||||
|
||||
import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
|
||||
|
||||
|
||||
import { AcmeAccount } from './smartacme.classes.acmeaccount'
|
||||
|
||||
/**
|
||||
* creates a keypair to use with requests and to generate JWK from
|
||||
@@ -22,12 +21,13 @@ export let createKeypair = (bit = 2048): IRsaKeypair => {
|
||||
* gets an existing registration
|
||||
* @executes ASYNC
|
||||
*/
|
||||
let getReg = (smartAcmeArg: SmartAcme) => {
|
||||
let getReg = (SmartAcmeArg: SmartAcme, location: string) => {
|
||||
let done = q.defer()
|
||||
let body = { resource: 'reg' }
|
||||
smartAcmeArg.rawacmeClient.post(
|
||||
smartAcmeArg.location,
|
||||
body, smartAcmeArg.keyPair,
|
||||
SmartAcmeArg.rawacmeClient.post(
|
||||
location,
|
||||
body,
|
||||
SmartAcmeArg.keyPair,
|
||||
(err, res) => {
|
||||
if (err) {
|
||||
console.error('smartacme: something went wrong:')
|
||||
|
||||
@@ -17,4 +17,4 @@ export {
|
||||
smartfile,
|
||||
smartstring,
|
||||
paths
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user