5.0.1

.gitea/workflows/default_nottags.yaml

@@ -0,0 +1,66 @@
+name: Default (not tags)
+
+on:
+  push:
+    tags-ignore:
+      - '**'
+
+env:
+  IMAGE: code.foss.global/host.today/ht-docker-node:npmci
+  NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@/${{gitea.repository}}.git
+  NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
+  NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}
+  NPMCI_GIT_GITHUBTOKEN: ${{secrets.NPMCI_GIT_GITHUBTOKEN}}
+  NPMCI_URL_CLOUDLY: ${{secrets.NPMCI_URL_CLOUDLY}}
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    container:
+      image: ${{ env.IMAGE }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install pnpm and npmci
+        run: |
+          pnpm install -g pnpm
+          pnpm install -g @ship.zone/npmci
+
+      - name: Run npm prepare
+        run: npmci npm prepare
+
+      - name: Audit production dependencies
+        run: |
+          npmci command npm config set registry https://registry.npmjs.org
+          npmci command pnpm audit --audit-level=high --prod
+        continue-on-error: true
+
+      - name: Audit development dependencies
+        run: |
+          npmci command npm config set registry https://registry.npmjs.org
+          npmci command pnpm audit --audit-level=high --dev
+        continue-on-error: true
+
+  test:
+    if: ${{ always() }}
+    needs: security
+    runs-on: ubuntu-latest
+    container:
+      image: ${{ env.IMAGE }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Test stable
+        run: |
+          npmci node install stable
+          npmci npm install
+          npmci npm test
+
+      - name: Test build
+        run: |
+          npmci node install stable
+          npmci npm install
+          npmci npm build

.gitea/workflows/default_tags.yaml

@@ -0,0 +1,124 @@
+name: Default (tags)
+
+on:
+  push:
+    tags:
+      - '*'
+
+env:
+  IMAGE: code.foss.global/host.today/ht-docker-node:npmci
+  NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@/${{gitea.repository}}.git
+  NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
+  NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}
+  NPMCI_GIT_GITHUBTOKEN: ${{secrets.NPMCI_GIT_GITHUBTOKEN}}
+  NPMCI_URL_CLOUDLY: ${{secrets.NPMCI_URL_CLOUDLY}}
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    container:
+      image: ${{ env.IMAGE }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Prepare
+        run: |
+          pnpm install -g pnpm
+          pnpm install -g @ship.zone/npmci
+          npmci npm prepare
+
+      - name: Audit production dependencies
+        run: |
+          npmci command npm config set registry https://registry.npmjs.org
+          npmci command pnpm audit --audit-level=high --prod
+        continue-on-error: true
+
+      - name: Audit development dependencies
+        run: |
+          npmci command npm config set registry https://registry.npmjs.org
+          npmci command pnpm audit --audit-level=high --dev
+        continue-on-error: true
+
+  test:
+    if: ${{ always() }}
+    needs: security
+    runs-on: ubuntu-latest
+    container:
+      image: ${{ env.IMAGE }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Prepare
+        run: |
+          pnpm install -g pnpm
+          pnpm install -g @ship.zone/npmci
+          npmci npm prepare
+
+      - name: Test stable
+        run: |
+          npmci node install stable
+          npmci npm install
+          npmci npm test
+
+      - name: Test build
+        run: |
+          npmci node install stable
+          npmci npm install
+          npmci npm build
+
+  release:
+    needs: test
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    container:
+      image: ${{ env.IMAGE }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Prepare
+        run: |
+          pnpm install -g pnpm
+          pnpm install -g @ship.zone/npmci
+          npmci npm prepare
+
+      - name: Release
+        run: |
+          npmci node install stable
+          npmci npm publish
+
+  metadata:
+    needs: test
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    container:
+      image: ${{ env.IMAGE }}
+    continue-on-error: true
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Prepare
+        run: |
+          pnpm install -g pnpm
+          pnpm install -g @ship.zone/npmci
+          npmci npm prepare
+
+      - name: Code quality
+        run: |
+          npmci command npm install -g typescript
+          npmci npm install
+
+      - name: Trigger
+        run: npmci trigger
+
+      - name: Build docs and upload artifacts
+        run: |
+          npmci node install stable
+          npmci npm install
+          pnpm install -g @git.zone/tsdoc
+          npmci command tsdoc
+        continue-on-error: true

.gitignore

@@ -1,4 +1,19 @@
-node_modules/
+.nogit/
+
+# artifacts
 coverage/
 public/
-pages/
+
+# installs
+node_modules/
+
+# caches
+.yarn/
+.cache/
+.rpt2_cache
+
+# builds
+dist/
+dist_*/
+
+#------# custom

.gitlab-ci.yml

@@ -1,59 +0,0 @@
-image: hosttoday/ht-docker-node:npmts
-
-stages:
-- test
-- release
-- trigger
-- pages
-
-testLEGACY:
-  stage: test
-  script:
-    - npmci test legacy
-  tags:
-    - docker
-  allow_failure: true
-
-testLTS:
-  stage: test
-  script:
-    - npmci test lts
-  tags:
-    - docker
-    
-testSTABLE:
-  stage: test
-  script:
-    - npmci test stable
-  tags:
-    - docker
-
-release:
-  stage: release
-  script:
-    - npmci publish
-  only:
-    - tags
-  tags:
-    - docker
-
-trigger:
-  stage: trigger
-  script:
-    - npmci trigger
-  only:
-    - tags
-  tags:
-    - docker
-
-pages:
-  image: hosttoday/ht-docker-node:npmpage
-  stage: pages
-  script:
-    - npmci command npmpage --host gitlab
-  only:
-    - tags
-  artifacts:
-    expire_in: 1 week
-    paths:
-    - public

.npmignore

@@ -0,0 +1,4 @@
+node_modules/
+coverage/
+public/
+pages/

.vscode/launch.json

@@ -0,0 +1,11 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "command": "npm test",
+      "name": "Run npm test",
+      "request": "launch",
+      "type": "node-terminal"
+    }
+  ]
+}

.vscode/settings.json

@@ -0,0 +1,26 @@
+{
+  "json.schemas": [
+    {
+      "fileMatch": ["/npmextra.json"],
+      "schema": {
+        "type": "object",
+        "properties": {
+          "npmci": {
+            "type": "object",
+            "description": "settings for npmci"
+          },
+          "gitzone": {
+            "type": "object",
+            "description": "settings for gitzone",
+            "properties": {
+              "projectType": {
+                "type": "string",
+                "enum": ["website", "element", "service", "npm", "wcc"]
+              }
+            }
+          }
+        }
+      }
+    }
+  ]
+}

LICENSE

@@ -1,4 +1,4 @@
-Copyright (C) 2016, Lossless GmbH
+Copyright (C) 2016, Task Venture Capital GmbH
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

README.md

@@ -1,50 +0,0 @@
-# smartacme
-acme implementation in TypeScript
-
-## Availabililty
-[![npm](https://push.rocks/assets/repo-button-npm.svg)](https://www.npmjs.com/package/smartacme)
-[![git](https://push.rocks/assets/repo-button-git.svg)](https://GitLab.com/pushrocks/smartacme)
-[![git](https://push.rocks/assets/repo-button-mirror.svg)](https://github.com/pushrocks/smartacme)
-[![docs](https://push.rocks/assets/repo-button-docs.svg)](https://pushrocks.gitlab.io/smartacme/)
-
-## Status for master
-[![build status](https://GitLab.com/pushrocks/smartacme/badges/master/build.svg)](https://GitLab.com/pushrocks/smartacme/commits/master)
-[![coverage report](https://GitLab.com/pushrocks/smartacme/badges/master/coverage.svg)](https://GitLab.com/pushrocks/smartacme/commits/master)
-[![npm downloads per month](https://img.shields.io/npm/dm/smartacme.svg)](https://www.npmjs.com/package/smartacme)
-[![Dependency Status](https://david-dm.org/pushrocks/smartacme.svg)](https://david-dm.org/pushrocks/smartacme)
-[![bitHound Dependencies](https://www.bithound.io/github/pushrocks/smartacme/badges/dependencies.svg)](https://www.bithound.io/github/pushrocks/smartacme/master/dependencies/npm)
-[![bitHound Code](https://www.bithound.io/github/pushrocks/smartacme/badges/code.svg)](https://www.bithound.io/github/pushrocks/smartacme)
-[![TypeScript](https://img.shields.io/badge/TypeScript-2.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
-[![node](https://img.shields.io/badge/node->=%206.x.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
-[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)
-
-## Usage
-Use TypeScript for best in class instellisense.
-
-```javascript
-import { SmartAcme } from 'smartacme'
-
-let smac = new SmartAcme()
-
-(async () => { // learn async/await, it'll make your life easier
-
-    // optionally accepts a filePath Arg with a stored acmeaccount.json
-    // will create an account and 
-    let myAccount = await smac.createAcmeAccount()
-    
-    // will return a dnsHash to set in your DNS record
-    let myCert = await myAccount.createAcmeCert('example.com')
-
-    // gets and accepts the specified challenge
-    // first argument optional, defaults to dns-01 (which is the cleanest method for production use)
-    let myChallenge = await myCert.getChallenge('dns-01')
-
-    /* ----------
-    Now you need to set the challenge in your DNS
-    myChallenge.domainNamePrefixed is the address for the record
-    myChallenge.dnsKeyHash is the ready to use txt record value expected by letsencrypt
-    -------------*/
-})()
-```
-
-[![npm](https://push.rocks/assets/repo-header.svg)](https://push.rocks)

changelog.md

@@ -0,0 +1,116 @@
+# Changelog
+
+## 2025-04-26 - 5.0.1 - fix(build)
+Update CI workflows, bump dependency versions, and refine import and TypeScript configuration
+
+- Changed CI workflow image and npmci package from '@shipzone/npmci' to '@ship.zone/npmci', and updated repository URLs
+- Bumped several dependency versions in package.json (e.g. @api.global/typedserver, @push.rocks/lik, @push.rocks/smartdata, @push.rocks/smartdns, @tsclass/tsclass) to newer releases
+- Adjusted smartdns import to use the smartdnsClient module for proper module resolution
+- Updated tsconfig.json to add emitDecoratorMetadata and baseUrl settings
+- Minor markdown and formatting tweaks in readme and gitignore files, and slight improvements in test async handling
+
+## 2024-06-16 - 5.0.0 - No significant changes  
+This release contains no user‑facing changes.
+
+## 2024-06-16 - 4.0.8 - Structure and configuration updates  
+- BREAKING CHANGE(structure): renamed classes to avoid confusion  
+- update description  
+- update tsconfig  
+- update npmextra.json: githost
+
+## 2024-01-28 - 4.0.7–4.0.6 - Internal fixes and updates  
+- A series of releases with routine bug fixes and maintenance updates.
+
+## 2023-07-21 - 4.0.5–4.0.4 - Internal fixes and updates  
+- Multiple releases addressing internal issues and maintenance improvements.
+
+## 2023-07-10 - 4.0.3 - Organizational changes  
+- switch to new org scheme
+
+## 2022-09-27 - 4.0.0–4.0.2 - Internal fixes and updates  
+- Routine maintenance and internal bug fixes.
+
+## 2022-09-27 - 3.0.15 - Breaking changes  
+- BREAKING CHANGE(core): update
+
+## 2021-01-22 - 3.0.9–3.0.14 - Internal fixes and updates  
+- A range of releases focused on routine internal updates.
+
+## 2020-11-18 - 3.0.0–3.0.8 - Internal fixes and updates  
+- Routine maintenance and internal bug fixes.
+
+## 2020-02-10 - 2.1.2 - Breaking changes  
+- BREAKING CHANGE(core): streamline scope to certificate retrieval using dns challenge
+
+## 2020-02-10 - 2.1.0–2.1.1 - Internal fixes and updates  
+- Routine fixes and updates.
+
+## 2019-02-06 - 2.0.36 - New feature  
+- feat(Cert): now has validity check
+
+## 2019-01-18 - 2.0.2–2.0.35 - Internal fixes and updates  
+- Routine internal updates and maintenance.
+
+## 2018-10-07 - 2.0.0–2.0.1 - Internal fixes and updates  
+- Routine internal updates and maintenance.
+
+## 2018-10-07 - 1.1.4 - Breaking changes  
+- BREAKING CHANGE(scope): change to @pushrocks
+
+## 2018-08-12 - 1.1.1 - NPM publishing fix  
+- fix(npm publishing): update
+
+## 2018-08-11 - 1.1.0 - Certificate issuance update  
+- fix(core): now creating certs all right
+
+## 2018-08-11 - 1.0.11 - Feature update  
+- feat(swaitch to acme-v2): switch to letsencrypt v2
+
+## 2017-04-28 - 1.0.10 - CI improvements  
+- add updated ci config
+
+## 2017-04-28 - 1.0.9 - Standards update  
+- update to latest standards
+
+## 2017-01-27 - 1.0.8 - Basic functionality  
+- basic functionality
+
+## 2017-01-25 - 1.0.7 - Response and validation improvements  
+- now getting a valid response  
+- update validation  
+- improve README
+
+## 2017-01-15 - 1.0.6 - Async and documentation improvements  
+- improve README  
+- add async checkDNS
+
+## 2017-01-15 - 1.0.5 - Standards and process updates  
+- update to new standards  
+- now has working requestValidation method  
+- fix som things  
+- start better segregation of concerns  
+- start with certificate signing process
+
+## 2017-01-01 - 1.0.4 - Certificate acquisition improvements  
+- now getting certificates  
+- can now agree to TOS  
+- remove test keys
+
+## 2017-01-01 - 1.0.3 - NPM extra configuration  
+- add npmextra.json
+
+## 2017-01-01 - 1.0.2 - README and integration update  
+- add better readme  
+- switch to rawacme for more basic letsencrypt access
+
+## 2016-11-17 - 1.0.1 - Promise fix  
+- fix promise
+
+## 2016-11-17 - 1.0.0 - Major initial release changes  
+- remove superflouous key creation  
+- switch to acme core  
+- prepare switch to le‑acme‑core  
+- improve upon keyCreation  
+- update to use more promises  
+- add README  
+- first version

dist/index.d.ts

@@ -1 +0,0 @@
-export * from './smartacme.classes.smartacme';

dist/index.js

@@ -1,6 +0,0 @@
-"use strict";
-function __export(m) {
-    for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];
-}
-__export(require("./smartacme.classes.smartacme"));
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7O0FBQUEsbURBQTZDIn0=

dist/smartacme.classes.acmeaccount.d.ts

@@ -1,23 +0,0 @@
-/// <reference types="q" />
-import * as q from 'q';
-import { SmartAcme } from './smartacme.classes.smartacme';
-import { AcmeCert } from './smartacme.classes.acmecert';
-/**
- * class AcmeAccount represents an AcmeAccount
- */
-export declare class AcmeAccount {
-    parentSmartAcme: SmartAcme;
-    location: string;
-    link: string;
-    JWK: any;
-    constructor(smartAcmeParentArg: SmartAcme);
-    /**
-     * register the account with letsencrypt
-     */
-    register(): q.Promise<{}>;
-    /**
-     * agree to letsencrypr terms of service
-     */
-    agreeTos(): q.Promise<{}>;
-    createAcmeCert(domainNameArg: string, countryArg?: string, countryShortArg?: string, city?: string, companyArg?: string, companyShortArg?: string): q.Promise<AcmeCert>;
-}

dist/smartacme.classes.acmeaccount.js

@@ -1,71 +0,0 @@
-"use strict";
-const q = require("q");
-const smartacme_classes_acmecert_1 = require("./smartacme.classes.acmecert");
-/**
- * class AcmeAccount represents an AcmeAccount
- */
-class AcmeAccount {
-    constructor(smartAcmeParentArg) {
-        this.parentSmartAcme = smartAcmeParentArg;
-    }
-    /**
-     * register the account with letsencrypt
-     */
-    register() {
-        let done = q.defer();
-        this.parentSmartAcme.rawacmeClient.newReg({
-            contact: ['mailto:domains@lossless.org']
-        }, (err, res) => {
-            if (err) {
-                console.error('smartacme: something went wrong:');
-                console.log(err);
-                done.reject(err);
-                return;
-            }
-            this.JWK = res.body.key;
-            this.link = res.headers.link;
-            console.log(this.link);
-            this.location = res.headers.location;
-            done.resolve();
-        });
-        return done.promise;
-    }
-    /**
-     * agree to letsencrypr terms of service
-     */
-    agreeTos() {
-        let done = q.defer();
-        let tosPart = this.link.split(',')[1];
-        let tosLinkPortion = tosPart.split(';')[0];
-        let url = tosLinkPortion.split(';')[0].trim().replace(/[<>]/g, '');
-        this.parentSmartAcme.rawacmeClient.post(this.location, { Agreement: url, resource: 'reg' }, (err, res) => {
-            if (err) {
-                console.log(err);
-                done.reject(err);
-                return;
-            }
-            done.resolve();
-        });
-        return done.promise;
-    }
-    createAcmeCert(domainNameArg, countryArg = 'Germany', countryShortArg = 'DE', city = 'Bremen', companyArg = 'Some Company', companyShortArg = 'SC') {
-        let done = q.defer();
-        let acmeCert = new smartacme_classes_acmecert_1.AcmeCert({
-            bit: 2064,
-            key: null,
-            domain: domainNameArg,
-            country: countryArg,
-            country_short: countryShortArg,
-            locality: city,
-            organization: companyArg,
-            organization_short: companyShortArg,
-            password: null,
-            unstructured: null,
-            subject_alt_names: null
-        }, this);
-        done.resolve(acmeCert);
-        return done.promise;
-    }
-}
-exports.AcmeAccount = AcmeAccount;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmNsYXNzZXMuYWNtZWFjY291bnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUuY2xhc3Nlcy5hY21lYWNjb3VudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsdUJBQXNCO0FBTXRCLDZFQUF1RDtBQUV2RDs7R0FFRztBQUNIO0lBS0ksWUFBWSxrQkFBNkI7UUFDckMsSUFBSSxDQUFDLGVBQWUsR0FBRyxrQkFBa0IsQ0FBQTtJQUM3QyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxRQUFRO1FBQ0osSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ3BCLElBQUksQ0FBQyxlQUFlLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FDckM7WUFDSSxPQUFPLEVBQUUsQ0FBQyw2QkFBNkIsQ0FBQztTQUMzQyxFQUNELENBQUMsR0FBRyxFQUFFLEdBQUc7WUFDTCxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNOLE9BQU8sQ0FBQyxLQUFLLENBQUMsa0NBQWtDLENBQUMsQ0FBQTtnQkFDakQsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQTtnQkFDaEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtnQkFDaEIsTUFBTSxDQUFBO1lBQ1YsQ0FBQztZQUNELElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUE7WUFDdkIsSUFBSSxDQUFDLElBQUksR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQTtZQUM1QixPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQTtZQUN0QixJQUFJLENBQUMsUUFBUSxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFBO1lBQ3BDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQTtRQUNsQixDQUFDLENBQUMsQ0FBQTtRQUNOLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFBO0lBQ3ZCLENBQUM7SUFFRDs7T0FFRztJQUNILFFBQVE7UUFDSixJQUFJLElBQUksR0FBRyxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUE7UUFDcEIsSUFBSSxPQUFPLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7UUFDckMsSUFBSSxjQUFjLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtRQUMxQyxJQUFJLEdBQUcsR0FBRyxjQUFjLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFDbEUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUUsRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLFFBQVEsRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUFDLEdBQUcsRUFBRSxHQUFHO1lBQ2pHLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQ04sT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQTtnQkFDaEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQTtnQkFDaEIsTUFBTSxDQUFBO1lBQ1YsQ0FBQztZQUNELElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQTtRQUNsQixDQUFDLENBQUMsQ0FBQTtRQUNGLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFBO0lBQ3ZCLENBQUM7SUFFRCxjQUFjLENBQ1YsYUFBcUIsRUFDckIsVUFBVSxHQUFHLFNBQVMsRUFDdEIsZUFBZSxHQUFHLElBQUksRUFDdEIsSUFBSSxHQUFHLFFBQVEsRUFDZixVQUFVLEdBQUcsY0FBYyxFQUMzQixlQUFlLEdBQUcsSUFBSTtRQUd0QixJQUFJLElBQUksR0FBRyxDQUFDLENBQUMsS0FBSyxFQUFZLENBQUE7UUFDOUIsSUFBSSxRQUFRLEdBQUcsSUFBSSxxQ0FBUSxDQUN2QjtZQUNJLEdBQUcsRUFBRSxJQUFJO1lBQ1QsR0FBRyxFQUFFLElBQUk7WUFDVCxNQUFNLEVBQUUsYUFBYTtZQUNyQixPQUFPLEVBQUUsVUFBVTtZQUNuQixhQUFhLEVBQUUsZUFBZTtZQUM5QixRQUFRLEVBQUUsSUFBSTtZQUNkLFlBQVksRUFBRSxVQUFVO1lBQ3hCLGtCQUFrQixFQUFFLGVBQWU7WUFDbkMsUUFBUSxFQUFFLElBQUk7WUFDZCxZQUFZLEVBQUUsSUFBSTtZQUNsQixpQkFBaUIsRUFBRSxJQUFJO1NBQzFCLEVBQ0QsSUFBSSxDQUNQLENBQUE7UUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFBO1FBQ3RCLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFBO0lBQ3ZCLENBQUM7Q0FDSjtBQWxGRCxrQ0FrRkMifQ==

dist/smartacme.classes.acmecert.d.ts

@@ -1,79 +0,0 @@
-/// <reference types="q" />
-import * as q from 'q';
-import { IRsaKeypair } from './smartacme.classes.smartacme';
-import { AcmeAccount } from './smartacme.classes.acmeaccount';
-/**
- * types of challenges supported by letsencrypt and this module
- */
-export declare type TChallengeType = 'dns-01' | 'http-01';
-/**
- * values that a challenge's status can have
- */
-export declare type TChallengeStatus = 'pending';
-export interface ISmartAcmeChallenge {
-    uri: string;
-    status: TChallengeStatus;
-    type: TChallengeType;
-    token: string;
-    keyAuthorization: string;
-}
-export interface ISmartAcmeChallengeAccepted extends ISmartAcmeChallenge {
-    dnsKeyHash: string;
-    domainName: string;
-    domainNamePrefixed: string;
-}
-export interface IAcmeCsrConstructorOptions {
-    bit: number;
-    key: string;
-    domain: string;
-    country: string;
-    country_short: string;
-    locality: string;
-    organization: string;
-    organization_short: string;
-    password: string;
-    unstructured: string;
-    subject_alt_names: string[];
-}
-/**
- * class AcmeCert represents a cert for domain
- */
-export declare class AcmeCert {
-    domainName: string;
-    attributes: any;
-    acceptedChallenge: ISmartAcmeChallengeAccepted;
-    fullchain: string;
-    parentAcmeAccount: AcmeAccount;
-    csr: any;
-    validFrom: Date;
-    validTo: Date;
-    keypair: IRsaKeypair;
-    keyPairFinal: IRsaKeypair;
-    constructor(optionsArg: IAcmeCsrConstructorOptions, parentAcmeAccount: AcmeAccount);
-    /**
-     * requests a challenge for a domain
-     * @param domainNameArg - the domain name to request a challenge for
-     * @param challengeType - the challenge type to request
-     */
-    requestChallenge(challengeTypeArg?: TChallengeType): q.Promise<ISmartAcmeChallengeAccepted>;
-    /**
-     * checks if DNS records are set, will go through a max of 30 cycles
-     */
-    checkDns(cycleArg?: number): Promise<any>;
-    /**
-     * validates a challenge, only call after you have set the challenge at the expected location
-     */
-    requestValidation(): q.Promise<{}>;
-    /**
-     * requests a certificate
-     */
-    requestCert(): q.Promise<{}>;
-    /**
-     * getCertificate - takes care of cooldown, validation polling and certificate retrieval
-     */
-    getCertificate(): void;
-    /**
-     * accept a challenge - for private use only
-     */
-    private acceptChallenge(challengeArg);
-}

dist/smartacme.classes.smartacme.d.ts

@@ -1,34 +0,0 @@
-/// <reference types="q" />
-import * as q from 'q';
-import { AcmeAccount } from './smartacme.classes.acmeaccount';
-/**
- * a rsa keypair needed for account creation and subsequent requests
- */
-export interface IRsaKeypair {
-    publicKey: string;
-    privateKey: string;
-}
-export { AcmeAccount } from './smartacme.classes.acmeaccount';
-export { AcmeCert, ISmartAcmeChallenge, ISmartAcmeChallengeAccepted } from './smartacme.classes.acmecert';
-/**
- * class SmartAcme exports methods for maintaining SSL Certificates
- */
-export declare class SmartAcme {
-    acmeUrl: string;
-    productionBool: boolean;
-    keyPair: IRsaKeypair;
-    rawacmeClient: any;
-    /**
-     * the constructor for class SmartAcme
-     */
-    constructor(productionArg?: boolean);
-    /**
-     * init the smartacme instance
-     */
-    init(): q.Promise<{}>;
-    /**
-     * creates an account if not currently present in module
-     * @executes ASYNC
-     */
-    createAcmeAccount(): q.Promise<AcmeAccount>;
-}

dist/smartacme.classes.smartacme.js

@@ -1,66 +0,0 @@
-"use strict";
-// third party modules
-const q = require("q"); // promises
-const plugins = require("./smartacme.plugins");
-const helpers = require("./smartacme.helpers");
-const smartacme_classes_acmeaccount_1 = require("./smartacme.classes.acmeaccount");
-var smartacme_classes_acmeaccount_2 = require("./smartacme.classes.acmeaccount");
-exports.AcmeAccount = smartacme_classes_acmeaccount_2.AcmeAccount;
-var smartacme_classes_acmecert_1 = require("./smartacme.classes.acmecert");
-exports.AcmeCert = smartacme_classes_acmecert_1.AcmeCert;
-/**
- * class SmartAcme exports methods for maintaining SSL Certificates
- */
-class SmartAcme {
-    /**
-     * the constructor for class SmartAcme
-     */
-    constructor(productionArg = false) {
-        this.productionBool = productionArg;
-        this.keyPair = helpers.createKeypair();
-        if (this.productionBool) {
-            this.acmeUrl = plugins.rawacme.LETSENCRYPT_URL;
-        }
-        else {
-            this.acmeUrl = plugins.rawacme.LETSENCRYPT_STAGING_URL;
-        }
-    }
-    /**
-     * init the smartacme instance
-     */
-    init() {
-        let done = q.defer();
-        plugins.rawacme.createClient({
-            url: this.acmeUrl,
-            publicKey: this.keyPair.publicKey,
-            privateKey: this.keyPair.privateKey
-        }, (err, client) => {
-            if (err) {
-                console.error('smartacme: something went wrong:');
-                console.log(err);
-                done.reject(err);
-                return;
-            }
-            // make client available in class 
-            this.rawacmeClient = client;
-            done.resolve();
-        });
-        return done.promise;
-    }
-    /**
-     * creates an account if not currently present in module
-     * @executes ASYNC
-     */
-    createAcmeAccount() {
-        let done = q.defer();
-        let acmeAccount = new smartacme_classes_acmeaccount_1.AcmeAccount(this);
-        acmeAccount.register().then(() => {
-            return acmeAccount.agreeTos();
-        }).then(() => {
-            done.resolve(acmeAccount);
-        });
-        return done.promise;
-    }
-}
-exports.SmartAcme = SmartAcme;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmNsYXNzZXMuc21hcnRhY21lLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvc21hcnRhY21lLmNsYXNzZXMuc21hcnRhY21lLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxzQkFBc0I7QUFDdEIsdUJBQXNCLENBQUMsV0FBVztBQUNsQywrQ0FBOEM7QUFDOUMsK0NBQThDO0FBRTlDLG1GQUE2RDtBQVU3RCxpRkFBNkQ7QUFBcEQsc0RBQUEsV0FBVyxDQUFBO0FBQ3BCLDJFQUF5RztBQUFoRyxnREFBQSxRQUFRLENBQUE7QUFFakI7O0dBRUc7QUFDSDtJQU1JOztPQUVHO0lBQ0gsWUFBWSxnQkFBeUIsS0FBSztRQUN0QyxJQUFJLENBQUMsY0FBYyxHQUFHLGFBQWEsQ0FBQTtRQUNuQyxJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQTtRQUN0QyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQztZQUN0QixJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFBO1FBQ2xELENBQUM7UUFBQyxJQUFJLENBQUMsQ0FBQztZQUNKLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyx1QkFBdUIsQ0FBQTtRQUMxRCxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0gsSUFBSTtRQUNBLElBQUksSUFBSSxHQUFHLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQTtRQUNwQixPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FDeEI7WUFDSSxHQUFHLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDakIsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUztZQUNqQyxVQUFVLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVO1NBQ3RDLEVBQ0QsQ0FBQyxHQUFHLEVBQUUsTUFBTTtZQUNSLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQ04sT0FBTyxDQUFDLEtBQUssQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFBO2dCQUNqRCxPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFBO2dCQUNoQixJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO2dCQUNoQixNQUFNLENBQUE7WUFDVixDQUFDO1lBRUQsa0NBQWtDO1lBQ2xDLElBQUksQ0FBQyxhQUFhLEdBQUcsTUFBTSxDQUFBO1lBQzNCLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQTtRQUNsQixDQUFDLENBQ0osQ0FBQTtRQUNELE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFBO0lBQ3ZCLENBQUM7SUFFRDs7O09BR0c7SUFDSCxpQkFBaUI7UUFDYixJQUFJLElBQUksR0FBRyxDQUFDLENBQUMsS0FBSyxFQUFlLENBQUE7UUFDakMsSUFBSSxXQUFXLEdBQUcsSUFBSSwyQ0FBVyxDQUFDLElBQUksQ0FBQyxDQUFBO1FBQ3ZDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDeEIsTUFBTSxDQUFDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQTtRQUNqQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7WUFDSixJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFBO1FBQzdCLENBQUMsQ0FBQyxDQUFBO1FBQ0YsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUE7SUFDdkIsQ0FBQztDQUNKO0FBNURELDhCQTREQyJ9

dist/smartacme.helpers.d.ts

@@ -1,10 +0,0 @@
-import 'typings-global';
-import { IRsaKeypair } from './smartacme.classes.smartacme';
-/**
- * creates a keypair to use with requests and to generate JWK from
- */
-export declare let createKeypair: (bit?: number) => IRsaKeypair;
-/**
- * prefix a domain name to make sure it complies with letsencrypt
- */
-export declare let prefixName: (domainNameArg: string) => string;

dist/smartacme.helpers.js

@@ -1,40 +0,0 @@
-"use strict";
-require("typings-global");
-const q = require("q");
-const plugins = require("./smartacme.plugins");
-/**
- * creates a keypair to use with requests and to generate JWK from
- */
-exports.createKeypair = (bit = 2048) => {
-    let result = plugins.rsaKeygen.generate(bit);
-    return {
-        publicKey: result.public_key,
-        privateKey: result.private_key
-    };
-};
-/**
- * prefix a domain name to make sure it complies with letsencrypt
- */
-exports.prefixName = (domainNameArg) => {
-    return '_acme-challenge.' + domainNameArg;
-};
-/**
- * gets an existing registration
- * @executes ASYNC
- */
-let getReg = (SmartAcmeArg, location) => {
-    let done = q.defer();
-    let body = { resource: 'reg' };
-    SmartAcmeArg.rawacmeClient.post(location, body, SmartAcmeArg.keyPair, (err, res) => {
-        if (err) {
-            console.error('smartacme: something went wrong:');
-            console.log(err);
-            done.reject(err);
-            return;
-        }
-        console.log(JSON.stringify(res.body));
-        done.resolve();
-    });
-    return done.promise;
-};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLmhlbHBlcnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUuaGVscGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQXVCO0FBQ3ZCLHVCQUFzQjtBQUV0QiwrQ0FBOEM7QUFLOUM7O0dBRUc7QUFDUSxRQUFBLGFBQWEsR0FBRyxDQUFDLEdBQUcsR0FBRyxJQUFJO0lBQ2xDLElBQUksTUFBTSxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQzVDLE1BQU0sQ0FBQztRQUNILFNBQVMsRUFBRSxNQUFNLENBQUMsVUFBVTtRQUM1QixVQUFVLEVBQUUsTUFBTSxDQUFDLFdBQVc7S0FDakMsQ0FBQTtBQUNMLENBQUMsQ0FBQTtBQUVEOztHQUVHO0FBQ1EsUUFBQSxVQUFVLEdBQUcsQ0FBQyxhQUFxQjtJQUMxQyxNQUFNLENBQUMsa0JBQWtCLEdBQUcsYUFBYSxDQUFBO0FBQzdDLENBQUMsQ0FBQTtBQUVEOzs7R0FHRztBQUNILElBQUksTUFBTSxHQUFHLENBQUMsWUFBdUIsRUFBRSxRQUFnQjtJQUNuRCxJQUFJLElBQUksR0FBRyxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUE7SUFDcEIsSUFBSSxJQUFJLEdBQUcsRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLENBQUE7SUFDOUIsWUFBWSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQzNCLFFBQVEsRUFDUixJQUFJLEVBQ0osWUFBWSxDQUFDLE9BQU8sRUFDcEIsQ0FBQyxHQUFHLEVBQUUsR0FBRztRQUNMLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7WUFDTixPQUFPLENBQUMsS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUE7WUFDakQsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQTtZQUNoQixJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1lBQ2hCLE1BQU0sQ0FBQTtRQUNWLENBQUM7UUFDRCxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUE7UUFDckMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFBO0lBQ2xCLENBQUMsQ0FDSixDQUFBO0lBQ0QsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUE7QUFDdkIsQ0FBQyxDQUFBIn0=

dist/smartacme.paths.d.ts

@@ -1,2 +0,0 @@
-export declare let packageDir: string;
-export declare let assetDir: string;

dist/smartacme.paths.js

@@ -1,7 +0,0 @@
-"use strict";
-const path = require("path");
-const smartfile = require("smartfile");
-exports.packageDir = path.join(__dirname, '../');
-exports.assetDir = path.join(exports.packageDir, 'assets/');
-smartfile.fs.ensureDirSync(exports.assetDir);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLnBhdGhzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHMvc21hcnRhY21lLnBhdGhzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSw2QkFBNEI7QUFDNUIsdUNBQXNDO0FBRTNCLFFBQUEsVUFBVSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFDLEtBQUssQ0FBQyxDQUFBO0FBQ3ZDLFFBQUEsUUFBUSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQVUsRUFBQyxTQUFTLENBQUMsQ0FBQTtBQUNyRCxTQUFTLENBQUMsRUFBRSxDQUFDLGFBQWEsQ0FBQyxnQkFBUSxDQUFDLENBQUEifQ==

dist/smartacme.plugins.d.ts

@@ -1,8 +0,0 @@
-import 'typings-global';
-declare let rsaKeygen: any;
-declare let rawacme: any;
-declare let nodeForge: any;
-import * as dnsly from 'dnsly';
-import * as smartfile from 'smartfile';
-import * as smartstring from 'smartstring';
-export { dnsly, rsaKeygen, rawacme, nodeForge, smartfile, smartstring };

dist/smartacme.plugins.js

@@ -1,16 +0,0 @@
-"use strict";
-require("typings-global"); // typings for node
-let rsaKeygen = require('rsa-keygen'); // rsa keygen
-exports.rsaKeygen = rsaKeygen;
-let rawacme = require('rawacme'); // acme helper functions
-exports.rawacme = rawacme;
-let nodeForge = require('node-forge');
-exports.nodeForge = nodeForge;
-// push.rocks modules here
-const dnsly = require("dnsly");
-exports.dnsly = dnsly;
-const smartfile = require("smartfile");
-exports.smartfile = smartfile;
-const smartstring = require("smartstring");
-exports.smartstring = smartstring;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnRhY21lLnBsdWdpbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9zbWFydGFjbWUucGx1Z2lucy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsMEJBQXVCLENBQUMsbUJBQW1CO0FBRzNDLElBQUksU0FBUyxHQUFHLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQSxDQUFDLGFBQWE7QUFXL0MsOEJBQVM7QUFWYixJQUFJLE9BQU8sR0FBRyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUEsQ0FBQyx3QkFBd0I7QUFXckQsMEJBQU87QUFWWCxJQUFJLFNBQVMsR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUE7QUFXakMsOEJBQVM7QUFUYiwwQkFBMEI7QUFDMUIsK0JBQThCO0FBSzFCLHNCQUFLO0FBSlQsdUNBQXNDO0FBUWxDLDhCQUFTO0FBUGIsMkNBQTBDO0FBUXRDLGtDQUFXIn0=

npmextra.json

@@ -1,7 +1,38 @@
 {
-    "npmci": {
+  "gitzone": {
-        "globalNpmTools": [
+    "projectType": "npm",
-            "npmts"
+    "module": {
-        ]
+      "githost": "code.foss.global",
+      "gitscope": "push.rocks",
+      "gitrepo": "smartacme",
+      "description": "A TypeScript-based ACME client for LetsEncrypt certificate management with a focus on simplicity and power.",
+      "npmPackagename": "@push.rocks/smartacme",
+      "license": "MIT",
+      "projectDomain": "push.rocks",
+      "keywords": [
+        "ACME",
+        "LetsEncrypt",
+        "TypeScript",
+        "certificate management",
+        "DNS challenges",
+        "SSL/TLS",
+        "secure communication",
+        "domain validation",
+        "automation",
+        "crypto",
+        "MongoDB",
+        "dns-01 challenge",
+        "token-based challenges",
+        "certificate renewal",
+        "wildcard certificates"
+      ]
     }
+  },
+  "npmci": {
+    "npmGlobalTools": [],
+    "npmAccessLevel": "public"
+  },
+  "tsdoc": {
+    "legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH  \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n"
+  }
 }

package.json

@@ -1,44 +1,84 @@
 {
-  "name": "smartacme",
+  "name": "@push.rocks/smartacme",
-  "version": "1.0.7",
+  "version": "5.0.1",
-  "description": "acme implementation in TypeScript",
+  "private": false,
-  "main": "dist/index.js",
+  "description": "A TypeScript-based ACME client for LetsEncrypt certificate management with a focus on simplicity and power.",
-  "typings": "dist/index.d.ts",
+  "main": "dist_ts/index.js",
+  "typings": "dist_ts/index.d.ts",
+  "type": "module",
   "scripts": {
-    "test": "(npmts --nodocs)"
+    "test": "(tstest test/)",
+    "build": "(tsbuild --web --allowimplicitany)",
+    "buildDocs": "tsdoc"
   },
   "repository": {
     "type": "git",
-    "url": "git+ssh://git@gitlab.com/pushrocks/smartacme.git"
+    "url": "https://code.foss.global/push.rocks/smartacme.git"
   },
   "keywords": [
+    "ACME",
+    "LetsEncrypt",
     "TypeScript",
-    "acme",
+    "certificate management",
-    "letsencrypt"
+    "DNS challenges",
+    "SSL/TLS",
+    "secure communication",
+    "domain validation",
+    "automation",
+    "crypto",
+    "MongoDB",
+    "dns-01 challenge",
+    "token-based challenges",
+    "certificate renewal",
+    "wildcard certificates"
   ],
-  "author": "Lossless GmbH",
+  "author": "Task Venture Capital GmbH",
   "license": "MIT",
   "bugs": {
-    "url": "https://gitlab.com/pushrocks/smartacme/issues"
+    "url": "https://code.foss.global/push.rocks/smartacme/issues"
   },
-  "homepage": "https://gitlab.com/pushrocks/smartacme#README",
+  "homepage": "https://code.foss.global/push.rocks/smartacme#readme",
   "dependencies": {
-    "@types/node-forge": "^0.6.5",
+    "@api.global/typedserver": "^3.0.74",
-    "@types/q": "0.x.x",
+    "@push.rocks/lik": "^6.2.2",
-    "dnsly": "^1.0.7",
+    "@push.rocks/smartdata": "^5.15.1",
-    "node-forge": "^0.6.47",
+    "@push.rocks/smartdelay": "^3.0.5",
-    "q": "^1.4.1",
+    "@push.rocks/smartdns": "^6.2.2",
-    "rawacme": "^0.2.1",
+    "@push.rocks/smartlog": "^3.0.7",
-    "rsa-keygen": "^1.0.6",
+    "@push.rocks/smartpromise": "^4.2.3",
-    "smartfile": "^4.1.2",
+    "@push.rocks/smartrequest": "^2.1.0",
-    "smartstring": "^2.0.22",
+    "@push.rocks/smartstring": "^4.0.15",
-    "typings-global": "^1.0.14"
+    "@push.rocks/smarttime": "^4.1.1",
+    "@push.rocks/smartunique": "^3.0.9",
+    "@tsclass/tsclass": "^9.0.0",
+    "acme-client": "^4.2.5"
   },
   "devDependencies": {
-    "@types/should": "^8.1.30",
+    "@apiclient.xyz/cloudflare": "^6.3.2",
-    "cflare": "0.0.10",
+    "@git.zone/tsbuild": "^2.3.2",
-    "qenv": "^1.1.1",
+    "@git.zone/tsrun": "^1.3.3",
-    "should": "^11.1.2",
+    "@git.zone/tstest": "^1.0.96",
-    "typings-test": "^1.0.3"
+    "@push.rocks/qenv": "^6.1.0",
+    "@push.rocks/tapbundle": "^5.6.3",
+    "@types/node": "^22.15.2"
+  },
+  "files": [
+    "ts/**/*",
+    "ts_web/**/*",
+    "dist/**/*",
+    "dist_*/**/*",
+    "dist_ts/**/*",
+    "dist_ts_web/**/*",
+    "assets/**/*",
+    "cli.js",
+    "npmextra.json",
+    "readme.md"
+  ],
+  "browserslist": [
+    "last 1 chrome versions"
+  ],
+  "packageManager": "pnpm@10.7.0+sha512.6b865ad4b62a1d9842b61d674a393903b871d9244954f652b8842c2b553c72176b278f64c463e52d40fff8aba385c235c8c9ecf5cc7de4fd78b8bb6d49633ab6",
+  "pnpm": {
+    "overrides": {}
   }
 }

qenv.yml

@@ -0,0 +1,5 @@
+required:
+  - CF_TOKEN
+  - MONGODB_URL
+  - MONGODB_PASSWORD
+  - MONGODB_DATABASE

readme.hints.md

@@ -0,0 +1,2 @@
+ - this repo is dependent on letsencrypt and its limits
+ - to simpify the outside API, smartacme is stateful, meaning it works with a mongodb and a collection called 'SmartacmeCert'.

readme.md

@@ -0,0 +1,290 @@
+````markdown
+# @push.rocks/smartacme
+
+A TypeScript-based ACME client with an easy yet powerful interface for LetsEncrypt certificate management.
+
+## Install
+
+To install `@push.rocks/smartacme`, you can use npm or yarn. Run one of the following commands in your project directory:
+
+```bash
+npm install @push.rocks/smartacme --save
+```
+````
+
+or
+
+```bash
+yarn add @push.rocks/smartacme
+```
+
+Make sure your project is set up to use TypeScript and supports ECMAScript Modules (ESM).
+
+## Usage
+
+This guide will walk you through using `@push.rocks/smartacme` to set up and manage ACME (Automated Certificate Management Environment) certificates with a focus on the Let's Encrypt service, which provides free SSL certificates. The library provides an easy yet powerful TypeScript interface to automate the process of obtaining, renewing, and installing your SSL certificates.
+
+### Table of Contents
+
+1. [Setting Up Your Project](#setting-up-your-project)
+2. [Creating a SmartAcme Instance](#creating-a-smartacme-instance)
+3. [Initializing SmartAcme](#initializing-smartacme)
+4. [Obtaining a Certificate for a Domain](#obtaining-a-certificate-for-a-domain)
+5. [Automating DNS Challenges](#automating-dns-challenges)
+6. [Managing Certificates](#managing-certificates)
+7. [Environmental Considerations](#environmental-considerations)
+8. [Complete Example](#complete-example)
+
+### Setting Up Your Project
+
+Ensure your project includes the necessary TypeScript configuration and dependencies. You'll need to have TypeScript installed and configured for ECMAScript Modules. If you are new to TypeScript, review its [documentation](https://www.typescriptlang.org/docs/) to get started.
+
+### Creating a SmartAcme Instance
+
+Start by importing the `SmartAcme` class from the `@push.rocks/smartacme` package. You'll also need to import or define interfaces for your setup options:
+
+```typescript
+import { SmartAcme } from '@push.rocks/smartacme';
+
+const smartAcmeInstance = new SmartAcme({
+  accountEmail: 'youremail@example.com', // Email used for Let's Encrypt registration and recovery
+  accountPrivateKey: null, // Private key for the account (optional, if not provided it will be generated)
+  mongoDescriptor: {
+    mongoDbUrl: 'mongodb://yourmongoURL',
+    mongoDbName: 'yourDbName',
+    mongoDbPass: 'yourDbPassword',
+  },
+  removeChallenge: async (dnsChallenge) => {
+    // Implement logic here to remove DNS challenge records
+  },
+  setChallenge: async (dnsChallenge) => {
+    // Implement logic here to create DNS challenge records
+  },
+  environment: 'integration', // Use 'production' for actual certificates
+});
+```
+
+### Initializing SmartAcme
+
+Before proceeding to request certificates, initialize your SmartAcme instance:
+
+```typescript
+await smartAcmeInstance.init();
+```
+
+### Obtaining a Certificate for a Domain
+
+To obtain a certificate for a specific domain, use the `getCertificateForDomain` method. This function ensures that if a valid certificate is already present, it will be reused; otherwise, a new certificate is obtained:
+
+```typescript
+const myDomain = 'example.com';
+const myCert = await smartAcmeInstance.getCertificateForDomain(myDomain);
+console.log('Certificate:', myCert);
+```
+
+### Automating DNS Challenges
+
+Part of the ACME protocol involves responding to DNS challenges issued by the certificate authority to prove control over a domain. Implement the `setChallenge` and `removeChallenge` functions in your SmartAcme configuration to automate this process. These functions receive a `dnsChallenge` argument containing details needed to create or remove the necessary DNS records.
+
+```typescript
+import * as cloudflare from '@apiclient.xyz/cloudflare';
+import { Qenv } from '@push.rocks/qenv';
+
+const testQenv = new Qenv('./', './.nogit/');
+const testCloudflare = new cloudflare.CloudflareAccount(testQenv.getEnvVarOnDemand('CF_TOKEN'));
+
+const smartAcmeInstance = new SmartAcme({
+  accountEmail: 'domains@example.com',
+  accountPrivateKey: null,
+  mongoDescriptor: {
+    mongoDbName: testQenv.getEnvVarRequired('MONGODB_DATABASE'),
+    mongoDbPass: testQenv.getEnvVarRequired('MONGODB_PASSWORD'),
+    mongoDbUrl: testQenv.getEnvVarRequired('MONGODB_URL'),
+  },
+  removeChallenge: async (dnsChallenge) => {
+    testCloudflare.convenience.acmeRemoveDnsChallenge(dnsChallenge);
+  },
+  setChallenge: async (dnsChallenge) => {
+    testCloudflare.convenience.acmeSetDnsChallenge(dnsChallenge);
+  },
+  environment: 'integration',
+});
+
+await smartAcmeInstance.init();
+```
+
+### Managing Certificates
+
+The library automatically handles fetching, renewing, and storing your certificates in a MongoDB database specified in your configuration. Ensure your MongoDB instance is accessible and properly configured for use with SmartAcme.
+
+```typescript
+const mongoDescriptor = {
+  mongoDbUrl: 'mongodb://yourmongoURL',
+  mongoDbName: 'yourDbName',
+  mongoDbPass: 'yourDbPassword',
+};
+```
+
+### Environmental Considerations
+
+When creating an instance of `SmartAcme`, you can specify an `environment` option. This is particularly useful for testing, as you can use the `integration` environment to avoid hitting rate limits and for testing your setup without issuing real certificates. Switch to `production` when you are ready to obtain actual certificates.
+
+### Complete Example
+
+Below is a complete example demonstrating how to use `@push.rocks/smartacme` to obtain and manage an ACME certificate with Let's Encrypt:
+
+```typescript
+import { SmartAcme } from '@push.rocks/smartacme';
+import * as cloudflare from '@apiclient.xyz/cloudflare';
+import { Qenv } from '@push.rocks/qenv';
+
+const qenv = new Qenv('./', './.nogit/');
+const cloudflareAccount = new cloudflare.CloudflareAccount(qenv.getEnvVarOnDemand('CF_TOKEN'));
+
+async function main() {
+  const smartAcmeInstance = new SmartAcme({
+    accountEmail: 'youremail@example.com',
+    accountPrivateKey: null,
+    mongoDescriptor: {
+      mongoDbUrl: qenv.getEnvVarRequired('MONGODB_URL'),
+      mongoDbName: qenv.getEnvVarRequired('MONGODB_DATABASE'),
+      mongoDbPass: qenv.getEnvVarRequired('MONGODB_PASSWORD'),
+    },
+    setChallenge: async (dnsChallenge) => {
+      await cloudflareAccount.convenience.acmeSetDnsChallenge(dnsChallenge);
+    },
+    removeChallenge: async (dnsChallenge) => {
+      await cloudflareAccount.convenience.acmeRemoveDnsChallenge(dnsChallenge);
+    },
+    environment: 'integration',
+  });
+
+  await smartAcmeInstance.init();
+
+  const myDomain = 'example.com';
+  const myCert = await smartAcmeInstance.getCertificateForDomain(myDomain);
+  console.log('Certificate:', myCert);
+
+  await smartAcmeInstance.stop();
+}
+
+main().catch(console.error);
+```
+
+In this example, `Qenv` is used to manage environment variables, and `cloudflare` library is used to handle DNS challenges required by Let's Encrypt ACME protocol. The `setChallenge` and `removeChallenge` methods are essential for automating the DNS challenge process, which is a key part of domain validation.
+
+## Additional Details
+
+### Certificate Object
+
+The certificate object obtained from the `getCertificateForDomain` method has the following properties:
+
+- `id`: Unique identifier for the certificate.
+- `domainName`: The domain name for which the certificate is issued.
+- `created`: Timestamp of when the certificate was created.
+- `privateKey`: The private key associated with the certificate.
+- `publicKey`: The public key or certificate itself.
+- `csr`: Certificate Signing Request (CSR) used to obtain the certificate.
+- `validUntil`: Timestamp indicating the expiration date of the certificate.
+
+### Methods Summary
+
+- **start()**: Initializes the SmartAcme instance, sets up the ACME client, and registers the account with Let's Encrypt.
+- **stop()**: Closes the MongoDB connection and performs any necessary cleanup.
+- **getCertificateForDomain(domainArg: string)**: Retrieves or obtains a certificate for the specified domain name. If a valid certificate exists in the database, it is returned. Otherwise, a new certificate is requested and stored.
+- **setChallenge(dnsChallenge: any)**: Automates the process of setting DNS challenge records.
+- **removeChallenge(dnsChallenge: any)**: Automates the process of removing DNS challenge records.
+
+### Handling Domain Matching
+
+The `SmartacmeCertMatcher` class is responsible for matching certificates with the broadest scope for wildcard certificates. The `getCertificateDomainNameByDomainName` method ensures that domains at various levels are correctly matched.
+
+```typescript
+import { SmartacmeCertMatcher } from '@push.rocks/smartacme';
+
+const certMatcher = new SmartacmeCertMatcher();
+const certDomainName = certMatcher.getCertificateDomainNameByDomainName('subdomain.example.com');
+console.log('Certificate Domain Name:', certDomainName); // Output: example.com
+```
+
+### Testing
+
+Automated tests can be added to ensure that the setup and functions work as expected. Using a testing framework such as `tap` and mock services for DNS providers (e.g., Cloudflare), you can simulate the process of obtaining and managing certificates without the need for actual domain ownership.
+
+```typescript
+import { tap, expect } from '@push.rocks/tapbundle';
+import { Qenv } from '@push.rocks/qenv';
+import * as cloudflare from '@apiclient.xyz/cloudflare';
+import * as smartacme from '@push.rocks/smartacme';
+
+const testQenv = new Qenv('./', './.nogit/');
+const testCloudflare = new cloudflare.CloudflareAccount(testQenv.getEnvVarOnDemand('CF_TOKEN'));
+
+let smartAcmeInstance: smartacme.SmartAcme;
+
+tap.test('should create a valid instance of SmartAcme', async () => {
+  smartAcmeInstance = new smartacme.SmartAcme({
+    accountEmail: 'domains@lossless.org',
+    accountPrivateKey: null,
+    mongoDescriptor: {
+      mongoDbName: testQenv.getEnvVarRequired('MONGODB_DATABASE'),
+      mongoDbPass: testQenv.getEnvVarRequired('MONGODB_PASSWORD'),
+      mongoDbUrl: testQenv.getEnvVarRequired('MONGODB_URL'),
+    },
+    setChallenge: async (dnsChallenge) => {
+      await testCloudflare.convenience.acmeSetDnsChallenge(dnsChallenge);
+    },
+    removeChallenge: async (dnsChallenge) => {
+      await testCloudflare.convenience.acmeRemoveDnsChallenge(dnsChallenge);
+    },
+    environment: 'integration',
+  });
+  await smartAcmeInstance.init();
+  expect(smartAcmeInstance).toBeInstanceOf(smartacme.SmartAcme);
+});
+
+tap.test('should get a domain certificate', async () => {
+  const certificate = await smartAcmeInstance.getCertificateForDomain('example.com');
+  console.log('Certificate:', certificate);
+  expect(certificate).toHaveProperty('domainName', 'example.com');
+});
+
+tap.test('certmatcher should correctly match domains', async () => {
+  const certMatcher = new smartacme.SmartacmeCertMatcher();
+  const matchedCert = certMatcher.getCertificateDomainNameByDomainName('subdomain.example.com');
+  expect(matchedCert).toBe('example.com');
+});
+
+tap.test('should stop correctly', async () => {
+  await smartAcmeInstance.stop();
+  expect(smartAcmeInstance).toHaveProperty('client', null);
+});
+
+tap.start();
+```
+
+This comprehensive guide ensures you can set up, manage, and test ACME certificates efficiently and effectively using `@push.rocks/smartacme`.
+
+---
+
+```
+
+## License and Legal Information
+
+This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
+
+**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
+
+### Trademarks
+
+This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.
+
+### Company Information
+
+Task Venture Capital GmbH
+Registered at District court Bremen HRB 35230 HB, Germany
+
+For any legal inquiries or if you require further information, please contact us via email at hello@task.vc.
+
+By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.
+```

test/test.d.ts

@@ -1 +0,0 @@
-import 'typings-test';

test/test.js

@@ -1,59 +0,0 @@
-"use strict";
-require("typings-test");
-const should = require("should");
-// import the module to test
-const smartacme = require("../dist/index");
-describe('smartacme', function () {
-    let testSmartAcme;
-    let testAcmeAccount;
-    let testAcmeCert;
-    let testChallenge;
-    it('should create a valid instance', function (done) {
-        this.timeout(10000);
-        testSmartAcme = new smartacme.SmartAcme();
-        testSmartAcme.init().then(() => {
-            should(testSmartAcme).be.instanceOf(smartacme.SmartAcme);
-            done();
-        }).catch(err => { done(err); });
-    });
-    it('should have created keyPair', function () {
-        should(testSmartAcme.acmeUrl).be.of.type('string');
-    });
-    it('should register a new account', function (done) {
-        this.timeout(10000);
-        testSmartAcme.createAcmeAccount().then(x => {
-            testAcmeAccount = x;
-            done();
-        }).catch(err => {
-            console.log(err);
-            done(err);
-        });
-    });
-    it('should create a AcmeCert', function () {
-        testAcmeAccount.createAcmeCert('test1.bleu.de').then(x => {
-            testAcmeCert = x;
-            should(testAcmeAccount).be.instanceOf(smartacme.AcmeCert);
-        });
-    });
-    it('should get a challenge for a AcmeCert', function (done) {
-        this.timeout(10000);
-        testAcmeCert.requestChallenge().then((challengeAccepted) => {
-            console.log(challengeAccepted);
-            testChallenge = challengeAccepted;
-            done();
-        });
-    });
-    it('should check for a DNS record', function (done) {
-        testAcmeCert.checkDns().then(x => {
-            console.log(x);
-            done();
-        });
-    });
-    it.skip('should poll for validation of a challenge', function (done) {
-        this.timeout(10000);
-        testAcmeCert.requestValidation().then(x => {
-            done();
-        });
-    });
-});
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLHdCQUFxQjtBQUNyQixpQ0FBZ0M7QUFJaEMsNEJBQTRCO0FBQzVCLDJDQUEwQztBQUUxQyxRQUFRLENBQUMsV0FBVyxFQUFFO0lBQ2xCLElBQUksYUFBa0MsQ0FBQTtJQUN0QyxJQUFJLGVBQXNDLENBQUE7SUFDMUMsSUFBSSxZQUFnQyxDQUFBO0lBQ3BDLElBQUksYUFBb0QsQ0FBQTtJQUV4RCxFQUFFLENBQUMsZ0NBQWdDLEVBQUUsVUFBVSxJQUFJO1FBQy9DLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsYUFBYSxHQUFHLElBQUksU0FBUyxDQUFDLFNBQVMsRUFBRSxDQUFBO1FBQ3pDLGFBQWEsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDdEIsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFBO1lBQ3hELElBQUksRUFBRSxDQUFBO1FBQ1YsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUEsQ0FBQyxDQUFDLENBQUMsQ0FBQTtJQUNsQyxDQUFDLENBQUMsQ0FBQTtJQUVGLEVBQUUsQ0FBQyw2QkFBNkIsRUFBRTtRQUM5QixNQUFNLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFBO0lBQ3RELENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLCtCQUErQixFQUFFLFVBQVUsSUFBSTtRQUM5QyxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFBO1FBQ25CLGFBQWEsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3BDLGVBQWUsR0FBRyxDQUFDLENBQUE7WUFDbkIsSUFBSSxFQUFFLENBQUE7UUFDVixDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsR0FBRztZQUNSLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDaEIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ2IsQ0FBQyxDQUFDLENBQUE7SUFDTixDQUFDLENBQUMsQ0FBQTtJQUVGLEVBQUUsQ0FBQywwQkFBMEIsRUFBRTtRQUMzQixlQUFlLENBQUMsY0FBYyxDQUFDLGVBQWUsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ2xELFlBQVksR0FBRyxDQUFDLENBQUE7WUFDaEIsTUFBTSxDQUFDLGVBQWUsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFBO1FBQzdELENBQUMsQ0FBQyxDQUFBO0lBQ04sQ0FBQyxDQUFDLENBQUE7SUFFRixFQUFFLENBQUMsdUNBQXVDLEVBQUUsVUFBVSxJQUFJO1FBQ3RELElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsWUFBWSxDQUFDLGdCQUFnQixFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsaUJBQWlCO1lBQ25ELE9BQU8sQ0FBQyxHQUFHLENBQUMsaUJBQWlCLENBQUMsQ0FBQTtZQUM5QixhQUFhLEdBQUcsaUJBQWlCLENBQUE7WUFDakMsSUFBSSxFQUFFLENBQUE7UUFDVixDQUFDLENBQUMsQ0FBQTtJQUNOLENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLCtCQUErQixFQUFFLFVBQVMsSUFBSTtRQUM3QyxZQUFZLENBQUMsUUFBUSxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDMUIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQTtZQUNkLElBQUksRUFBRSxDQUFBO1FBQ1YsQ0FBQyxDQUFDLENBQUE7SUFDTixDQUFDLENBQUMsQ0FBQTtJQUVGLEVBQUUsQ0FBQyxJQUFJLENBQUMsMkNBQTJDLEVBQUUsVUFBVSxJQUFJO1FBQy9ELElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDbkIsWUFBWSxDQUFDLGlCQUFpQixFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDbkMsSUFBSSxFQUFFLENBQUE7UUFDVixDQUFDLENBQUMsQ0FBQTtJQUNOLENBQUMsQ0FBQyxDQUFBO0FBQ04sQ0FBQyxDQUFDLENBQUEifQ==

test/test.ts

@@ -1,68 +1,48 @@
-import 'typings-test'
+import { tap, expect } from '@push.rocks/tapbundle';
-import * as should from 'should'
+import { Qenv } from '@push.rocks/qenv';
-import * as cflare from 'cflare'
+import * as cloudflare from '@apiclient.xyz/cloudflare';
-import * as qenv from 'qenv'
 
-// import the module to test
+const testQenv = new Qenv('./', './.nogit/');
-import * as smartacme from '../dist/index'
+const testCloudflare = new cloudflare.CloudflareAccount(await testQenv.getEnvVarOnDemand('CF_TOKEN'));
 
-describe('smartacme', function () {
+import * as smartacme from '../ts/index.js';
-    let testSmartAcme: smartacme.SmartAcme
-    let testAcmeAccount: smartacme.AcmeAccount
-    let testAcmeCert: smartacme.AcmeCert
-    let testChallenge: smartacme.ISmartAcmeChallengeAccepted
 
-    it('should create a valid instance', function (done) {
+let smartAcmeInstance: smartacme.SmartAcme;
-        this.timeout(10000)
-        testSmartAcme = new smartacme.SmartAcme()
-        testSmartAcme.init().then(() => {
-            should(testSmartAcme).be.instanceOf(smartacme.SmartAcme)
-            done()
-        }).catch(err => { done(err) })
-    })
 
-    it('should have created keyPair', function () {
+tap.test('should create a valid instance of SmartAcme', async () => {
-        should(testSmartAcme.acmeUrl).be.of.type('string')
+  smartAcmeInstance = new smartacme.SmartAcme({
-    })
+    accountEmail: 'domains@lossless.org',
+    accountPrivateKey: null,
+    mongoDescriptor: {
+      mongoDbName: await testQenv.getEnvVarOnDemand('MONGODB_DATABASE'),
+      mongoDbPass: await testQenv.getEnvVarOnDemand('MONGODB_PASSWORD'),
+      mongoDbUrl: await testQenv.getEnvVarOnDemand('MONGODB_URL'),
+    },
+    removeChallenge: async (dnsChallenge) => {
+      testCloudflare.convenience.acmeRemoveDnsChallenge(dnsChallenge);
+    },
+    setChallenge: async (dnsChallenge) => {
+      testCloudflare.convenience.acmeSetDnsChallenge(dnsChallenge);
+    },
+    environment: 'integration',
+  });
+  await smartAcmeInstance.start();
+});
 
-    it('should register a new account', function (done) {
+tap.test('should get a domain certificate', async () => {
-        this.timeout(10000)
+  const certificate = await smartAcmeInstance.getCertificateForDomain('bleu.de');
-        testSmartAcme.createAcmeAccount().then(x => {
+  console.log(certificate);
-            testAcmeAccount = x
+});
-            done()
-        }).catch(err => {
-            console.log(err)
-            done(err)
-        })
-    })
 
-    it('should create a AcmeCert', function() {
+tap.test('certmatcher should correctly match domains', async () => {
-        testAcmeAccount.createAcmeCert('test1.bleu.de').then(x => {
+  const certMatcherMod = await import('../ts/smartacme.classes.certmatcher.js');
-            testAcmeCert = x
+  const certMatcher = new certMatcherMod.SmartacmeCertMatcher();
-            should(testAcmeAccount).be.instanceOf(smartacme.AcmeCert)
+  const matchedCert = certMatcher.getCertificateDomainNameByDomainName('level3.level2.level1');
-        })
+  expect(matchedCert).toEqual('level2.level1');
-    })
+});
 
-    it('should get a challenge for a AcmeCert', function (done) {
+tap.test('should stop correctly', async () => {
-        this.timeout(10000)
+  await smartAcmeInstance.stop();
-        testAcmeCert.requestChallenge().then((challengeAccepted) => {
+});
-            console.log(challengeAccepted)
-            testChallenge = challengeAccepted
-            done()
-        })
-    })
 
-    it.skip('should check for a DNS record', function(done) {
+tap.start();
-        testAcmeCert.checkDns().then(x => {
-            console.log(x)
-            done()
-        })
-    })
-
-    it.skip('should poll for validation of a challenge', function (done) {
-        this.timeout(10000)
-        testAcmeCert.requestValidation().then(x => {
-            done()
-        })
-    })
-})

ts/00_commitinfo_data.ts

@@ -0,0 +1,8 @@
+/**
+ * autocreated commitinfo by @push.rocks/commitinfo
+ */
+export const commitinfo = {
+  name: '@push.rocks/smartacme',
+  version: '5.0.1',
+  description: 'A TypeScript-based ACME client for LetsEncrypt certificate management with a focus on simplicity and power.'
+}

ts/index.ts

@@ -1 +1,2 @@
-export * from './smartacme.classes.smartacme'
+export * from './smartacme.classes.smartacme.js';
+export { SmartacmeCert as Cert } from './smartacme.classes.cert.js';

ts/interfaces/accountdata.ts

@@ -0,0 +1,8 @@
+export interface IAccountData {
+  id: number;
+  key: { kty: 'RSA'; n: string; e: string; kid: string };
+  contact: string[];
+  initialIp: string;
+  createdAt: string;
+  status: string;
+}

ts/interfaces/index.ts

@@ -0,0 +1 @@
+export * from './accountdata.js';

ts/smartacme.classes.acmeaccount.ts

@@ -1,94 +0,0 @@
-import * as q from 'q'
-
-import * as plugins from './smartacme.plugins'
-import * as helpers from './smartacme.helpers'
-
-import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
-import { AcmeCert } from './smartacme.classes.acmecert'
-
-/**
- * class AcmeAccount represents an AcmeAccount
- */
-export class AcmeAccount {
-    parentSmartAcme: SmartAcme
-    location: string
-    link: string
-    JWK
-    constructor(smartAcmeParentArg: SmartAcme) {
-        this.parentSmartAcme = smartAcmeParentArg
-    }
-
-    /**
-     * register the account with letsencrypt
-     */
-    register() {
-        let done = q.defer()
-        this.parentSmartAcme.rawacmeClient.newReg(
-            {
-                contact: ['mailto:domains@lossless.org']
-            },
-            (err, res) => {
-                if (err) {
-                    console.error('smartacme: something went wrong:')
-                    console.log(err)
-                    done.reject(err)
-                    return
-                }
-                this.JWK = res.body.key
-                this.link = res.headers.link
-                console.log(this.link)
-                this.location = res.headers.location
-                done.resolve()
-            })
-        return done.promise
-    }
-
-    /**
-     * agree to letsencrypr terms of service
-     */
-    agreeTos() {
-        let done = q.defer()
-        let tosPart = this.link.split(',')[1]
-        let tosLinkPortion = tosPart.split(';')[0]
-        let url = tosLinkPortion.split(';')[0].trim().replace(/[<>]/g, '')
-        this.parentSmartAcme.rawacmeClient.post(this.location, { Agreement: url, resource: 'reg' }, (err, res) => {
-            if (err) {
-                console.log(err)
-                done.reject(err)
-                return
-            }
-            done.resolve()
-        })
-        return done.promise
-    }
-
-    createAcmeCert(
-        domainNameArg: string,
-        countryArg = 'Germany',
-        countryShortArg = 'DE',
-        city = 'Bremen',
-        companyArg = 'Some Company',
-        companyShortArg = 'SC'
-
-    ) {
-        let done = q.defer<AcmeCert>()
-        let acmeCert = new AcmeCert(
-            {
-                bit: 2064,
-                key: null, // not needed right now
-                domain: domainNameArg,
-                country: countryArg,
-                country_short: countryShortArg,
-                locality: city,
-                organization: companyArg,
-                organization_short: companyShortArg,
-                password: null,
-                unstructured: null,
-                subject_alt_names: null
-            },
-            this
-        )
-        done.resolve(acmeCert)
-        return done.promise
-    }
-}

ts/smartacme.classes.acmecert.ts

@@ -1,267 +0,0 @@
-import * as q from 'q'
-
-import * as plugins from './smartacme.plugins'
-import * as helpers from './smartacme.helpers'
-
-import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
-import { AcmeAccount } from './smartacme.classes.acmeaccount'
-
-/**
- * types of challenges supported by letsencrypt and this module
- */
-export type TChallengeType = 'dns-01' | 'http-01'
-
-/**
- * values that a challenge's status can have
- */
-export type TChallengeStatus = 'pending'
-
-export interface ISmartAcmeChallenge {
-    uri: string
-    status: TChallengeStatus
-    type: TChallengeType
-    token: string
-    keyAuthorization: string
-}
-
-export interface ISmartAcmeChallengeAccepted extends ISmartAcmeChallenge {
-    dnsKeyHash: string
-    domainName: string
-    domainNamePrefixed: string
-}
-
-export interface IAcmeCsrConstructorOptions {
-    bit: number,
-    key: string,
-    domain: string,
-    country: string,
-    country_short: string,
-    locality: string,
-    organization: string,
-    organization_short: string,
-    password: string,
-    unstructured: string,
-    subject_alt_names: string[]
-}
-
-// Dnsly instance (we really just need one)
-let myDnsly = new plugins.dnsly.Dnsly('google')
-
-/**
- * class AcmeCert represents a cert for domain
- */
-export class AcmeCert {
-    domainName: string
-    attributes
-    acceptedChallenge: ISmartAcmeChallengeAccepted
-    fullchain: string
-    parentAcmeAccount: AcmeAccount
-    csr
-    validFrom: Date
-    validTo: Date
-    keypair: IRsaKeypair
-    keyPairFinal: IRsaKeypair
-    constructor(optionsArg: IAcmeCsrConstructorOptions, parentAcmeAccount: AcmeAccount) {
-        this.domainName = optionsArg.domain
-        this.parentAcmeAccount = parentAcmeAccount
-        this.keypair = helpers.createKeypair(optionsArg.bit)
-        let privateKeyForged = plugins.nodeForge.pki.privateKeyFromPem(this.keypair.privateKey)
-        let publicKeyForged = plugins.nodeForge.pki.publicKeyToPem(
-            plugins.nodeForge.pki.setRsaPublicKey(privateKeyForged.n, privateKeyForged.e)
-        )
-        this.keyPairFinal = {
-            privateKey: privateKeyForged,
-            publicKey: publicKeyForged
-        }
-
-        // set dates
-        this.validFrom = new Date()
-        this.validTo = new Date()
-        this.validTo.setDate(this.validFrom.getDate() + 90)
-
-        // set attributes
-        this.attributes = [
-            { name: 'commonName', value: optionsArg.domain },
-            { name: 'countryName', value: optionsArg.country },
-            { shortName: 'ST', value: optionsArg.country_short },
-            { name: 'localityName', value: optionsArg.locality },
-            { name: 'organizationName', value: optionsArg.organization },
-            { shortName: 'OU', value: optionsArg.organization_short },
-            { name: 'challengePassword', value: optionsArg.password },
-            { name: 'unstructuredName', value: optionsArg.unstructured }
-        ]
-
-        // set up csr
-        this.csr = plugins.nodeForge.pki.createCertificationRequest()
-        this.csr.setSubject(this.attributes)
-        this.csr.setAttributes(this.attributes)
-    }
-
-    /**
-     * requests a challenge for a domain
-     * @param domainNameArg - the domain name to request a challenge for
-     * @param challengeType - the challenge type to request
-     */
-    requestChallenge(challengeTypeArg: TChallengeType = 'dns-01') {
-        let done = q.defer<ISmartAcmeChallengeAccepted>()
-        this.parentAcmeAccount.parentSmartAcme.rawacmeClient.newAuthz(
-            {
-                identifier: {
-                    type: 'dns',
-                    value: this.domainName
-                }
-            },
-            this.parentAcmeAccount.parentSmartAcme.keyPair,
-            (err, res) => {
-                if (err) {
-                    console.error('smartacme: something went wrong:')
-                    console.log(err)
-                    done.reject(err)
-                }
-                let dnsChallenge = res.body.challenges.filter(x => {
-                    return x.type === challengeTypeArg
-                })[0]
-                this.acceptChallenge(dnsChallenge)
-                    .then((x: ISmartAcmeChallengeAccepted) => {
-                        done.resolve(x)
-                    })
-            }
-        )
-        return done.promise
-    }
-
-    /**
-     * checks if DNS records are set, will go through a max of 30 cycles
-     */
-    async checkDns(cycleArg = 1) {
-        console.log(`checkDns failed ${cycleArg} times and has ${30 - cycleArg} cycles to go before it fails permanently!`)
-        let myRecord
-        try {
-            myRecord = await myDnsly.getRecord(helpers.prefixName(this.domainName), 'TXT')
-            console.log('DNS is set!')
-        } catch (err) {
-            if (cycleArg < 30) {
-                cycleArg++
-                await this.checkDns(cycleArg)
-            } else {
-                console.log('failed permanently...')
-                throw err
-            }
-        }
-        return myRecord[0][0]
-    }
-
-    /**
-     * validates a challenge, only call after you have set the challenge at the expected location
-     */
-    requestValidation() {
-        let done = q.defer()
-        this.parentAcmeAccount.parentSmartAcme.rawacmeClient.poll(this.acceptedChallenge.uri, (err, res) => {
-            if (err) {
-                console.log(err)
-                done.reject(err)
-            }
-            console.log(`Validation response:`)
-            console.log(JSON.stringify(res.body))
-            if (res.body.status === 'pending' || 'invalid') {
-                setTimeout(
-                    () => {
-                        this.requestValidation().then(x => { done.resolve(x) })
-                    },
-                    2000
-                )
-            } else {
-                done.resolve(res.body)
-            }
-        })
-        return done.promise
-    }
-
-    /**
-     * requests a certificate
-     */
-    requestCert() {
-        let done = q.defer()
-        let payload = {
-            csr: plugins.rawacme.base64.encode(
-                plugins.rawacme.toDer(
-                    plugins.nodeForge.pki.certificationRequestToPem(
-                        this.csr
-                    )
-                )
-            ),
-            notBefore: this.validFrom.toISOString(),
-            notAfter: this.validTo.toISOString()
-        }
-        this.parentAcmeAccount.parentSmartAcme.rawacmeClient.newCert(
-            payload,
-            helpers.createKeypair(),
-            (err, res) => {
-                if (err) {
-                    console.log(err)
-                    done.reject(err)
-                }
-                console.log(res.body)
-                done.resolve(res.body)
-            })
-        return done.promise
-    }
-
-    /**
-     * getCertificate - takes care of cooldown, validation polling and certificate retrieval
-     */
-    getCertificate() {
-
-    }
-
-    /**
-     * accept a challenge - for private use only
-     */
-    private acceptChallenge(challengeArg: ISmartAcmeChallenge) {
-        let done = q.defer()
-
-        /**
-         * the key is needed to accept the challenge
-         */
-        let authKey: string = plugins.rawacme.keyAuthz(
-            challengeArg.token,
-            this.parentAcmeAccount.parentSmartAcme.keyPair.publicKey
-        )
-
-        /**
-         * needed in case selected challenge is of type dns-01
-         */
-        let keyHash: string = plugins.rawacme.dnsKeyAuthzHash(authKey) // needed if dns challenge is chosen
-
-        this.parentAcmeAccount.parentSmartAcme.rawacmeClient.post(
-            challengeArg.uri,
-            {
-                resource: 'challenge',
-                keyAuthorization: authKey
-            },
-            this.parentAcmeAccount.parentSmartAcme.keyPair,
-            (err, res) => {
-                if (err) {
-                    console.log(err)
-                    done.reject(err)
-                }
-                /**
-                 * the return challenge
-                 */
-                let returnDNSChallenge: ISmartAcmeChallengeAccepted = {
-                    uri: res.body.uri,
-                    type: res.body.type,
-                    token: res.body.token,
-                    keyAuthorization: res.body.keyAuthorization,
-                    status: res.body.status,
-                    dnsKeyHash: keyHash,
-                    domainName: this.domainName,
-                    domainNamePrefixed: helpers.prefixName(this.domainName)
-                }
-                this.acceptedChallenge = returnDNSChallenge
-                done.resolve(returnDNSChallenge)
-            }
-        )
-        return done.promise
-    }
-}

ts/smartacme.classes.cert.ts

@@ -0,0 +1,64 @@
+import * as plugins from './smartacme.plugins.js';
+
+import * as interfaces from './interfaces/index.js';
+
+import { SmartacmeCertManager } from './smartacme.classes.certmanager.js';
+
+import { Collection, svDb, unI } from '@push.rocks/smartdata';
+
+@plugins.smartdata.Collection(() => {
+  return SmartacmeCertManager.activeDB;
+})
+export class SmartacmeCert
+  extends plugins.smartdata.SmartDataDbDoc<SmartacmeCert, plugins.tsclass.network.ICert>
+  implements plugins.tsclass.network.ICert
+{
+  @unI()
+  public id: string;
+
+  @svDb()
+  public domainName: string;
+
+  @svDb()
+  public created: number;
+
+  @svDb()
+  public privateKey: string;
+
+  @svDb()
+  public publicKey: string;
+
+  @svDb()
+  public csr: string;
+
+  @svDb()
+  public validUntil: number;
+
+  public isStillValid(): boolean {
+    return this.validUntil >= Date.now();
+  }
+
+  public shouldBeRenewed(): boolean {
+    const shouldBeValidAtLeastUntil =
+      Date.now() +
+      plugins.smarttime.getMilliSecondsFromUnits({
+        days: 10,
+      });
+    return !(this.validUntil >= shouldBeValidAtLeastUntil);
+  }
+
+  public update(certDataArg: plugins.tsclass.network.ICert) {
+    Object.keys(certDataArg).forEach((key) => {
+      this[key] = certDataArg[key];
+    });
+  }
+
+  constructor(optionsArg: plugins.tsclass.network.ICert) {
+    super();
+    if (optionsArg) {
+      Object.keys(optionsArg).forEach((key) => {
+        this[key] = optionsArg[key];
+      });
+    }
+  }
+}

ts/smartacme.classes.certmanager.ts

@@ -0,0 +1,77 @@
+import * as plugins from './smartacme.plugins.js';
+import { SmartacmeCert } from './smartacme.classes.cert.js';
+import { SmartAcme } from './smartacme.classes.smartacme.js';
+
+import * as interfaces from './interfaces/index.js';
+
+export class SmartacmeCertManager {
+  // =========
+  // STATIC
+  // =========
+  public static activeDB: plugins.smartdata.SmartdataDb;
+
+  // =========
+  // INSTANCE
+  // =========
+  private mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  public smartdataDb: plugins.smartdata.SmartdataDb;
+
+  public interestMap: plugins.lik.InterestMap<string, SmartacmeCert>;
+
+  constructor(
+    smartAcmeArg: SmartAcme,
+    optionsArg: {
+      mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+    },
+  ) {
+    this.mongoDescriptor = optionsArg.mongoDescriptor;
+  }
+
+  public async init() {
+    // Smartdata DB
+    this.smartdataDb = new plugins.smartdata.SmartdataDb(this.mongoDescriptor);
+    await this.smartdataDb.init();
+    SmartacmeCertManager.activeDB = this.smartdataDb;
+
+    // Pending Map
+    this.interestMap = new plugins.lik.InterestMap((certName) => certName);
+  }
+
+  /**
+   * retrieves a certificate
+   * @returns the Cert class or null
+   * @param certDomainNameArg the domain Name to retrieve the vcertificate for
+   */
+  public async retrieveCertificate(certDomainNameArg: string): Promise<SmartacmeCert> {
+    const existingCertificate: SmartacmeCert = await SmartacmeCert.getInstance<SmartacmeCert>({
+      domainName: certDomainNameArg,
+    });
+
+    if (existingCertificate) {
+      return existingCertificate;
+    } else {
+      return null;
+    }
+  }
+
+  /**
+   * stores the certificate
+   * @param optionsArg
+   */
+  public async storeCertificate(optionsArg: plugins.tsclass.network.ICert) {
+    const cert = new SmartacmeCert(optionsArg);
+    await cert.save();
+    const interest = this.interestMap.findInterest(cert.domainName);
+    if (interest) {
+      interest.fullfillInterest(cert);
+      interest.markLost();
+    }
+  }
+
+  public async deleteCertificate(certDomainNameArg: string) {
+    const cert: SmartacmeCert = await SmartacmeCert.getInstance<SmartacmeCert>({
+      domainName: certDomainNameArg,
+    });
+    await cert.delete();
+  }
+}

ts/smartacme.classes.certmatcher.ts

@@ -0,0 +1,19 @@
+import * as plugins from './smartacme.plugins.js';
+import * as interfaces from './interfaces/index.js';
+
+/**
+ * certmatcher is responsible for matching certificates
+ */
+export class SmartacmeCertMatcher {
+  /**
+   * creates a domainName for the certificate that will include the broadest scope
+   * for wild card certificates
+   * @param domainNameArg the domainNameArg to create the scope from
+   */
+  public getCertificateDomainNameByDomainName(domainNameArg: string): string {
+    const originalDomain = new plugins.smartstring.Domain(domainNameArg);
+    if (!originalDomain.level4) {
+      return `${originalDomain.level2}.${originalDomain.level1}`;
+    }
+  }
+}

ts/smartacme.classes.smartacme.ts

@@ -1,82 +1,217 @@
-// third party modules
+import * as plugins from './smartacme.plugins.js';
-import * as q from 'q' // promises
+import { SmartacmeCert } from './smartacme.classes.cert.js';
-import * as plugins from './smartacme.plugins'
+import { SmartacmeCertManager } from './smartacme.classes.certmanager.js';
-import * as helpers from './smartacme.helpers'
+import { SmartacmeCertMatcher } from './smartacme.classes.certmatcher.js';
-
+import { commitinfo } from './00_commitinfo_data.js';
-import { AcmeAccount } from './smartacme.classes.acmeaccount'
 
 /**
- * a rsa keypair needed for account creation and subsequent requests
+ * the options for the class @see SmartAcme
  */
-export interface IRsaKeypair {
+export interface ISmartAcmeOptions {
-    publicKey: string
+  accountPrivateKey?: string;
-    privateKey: string
+  accountEmail: string;
+  mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  setChallenge: (dnsChallengeArg: plugins.tsclass.network.IDnsChallenge) => Promise<any>;
+  removeChallenge: (dnsChallengeArg: plugins.tsclass.network.IDnsChallenge) => Promise<any>;
+  environment: 'production' | 'integration';
 }
 
-export { AcmeAccount } from './smartacme.classes.acmeaccount'
-export { AcmeCert, ISmartAcmeChallenge, ISmartAcmeChallengeAccepted } from './smartacme.classes.acmecert'
-
 /**
- * class SmartAcme exports methods for maintaining SSL Certificates
+ * class SmartAcme
+ * can be used for setting up communication with an ACME authority
+ *
+ * ```ts
+ * const mySmartAcmeInstance = new SmartAcme({
+ *  // see ISmartAcmeOptions for options
+ * })
+ * ```
  */
 export class SmartAcme {
-    acmeUrl: string // the acme url to use for this instance
+  private options: ISmartAcmeOptions;
-    productionBool: boolean // a boolean to quickly know wether we are in production or not
-    keyPair: IRsaKeypair // the keyPair needed for account creation
-    rawacmeClient
 
-    /**
+  // the acme client
-     * the constructor for class SmartAcme
+  private client: any;
-     */
+  private smartdns = new plugins.smartdnsClient.Smartdns({});
-    constructor(productionArg: boolean = false) {
+  public logger: plugins.smartlog.Smartlog;
-        this.productionBool = productionArg
+
-        this.keyPair = helpers.createKeypair()
+  // the account private key
-        if (this.productionBool) {
+  private privateKey: string;
-            this.acmeUrl = plugins.rawacme.LETSENCRYPT_URL
+
+  // challenge fullfillment
+  private setChallenge: (dnsChallengeArg: plugins.tsclass.network.IDnsChallenge) => Promise<any>;
+  private removeChallenge: (dnsChallengeArg: plugins.tsclass.network.IDnsChallenge) => Promise<any>;
+
+  // certmanager
+  private certmanager: SmartacmeCertManager;
+  private certmatcher: SmartacmeCertMatcher;
+
+  constructor(optionsArg: ISmartAcmeOptions) {
+    this.options = optionsArg;
+    this.logger = plugins.smartlog.Smartlog.createForCommitinfo(commitinfo);
+  }
+
+  /**
+   * starts the instance
+   * ```ts
+   * await myCloudlyInstance.start() // does not support options
+   * ```
+   */
+  public async start() {
+    this.privateKey =
+      this.options.accountPrivateKey || (await plugins.acme.forge.createPrivateKey()).toString();
+    this.setChallenge = this.options.setChallenge;
+    this.removeChallenge = this.options.removeChallenge;
+
+    // CertMangaer
+    this.certmanager = new SmartacmeCertManager(this, {
+      mongoDescriptor: this.options.mongoDescriptor,
+    });
+    await this.certmanager.init();
+
+    // CertMatcher
+    this.certmatcher = new SmartacmeCertMatcher();
+
+    // ACME Client
+    this.client = new plugins.acme.Client({
+      directoryUrl: (() => {
+        if (this.options.environment === 'production') {
+          return plugins.acme.directory.letsencrypt.production;
         } else {
-            this.acmeUrl = plugins.rawacme.LETSENCRYPT_STAGING_URL
+          return plugins.acme.directory.letsencrypt.staging;
         }
+      })(),
+      accountKey: this.privateKey,
+    });
+
+    /* Register account */
+    await this.client.createAccount({
+      termsOfServiceAgreed: true,
+      contact: [`mailto:${this.options.accountEmail}`],
+    });
+  }
+
+  public async stop() {
+    await this.certmanager.smartdataDb.close();
+  }
+
+  /**
+   * gets a certificate
+   * it runs through the following steps
+   *
+   * * look in the database
+   * * if in the database and still valid return it
+   * * if not in the database announce it
+   * * then get it from letsencrypt
+   * * store it
+   * * remove it from the pending map (which it go onto by announcing it)
+   * * retrieve it from the databse and return it
+   *
+   * @param domainArg
+   */
+  public async getCertificateForDomain(domainArg: string): Promise<SmartacmeCert> {
+    const certDomainName = this.certmatcher.getCertificateDomainNameByDomainName(domainArg);
+    const retrievedCertificate = await this.certmanager.retrieveCertificate(certDomainName);
+
+    if (
+      !retrievedCertificate &&
+      (await this.certmanager.interestMap.checkInterest(certDomainName))
+    ) {
+      const existingCertificateInterest = this.certmanager.interestMap.findInterest(certDomainName);
+      const certificate = existingCertificateInterest.interestFullfilled;
+      return certificate;
+    } else if (retrievedCertificate && !retrievedCertificate.shouldBeRenewed()) {
+      return retrievedCertificate;
+    } else if (retrievedCertificate && retrievedCertificate.shouldBeRenewed()) {
+      await retrievedCertificate.delete();
     }
 
-    /**
+    // lets make sure others get the same interest
-     * init the smartacme instance
+    const currentDomainInterst = await this.certmanager.interestMap.addInterest(certDomainName);
-     */
-    init() {
-        let done = q.defer()
-        plugins.rawacme.createClient(
-            {
-                url: this.acmeUrl,
-                publicKey: this.keyPair.publicKey,
-                privateKey: this.keyPair.privateKey
-            },
-            (err, client) => {
-                if (err) {
-                    console.error('smartacme: something went wrong:')
-                    console.log(err)
-                    done.reject(err)
-                    return
-                }
 
-                // make client available in class 
+    /* Place new order */
-                this.rawacmeClient = client
+    const order = await this.client.createOrder({
-                done.resolve()
+      identifiers: [
-            }
+        { type: 'dns', value: certDomainName },
-        )
+        { type: 'dns', value: `*.${certDomainName}` },
-        return done.promise
+      ],
+    });
+
+    /* Get authorizations and select challenges */
+    const authorizations = await this.client.getAuthorizations(order);
+
+    for (const authz of authorizations) {
+      console.log(authz);
+      const fullHostName: string = `_acme-challenge.${authz.identifier.value}`;
+      const dnsChallenge: string = authz.challenges.find((challengeArg) => {
+        return challengeArg.type === 'dns-01';
+      });
+      // process.exit(1);
+      const keyAuthorization: string = await this.client.getChallengeKeyAuthorization(dnsChallenge);
+
+      try {
+        /* Satisfy challenge */
+        await this.setChallenge({
+          hostName: fullHostName,
+          challenge: keyAuthorization,
+        });
+        await plugins.smartdelay.delayFor(30000);
+        await this.smartdns.checkUntilAvailable(fullHostName, 'TXT', keyAuthorization, 100, 5000);
+        console.log('Cool down an extra 60 second for region availability');
+        await plugins.smartdelay.delayFor(60000);
+
+        /* Verify that challenge is satisfied */
+        await this.client.verifyChallenge(authz, dnsChallenge);
+
+        /* Notify ACME provider that challenge is satisfied */
+        await this.client.completeChallenge(dnsChallenge);
+
+        /* Wait for ACME provider to respond with valid status */
+        await this.client.waitForValidStatus(dnsChallenge);
+      } finally {
+        /* Clean up challenge response */
+        try {
+          await this.removeChallenge({
+            hostName: fullHostName,
+            challenge: keyAuthorization,
+          });
+        } catch (e) {
+          console.log(e);
+        }
+      }
     }
 
-    /**
+    /* Finalize order */
-     * creates an account if not currently present in module
+    const [key, csr] = await plugins.acme.forge.createCsr({
-     * @executes ASYNC
+      commonName: `*.${certDomainName}`,
-     */
+      altNames: [certDomainName],
-    createAcmeAccount() {
+    });
-        let done = q.defer<AcmeAccount>()
+
-        let acmeAccount = new AcmeAccount(this)
+    await this.client.finalizeOrder(order, csr);
-        acmeAccount.register().then(() => {
+    const cert = await this.client.getCertificate(order);
-            return acmeAccount.agreeTos()
+
-        }).then(() => {
+    /* Done */
-            done.resolve(acmeAccount)
+
-        })
+    await this.certmanager.storeCertificate({
-        return done.promise
+      id: plugins.smartunique.shortId(),
-    }
+      domainName: certDomainName,
+      privateKey: key.toString(),
+      publicKey: cert.toString(),
+      csr: csr.toString(),
+      created: Date.now(),
+      validUntil:
+        Date.now() +
+        plugins.smarttime.getMilliSecondsFromUnits({
+          days: 90,
+        }),
+    });
+
+    const newCertificate = await this.certmanager.retrieveCertificate(certDomainName);
+    currentDomainInterst.fullfillInterest(newCertificate);
+    currentDomainInterst.destroy();
+    return newCertificate;
+  }
+
+  public async getAllCertificates(): Promise<SmartacmeCert[]> {
+    return SmartacmeCert.getInstances({});
+  }
 }

ts/smartacme.helpers.ts

@@ -1,50 +0,0 @@
-import 'typings-global'
-import * as q from 'q'
-
-import * as plugins from './smartacme.plugins'
-
-import { SmartAcme, IRsaKeypair } from './smartacme.classes.smartacme'
-import { AcmeAccount } from './smartacme.classes.acmeaccount'
-
-/**
- * creates a keypair to use with requests and to generate JWK from
- */
-export let createKeypair = (bit = 2048): IRsaKeypair => {
-    let result = plugins.rsaKeygen.generate(bit)
-    return {
-        publicKey: result.public_key,
-        privateKey: result.private_key
-    }
-}
-
-/**
- * prefix a domain name to make sure it complies with letsencrypt
- */
-export let prefixName = (domainNameArg: string): string => {
-    return '_acme-challenge.' + domainNameArg
-}
-
-/**
- * gets an existing registration
- * @executes ASYNC
- */
-let getReg = (SmartAcmeArg: SmartAcme, location: string) => {
-    let done = q.defer()
-    let body = { resource: 'reg' }
-    SmartAcmeArg.rawacmeClient.post(
-        location,
-        body,
-        SmartAcmeArg.keyPair,
-        (err, res) => {
-            if (err) {
-                console.error('smartacme: something went wrong:')
-                console.log(err)
-                done.reject(err)
-                return
-            }
-            console.log(JSON.stringify(res.body))
-            done.resolve()
-        }
-    )
-    return done.promise
-}

ts/smartacme.paths.ts

@@ -1,6 +0,0 @@
-import * as path from 'path'
-import * as smartfile from 'smartfile'
-
-export let packageDir = path.join(__dirname,'../')
-export let assetDir = path.join(packageDir,'assets/')
-smartfile.fs.ensureDirSync(assetDir)

ts/smartacme.plugins.ts

@@ -1,20 +1,39 @@
-import 'typings-global' // typings for node
+// @apiglobal scope
+import * as typedserver from '@api.global/typedserver';
 
-import * as path from 'path' // native node path module
+export { typedserver };
-let rsaKeygen = require('rsa-keygen') // rsa keygen
-let rawacme = require('rawacme') // acme helper functions
-let nodeForge = require('node-forge')
 
-// push.rocks modules here
+// @pushrocks scope
-import * as dnsly from 'dnsly'
+import * as lik from '@push.rocks/lik';
-import * as smartfile from 'smartfile'
+import * as smartdata from '@push.rocks/smartdata';
-import * as smartstring from 'smartstring'
+import * as smartdelay from '@push.rocks/smartdelay';
+import * as smartdnsClient from '@push.rocks/smartdns/client';
+import * as smartlog from '@push.rocks/smartlog';
+import * as smartpromise from '@push.rocks/smartpromise';
+import * as smartrequest from '@push.rocks/smartrequest';
+import * as smartunique from '@push.rocks/smartunique';
+import * as smartstring from '@push.rocks/smartstring';
+import * as smarttime from '@push.rocks/smarttime';
 
 export {
-    dnsly,
+  lik,
-    rsaKeygen,
+  smartdata,
-    rawacme,
+  smartdelay,
-    nodeForge,
+  smartdnsClient,
-    smartfile,
+  smartlog,
-    smartstring
+  smartpromise,
-}
+  smartrequest,
+  smartunique,
+  smartstring,
+  smarttime,
+};
+
+// @tsclass scope
+import * as tsclass from '@tsclass/tsclass';
+
+export { tsclass };
+
+// third party scope
+import * as acme from 'acme-client';
+
+export { acme };

tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    "useDefineForClassFields": false,
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "esModuleInterop": true,
+    "verbatimModuleSyntax": true,
+    "baseUrl": ".",
+    "paths": {}
+  },
+  "exclude": [
+    "dist_*/**/*.d.ts"
+  ]
+}

tslint.json

@@ -1,3 +0,0 @@
-{
-    "extends": "tslint-config-standard"
-}