2.0.31

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushrocks/smartacme",
-  "version": "2.0.5",
+  "version": "2.0.31",
   "private": false,
   "description": "acme implementation in TypeScript",
   "main": "dist/index.js",
@@ -25,19 +25,28 @@
   },
   "homepage": "https://gitlab.com/umbrellazone/smartacme#README",
   "dependencies": {
+    "@pushrocks/lik": "^3.0.4",
+    "@pushrocks/smartdata": "^3.1.13",
     "@pushrocks/smartdelay": "^2.0.2",
+    "@pushrocks/smartdns": "^3.0.8",
+    "@pushrocks/smartexpress": "^3.0.6",
+    "@pushrocks/smartlog": "^2.0.10",
     "@pushrocks/smartpromise": "^2.0.5",
-    "acme-client": "^2.2.1"
+    "@pushrocks/smartrequest": "^1.1.14",
+    "@pushrocks/smartstring": "^3.0.8",
+    "@pushrocks/smarttime": "^3.0.5",
+    "@pushrocks/smartunique": "^3.0.1",
+    "acme-client": "2.2.2"
   },
   "devDependencies": {
     "@gitzone/tsbuild": "^2.1.4",
     "@gitzone/tsrun": "^1.1.17",
     "@gitzone/tstest": "^1.0.18",
     "@mojoio/cloudflare": "^2.0.0",
-    "@pushrocks/qenv": "^3.0.2",
+    "@pushrocks/qenv": "^4.0.0",
     "@pushrocks/tapbundle": "^3.0.7",
     "@types/node": "^10.12.18",
-    "tslint": "^5.12.0",
+    "tslint": "^5.12.1",
     "tslint-config-prettier": "^1.17.0"
   }
 }

qenv.yml

@@ -1,3 +1,6 @@
 required:
   - CF_EMAIL
   - CF_KEY
+  - MONGODB_URL
+  - MONGODB_PASSWORD
+  - MONGODB_DATABASE

test/test.ts

@@ -1,22 +1,42 @@
 import { tap, expect } from '@pushrocks/tapbundle';
+import { Qenv } from '@pushrocks/qenv';
+
+const testQenv = new Qenv('./', './.nogit/');
 
 import * as smartacme from '../ts/index';
 
 let smartAcmeInstance: smartacme.SmartAcme;
 
 tap.test('should create a valid instance of SmartAcme', async () => {
-  smartAcmeInstance = new smartacme.SmartAcme();
-  await smartAcmeInstance.init({
+  smartAcmeInstance = new smartacme.SmartAcme({
     accountEmail: 'domains@lossless.org',
     accountPrivateKey: null,
+    mongoDescriptor: {
+      mongoDbName: testQenv.getEnvVarRequired('MONGODB_DATABASE'),
+      mongoDbPass: testQenv.getEnvVarRequired('MONGODB_PASSWORD'),
+      mongoDbUrl: testQenv.getEnvVarRequired('MONGODB_URL')
+    },
     removeChallenge: async (...args) => {
       console.log(args);
     },
     setChallenge: async (...args) => {
       console.log(args);
-    } 
+    },
+    environment: "integration"
   });
+  await smartAcmeInstance.init();
   // await smartAcmeInstance.getCertificateForDomain('bleu.de');
 });
 
+tap.test('certmatcher should correctly match domains', async () => {
+  const certMatcherMod = await import('../ts/smartacme.classes.certmatcher'); 
+  const certMatcher = new certMatcherMod.CertMatcher();
+  const matchedCert = certMatcher.getCertificateDomainNameByDomainName('level3.level2.level1');
+  expect(matchedCert).to.equal('level2.level1');
+});
+
+tap.test('should stop correctly', async () => {
+  await smartAcmeInstance.stop();
+});
+
 tap.start();

ts/index.ts

@@ -1 +1,3 @@
 export * from './smartacme.classes.smartacme';
+
+export * from './smartacme.classes.certremoteclient';

ts/interfaces/cert.ts

@@ -0,0 +1,10 @@
+export type TCertStatus = 'existing' | 'nonexisting' | 'pending' | 'failed';
+
+export interface ICert {
+  id: string;
+  domainName: string;
+  created: number;
+  privateKey: string;
+  publicKey: string;
+  csr: string;
+}

ts/interfaces/certremote.ts

@@ -0,0 +1,11 @@
+import { ICert, TCertStatus } from './cert';
+
+export interface ICertRemoteRequest {
+  secret: string;
+  domainName: string;
+}
+
+export interface ICertRemoteResponse {
+  status: TCertStatus;
+  certificate?: ICert;
+}

ts/interfaces/index.ts

@@ -1 +1,3 @@
 export * from './accountdata';
+export * from './cert';
+export * from './certremote';

ts/smartacme.classes.cert.ts

@@ -0,0 +1,40 @@
+import * as plugins from './smartacme.plugins';
+
+import * as interfaces from './interfaces';
+
+import { CertManager } from './smartacme.classes.certmanager';
+
+import { Collection, svDb, unI } from '@pushrocks/smartdata';
+import { ICert } from './interfaces';
+
+@plugins.smartdata.Collection(() => {
+  return CertManager.activeDB;
+})
+export class Cert extends plugins.smartdata.SmartDataDbDoc<Cert> implements interfaces.ICert {
+  @unI()
+  public id: string;
+
+  @svDb()
+  public domainName: string;
+
+  @svDb()
+  public created: number;
+
+  @svDb()
+  public privateKey: string;
+  
+  @svDb()
+  public publicKey: string;
+  
+  @svDb()
+  public csr: string;
+
+  constructor(optionsArg: ICert) {
+    super();
+    if (optionsArg) {
+      Object.keys(optionsArg).forEach(key => {
+        this[key] = optionsArg[key];
+      });
+    }
+  }
+}

ts/smartacme.classes.certmanager.ts

@@ -0,0 +1,101 @@
+import * as plugins from './smartacme.plugins';
+import { Cert } from './smartacme.classes.cert';
+import { SmartAcme } from './smartacme.classes.smartacme';
+
+import * as interfaces from './interfaces';
+
+
+export class CertManager {
+  // =========
+  // STATIC
+  // =========
+  public static activeDB: plugins.smartdata.SmartdataDb;
+  
+  
+  // =========
+  // INSTANCE
+  // =========
+  private mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  public smartdataDb: plugins.smartdata.SmartdataDb;
+
+  public pendingMap: plugins.lik.Stringmap;
+
+  constructor(smartAcmeArg: SmartAcme,optionsArg: {
+    mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  }) {
+    this.mongoDescriptor = optionsArg.mongoDescriptor;
+  }
+
+  public async init () {
+    // Smartdata DB
+    this.smartdataDb = new plugins.smartdata.SmartdataDb(this.mongoDescriptor);
+    await this.smartdataDb.init();
+    CertManager.activeDB = this.smartdataDb;
+
+    // Pending Map
+    this.pendingMap = new plugins.lik.Stringmap();
+  }
+
+  /**
+   * retrieves a certificate
+   * @returns the Cert class or null
+   * @param domainName the domain Name to retrieve the vcertificate for
+   */
+  public async retrieveCertificate(domainName: string): Promise<Cert> {
+    await this.checkCerts();
+    const existingCertificate: Cert = await Cert.getInstance({
+      domainName
+    });
+
+    if(existingCertificate) {
+      return existingCertificate;
+    } else {
+      return null;
+    }
+
+  }
+
+  /**
+   * stores the certificate
+   * @param optionsArg 
+   */
+  public async storeCertificate(optionsArg: interfaces.ICert) {
+    const cert = new Cert(optionsArg);
+    await cert.save();
+  }
+
+  public async deleteCertificate(domainNameArg: string) {
+
+  }
+
+  /**
+   * announce a certificate as being in the process of being retrieved
+   */
+  public async announceCertificate (domainNameArg: string) {
+    this.pendingMap.addString(domainNameArg);
+  }
+
+  /**
+   * gets the status of a certificate by certDomain name
+   * @param certDomainArg
+   */
+  public async getCertificateStatus(certDomainArg: string): Promise<interfaces.TCertStatus> {
+    const isPending = this.pendingMap.checkString(certDomainArg);
+    if (isPending) {
+      return 'pending';
+    }
+
+    // otherwise lets continue
+    const existingCertificate = await this.retrieveCertificate(certDomainArg);
+    if (existingCertificate) {
+      return 'existing';
+    }
+
+    return 'nonexisting';
+  }
+
+  /**
+   * checks all certs for expiration
+   */
+  private async checkCerts() {};
+}

ts/smartacme.classes.certmatcher.ts

@@ -0,0 +1,10 @@
+import * as plugins from './smartacme.plugins';
+
+export class CertMatcher {
+  public getCertificateDomainNameByDomainName(domainNameArg: string): string {
+    const originalDomain = new plugins.smartstring.Domain(domainNameArg);
+    if (!originalDomain.level4) {
+      return `${originalDomain.level2}.${originalDomain.level1}`;
+    }
+  }
+}

ts/smartacme.classes.certremoteclient.ts

@@ -0,0 +1,54 @@
+import * as plugins from './smartacme.plugins';
+import * as interfaces from './interfaces';
+
+// tslint:disable-next-line: max-classes-per-file
+export class CertRemoteClient {
+  private remoteUrl: string;
+  private secret: string;
+  private logger: plugins.smartlog.Smartlog;
+
+  constructor(optionsArg: {
+    remoteUrl: string;
+    secret: string;
+    logger?: plugins.smartlog.Smartlog;
+  }) {
+    this.remoteUrl = optionsArg.remoteUrl;
+    this.secret = optionsArg.secret;
+    optionsArg.logger
+      ? (this.logger = optionsArg.logger)
+      : (this.logger = plugins.smartlog.defaultLogger);
+  }
+
+  /**
+   *
+   * @param domainNameArg
+   */
+  public async getCertificateForDomain(domainNameArg: string): Promise<interfaces.ICert> {
+    let certificate: interfaces.ICert;
+    const doRequestCycle = async (): Promise<interfaces.ICert> => {
+      const response: interfaces.ICertRemoteResponse = (await plugins.smartrequest.postJson(
+        this.remoteUrl,
+        {
+          requestBody: <interfaces.ICertRemoteRequest>{
+            domainName: domainNameArg,
+            secret: this.secret
+          }
+        }
+      )).body;
+      switch (response.status as interfaces.TCertStatus) {
+        case 'pending':
+          await plugins.smartdelay.delayFor(5000);
+          const finalResponse = await doRequestCycle();
+          return finalResponse;
+        case 'existing':
+          return response.certificate;
+        case 'failed':
+        default:
+          console.log(`could not retrieve certificate for ${domainNameArg}`);
+          return null;
+      }
+    };
+    certificate = await doRequestCycle();
+    return certificate;
+  }
+}

ts/smartacme.classes.smartacme.ts

@@ -1,86 +1,188 @@
 import * as plugins from './smartacme.plugins';
+import { Cert } from './smartacme.classes.cert';
+import { CertManager } from './smartacme.classes.certmanager';
+import { CertMatcher } from './smartacme.classes.certmatcher';
+
+import * as interfaces from './interfaces';
+import { request } from 'http';
 
 /**
- *
+ * the options for the class @see SmartAcme
  */
-export interface ISmartAcmeStorage {}
+export interface ISmartAcmeOptions {
+  accountPrivateKey?: string;
+  accountEmail: string;
+  mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  setChallenge: (domainName: string, keyAuthorization: string) => Promise<any>;
+  removeChallenge: (domainName: string) => Promise<any>;
+  environment: 'production' | 'integration';
+}
 
+/**
+ * class SmartAcme
+ * can be used for setting up communication with an ACME authority
+ *
+ * ```ts
+ * const mySmartAcmeInstance = new SmartAcme({
+ *  // see ISmartAcmeOptions for options
+ * })
+ * ```
+ */
 export class SmartAcme {
+  private options: ISmartAcmeOptions;
+
   // the acme client
   private client: any;
+  private smartdns = new plugins.smartdns.Smartdns();
 
   // the account private key
   private privateKey: string;
 
   // challenge fullfillment
-  private setChallenge: (authz, challenge, keyAuthorization) => Promise<any>;
-  private removeChallenge: (authz, challenge, keyAuthorization) => Promise<any>;
+  private setChallenge: (domainName: string, keyAuthorization: string) => Promise<any>;
+  private removeChallenge: (domainName: string) => Promise<any>;
 
-  public async init(optionsArg: {
-    accountPrivateKey?: string;
-    accountEmail: string;
-    setChallenge: (authz, challenge, keyAuthorization) => Promise<any>;
-    removeChallenge: (authz, challenge, keyAuthorization) => Promise<any>;
-  }) {
-    this.privateKey = optionsArg.accountPrivateKey || (await plugins.acme.forge.createPrivateKey());
-    this.setChallenge = optionsArg.setChallenge;
-    this.removeChallenge = optionsArg.removeChallenge;
+  // certmanager
+  private certmanager: CertManager;
+  private certmatcher: CertMatcher;
+
+  /**
+   * the remote handler to hand the request and response to.
+   */
+  public certremoteHandler = async (req: plugins.smartexpress.Request, res: plugins.smartexpress.Response) => {
+    const requestBody: interfaces.ICertRemoteRequest = req.body;
+    const certDomain = this.certmatcher.getCertificateDomainNameByDomainName(requestBody.domainName);
+    let status: interfaces.TCertStatus = await this.certmanager.getCertificateStatus(
+      certDomain
+    );
+    let response: interfaces.ICertRemoteResponse;
+    switch (status) {
+      case 'existing':
+        response = {
+          status,
+          certificate: await (await this.certmanager.retrieveCertificate(
+            certDomain
+          )).createSavableObject()
+        };
+        break;
+      default:
+        if (status === "nonexisting") {
+          this.getCertificateForDomain(certDomain);
+          status = 'pending';
+        }
+        response = {
+          status
+        };
+        break;
+    }
+    res.status(200);
+    res.send(response);
+    res.end();
+  }
+
+  constructor(optionsArg: ISmartAcmeOptions) {
+    this.options = optionsArg;
+  }
+
+  /**
+   * inits the instance
+   * ```ts
+   * await myCloudlyInstance.init() // does not support options
+   * ```
+   */
+  public async init() {
+    this.privateKey =
+      this.options.accountPrivateKey || (await plugins.acme.forge.createPrivateKey());
+    this.setChallenge = this.options.setChallenge;
+    this.removeChallenge = this.options.removeChallenge;
+
+    // CertMangaer
+    this.certmanager = new CertManager(this, {
+      mongoDescriptor: this.options.mongoDescriptor
+    });
+    await this.certmanager.init();
+
+    // CertMatcher
+    this.certmatcher = new CertMatcher();
+
+    // ACME Client
     this.client = new plugins.acme.Client({
-      directoryUrl: plugins.acme.directory.letsencrypt.staging,
+      directoryUrl: (() => {
+        if (this.options.environment === 'production') {
+          return plugins.acme.directory.letsencrypt.production;
+        } else {
+          return plugins.acme.directory.letsencrypt.staging;
+        }
+      })(),
       accountKey: this.privateKey
     });
 
     /* Register account */
     await this.client.createAccount({
       termsOfServiceAgreed: true,
-      contact: [`mailto:${optionsArg.accountEmail}`]
+      contact: [`mailto:${this.options.accountEmail}`]
     });
   }
 
-  public async getCertificateForDomain(domainArg: string) {
-    const domain = domainArg;
+  public async stop() {
+    await this.certmanager.smartdataDb.close();
+  }
+
+  public async getCertificateForDomain(domainArg: string): Promise<Cert> {
+    const certDomain = this.certmatcher.getCertificateDomainNameByDomainName(domainArg);
+    await this.certmanager.announceCertificate(certDomain);
+    const retrievedCertificate = await this.certmanager.retrieveCertificate(certDomain);
+
+    if (retrievedCertificate) {
+      return retrievedCertificate;
+    }
 
     /* Place new order */
     const order = await this.client.createOrder({
-      identifiers: [{ type: 'dns', value: domain }, { type: 'dns', value: `*.${domain}` }]
+      identifiers: [{ type: 'dns', value: certDomain }, { type: 'dns', value: `*.${certDomain}` }]
     });
 
     /* Get authorizations and select challenges */
     const authorizations = await this.client.getAuthorizations(order);
 
-    const promises = authorizations.map(async authz => {
-      const challenge = authz.challenges.pop();
-      const keyAuthorization = await this.client.getChallengeKeyAuthorization(challenge);
+    for (const authz of authorizations) {
+      console.log(authz);
+      const domainDnsName: string = `_acme-challenge.${authz.identifier.value}`;
+      const dnsChallenge: string = authz.challenges.find(challengeArg => {
+        return challengeArg.type === 'dns-01';
+      });
+      // process.exit(1);
+      const keyAuthorization: string = await this.client.getChallengeKeyAuthorization(dnsChallenge);
 
       try {
         /* Satisfy challenge */
-        await this.setChallenge(authz, challenge, keyAuthorization);
+        await this.setChallenge(domainDnsName, keyAuthorization);
+        await this.smartdns.checkUntilAvailable(domainDnsName, 'TXT', keyAuthorization, 100, 5000);
+        console.log('Cool down an extra 60 second for region availability');
+        await plugins.smartdelay.delayFor(60000);
 
         /* Verify that challenge is satisfied */
-        await this.client.verifyChallenge(authz, challenge);
+        await this.client.verifyChallenge(authz, dnsChallenge);
 
         /* Notify ACME provider that challenge is satisfied */
-        await this.client.completeChallenge(challenge);
+        await this.client.completeChallenge(dnsChallenge);
 
         /* Wait for ACME provider to respond with valid status */
-        await this.client.waitForValidStatus(challenge);
+        await this.client.waitForValidStatus(dnsChallenge);
       } finally {
         /* Clean up challenge response */
         try {
-          await this.removeChallenge(authz, challenge, keyAuthorization);
+          await this.removeChallenge(domainDnsName);
         } catch (e) {
           console.log(e);
         }
       }
-    });
-
-    /* Wait for challenges to complete */
-    await Promise.all(promises);
+    }
 
     /* Finalize order */
     const [key, csr] = await plugins.acme.forge.createCsr({
-      commonName: `*.${domain}`,
-      altNames: [domain]
+      commonName: `*.${certDomain}`,
+      altNames: [certDomain]
     });
 
     await this.client.finalizeOrder(order, csr);
@@ -90,7 +192,17 @@ export class SmartAcme {
     console.log(`CSR:\n${csr.toString()}`);
     console.log(`Private key:\n${key.toString()}`);
     console.log(`Certificate:\n${cert.toString()}`);
-  }
 
-  toStorageObject () {};
+    await this.certmanager.storeCertificate({
+      id: plugins.smartunique.shortId(),
+      domainName: certDomain,
+      privateKey: key.toString(),
+      publicKey: cert.toString(),
+      csr: csr.toString(),
+      created: Date.now()
+    });
+
+    const newCertificate = await this.certmanager.retrieveCertificate(certDomain);
+    return newCertificate;
+  }
 }

ts/smartacme.plugins.ts

@@ -1,8 +1,17 @@
 // @pushrocks scope
-import * as smartpromise from '@pushrocks/smartpromise';
+import * as lik from '@pushrocks/lik';
+import * as smartdata from '@pushrocks/smartdata';
 import * as smartdelay from '@pushrocks/smartdelay';
+import * as smartdns from '@pushrocks/smartdns';
+import * as smartexpress from '@pushrocks/smartexpress';
+import * as smartlog from '@pushrocks/smartlog';
+import * as smartpromise from '@pushrocks/smartpromise';
+import * as smartrequest from '@pushrocks/smartrequest';
+import * as smartunique from '@pushrocks/smartunique';
+import * as smartstring from '@pushrocks/smartstring';
+import * as smarttime from '@pushrocks/smarttime';
 
-export { smartpromise, smartdelay };
+export { lik, smartdata, smartdelay, smartdns, smartexpress, smartlog, smartpromise, smartrequest, smartunique, smartstring, smarttime };
 
 // thirs party scope
 import * as acme from 'acme-client';

tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "compilerOptions": {
+    "experimentalDecorators": true,
+    "target": "es2017",
+    "module": "commonjs"
+  }
+}