2.0.15

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushrocks/smartacme",
-  "version": "2.0.8",
+  "version": "2.0.15",
   "private": false,
   "description": "acme implementation in TypeScript",
   "main": "dist/index.js",
@@ -25,10 +25,16 @@
   },
   "homepage": "https://gitlab.com/umbrellazone/smartacme#README",
   "dependencies": {
+    "@pushrocks/lik": "^3.0.4",
+    "@pushrocks/smartdata": "^3.1.13",
     "@pushrocks/smartdelay": "^2.0.2",
-    "@pushrocks/smartdns": "^3.0.7",
+    "@pushrocks/smartdns": "^3.0.8",
+    "@pushrocks/smartexpress": "^3.0.0",
     "@pushrocks/smartpromise": "^2.0.5",
-    "acme-client": "^2.2.1"
+    "@pushrocks/smartrequest": "^1.1.14",
+    "@pushrocks/smarttime": "^3.0.5",
+    "@pushrocks/smartunique": "^3.0.1",
+    "acme-client": "^2.2.2"
   },
   "devDependencies": {
     "@gitzone/tsbuild": "^2.1.4",

qenv.yml

@@ -1,3 +1,6 @@
 required:
   - CF_EMAIL
   - CF_KEY
+  - MONGODB_URL
+  - MONGODB_PASSWORD
+  - MONGODB_DATABASE

test/test.ts

@@ -1,21 +1,32 @@
 import { tap, expect } from '@pushrocks/tapbundle';
+import { Qenv } from '@pushrocks/qenv';
+
+const testQenv = new Qenv('./', './.nogit/');
 
 import * as smartacme from '../ts/index';
 
 let smartAcmeInstance: smartacme.SmartAcme;
 
 tap.test('should create a valid instance of SmartAcme', async () => {
-  smartAcmeInstance = new smartacme.SmartAcme();
+  smartAcmeInstance = new smartacme.SmartAcme({
-  await smartAcmeInstance.init({
     accountEmail: 'domains@lossless.org',
     accountPrivateKey: null,
+    mongoDescriptor: {
+      mongoDbName: testQenv.getEnvVarOnDemand('MONGODB_DATABASE'),
+      mongoDbPass: testQenv.getEnvVarOnDemand('MONGODB_PASSWORD'),
+      mongoDbUrl: testQenv.getEnvVarOnDemand('MONGODB_URL')
+    },
     removeChallenge: async (...args) => {
       console.log(args);
     },
     setChallenge: async (...args) => {
       console.log(args);
-    } 
+    },
+    validateRemoteRequest: async () => {
+      return true;
+    }
   });
+  await smartAcmeInstance.init();
   // await smartAcmeInstance.getCertificateForDomain('bleu.de');
 });
 

ts/index.ts

@@ -1 +1,3 @@
 export * from './smartacme.classes.smartacme';
+
+export * from './smartacme.classes.certremoteclient';

ts/interfaces/cert.ts

@@ -0,0 +1,9 @@
+export type TCertStatus = 'existing' | 'nonexisting' | 'pending' | 'failed';
+
+export interface ICert {
+  domainName: string;
+  created: number;
+  privateKey: string;
+  publicKey: string;
+  csr: string;
+}

ts/interfaces/certremote.ts

@@ -0,0 +1,11 @@
+import { ICert, TCertStatus } from './cert';
+
+export interface ICertRemoteRequest {
+  secret: string;
+  domainName: string;
+}
+
+export interface ICertRemoteResponse {
+  status: TCertStatus;
+  certificate?: ICert;
+}

ts/interfaces/index.ts

@@ -1 +1,3 @@
 export * from './accountdata';
+export * from './cert';
+export * from './certremote';

ts/smartacme.classes.cert.ts

@@ -0,0 +1,40 @@
+import * as plugins from './smartacme.plugins';
+
+import * as interfaces from './interfaces';
+
+import { CertManager } from './smartacme.classes.certmanager';
+
+import { Collection, svDb, unI } from '@pushrocks/smartdata';
+import { ICert } from './interfaces';
+
+@plugins.smartdata.Collection(() => {
+  return CertManager.activeDB;
+})
+export class Cert extends plugins.smartdata.SmartDataDbDoc<Cert> implements interfaces.ICert {
+  @unI()
+  public index: string;
+
+  @svDb()
+  public domainName: string;
+
+  @svDb()
+  public created: number;
+
+  @svDb()
+  public privateKey: string;
+  
+  @svDb()
+  public publicKey: string;
+  
+  @svDb()
+  public csr: string;
+
+  constructor(optionsArg: ICert) {
+    super();
+    this.created = optionsArg.created;
+    this.domainName = optionsArg.domainName;
+    this.privateKey = optionsArg.privateKey;
+    this.publicKey = optionsArg.publicKey;
+    this.csr = optionsArg.csr;
+  }
+}

ts/smartacme.classes.certmanager.ts

@@ -0,0 +1,93 @@
+import * as plugins from './smartacme.plugins';
+import { Cert } from './smartacme.classes.cert';
+import { SmartAcme } from './smartacme.classes.smartacme';
+
+import * as interfaces from './interfaces';
+import { ICert } from './interfaces';
+
+
+export class CertManager {
+  // =========
+  // STATIC
+  // =========
+  public static activeDB: plugins.smartdata.SmartdataDb;
+  
+  
+  // =========
+  // INSTANCE
+  // =========
+  private mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  public smartdataDb: plugins.smartdata.SmartdataDb;
+
+  public pendingMap: plugins.lik.Stringmap;
+
+  constructor(smartAcmeArg: SmartAcme,optionsArg: {
+    mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  }) {
+    this.mongoDescriptor = optionsArg.mongoDescriptor;
+  }
+
+  public async init () {
+    // Smartdata DB
+    this.smartdataDb = new plugins.smartdata.SmartdataDb(this.mongoDescriptor);
+    await this.smartdataDb.init();
+    CertManager.activeDB = this.smartdataDb;
+
+    // Pending Map
+    this.pendingMap = new plugins.lik.Stringmap();
+  };
+
+  /**
+   * retrieves a certificate
+   * @returns the Cert class or null
+   * @param domainName the domain Name to retrieve the vcertificate for
+   */
+  public async retrieveCertificate(domainName: string): Promise<Cert> {
+    await this.checkCerts();
+    const existingCertificate: Cert = await Cert.getInstance({
+      name: domainName
+    });
+
+    if(existingCertificate) {
+      return existingCertificate;
+    } else {
+      return null;
+    }
+
+  }
+
+  /**
+   * stores the certificate with the 
+   * @param publicKeyArg 
+   * @param privateKeyArg 
+   * @param csrArg 
+   */
+  public async storeCertificate(optionsArg: ICert) {
+    const cert = new Cert(optionsArg);
+    cert.save();
+  };
+
+  public async deleteCertificate(domainNameArg: string) {
+
+  }
+
+  public async getCertificateStatus(domainNameArg: string): Promise<interfaces.TCertStatus> {
+    const isPending = this.pendingMap.checkString('domainNameArg');
+    if (isPending) {
+      return 'pending';
+    }
+
+    // otherwise lets continue
+    const existingCertificate = this.retrieveCertificate(domainNameArg);
+    if (existingCertificate) {
+      return 'existing';
+    }
+
+    return 'nonexisting';
+  }
+
+  /**
+   * checks all certs for expiration
+   */
+  private async checkCerts() {};
+}

ts/smartacme.classes.certremoteclient.ts

@@ -0,0 +1,47 @@
+import * as plugins from './smartacme.plugins';
+import * as interfaces from './interfaces';
+import { ICertRemoteResponse } from './interfaces';
+
+// tslint:disable-next-line: max-classes-per-file
+export class CertRemoteClient {
+  private remoteUrl: string;
+  private secret: string;
+
+  constructor(optionsArg: {
+    remoteUrl: string;
+    secret: string;
+  }) {
+    this.remoteUrl = optionsArg.remoteUrl;
+    this.secret = optionsArg.secret;
+  }
+
+  /**
+   * 
+   * @param domainNameArg 
+   */
+  async getCertificateForDomain(domainNameArg: string): Promise<interfaces.ICert> {
+    let certificate: interfaces.ICert;
+    const doRequestCycle = async (): Promise<interfaces.ICert> => {
+      const response: ICertRemoteResponse = (await plugins.smartrequest.postJson(this.remoteUrl, {
+        requestBody: <interfaces.ICertRemoteRequest>{
+          domainName: domainNameArg,
+          secret: this.secret
+        }
+      })).body;
+      switch(response.status) {
+        case 'pending':
+          await plugins.smartdelay.delayFor(5000);
+          const finalResponse = await doRequestCycle();
+          return finalResponse;
+        case 'existing':
+          return response.certificate;
+        case 'failed':
+        default:
+          console.log(`could not retrieve certificate for ${domainNameArg}`);
+          return null;
+      }
+    };
+    certificate = await doRequestCycle();
+    return certificate;
+  }
+}

ts/smartacme.classes.smartacme.ts

@@ -1,11 +1,34 @@
 import * as plugins from './smartacme.plugins';
+import { CertManager } from './smartacme.classes.certmanager';
+
+import * as interfaces from './interfaces';
+import { request } from 'http';
 
 /**
  *
  */
-export interface ISmartAcmeStorage {}
+export interface ISmartAcmeOptions {
+  accountPrivateKey?: string;
+  accountEmail: string;
+  mongoDescriptor: plugins.smartdata.IMongoDescriptor;
+  setChallenge: (domainName: string, keyAuthorization: string) => Promise<any>;
+  removeChallenge: (domainName: string) => Promise<any>;
+  validateRemoteRequest: () => Promise<boolean>;
+}
 
+/**
+ * The main SmartAcme class
+ * can be used setting up communication with an ACME authority
+ * 
+ * ```ts
+ * const mySmartAcmeInstance = new SmartAcme({
+ *  // see ISmartAcmeOptions for options
+ * })
+ * ```
+ */
 export class SmartAcme {
+  private options: ISmartAcmeOptions;
+
   // the acme client
   private client: any;
   private smartdns = new plugins.smartdns.Smartdns();
@@ -16,16 +39,67 @@ export class SmartAcme {
   // challenge fullfillment
   private setChallenge: (domainName: string, keyAuthorization: string) => Promise<any>;
   private removeChallenge: (domainName: string) => Promise<any>;
+  private validateRemoteRequest: () => Promise<boolean>;
 
-  public async init(optionsArg: {
+  // certmanager
-    accountPrivateKey?: string;
+  private certmanager: CertManager;
-    accountEmail: string;
+  private certremoteHandler: plugins.smartexpress.Handler;
-    setChallenge: (domainName: string, keyAuthorization: string) => Promise<any>
+
-    removeChallenge: (domainName: string) => Promise<any>;
+  constructor(optionsArg: ISmartAcmeOptions) {
-  }) {
+    this.options = optionsArg;
-    this.privateKey = optionsArg.accountPrivateKey || (await plugins.acme.forge.createPrivateKey());
+  }
-    this.setChallenge = optionsArg.setChallenge;
+
-    this.removeChallenge = optionsArg.removeChallenge;
+  /**
+   * inits the instance
+   * ```ts
+   * await myCloudlyInstance.init() // does not support options
+   * ```
+   */
+  public async init() {
+    this.privateKey =
+      this.options.accountPrivateKey || (await plugins.acme.forge.createPrivateKey());
+    this.setChallenge = this.options.setChallenge;
+    this.removeChallenge = this.options.removeChallenge;
+
+    // CertMangaer
+    this.certmanager = new CertManager(this, {
+      mongoDescriptor: this.options.mongoDescriptor
+    });
+    await this.certmanager.init();
+
+    // CertRemoteHandler
+    this.certremoteHandler = new plugins.smartexpress.Handler('POST', async (req, res) => {
+      const requestBody: interfaces.ICertRemoteRequest = req.body;
+      const status: interfaces.TCertStatus = await this.certmanager.getCertificateStatus(requestBody.domainName);
+      const existingCertificate = await this.certmanager.retrieveCertificate(
+        requestBody.domainName
+      );
+      let response: interfaces.ICertRemoteResponse;
+      switch (status) {
+         case 'existing':
+          response = {
+            status,
+            certificate: {
+              created: existingCertificate.created,
+              csr: existingCertificate.csr,
+              domainName: existingCertificate.domainName,
+              privateKey: existingCertificate.privateKey,
+              publicKey: existingCertificate.publicKey
+            }
+          };
+          break;
+        default:
+          response = {
+            status
+          };
+          break;
+      }
+      res.status(200);
+      res.send(response);
+      res.end();
+    });
+
+    // ACME Client
     this.client = new plugins.acme.Client({
       directoryUrl: plugins.acme.directory.letsencrypt.staging,
       accountKey: this.privateKey
@@ -34,13 +108,21 @@ export class SmartAcme {
     /* Register account */
     await this.client.createAccount({
       termsOfServiceAgreed: true,
-      contact: [`mailto:${optionsArg.accountEmail}`]
+      contact: [`mailto:${this.options.accountEmail}`]
     });
   }
 
+  public async stop() {};
+
   public async getCertificateForDomain(domainArg: string) {
     const domain = domainArg;
 
+    const retrievedCertificate = await this.certmanager.retrieveCertificate(domain);
+
+    if (retrievedCertificate) {
+      return retrievedCertificate;
+    }
+
     /* Place new order */
     const order = await this.client.createOrder({
       identifiers: [{ type: 'dns', value: domain }, { type: 'dns', value: `*.${domain}` }]
@@ -61,8 +143,7 @@ export class SmartAcme {
       try {
         /* Satisfy challenge */
         await this.setChallenge(domainDnsName, keyAuthorization);
-        await this.smartdns.checkUntilAvailable(domainDnsName, 'TXT', keyAuthorization);
+        await this.smartdns.checkUntilAvailable(domainDnsName, 'TXT', keyAuthorization, 100, 5000);
-
 
         /* Verify that challenge is satisfied */
         await this.client.verifyChallenge(authz, dnsChallenge);
@@ -95,7 +176,16 @@ export class SmartAcme {
     console.log(`CSR:\n${csr.toString()}`);
     console.log(`Private key:\n${key.toString()}`);
     console.log(`Certificate:\n${cert.toString()}`);
-  }
 
-  toStorageObject() {}
+    await this.certmanager.storeCertificate({
+      domainName: domainArg,
+      privateKey: key.toString(),
+      publicKey: cert.toString(),
+      csr: csr.toString(),
+      created: Date.now()
+    });
+
+    const newCertificate = await this.certmanager.retrieveCertificate(domainArg);
+    return newCertificate;
+  }
 }

ts/smartacme.plugins.ts

@@ -1,9 +1,15 @@
 // @pushrocks scope
+import * as lik from '@pushrocks/lik';
+import * as smartdata from '@pushrocks/smartdata';
 import * as smartdelay from '@pushrocks/smartdelay';
 import * as smartdns from '@pushrocks/smartdns';
+import * as smartexpress from '@pushrocks/smartexpress';
 import * as smartpromise from '@pushrocks/smartpromise';
+import * as smartrequest from '@pushrocks/smartrequest';
+import * as smartunique from '@pushrocks/smartunique';
+import * as smarttime from '@pushrocks/smarttime';
 
-export { smartdelay, smartdns, smartpromise };
+export { lik, smartdata, smartdelay, smartdns, smartexpress, smartpromise, smartrequest, smartunique, smarttime };
 
 // thirs party scope
 import * as acme from 'acme-client';

tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "compilerOptions": {
+    "experimentalDecorators": true,
+    "target": "es2017",
+    "module": "commonjs"
+  }
+}