-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
208 additions
and
133 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
'use strict' | ||
|
||
const cp = require('child_process') | ||
|
||
module.exports = (query) => new Promise((resolve, reject) => { // the nodeJS dns module seems to be buggy sometimes. use real dig. | ||
try { | ||
let records = cp.spawnSync('dig', ['+short', query.name, query.type, '@8.8.8.8'], {stdio: 'pipe'}) | ||
.stdout.toString().split('\n').filter(s => Boolean(s.trim())).map(v => JSON.parse(v)) | ||
resolve({ answer: records.map(data => { return { data: [data] } }) }) | ||
} catch (e) { | ||
reject(e) | ||
} | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
'use strict' | ||
|
||
const ACME = require('acme-v2') | ||
const ACME_DIG = require('./dig') | ||
const RSA = require('rsa-compat').RSA | ||
const prom = require('promisify-es6') | ||
const promCl = (cl, fnc) => prom(fnc.bind(cl)) | ||
|
||
const genKeyPair = prom((cb) => RSA.generateKeypair(2048, null, { pem: true, public: true, jwk: true }, cb)) | ||
const promiseFnc = ['getOrGenKey', 'genKey', 'registerAccount', 'obtainCertificate', 'getCertificate'] | ||
|
||
const debug = require('debug') | ||
const log = debug('nodetrust:letsencrypt:acme') | ||
|
||
const forge = require('node-forge') | ||
const pki = forge.pki | ||
|
||
const URLS = { | ||
production: 'https://acme-v02.api.letsencrypt.org/directory', | ||
staging: 'https://acme-staging-v02.api.letsencrypt.org/directory' | ||
} | ||
|
||
class LetsencryptACME { | ||
constructor (opt) { | ||
this.opt = opt | ||
this.storage = opt.storage | ||
this.challenge = opt.challenge | ||
this.acme = ACME.ACME.create({debug: true}) | ||
this.acme._dig = ACME_DIG | ||
promiseFnc.forEach(name => (this[name] = promCl(this, this[name]))) | ||
} | ||
init (cb) { | ||
this.acme.init(this.opt.serverUrl) | ||
.then(() => this.registerAccount(this.opt.email), cb) | ||
.then((account) => { | ||
Object.assign(this, account) | ||
this.acme._kid = account.account.key.kid | ||
cb() | ||
}, cb) | ||
} | ||
getOrGenKey (keyid, cb) { | ||
if (this.storage.exists('key', keyid)) return cb(null, this.storage.readJSON('key', keyid)) | ||
return this.genKey(keyid, cb) | ||
} | ||
genKey (keyid, cb) { | ||
genKeyPair((err, pair) => { | ||
if (err) return cb(err) | ||
this.storage.storeJSON('key', keyid, pair) | ||
cb(null, pair) | ||
}) | ||
} | ||
registerAccount (email, cb) { | ||
this.getOrGenKey('ac-key', (err, accountKeypair) => { | ||
if (err) return cb(err) | ||
let account = this.storage.readJSON('ac-data') | ||
if (account) return cb(null, {account, accountKeypair}) | ||
log('creating account') | ||
this.acme.accounts.create({ | ||
email, | ||
accountKeypair: accountKeypair, | ||
agreeToTerms: tosUrl => Promise.resolve(tosUrl) | ||
}).then(account => { | ||
this.storage.storeJSON('ac-data', account) | ||
cb(null, {account, accountKeypair}) | ||
}, cb) | ||
}) | ||
} | ||
|
||
obtainCertificate (id, domainKeypair, domains, cb) { | ||
const {accountKeypair} = this | ||
log('obtain certificate %s', domains.join(', ')) | ||
this.acme.certificates.create({ | ||
domainKeypair, | ||
accountKeypair, | ||
domains, | ||
challengeType: this.challenge.type, | ||
setChallenge: this.challenge.set, | ||
removeChallenge: this.challenge.remove | ||
}).then(certs => { | ||
let [cert, ca] = certs.split('\n\n') | ||
let certForge = pki.certificateFromPem(cert) | ||
let res = { | ||
error: false, | ||
domains, | ||
cn: domains[0], | ||
altnames: domains.slice(1), | ||
privkey: domainKeypair.privateKeyPem, | ||
cert, | ||
chain: cert + '\n' + ca, | ||
ca, | ||
validity: certForge.validity.notAfter.getTime() | ||
} | ||
this.storage.storeJSON(...id, res) | ||
cb(null, res) | ||
}, cb) | ||
} | ||
|
||
getCertificate (nodeID, domains, cb) { | ||
let certID = ['@' + nodeID, domains.join('!')] | ||
log('get certificate %s %s', nodeID, domains.join(', ')) | ||
this.getOrGenKey('@' + nodeID) | ||
.then(domainKeypair => { | ||
let cert = this.storage.readJSON(...certID) | ||
if (!cert) return this.obtainCertificate(certID, domainKeypair, domains) | ||
else return Promise.resolve(cert) | ||
}, cb) | ||
} | ||
|
||
} | ||
|
||
module.exports = LetsencryptACME | ||
module.exports.URLS = URLS |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
'use strict' | ||
|
||
const multihashing = require('multihashing-async') | ||
const domainBase = require('base-x')('abcdefghijklmnopqrstuvwxyz0123456789-') | ||
|
||
module.exports = function idPrefix (id, zone, cb) { // TODO: maybe refactor/drop this method as it isn't so cryptographically safe | ||
let pref = 'id0' | ||
let suf = '.' + zone | ||
multihashing(Buffer.from(id), 'sha3-224', (err, digest) => { | ||
if (err) return cb(err) | ||
id = domainBase.encode(digest).substr(0, 64 - pref.length - suf.length) | ||
cb(null, pref + id + suf) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
'use strict' | ||
|
||
const fs = require('fs') | ||
const path = require('path') | ||
const mkdirp = require('mkdirp') | ||
|
||
class Storage { | ||
constructor (path) { | ||
this.path = path | ||
} | ||
locate (...a) { | ||
if (!a.length) throw new Error('Must specify location') | ||
return path.join(this.path, ...a) | ||
} | ||
store (...a) { | ||
let data = a.pop() | ||
let loc = this.locate(...a) | ||
const dir = path.dirname(loc) | ||
mkdirp.sync(dir) | ||
fs.writeFileSync(loc, data) | ||
} | ||
exists (...a) { | ||
return fs.existsSync(this.locate(...a)) | ||
} | ||
read (...a) { | ||
if (!this.exists(...a)) return | ||
return fs.readFileSync(this.locate(...a)) | ||
} | ||
readJSON (...a) { | ||
if (!this.exists(...a)) return | ||
return JSON.parse(String(fs.readFileSync(this.locate(...a)))) | ||
} | ||
storeJSON (...a) { | ||
let data = JSON.stringify(a.pop()) | ||
return this.store(...a, data) | ||
} | ||
} | ||
|
||
module.exports = Storage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters