Permalink
Browse files

initial commit

  • Loading branch information...
0 parents commit 98ccbaf83366b67d4fea3b9ad3f02b6066c16919 @tellnes committed Aug 12, 2012
Showing with 176 additions and 0 deletions.
  1. +40 −0 README.md
  2. +14 −0 example.js
  3. +102 −0 index.js
  4. +20 −0 package.json
@@ -0,0 +1,40 @@
+# TLS Cert Update
+
+Reads files used by tls from disk or http and updates them when they expires.
+
+This is done by using the `SNICallback` in tls.
+
+For local files `fs.watch` is used and for remote http files we look at the http cache headers. Look at [file-expires](https://github.com/tellnes/file-expires) for details.
+
+
+## Usage
+```js
+var tcu = require('tls-cert-update')
+ , tls = require('tls')
+
+tcu ( { key: '/path/to/key',
+ , cert: '/path/to/cert',
+ , ca: [ 'http://ca.example.com/my-root-ca.crt'
+ , 'http://ca.example.com/my-other-ca.crt'
+ ]
+ , crl:[ 'http://ca.example.com/my-root-ca.crl'
+ , 'http://ca.example.com/my-other-ca.crl'
+ ]
+ }
+ , function(err, options) {
+ if (err) throw err
+
+ tls.createServer(options, function(socket) {
+ socket.pipe(socket)
+ })
+ }
+ )
+```
+
+## Install
+
+ npm install tls-cert-update
+
+## Licence
+
+MIT
@@ -0,0 +1,14 @@
+var tcu = require('./')
+
+tcu ( { ca: [ 'http://s3-eu-west-1.amazonaws.com/files.infogym.no/ca/root.crt'
+ , 'http://s3-eu-west-1.amazonaws.com/files.infogym.no/ca/monitors.crt'
+ ]
+ , crl:[ 'https://s3-eu-west-1.amazonaws.com/files.infogym.no/ca/root.crl'
+ , 'https://s3-eu-west-1.amazonaws.com/files.infogym.no/ca/monitors.crl'
+ ]
+ }
+ , function(err, options) {
+ if (err) throw err
+ }
+ )
+
102 index.js
@@ -0,0 +1,102 @@
+var track = require('track')
+ , crypto = require('crypto')
+ , createFileExpirer = require('file-expires')
+ , EventEmitter = require('events').EventEmitter
+ , extend = require('util')._extend
+
+
+
+module.exports = function(options, cb) {
+ var files = []
+ , t = track()
+ , self = new EventEmitter
+
+ if (cb) {
+ function onready() {
+ self.removeListener('error', onerror)
+ cb(null, self.options)
+ }
+ function onerror(err) {
+ self.removeListener('ready', onready)
+ cb(err)
+ self.destroy()
+ }
+ self.once('ready', onready)
+ self.once('error', onerror)
+ }
+
+ self.options = extend({}, options)
+
+ self.options.SNICallback = function() {
+ return self.secureContext
+ }
+
+
+ function updateContext() {
+ self.secureContext = crypto.createCredentials(self.options).context
+ self.emit('update')
+ }
+
+ self.destroy = function() {
+ files.forEach(function(file) {
+ file.destroy()
+ })
+ }
+
+ function prepare(type) {
+ var value = options[type]
+ , isArray = false
+
+ if (!value || Buffer.isBuffer(value)) return
+
+
+ if (Array.isArray(value)) {
+ self.options[type] = []
+ isArray = true
+ } else {
+ self.options[type] = null
+ value = [value]
+ }
+
+
+ value.forEach(function(file, index) {
+ file = createFileExpirer(file)
+ function update(cb) {
+ if (!cb) cb = updateContext
+
+ file.readFile(function(err, buffer) {
+ if (err) return self.emit('error', err)
+
+ if (isArray) {
+ self.options[type][index] = buffer
+ } else {
+ self.options[type] = buffer
+ }
+
+ cb()
+ })
+ }
+ file.on('expires', update)
+ update(t())
+ files.push(file)
+ })
+ }
+
+
+ prepare('key')
+ prepare('cert')
+ prepare('ca')
+ prepare('crl')
+
+
+ t.end(function(err) {
+ t = null
+ if (err) return self.emit('error', err)
+
+ updateContext()
+ self.emit('ready')
+ })
+
+ return self
+}
+
@@ -0,0 +1,20 @@
+{
+ "name": "tls-cert-update",
+ "version": "0.0.1",
+ "main": "index.js",
+ "scripts": {
+ "test": "echo \"Error: no test specified\" && exit 1"
+ },
+ "author": "Christian Tellnes <christian@tellnes.no> (http://christian.tellnes.com/)",
+ "license": "MIT",
+ "dependencies": {
+ "track": "0.0.4",
+ "file-expires": "0.0.1"
+ },
+ "devDependencies": {},
+ "repository": {
+ "type": "git",
+ "url": "git://github.com/tellnes/tls-cert-update.git"
+ },
+ "description": "Reads files used by tls from disk or http and updates them when they expires."
+}

0 comments on commit 98ccbaf

Please sign in to comment.