From df022959e445cce711ffa29d7c5448846444283d Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Fri, 16 Mar 2018 00:59:40 -0600
Subject: [PATCH] hard code more test functionality

---
 README.md |   9 +++
 node.js   | 173 ++++++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 138 insertions(+), 44 deletions(-)

diff --git a/README.md b/README.md
index 4d3fb32..3c11b5b 100644
--- a/README.md
+++ b/README.md
@@ -10,3 +10,12 @@ In progress
 * get directory
 * get nonce
 * create account
+* new order
+* get challenges
+
+Not yet tried
+
+* respond to challenges
+* finalize order
+* poll for status
+* download certificates
diff --git a/node.js b/node.js
index f3d1db4..7d58cd2 100644
--- a/node.js
+++ b/node.js
@@ -58,45 +58,6 @@ function create(deps) {
   var directoryUrl = deps.directoryUrl || defaults.stagingServerUrl;
   var request = deps.promisify(getRequest({}));
 
-  var acme2 = {
-    getAcmeUrls: function () {
-      var me = this;
-      return request({ url: directoryUrl }).then(function (resp) {
-        me._directoryUrls = JSON.parse(resp.body);
-        me._tos = me._directoryUrls.meta.termsOfService;
-        return me._directoryUrls;
-      });
-    }
-  , getNonce: function () {
-      var me = this;
-      return request({ method: 'HEAD', url: me._directoryUrls.newNonce }).then(function (resp) {
-        me._nonce = resp.toJSON().headers['replay-nonce'];
-        return me._nonce;
-      });
-    }
-		// ACME RFC Section 7.3 Account Creation
-		/*
-		 {
-			 "protected": base64url({
-				 "alg": "ES256",
-				 "jwk": {...},
-				 "nonce": "6S8IqOGY7eL2lsGoTZYifg",
-				 "url": "https://example.com/acme/new-account"
-			 }),
-			 "payload": base64url({
-				 "termsOfServiceAgreed": true,
-				 "onlyReturnExisting": false,
-				 "contact": [
-					 "mailto:cert-admin@example.com",
-					 "mailto:admin@example.com"
-				 ]
-			 }),
-			 "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I"
-		 }
-		*/
-  , registerNewAccount: function () {
-      var me = this;
-			var RSA = require('rsa-compat').RSA;
 			var crypto = require('crypto');
 			RSA.signJws = RSA.generateJws = RSA.generateSignatureJws = RSA.generateSignatureJwk =
 			function (keypair, payload, nonce) {
@@ -142,14 +103,60 @@ function create(deps) {
 				};
 			};
 
-      var options = {
-        email: 'coolaj86@gmail.com'
-      , keypair: RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/privkey.pem') })
-      };
+  var acme2 = {
+    getAcmeUrls: function () {
+      var me = this;
+      return request({ url: directoryUrl }).then(function (resp) {
+        me._directoryUrls = JSON.parse(resp.body);
+        me._tos = me._directoryUrls.meta.termsOfService;
+        return me._directoryUrls;
+      });
+    }
+  , getNonce: function () {
+      var me = this;
+      return request({ method: 'HEAD', url: me._directoryUrls.newNonce }).then(function (resp) {
+        me._nonce = resp.toJSON().headers['replay-nonce'];
+        return me._nonce;
+      });
+    }
+		// ACME RFC Section 7.3 Account Creation
+		/*
+		 {
+			 "protected": base64url({
+				 "alg": "ES256",
+				 "jwk": {...},
+				 "nonce": "6S8IqOGY7eL2lsGoTZYifg",
+				 "url": "https://example.com/acme/new-account"
+			 }),
+			 "payload": base64url({
+				 "termsOfServiceAgreed": true,
+				 "onlyReturnExisting": false,
+				 "contact": [
+					 "mailto:cert-admin@example.com",
+					 "mailto:admin@example.com"
+				 ]
+			 }),
+			 "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I"
+		 }
+		*/
+  , registerNewAccount: function (options) {
+      var me = this;
+
       var body = {
         termsOfServiceAgreed: true
       , onlyReturnExisting: false
       , contact: [ 'mailto:' + options.email ]
+      /*
+       "externalAccountBinding": {
+         "protected": base64url({
+           "alg": "HS256",
+           "kid": /* key identifier from CA *//*,
+           "url": "https://example.com/acme/new-account"
+         }),
+         "payload": base64url(/* same as in "jwk" above *//*),
+         "signature": /* MAC using MAC key from CA *//*
+       }
+      */
       };
 			var payload = JSON.stringify(body, null, 2);
 			var jws = RSA.signJws(
@@ -167,21 +174,99 @@ function create(deps) {
       , json: jws
       }).then(function (resp) {
         me._nonce = resp.toJSON().headers['replay-nonce'];
+        var location = resp.toJSON().headers['location'];
+        console.log(location); // the account id url
         console.log(resp.toJSON());
+				me._kid = location;
         return resp.body;
       });
     }
+		/*
+		 POST /acme/new-order HTTP/1.1
+		 Host: example.com
+		 Content-Type: application/jose+json
+
+		 {
+			 "protected": base64url({
+				 "alg": "ES256",
+				 "kid": "https://example.com/acme/acct/1",
+				 "nonce": "5XJ1L3lEkMG7tR6pA00clA",
+				 "url": "https://example.com/acme/new-order"
+			 }),
+			 "payload": base64url({
+				 "identifiers": [{"type:"dns","value":"example.com"}],
+				 "notBefore": "2016-01-01T00:00:00Z",
+				 "notAfter": "2016-01-08T00:00:00Z"
+			 }),
+			 "signature": "H6ZXtGjTZyUnPeKn...wEA4TklBdh3e454g"
+		 }
+		*/
+  , getCertificate: function (options, cb) {
+			var me = this;
+
+      var body = {
+				identifiers: [
+          { type: "dns" , value: "www.ppl.family" }
+				/*
+        , {	type: "dns" , value: "example.net" }
+				*/
+        ]
+        //, "notBefore": "2016-01-01T00:00:00Z"
+       //, "notAfter": "2016-01-08T00:00:00Z"
+      };
+
+			var payload = JSON.stringify(body);
+			//var payload = JSON.stringify(body, null, 2);
+			var jws = RSA.signJws(
+        options.keypair
+      , new Buffer(payload)
+      , { nonce: me._nonce, alg: 'RS256', url: me._directoryUrls.newOrder, kid: me._kid }
+			);
+
+      return request({
+        method: 'POST'
+      , url: me._directoryUrls.newOrder
+      , headers: { 'Content-Type': 'application/jose+json' }
+      , json: jws
+      }).then(function (resp) {
+        me._nonce = resp.toJSON().headers['replay-nonce'];
+        var location = resp.toJSON().headers['location'];
+        console.log(location); // the account id url
+        console.log(resp.toJSON());
+        //var body = JSON.parse(resp.body);
+        me._authorizations = resp.body.authorizations;
+        me._order = location;
+        me._finalize = resp.body.finalize;
+
+        //return resp.body;
+        return Promise.all(me._authorizations.map(function (auth) {
+          return request({ method: 'GET', url: auth, json: true }).then(function (resp) {
+            console.log('Authorization:');
+            console.log(resp.body.challenges);
+          });
+        }));
+      });
+		}
   };
   return acme2;
 }
 
+var RSA = require('rsa-compat').RSA;
 var acme2 = create();
 acme2.getAcmeUrls().then(function (body) {
   console.log(body);
   acme2.getNonce().then(function (nonce) {
     console.log(nonce);
-    acme2.registerNewAccount().then(function (account) {
+
+		var options = {
+			email: 'coolaj86@gmail.com'
+		, keypair: RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/privkey.pem') })
+		};
+    acme2.registerNewAccount(options).then(function (account) {
       console.log(account);
+    	acme2.getCertificate(options, function () {
+				console.log('got cert');
+      });
     });
   });
 });