lint and fix and use domains.generateKeypair

This commit is contained in:
AJ ONeal 2018-11-09 21:05:53 -07:00
parent d63d8e1aed
commit 2cc5a41268
2 changed files with 215 additions and 221 deletions

View File

@ -444,7 +444,7 @@
}; };
} }
return BACME.accounts.generateKeypair(opts).then(function (serverJwk) { return BACME.domains.generateKeypair(opts).then(function (serverJwk) {
localStorage.setItem('server:' + key, JSON.stringify(serverJwk)); localStorage.setItem('server:' + key, JSON.stringify(serverJwk));
return serverJwk; return serverJwk;
}); });

View File

@ -4,6 +4,8 @@
var BACME = exports.BACME = {}; var BACME = exports.BACME = {};
var webFetch = exports.fetch; var webFetch = exports.fetch;
var webCrypto = exports.crypto; var webCrypto = exports.crypto;
var Promise = window.Promise;
var CSR = window.CSR;
var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory'; var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
var directory; var directory;
@ -15,7 +17,6 @@ var accountKeypair;
var accountJwk; var accountJwk;
var accountUrl; var accountUrl;
var signedAccount;
BACME.challengePrefixes = { BACME.challengePrefixes = {
'http-01': '/.well-known/acme-challenge' 'http-01': '/.well-known/acme-challenge'
@ -62,35 +63,7 @@ BACME.accounts = {};
// type = ECDSA // type = ECDSA
// bitlength = 256 // bitlength = 256
BACME.accounts.generateKeypair = function (opts) { BACME.accounts.generateKeypair = function (opts) {
var wcOpts = {}; return BACME.generateKeypair(opts).then(function (result) {
// ECDSA has only the P curves and an associated bitlength
if (/^EC/i.test(opts.type)) {
wcOpts.name = 'ECDSA';
if (/256/.test(opts.bitlength)) {
wcOpts.namedCurve = 'P-256';
}
}
// RSA-PSS is another option, but I don't think it's used for Let's Encrypt
// I think the hash is only necessary for signing, not generation or import
if (/^RS/i.test(opts.type)) {
wcOpts.name = 'RSASSA-PKCS1-v1_5';
wcOpts.modulusLength = opts.bitlength;
if (opts.bitlength < 2048) {
wcOpts.modulusLength = opts.bitlength * 8;
}
wcOpts.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
wcOpts.hash = { name: "SHA-256" };
}
// https://github.com/diafygi/webcrypto-examples#ecdsa---generatekey
var extractable = true;
return webCrypto.subtle.generateKey(
wcOpts
, extractable
, [ 'sign', 'verify' ]
).then(function (result) {
accountKeypair = result; accountKeypair = result;
return webCrypto.subtle.exportKey( return webCrypto.subtle.exportKey(
@ -115,7 +88,7 @@ BACME.accounts.generateKeypair = function (opts) {
//return accountKeypair; //return accountKeypair;
}); });
*/ */
}) });
}); });
}; };
@ -158,7 +131,7 @@ BACME._importKey = function (jwk) {
e: priv.e e: priv.e
, kty: priv.kty , kty: priv.kty
, n: priv.n , n: priv.n
} };
if (!priv.p) { if (!priv.p) {
priv = null; priv = null;
} }
@ -280,7 +253,6 @@ BACME.accounts.sign = function (opts) {
}); });
}; };
var account;
var accountId; var accountId;
BACME.accounts.set = function (opts) { BACME.accounts.set = function (opts) {
@ -316,7 +288,6 @@ BACME.accounts.set = function (opts) {
}; };
var orderUrl; var orderUrl;
var signedOrder;
BACME.orders = {}; BACME.orders = {};
@ -345,7 +316,6 @@ BACME.orders.sign = function (opts) {
}); });
}; };
var order;
var currentOrderUrl; var currentOrderUrl;
var authorizationUrls; var authorizationUrls;
var finalizeUrl; var finalizeUrl;
@ -571,28 +541,52 @@ BACME.challenges.check = function (opts) {
var domainKeypair; var domainKeypair;
var domainJwk; var domainJwk;
BACME.domains = {}; BACME.generateKeypair = function (opts) {
// TODO factor out from BACME.accounts.generateKeypair var wcOpts = {};
BACME.domains.generateKeypair = function () {
// ECDSA has only the P curves and an associated bitlength
if (/^EC/i.test(opts.type)) {
wcOpts.name = 'ECDSA';
if (/256/.test(opts.bitlength)) {
wcOpts.namedCurve = 'P-256';
}
}
// RSA-PSS is another option, but I don't think it's used for Let's Encrypt
// I think the hash is only necessary for signing, not generation or import
if (/^RS/i.test(opts.type)) {
wcOpts.name = 'RSASSA-PKCS1-v1_5';
wcOpts.modulusLength = opts.bitlength;
if (opts.bitlength < 2048) {
wcOpts.modulusLength = opts.bitlength * 8;
}
wcOpts.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
wcOpts.hash = { name: "SHA-256" };
}
var extractable = true; var extractable = true;
return window.crypto.subtle.generateKey( return window.crypto.subtle.generateKey(
{ name: "ECDSA", namedCurve: "P-256" } { name: "ECDSA", namedCurve: "P-256" }
, extractable , extractable
, [ 'sign', 'verify' ] , [ 'sign', 'verify' ]
).then(function (result) { );
};
BACME.domains = {};
// TODO factor out from BACME.accounts.generateKeypair even more
BACME.domains.generateKeypair = function (opts) {
return BACME.generateKeypair(opts).then(function (result) {
domainKeypair = result; domainKeypair = result;
return window.crypto.subtle.exportKey( return window.crypto.subtle.exportKey(
"jwk" "jwk"
, result.privateKey , result.privateKey
).then(function (jwk) { ).then(function (privJwk) {
domainJwk = jwk; domainJwk = privJwk;
console.log('private jwk:'); console.log('private jwk:');
console.log(JSON.stringify(jwk, null, 2)); console.log(JSON.stringify(privJwk, null, 2));
return domainKeypair; return privJwk;
}) });
}); });
}; };