198 lines
6.2 KiB
JavaScript
198 lines
6.2 KiB
JavaScript
'use strict';
|
|
|
|
var PromiseA = require('bluebird');
|
|
var crypto = require('crypto');
|
|
var LeCore = require('letiny-core');
|
|
var RSA = PromiseA.promisifyAll(require('rsa-compat').RSA);
|
|
var path = require('path');
|
|
var mkdirpAsync = PromiseA.promisify(require('mkdirp'));
|
|
var fs = PromiseA.promisifyAll(require('fs'));
|
|
|
|
function createAccount(args, handlers) {
|
|
var os = require("os");
|
|
var localname = os.hostname();
|
|
|
|
// TODO support ECDSA
|
|
// arg.rsaBitLength args.rsaExponent
|
|
return RSA.generateKeypairAsync(args.rsaKeySize || 1024, 65537, { public: true, pem: true }).then(function (keypair) {
|
|
/* keypair = { privateKeyPem, privateKeyJwk, publicKeyPem } */
|
|
|
|
return LeCore.registerNewAccountAsync({
|
|
email: args.email
|
|
, newRegUrl: args._acmeUrls.newReg
|
|
, agreeToTerms: function (tosUrl, agree) {
|
|
// args.email = email; // already there
|
|
args.tosUrl = tosUrl;
|
|
handlers.agreeToTerms(args, agree);
|
|
}
|
|
, accountKeypair: keypair
|
|
|
|
, debug: args.debug || handlers.debug
|
|
}).then(function (body) {
|
|
// TODO XXX use sha256 (the python client uses md5)
|
|
// TODO ssh fingerprint (noted on rsa-compat issues page, I believe)
|
|
keypair.publicKeyMd5 = crypto.createHash('md5').update(RSA.exportPublicPem(keypair)).digest('hex');
|
|
keypair.publicKeySha256 = crypto.createHash('sha256').update(RSA.exportPublicPem(keypair)).digest('hex');
|
|
var accountId = keypair.publicKeyMd5;
|
|
var accountDir = path.join(args.accountsDir, accountId);
|
|
var regr = { body: body };
|
|
|
|
args.accountId = accountId;
|
|
args.accountDir = accountDir;
|
|
|
|
return mkdirpAsync(accountDir).then(function () {
|
|
|
|
var isoDate = new Date().toISOString();
|
|
var accountMeta = {
|
|
creation_host: localname
|
|
, creation_dt: isoDate
|
|
};
|
|
|
|
// TODO abstract file writing
|
|
return PromiseA.all([
|
|
// meta.json {"creation_host": "ns1.redirect-www.org", "creation_dt": "2015-12-11T04:14:38Z"}
|
|
fs.writeFileAsync(path.join(accountDir, 'meta.json'), JSON.stringify(accountMeta), 'utf8')
|
|
// private_key.json { "e", "d", "n", "q", "p", "kty", "qi", "dp", "dq" }
|
|
, fs.writeFileAsync(path.join(accountDir, 'private_key.json'), JSON.stringify(RSA.exportPrivateJwk(keypair)), 'utf8')
|
|
// regr.json:
|
|
/*
|
|
{ body: { contact: [ 'mailto:coolaj86@gmail.com' ],
|
|
agreement: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf',
|
|
key: { e: 'AQAB', kty: 'RSA', n: '...' } },
|
|
uri: 'https://acme-v01.api.letsencrypt.org/acme/reg/71272',
|
|
new_authzr_uri: 'https://acme-v01.api.letsencrypt.org/acme/new-authz',
|
|
terms_of_service: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf' }
|
|
*/
|
|
, fs.writeFileAsync(path.join(accountDir, 'regr.json'), JSON.stringify(regr), 'utf8')
|
|
]).then(function () {
|
|
var pems = {};
|
|
|
|
// pems.private_key;
|
|
pems.meta = accountMeta;
|
|
pems.keypair = keypair;
|
|
pems.regr = regr;
|
|
pems.accountId = accountId;
|
|
pems.id = accountId;
|
|
return pems;
|
|
});
|
|
});
|
|
});
|
|
});
|
|
}
|
|
|
|
function getAccount(args, handlers) {
|
|
var accountId = args.accountId;
|
|
var accountDir = path.join(args.accountsDir, accountId);
|
|
var files = {};
|
|
var configs = ['meta.json', 'private_key.json', 'regr.json'];
|
|
|
|
return PromiseA.all(configs.map(function (filename) {
|
|
var keyname = filename.slice(0, -5);
|
|
|
|
return fs.readFileAsync(path.join(accountDir, filename), 'utf8').then(function (text) {
|
|
var data;
|
|
|
|
try {
|
|
data = JSON.parse(text);
|
|
} catch(e) {
|
|
files[keyname] = { error: e };
|
|
return;
|
|
}
|
|
|
|
files[keyname] = data;
|
|
}, function (err) {
|
|
files[keyname] = { error: err };
|
|
});
|
|
})).then(function () {
|
|
|
|
if (!Object.keys(files).every(function (key) {
|
|
return !files[key].error;
|
|
})) {
|
|
// TODO log renewal.conf
|
|
console.warn("Account '" + accountId + "' was corrupt. No big deal (I think?). Creating a new one...");
|
|
//console.log(accountId, files);
|
|
return createAccount(args, handlers);
|
|
}
|
|
|
|
var keypair = { privateKeyJwk: files.private_key };
|
|
keypair.privateKeyPem = RSA.exportPrivatePem(keypair);
|
|
keypair.publicKeyPem = RSA.exportPublicPem(keypair);
|
|
|
|
//files.private_key;
|
|
//files.regr;
|
|
//files.meta;
|
|
files.accountId = accountId; // preserve current account id
|
|
files.id = accountId;
|
|
files.keypair = keypair;
|
|
|
|
return files;
|
|
});
|
|
}
|
|
|
|
function getAccountIdByEmail(args) {
|
|
// If we read 10,000 account directories looking for
|
|
// just one email address, that could get crazy.
|
|
// We should have a folder per email and list
|
|
// each account as a file in the folder
|
|
// TODO
|
|
var email = args.email;
|
|
if ('string' !== typeof email) {
|
|
if (args.debug) {
|
|
console.log("[LE] No email given");
|
|
}
|
|
return PromiseA.resolve(null);
|
|
}
|
|
return fs.readdirAsync(args.accountsDir).then(function (nodes) {
|
|
if (args.debug) {
|
|
console.log("[LE] arg.accountsDir success");
|
|
}
|
|
|
|
return PromiseA.all(nodes.map(function (node) {
|
|
return fs.readFileAsync(path.join(args.accountsDir, node, 'regr.json'), 'utf8').then(function (text) {
|
|
var regr = JSON.parse(text);
|
|
regr.__accountId = node;
|
|
|
|
return regr;
|
|
});
|
|
})).then(function (regrs) {
|
|
var accountId;
|
|
|
|
/*
|
|
if (args.debug) {
|
|
console.log('read many regrs');
|
|
console.log('regrs', regrs);
|
|
}
|
|
*/
|
|
|
|
regrs.some(function (regr) {
|
|
return regr.body.contact.some(function (contact) {
|
|
var match = contact.toLowerCase() === 'mailto:' + email.toLowerCase();
|
|
if (match) {
|
|
accountId = regr.__accountId;
|
|
return true;
|
|
}
|
|
});
|
|
});
|
|
|
|
if (!accountId) {
|
|
return null;
|
|
}
|
|
|
|
return accountId;
|
|
});
|
|
}).then(function (accountId) {
|
|
return accountId;
|
|
}, function (err) {
|
|
if ('ENOENT' === err.code) {
|
|
// ignore error
|
|
return null;
|
|
}
|
|
|
|
return PromiseA.reject(err);
|
|
});
|
|
}
|
|
|
|
module.exports.getAccountIdByEmail = getAccountIdByEmail;
|
|
module.exports.getAccount = getAccount;
|
|
module.exports.createAccount = createAccount;
|