le-store-SPEC.js/index.js

127 lines
3.4 KiB
JavaScript

'use strict';
module.exports.create = function (options) {
var defaults = {};
var accounts = {
// Accounts
setKeypair: function (opts, keypair, cb) {
// opts.email // optional
// opts.accountId // optional - same as returned from acounts.set(opts, reg)
// SAVE to db (as PEM and/or JWK) and index each domain in domains to this keypair
// keypair = { privateKeyPem: '...', privateKeyJwk: { ... } }
cb(null, keypair);
}
// Accounts
, checkKeypair: function (opts, cb) {
// opts.email // optional
// opts.accountId // optional - same as returned from acounts.set(opts, reg)
// check db and return null or keypair object with one
// (or both) of privateKeyPem or privateKeyJwk
cb(null, { privateKeyPem: '...', privateKeyJwk: {} });
}
// Accounts
, check: function (opts, cb) {
// opts.email // optional
// opts.accountId // optional - same as returned from acounts.set(opts, reg)
// opts.domains // optional - same as set in certificates.set(opts, certs)
// return account from db if it exists, otherwise null
cb(null, { id: '...', keypair: { privateKeyJwk: {} }/*, domains: []*/ });
}
// Accounts
, set: function (opts, reg, cb) {
// opts.email
// reg.keypair
// reg.receipt // response from acme server
// You must implement a method to deterministically generate 'id'
// For example, you could do this:
// var id = crypto.createHash('sha256').update(reg.keypair.publicKeyPem).digest('hex');
cb(null, { id: '...', email: opts.email, keypair: reg.keypair, receipt: reg.receipt });
}
};
var certificates = {
// Certificates
setKeypair: function (opts, keypair, cb) {
// opts.domains - this is an array, but you nly need the first (or any) of them
// SAVE to db (as PEM and/or JWK) and index each domain in domains to this keypair
cb(null, keypair);
}
// Certificates
, checkKeypair: function (opts, cb) {
// opts.domains - this is an array, but you only need the first (or any) of them
// check db and return null or keypair object with one of privateKeyPem or privateKeyJwk
cb(null, { privateKeyPem: '...', privateKeyJwk: {} });
}
// Certificates
, check: function (opts, cb) {
// You will be provided one of these (which should be tried in this order)
// opts.domains
// opts.email // optional
// opts.accountId // optional
// return certificate PEMs from db if they exist, otherwise null
// optionally include expiresAt and issuedAt, if they are known exactly
// (otherwise they will be read from the cert itself later)
cb(null, { privkey: 'PEM', cert: 'PEM', chain: 'PEM', domains: [], accountId: '...' });
}
// Certificates
, set: function (opts, pems, cb) {
// opts.domains // each of these must be indexed
// opts.email // optional, should be indexed
// opts.accountId // optional - same as set by you in accounts.set(opts, keypair) above
// pems.privkey
// pems.cert
// pems.chain
// SAVE to the database, index the email address, the accountId, and alias the domains
cb(null, pems);
}
};
return {
getOptions: function () {
// merge options with default settings and then return them
return options;
}
, accounts: accounts
, certificates: certificates
};
};