| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 'use strict'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | var A = module.exports; | 
					
						
							|  |  |  | var U = require('./utils.js'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | var Keypairs = require('@root/keypairs'); | 
					
						
							|  |  |  | var Enc = require('@root/encoding/bytes'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | A._getAccountKid = function(me, options) { | 
					
						
							|  |  |  | 	// It's just fine if there's no account, we'll go get the key id we need via the existing key
 | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 	var kid = | 
					
						
							|  |  |  | 		options.kid || | 
					
						
							|  |  |  | 		(options.account && (options.account.key && options.account.key.kid)); | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 	if (kid) { | 
					
						
							|  |  |  | 		return Promise.resolve(kid); | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	//return Promise.reject(new Error("must include KeyID"));
 | 
					
						
							|  |  |  | 	// This is an idempotent request. It'll return the same account for the same public key.
 | 
					
						
							|  |  |  | 	return A._registerAccount(me, options).then(function(account) { | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 		return account.key.kid; | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 	}); | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ACME RFC Section 7.3 Account Creation
 | 
					
						
							|  |  |  | /* | 
					
						
							|  |  |  |  { | 
					
						
							|  |  |  |    "protected": base64url({ | 
					
						
							|  |  |  |      "alg": "ES256", | 
					
						
							|  |  |  |      "jwk": {...}, | 
					
						
							|  |  |  |      "nonce": "6S8IqOGY7eL2lsGoTZYifg", | 
					
						
							|  |  |  |      "url": "https://example.com/acme/new-account" | 
					
						
							|  |  |  |    }), | 
					
						
							|  |  |  |    "payload": base64url({ | 
					
						
							|  |  |  |      "termsOfServiceAgreed": true, | 
					
						
							|  |  |  |      "onlyReturnExisting": false, | 
					
						
							|  |  |  |      "contact": [ | 
					
						
							|  |  |  |        "mailto:cert-admin@example.com", | 
					
						
							|  |  |  |        "mailto:admin@example.com" | 
					
						
							|  |  |  |      ] | 
					
						
							|  |  |  |    }), | 
					
						
							|  |  |  |    "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I" | 
					
						
							|  |  |  |  } | 
					
						
							|  |  |  | */ | 
					
						
							|  |  |  | A._registerAccount = function(me, options) { | 
					
						
							|  |  |  | 	//#console.debug('[ACME.js] accounts.create');
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	function agree(tosUrl) { | 
					
						
							|  |  |  | 		var err; | 
					
						
							|  |  |  | 		if (me._tos !== tosUrl) { | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 			err = new Error("must agree to '" + tosUrl + "'"); | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 			err.code = 'E_AGREE_TOS'; | 
					
						
							|  |  |  | 			throw err; | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 		return true; | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 	function getAccount() { | 
					
						
							|  |  |  | 		return U._importKeypair(options.accountKey).then(function(pair) { | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 			var contact; | 
					
						
							|  |  |  | 			if (options.contact) { | 
					
						
							|  |  |  | 				contact = options.contact.slice(0); | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 			} else if (options.subscriberEmail) { | 
					
						
							|  |  |  | 				contact = ['mailto:' + options.subscriberEmail]; | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 			} | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 			var accountRequest = { | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 				termsOfServiceAgreed: true, | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 				onlyReturnExisting: false, | 
					
						
							|  |  |  | 				contact: contact | 
					
						
							|  |  |  | 			}; | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 
 | 
					
						
							|  |  |  | 			var pub = pair.public; | 
					
						
							|  |  |  | 			return attachExtAcc(pub, accountRequest).then(function(accReq) { | 
					
						
							|  |  |  | 				var payload = JSON.stringify(accReq); | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 				return U._jwsRequest(me, { | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 					accountKey: options.accountKey, | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 					url: me._directoryUrls.newAccount, | 
					
						
							|  |  |  | 					protected: { kid: false, jwk: pair.public }, | 
					
						
							|  |  |  | 					payload: Enc.strToBuf(payload) | 
					
						
							|  |  |  | 				}).then(function(resp) { | 
					
						
							|  |  |  | 					var account = resp.body; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 					if (resp.statusCode < 200 || resp.statusCode >= 300) { | 
					
						
							|  |  |  | 						if ('string' !== typeof account) { | 
					
						
							|  |  |  | 							account = JSON.stringify(account); | 
					
						
							|  |  |  | 						} | 
					
						
							|  |  |  | 						throw new Error( | 
					
						
							|  |  |  | 							'account error: ' + | 
					
						
							|  |  |  | 								resp.statusCode + | 
					
						
							|  |  |  | 								' ' + | 
					
						
							|  |  |  | 								account + | 
					
						
							|  |  |  | 								'\n' + | 
					
						
							|  |  |  | 								payload | 
					
						
							|  |  |  | 						); | 
					
						
							|  |  |  | 					} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 					// the account id url is the "kid"
 | 
					
						
							|  |  |  | 					var kid = resp.headers.location; | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 					if (!account) { | 
					
						
							|  |  |  | 						account = { _emptyResponse: true }; | 
					
						
							|  |  |  | 					} | 
					
						
							|  |  |  | 					if (!account.key) { | 
					
						
							|  |  |  | 						account.key = {}; | 
					
						
							|  |  |  | 					} | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 					account.key.kid = kid; | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 					return account; | 
					
						
							|  |  |  | 				}); | 
					
						
							|  |  |  | 			}); | 
					
						
							|  |  |  | 		}); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 	// for external accounts (probably useless, but spec'd)
 | 
					
						
							|  |  |  | 	function attachExtAcc(pubkey, accountRequest) { | 
					
						
							|  |  |  | 		if (!options.externalAccount) { | 
					
						
							|  |  |  | 			return Promise.resolve(accountRequest); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		return Keypairs.signJws({ | 
					
						
							|  |  |  | 			// TODO is HMAC the standard, or is this arbitrary?
 | 
					
						
							|  |  |  | 			secret: options.externalAccount.secret, | 
					
						
							|  |  |  | 			protected: { | 
					
						
							|  |  |  | 				alg: options.externalAccount.alg || 'HS256', | 
					
						
							|  |  |  | 				kid: options.externalAccount.id, | 
					
						
							|  |  |  | 				url: me._directoryUrls.newAccount | 
					
						
							|  |  |  | 			}, | 
					
						
							|  |  |  | 			payload: Enc.strToBuf(JSON.stringify(pubkey)) | 
					
						
							|  |  |  | 		}).then(function(jws) { | 
					
						
							|  |  |  | 			accountRequest.externalAccountBinding = jws; | 
					
						
							|  |  |  | 			return accountRequest; | 
					
						
							|  |  |  | 		}); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | 	return Promise.resolve() | 
					
						
							|  |  |  | 		.then(function() { | 
					
						
							|  |  |  | 			//#console.debug('[ACME.js] agreeToTerms');
 | 
					
						
							|  |  |  | 			var agreeToTerms = options.agreeToTerms; | 
					
						
							|  |  |  | 			if (true === agreeToTerms) { | 
					
						
							|  |  |  | 				agreeToTerms = function(tos) { | 
					
						
							|  |  |  | 					return tos; | 
					
						
							|  |  |  | 				}; | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			return agreeToTerms(me._tos); | 
					
						
							|  |  |  | 		}) | 
					
						
							| 
									
										
										
										
											2019-10-24 18:49:42 -06:00
										 |  |  | 		.then(agree) | 
					
						
							|  |  |  | 		.then(getAccount); | 
					
						
							| 
									
										
										
										
											2019-10-23 01:44:55 -06:00
										 |  |  | }; |