147 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			147 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| 'use strict';
 | |
| 
 | |
| module.exports.create = function (opts) {
 | |
|   // pass in database url, connection string, filepath,
 | |
|   // or whatever it is you need to get your job done well
 | |
| 
 | |
| 
 | |
| 
 | |
|   // This is our in-memory storage.
 | |
|   // We take it from the outside to make testing the dummy module easier.
 | |
|   var cache = opts.cache || {};
 | |
|   if (!cache.accounts) { cache.accounts = {}; }
 | |
|   if (!cache.certificates) { cache.certificates = {}; }
 | |
|   // Although we could have two collections of keypairs,
 | |
|   // it's also fine to store both types together.
 | |
|   if (!cache.keypairs) { cache.keypairs = {}; }
 | |
| 
 | |
| 
 | |
| 
 | |
|   var store = {};
 | |
|   // any options you need per instance
 | |
|   // (probably okay to leave empty)
 | |
|   store.options = {};
 | |
|   store.accounts = {};
 | |
|   store.certificates = {};
 | |
| 
 | |
| 
 | |
| 
 | |
|   // Whenever a new keypair is used to successfully create an account, we need to save its keypair
 | |
|   store.accounts.setKeypair = function (opts) {
 | |
|     console.log('accounts.setKeypair:', opts.account, opts.email, opts.keypair);
 | |
| 
 | |
|     var id = opts.account.id || opts.email || 'default';
 | |
|     var keypair = opts.keypair;
 | |
| 
 | |
|     cache.keypairs[id] = JSON.stringify({
 | |
|       privateKeyPem: keypair.privateKeyPem
 | |
|     , privateKeyJwk: keypair.privateKeyJwk
 | |
|     });
 | |
| 
 | |
|     return null; // or Promise.resolve(null);
 | |
|   };
 | |
| 
 | |
| 
 | |
| 
 | |
|   // We need a way to retrieve a prior account's keypair for renewals and additional ACME certificate "orders"
 | |
|   store.accounts.checkKeypair = function (opts) {
 | |
|     console.log('accounts.checkKeypair:', opts.account, opts.email);
 | |
| 
 | |
|     var id = opts.account.id || opts.email || 'default';
 | |
|     var keyblob = cache.keypairs[id];
 | |
| 
 | |
|     if (!keyblob) { return null; }
 | |
| 
 | |
|     return JSON.parse(keyblob);
 | |
|   };
 | |
| 
 | |
| 
 | |
| 
 | |
|   // We can optionally implement ACME account storage and retrieval
 | |
|   // (to reduce API calls), but it's really not necessary.
 | |
|   /*
 | |
|     store.accounts.set = function (opts) {
 | |
|       console.log('accounts.set:', opts);
 | |
|       return null;
 | |
|     };
 | |
|     store.accounts.check = function (opts) {
 | |
|       var id = opts.account.id || opts.email || 'default';
 | |
|       console.log('accounts.check:', opts);
 | |
|       return null;
 | |
|     };
 | |
|   */
 | |
| 
 | |
| 
 | |
| 
 | |
|   // The certificate keypairs must not be the same as any account keypair
 | |
|   store.certificates.setKeypair = function (opts) {
 | |
|     console.log('certificates.setKeypair:', opts.certificate, opts.subject, opts.keypair);
 | |
| 
 | |
|     var id = opts.certificate.kid || opts.certificate.id || opts.subject;
 | |
|     var keypair = opts.keypair;
 | |
| 
 | |
|     cache.keypairs[id] = JSON.stringify({
 | |
|       privateKeyPem: keypair.privateKeyPem
 | |
|     , privateKeyJwk: keypair.privateKeyJwk
 | |
|     });
 | |
|     // Note: you can use the "keypairs" package to convert between
 | |
|     // public and private for jwk and pem, as well as convert JWK <-> PEM
 | |
| 
 | |
|     return null;
 | |
|   };
 | |
| 
 | |
| 
 | |
| 
 | |
|   // You won't be able to use a certificate without it's private key, gotta save it
 | |
|   store.certificates.checkKeypair = function (opts) {
 | |
|     console.log('certificates.checkKeypair:', opts.certificate, opts.subject);
 | |
| 
 | |
|     var id = opts.certificate.kid || opts.certificate.id || opts.subject;
 | |
|     var keyblob = cache.keypairs[id];
 | |
| 
 | |
|     if (!keyblob) { return null; }
 | |
| 
 | |
|     return JSON.parse(keyblob);
 | |
|   };
 | |
| 
 | |
| 
 | |
| 
 | |
|   // And you'll also need to save certificates. You may find the metadata useful to save
 | |
|   // (perhaps to delete expired keys), but the same information can also be redireved from
 | |
|   // the key using the "cert-info" package.
 | |
|   store.certificates.set = function (opts) {
 | |
|     console.log('certificates.set:', opts.certificate, opts.subject);
 | |
| 
 | |
|     var id = opts.certificate.id || opts.subject;
 | |
|     var pems = opts.pems;
 | |
|     cache.certificates[id] = JSON.stringify({
 | |
|       cert: pems.cert
 | |
|     , chain: pems.chain
 | |
|     , subject: pems.subject
 | |
|     , altnames: pems.altnames
 | |
|     , issuedAt: pems.issuedAt   // a.k.a. NotBefore
 | |
|     , expiresAt: pems.expiresAt // a.k.a. NotAfter
 | |
|     });
 | |
| 
 | |
|     return null;
 | |
|   };
 | |
| 
 | |
| 
 | |
| 
 | |
|   // This is actually the first thing to be called after approveDomins(),
 | |
|   // but it's easiest to implement last since it's not useful until there
 | |
|   // are certs that can actually be loaded from storage.
 | |
|   store.certificates.check = function (opts) {
 | |
|     console.log('certificates.check:', opts.certificate, opts.subject);
 | |
| 
 | |
|     var id = opts.certificate.id || opts.subject;
 | |
|     var certblob = cache.certificates[id];
 | |
| 
 | |
|     if (!certblob) { return null; }
 | |
| 
 | |
|     return JSON.parse(certblob);
 | |
|   };
 | |
| 
 | |
|   return store;
 | |
| };
 |