2019-10-29 05:18:13 +00:00
|
|
|
var accountKeypair = await Keypairs.generate({ kty: accKty });
|
|
|
|
|
if (config.debug) {
|
2019-10-31 16:26:18 -06:00
|
|
|
console.info('Account Key Created');
|
|
|
|
|
console.info(JSON.stringify(accountKeypair, null, 2));
|
|
|
|
|
console.info();
|
|
|
|
|
console.info();
|
2019-10-29 05:18:13 +00:00
|
|
|
}
|
2019-10-20 02:51:19 -06:00
|
|
|
|
2019-10-29 05:18:13 +00:00
|
|
|
var account = await acme.accounts.create({
|
2019-10-31 16:26:18 -06:00
|
|
|
agreeToTerms: agree,
|
|
|
|
|
// TODO detect jwk/pem/der?
|
|
|
|
|
accountKeypair: { privateKeyJwk: accountKeypair.private },
|
|
|
|
|
subscriberEmail: config.email
|
2019-10-29 05:18:13 +00:00
|
|
|
});
|
2019-10-20 02:51:19 -06:00
|
|
|
|
2019-10-29 05:18:13 +00:00
|
|
|
// TODO top-level agree
|
|
|
|
|
function agree(tos) {
|
2019-10-31 16:26:18 -06:00
|
|
|
if (config.debug) {
|
|
|
|
|
console.info('Agreeing to Terms of Service:');
|
|
|
|
|
console.info(tos);
|
|
|
|
|
console.info();
|
|
|
|
|
console.info();
|
|
|
|
|
}
|
|
|
|
|
agreed = true;
|
|
|
|
|
return Promise.resolve(tos);
|
2019-10-29 05:18:13 +00:00
|
|
|
}
|
|
|
|
|
if (config.debug) {
|
2019-10-31 16:26:18 -06:00
|
|
|
console.info('New Subscriber Account');
|
|
|
|
|
console.info(JSON.stringify(account, null, 2));
|
|
|
|
|
console.info();
|
|
|
|
|
console.info();
|
2019-10-29 05:18:13 +00:00
|
|
|
}
|
|
|
|
|
if (!agreed) {
|
2019-10-31 16:26:18 -06:00
|
|
|
throw new Error('Failed to ask the user to agree to terms');
|
2019-10-29 05:18:13 +00:00
|
|
|
}
|
2019-10-20 02:51:19 -06:00
|
|
|
|
2019-10-29 05:18:13 +00:00
|
|
|
var certKeypair = await Keypairs.generate({ kty: srvKty });
|
|
|
|
|
var pem = await Keypairs.export({
|
2019-10-31 16:26:18 -06:00
|
|
|
jwk: certKeypair.private,
|
|
|
|
|
encoding: 'pem'
|
2019-10-29 05:18:13 +00:00
|
|
|
});
|
|
|
|
|
if (config.debug) {
|
2019-10-31 16:26:18 -06:00
|
|
|
console.info('Server Key Created');
|
|
|
|
|
console.info('privkey.jwk.json');
|
|
|
|
|
console.info(JSON.stringify(certKeypair, null, 2));
|
|
|
|
|
// This should be saved as `privkey.pem`
|
|
|
|
|
console.info();
|
|
|
|
|
console.info('privkey.' + srvKty.toLowerCase() + '.pem:');
|
|
|
|
|
console.info(pem);
|
|
|
|
|
console.info();
|
2019-10-29 05:18:13 +00:00
|
|
|
}
|
2019-10-20 02:51:19 -06:00
|
|
|
|
2019-10-29 05:18:13 +00:00
|
|
|
// 'subject' should be first in list
|
|
|
|
|
var domains = randomDomains(rnd);
|
|
|
|
|
if (config.debug) {
|
2019-10-31 16:26:18 -06:00
|
|
|
console.info('Get certificates for random domains:');
|
|
|
|
|
console.info(
|
|
|
|
|
domains
|
|
|
|
|
.map(function(puny) {
|
|
|
|
|
var uni = punycode.toUnicode(puny);
|
|
|
|
|
if (puny !== uni) {
|
|
|
|
|
return puny + ' (' + uni + ')';
|
|
|
|
|
}
|
|
|
|
|
return puny;
|
|
|
|
|
})
|
|
|
|
|
.join('\n')
|
|
|
|
|
);
|
|
|
|
|
console.info();
|
2019-10-29 05:18:13 +00:00
|
|
|
}
|
2019-10-20 02:51:19 -06:00
|
|
|
|
2019-10-29 05:18:13 +00:00
|
|
|
// Create CSR
|
|
|
|
|
var csrDer = await CSR.csr({
|
2019-10-31 16:26:18 -06:00
|
|
|
jwk: certKeypair.private,
|
|
|
|
|
domains: domains,
|
|
|
|
|
encoding: 'der'
|
2019-10-29 05:18:13 +00:00
|
|
|
});
|
|
|
|
|
var csr = Enc.bufToUrlBase64(csrDer);
|
|
|
|
|
var csrPem = PEM.packBlock({
|
2019-10-31 16:26:18 -06:00
|
|
|
type: 'CERTIFICATE REQUEST',
|
|
|
|
|
bytes: csrDer /* { jwk: jwk, domains: opts.domains } */
|
2019-10-29 05:18:13 +00:00
|
|
|
});
|
|
|
|
|
if (config.debug) {
|
2019-10-31 16:26:18 -06:00
|
|
|
console.info('Certificate Signing Request');
|
|
|
|
|
console.info(csrPem);
|
|
|
|
|
console.info();
|
2019-10-29 05:18:13 +00:00
|
|
|
}
|
2019-10-20 02:51:19 -06:00
|
|
|
|
2019-10-29 05:18:13 +00:00
|
|
|
var results = await acme.certificates.create({
|
2019-10-31 16:26:18 -06:00
|
|
|
account: account,
|
|
|
|
|
accountKeypair: { privateKeyJwk: accountKeypair.private },
|
|
|
|
|
csr: csr,
|
|
|
|
|
domains: domains,
|
|
|
|
|
challenges: challenges, // must be implemented
|
|
|
|
|
customerEmail: null
|
2019-10-29 05:18:13 +00:00
|
|
|
});
|
