moving to rsa-compat for rsa crypto
This commit is contained in:
AJ ONeal
parent
35b673505d
commit
92e436108e
@ -1,8 +1,9 @@
|
|||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
var PromiseA = require('bluebird');
|
var PromiseA = require('bluebird');
|
||||||
|
var crypto = require('crypto');
|
||||||
var LeCore = require('letiny-core');
|
var LeCore = require('letiny-core');
|
||||||
var leCrypto = LeCore.leCrypto;
|
var RSA = PromiseA.promisifyAll(require('rsa-compat').RSA);
|
||||||
var path = require('path');
|
var path = require('path');
|
||||||
var mkdirpAsync = PromiseA.promisify(require('mkdirp'));
|
var mkdirpAsync = PromiseA.promisify(require('mkdirp'));
|
||||||
var fs = PromiseA.promisifyAll(require('fs'));
|
var fs = PromiseA.promisifyAll(require('fs'));
|
||||||
@ -13,8 +14,8 @@ function createAccount(args, handlers) {
|
|||||||
|
|
||||||
// TODO support ECDSA
|
// TODO support ECDSA
|
||||||
// arg.rsaBitLength args.rsaExponent
|
// arg.rsaBitLength args.rsaExponent
|
||||||
return leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537).then(function (pems) {
|
return RSA.generateKeypairAsync(args.rsaKeySize || 1024, 65537, { public: true, pem: true }).then(function (keypair) {
|
||||||
/* pems = { privateKeyPem, privateKeyJwk, publicKeyPem, publicKeyMd5, publicKeySha256 } */
|
/* pems = { privateKeyPem, privateKeyJwk, publicKeyPem } */
|
||||||
|
|
||||||
return LeCore.registerNewAccountAsync({
|
return LeCore.registerNewAccountAsync({
|
||||||
email: args.email
|
email: args.email
|
||||||
@ -24,12 +25,16 @@ function createAccount(args, handlers) {
|
|||||||
args.tosUrl = tosUrl;
|
args.tosUrl = tosUrl;
|
||||||
handlers.agreeToTerms(args, agree);
|
handlers.agreeToTerms(args, agree);
|
||||||
}
|
}
|
||||||
, accountPrivateKeyPem: pems.privateKeyPem
|
, accountPrivateKeyPem: RSA.exportPrivatePem(keypair)
|
||||||
|
, accountKeypair: keypair
|
||||||
|
|
||||||
, debug: args.debug || handlers.debug
|
, debug: args.debug || handlers.debug
|
||||||
}).then(function (body) {
|
}).then(function (body) {
|
||||||
// TODO XXX use sha256
|
// TODO XXX use sha256 (the python client uses md5)
|
||||||
var accountId = pems.publicKeyMd5;
|
// TODO ssh fingerprint (noted on rsa-compat issues page, I believe)
|
||||||
|
keypair.publicKeyMd5 = crypto.createHash('md5').update(RSA.exportPublicPem(keypair)).digest('hex');
|
||||||
|
keypair.publicKeySha256 = crypto.createHash('sha256').update(RSA.exportPublicPem(keypair)).digest('hex');
|
||||||
|
var accountId = keypair.publicKeyMd5;
|
||||||
var accountDir = path.join(args.accountsDir, accountId);
|
var accountDir = path.join(args.accountsDir, accountId);
|
||||||
var regr = { body: body };
|
var regr = { body: body };
|
||||||
|
|
||||||
@ -44,11 +49,12 @@ function createAccount(args, handlers) {
|
|||||||
, creation_dt: isoDate
|
, creation_dt: isoDate
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// TODO abstract file writing
|
||||||
return PromiseA.all([
|
return PromiseA.all([
|
||||||
// meta.json {"creation_host": "ns1.redirect-www.org", "creation_dt": "2015-12-11T04:14:38Z"}
|
// meta.json {"creation_host": "ns1.redirect-www.org", "creation_dt": "2015-12-11T04:14:38Z"}
|
||||||
fs.writeFileAsync(path.join(accountDir, 'meta.json'), JSON.stringify(accountMeta), 'utf8')
|
fs.writeFileAsync(path.join(accountDir, 'meta.json'), JSON.stringify(accountMeta), 'utf8')
|
||||||
// private_key.json { "e", "d", "n", "q", "p", "kty", "qi", "dp", "dq" }
|
// private_key.json { "e", "d", "n", "q", "p", "kty", "qi", "dp", "dq" }
|
||||||
, fs.writeFileAsync(path.join(accountDir, 'private_key.json'), JSON.stringify(pems.privateKeyJwk), 'utf8')
|
, fs.writeFileAsync(path.join(accountDir, 'private_key.json'), JSON.stringify(RSA.exportPrivateJwk(keypair)), 'utf8')
|
||||||
// regr.json:
|
// regr.json:
|
||||||
/*
|
/*
|
||||||
{ body: { contact: [ 'mailto:coolaj86@gmail.com' ],
|
{ body: { contact: [ 'mailto:coolaj86@gmail.com' ],
|
||||||
@ -60,8 +66,10 @@ function createAccount(args, handlers) {
|
|||||||
*/
|
*/
|
||||||
, fs.writeFileAsync(path.join(accountDir, 'regr.json'), JSON.stringify(regr), 'utf8')
|
, fs.writeFileAsync(path.join(accountDir, 'regr.json'), JSON.stringify(regr), 'utf8')
|
||||||
]).then(function () {
|
]).then(function () {
|
||||||
|
var pems = {};
|
||||||
|
|
||||||
pems.meta = accountMeta;
|
pems.meta = accountMeta;
|
||||||
pems.privateKey = pems.privateKeyJwk;
|
pems.privateKey = RSA.exportPrivateJwk(keypair);
|
||||||
pems.regr = regr;
|
pems.regr = regr;
|
||||||
pems.accountId = accountId;
|
pems.accountId = accountId;
|
||||||
pems.id = accountId;
|
pems.id = accountId;
|
||||||
@ -106,19 +114,23 @@ function getAccount(args, handlers) {
|
|||||||
return createAccount(args, handlers);
|
return createAccount(args, handlers);
|
||||||
}
|
}
|
||||||
|
|
||||||
return leCrypto.privateJwkToPemsAsync(files.private_key).then(function (keypair) {
|
var keypair = { privateKeyJwk: files.private_key };
|
||||||
|
keypair.privateKeyPem = RSA.exportPrivatePem(keypair);
|
||||||
|
keypair.publicKeyPem = RSA.exportPublicPem(keypair);
|
||||||
|
keypair.publicKeyMd5 = crypto.createHash('md5').update(keypair.publicKeyPem).digest('hex');
|
||||||
|
keypair.publicKeySha256 = crypto.createHash('sha256').update(keypair.publicKeyPem).digest('hex');
|
||||||
|
|
||||||
files.accountId = accountId; // preserve current account id
|
files.accountId = accountId; // preserve current account id
|
||||||
files.id = accountId;
|
files.id = accountId;
|
||||||
files.publicKeySha256 = keypair.publicKeySha256;
|
|
||||||
files.publicKeyMd5 = keypair.publicKeyMd5;
|
|
||||||
files.publicKeyPem = keypair.publicKeyPem; // ascii PEM: ----BEGIN...
|
|
||||||
files.privateKeyPem = keypair.privateKeyPem; // ascii PEM: ----BEGIN...
|
|
||||||
files.privateKeyJson = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc }
|
|
||||||
files.privateKeyJwk = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc }
|
files.privateKeyJwk = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc }
|
||||||
|
//files.privateKeyJson = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc }
|
||||||
|
files.privateKeyPem = keypair.privateKeyPem; // ascii PEM: ----BEGIN...
|
||||||
|
files.publicKeyPem = keypair.publicKeyPem; // ascii PEM: ----BEGIN...
|
||||||
|
files.publicKeyMd5 = keypair.publicKeyMd5;
|
||||||
|
files.publicKeySha256 = keypair.publicKeySha256;
|
||||||
|
|
||||||
return files;
|
return files;
|
||||||
});
|
});
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function getAccountIdByEmail(args) {
|
function getAccountIdByEmail(args) {
|
||||||
|
|||||||
49
lib/core.js
49
lib/core.js
@ -1,6 +1,7 @@
|
|||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
var PromiseA = require('bluebird');
|
var PromiseA = require('bluebird');
|
||||||
|
var RSA = PromiseA.promisifyAll(require('rsa-compat').RSA);
|
||||||
var mkdirpAsync = PromiseA.promisify(require('mkdirp'));
|
var mkdirpAsync = PromiseA.promisify(require('mkdirp'));
|
||||||
var path = require('path');
|
var path = require('path');
|
||||||
var fs = PromiseA.promisifyAll(require('fs'));
|
var fs = PromiseA.promisifyAll(require('fs'));
|
||||||
@ -195,7 +196,12 @@ function writeCertificateAsync(args, defaults, handlers) {
|
|||||||
sfs.writeFileAsync(certArchive, result.cert, 'ascii')
|
sfs.writeFileAsync(certArchive, result.cert, 'ascii')
|
||||||
, sfs.writeFileAsync(chainArchive, result.ca || result.chain, 'ascii')
|
, sfs.writeFileAsync(chainArchive, result.ca || result.chain, 'ascii')
|
||||||
, sfs.writeFileAsync(fullchainArchive, result.fullchain, 'ascii')
|
, sfs.writeFileAsync(fullchainArchive, result.fullchain, 'ascii')
|
||||||
, sfs.writeFileAsync(privkeyArchive, result.key || result.privkey || args.domainPrivateKeyPem, 'ascii')
|
, sfs.writeFileAsync(
|
||||||
|
privkeyArchive
|
||||||
|
// TODO nix args.key, args.domainPrivateKeyPem ??
|
||||||
|
, result.key || result.privkey || args.domainPrivateKeyPem || RSA.exportPrivateKey(args.domainKeypair)
|
||||||
|
, 'ascii'
|
||||||
|
)
|
||||||
]);
|
]);
|
||||||
}).then(function () {
|
}).then(function () {
|
||||||
return mkdirpAsync(liveDir);
|
return mkdirpAsync(liveDir);
|
||||||
@ -204,7 +210,12 @@ function writeCertificateAsync(args, defaults, handlers) {
|
|||||||
sfs.writeFileAsync(certPath, result.cert, 'ascii')
|
sfs.writeFileAsync(certPath, result.cert, 'ascii')
|
||||||
, sfs.writeFileAsync(chainPath, result.ca || result.chain, 'ascii')
|
, sfs.writeFileAsync(chainPath, result.ca || result.chain, 'ascii')
|
||||||
, sfs.writeFileAsync(fullchainPath, result.fullchain, 'ascii')
|
, sfs.writeFileAsync(fullchainPath, result.fullchain, 'ascii')
|
||||||
, sfs.writeFileAsync(privkeyPath, result.key || result.privkey || args.domainPrivateKeyPem, 'ascii')
|
, sfs.writeFileAsync(
|
||||||
|
privkeyPath
|
||||||
|
// TODO nix args.key, args.domainPrivateKeyPem ??
|
||||||
|
, result.key || result.privkey || args.domainPrivateKeyPem || RSA.exportPrivateKey(args.domainKeypair)
|
||||||
|
, 'ascii'
|
||||||
|
)
|
||||||
]);
|
]);
|
||||||
}).then(function () {
|
}).then(function () {
|
||||||
obj.checkpoints += 1;
|
obj.checkpoints += 1;
|
||||||
@ -219,8 +230,9 @@ function writeCertificateAsync(args, defaults, handlers) {
|
|||||||
, fullchainPath: fullchainPath
|
, fullchainPath: fullchainPath
|
||||||
, privkeyPath: privkeyPath
|
, privkeyPath: privkeyPath
|
||||||
|
|
||||||
|
// TODO nix args.key, args.domainPrivateKeyPem ??
|
||||||
// some ambiguity here...
|
// some ambiguity here...
|
||||||
, privkey: result.key || result.privkey || args.domainPrivateKeyPem
|
, privkey: result.key || result.privkey || args.domainPrivateKeyPem || RSA.exportPrivateKey(args.domainKeypair)
|
||||||
, fullchain: result.fullchain || result.cert
|
, fullchain: result.fullchain || result.cert
|
||||||
, chain: result.ca || result.chain
|
, chain: result.ca || result.chain
|
||||||
// especially this one... might be cert only, might be fullchain
|
// especially this one... might be cert only, might be fullchain
|
||||||
@ -235,21 +247,30 @@ function writeCertificateAsync(args, defaults, handlers) {
|
|||||||
function getCertificateAsync(args, defaults, handlers) {
|
function getCertificateAsync(args, defaults, handlers) {
|
||||||
var account = args.account;
|
var account = args.account;
|
||||||
var promise;
|
var promise;
|
||||||
|
var keypairOpts = { public: true, pem: true };
|
||||||
|
|
||||||
if (args.domainKeyPath) {
|
if (!args.domainKeyPath) {
|
||||||
// TODO use existing pre-generated key if avaibale
|
// TODO use default path ???
|
||||||
console.warn("[LE /lib/core.js] retrieve from domainKeyPath NOT IMPLEMENTED (please file an issue to remind me about this)");
|
promise = RSA.generateKeypairAsync(args.rsaKeySize, 65537, keypairOpts);
|
||||||
promise = leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537);
|
|
||||||
} else {
|
|
||||||
promise = leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return promise.then(function (domainKey) {
|
if (args.domainKeyPath) {
|
||||||
|
promise = fs.readFileAsync(args.domainKeyPath, 'ascii').then(function (pem) {
|
||||||
|
return RSA.import({ privateKeyPem: pem });
|
||||||
|
}, function (err) {
|
||||||
|
return RSA.generateKeypairAsync(args.rsaKeySize, 65537, keypairOpts).then(function (keypair) {
|
||||||
|
return fs.writeFileAsync(args.domainKeyPath, keypair.privateKeyPem, 'ascii');
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
return promise.then(function (domainKeypair) {
|
||||||
if (args.debug) {
|
if (args.debug) {
|
||||||
console.log("[letsencrypt/lib/core.js] get certificate");
|
console.log("[letsencrypt/lib/core.js] get certificate");
|
||||||
}
|
}
|
||||||
|
|
||||||
args.domainPrivateKeyPem = args.domainPrivateKeyPem || domainKey.privateKeyPem;
|
args.domainKeypair = domainKeypair;
|
||||||
|
args.domainPrivateKeyPem = RSA.exportPrivateKeyPem(domainKeypair);
|
||||||
//args.registration = domainKey;
|
//args.registration = domainKey;
|
||||||
|
|
||||||
return LeCore.getCertificateAsync({
|
return LeCore.getCertificateAsync({
|
||||||
@ -258,8 +279,10 @@ function getCertificateAsync(args, defaults, handlers) {
|
|||||||
, newAuthzUrl: args._acmeUrls.newAuthz
|
, newAuthzUrl: args._acmeUrls.newAuthz
|
||||||
, newCertUrl: args._acmeUrls.newCert
|
, newCertUrl: args._acmeUrls.newCert
|
||||||
|
|
||||||
, accountPrivateKeyPem: account.privateKeyPem
|
, accountPrivateKeyPem: account.keypair || RSA.import({ privateKeyPem: account.privateKeyPem })
|
||||||
, domainPrivateKeyPem: domainKey.privateKeyPem
|
, accountKeypair: RSA.import(account.keypair || { privateKeyPem: account.privateKeyPem })
|
||||||
|
, domainPrivateKeyPem: RSA.exportPrivateKeyPem(domainKeypair)
|
||||||
|
, domainKeypair: domainKeypair
|
||||||
, domains: args.domains
|
, domains: args.domains
|
||||||
|
|
||||||
//
|
//
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user