179 lines
5.0 KiB
JavaScript
179 lines
5.0 KiB
JavaScript
|
'use strict';
|
||
|
|
||
|
module.exports.create = function (config={}) {
|
||
|
var store = {
|
||
|
options: {},
|
||
|
accounts: {},
|
||
|
certificates: {}
|
||
|
};
|
||
|
|
||
|
// The user can provide their own db, but if they don't, we'll use the
|
||
|
// baked-in db.
|
||
|
if (!config.db) {
|
||
|
// If the user provides options for the baked-in db, we'll use them. If
|
||
|
// they don't, we'll use the baked-in db with its defaults.
|
||
|
config.db = require('./db')(config.dbConfig || null);
|
||
|
}
|
||
|
else {
|
||
|
// This library expects config.db to resolve the db object. We'll ensure
|
||
|
// that this is the case with the provided db, as it was with the baked-in
|
||
|
// db.
|
||
|
config.db = Promise.resolve(config.db);
|
||
|
}
|
||
|
|
||
|
store.certificates.check = function (opts) {
|
||
|
return config.db.then(function (db) {
|
||
|
return db.Certificate.findOne({
|
||
|
where: {
|
||
|
subject: opts.subject
|
||
|
},
|
||
|
attributes: {
|
||
|
exclude: ['createdAt','updatedAt']
|
||
|
},
|
||
|
include: {
|
||
|
model: db.Chain
|
||
|
}
|
||
|
});
|
||
|
}).then(function (record) {
|
||
|
if (record) {
|
||
|
var obj = record.get();
|
||
|
obj.Chain = obj.Chain.get();
|
||
|
obj.chain = obj.Chain.content;
|
||
|
delete obj.Chain;
|
||
|
obj.issuedAt = new Date(obj.issuedAt).getTime();
|
||
|
obj.expiresAt = new Date(obj.expiresAt).getTime();
|
||
|
obj.altnames = String(obj.altnames).split(',');
|
||
|
return obj;
|
||
|
}
|
||
|
var err = new Error('certificate record not found');
|
||
|
err.code = 'ENOENT';
|
||
|
throw err;
|
||
|
}).catch(function (err) {
|
||
|
if (err.code == 'ENOENT') {
|
||
|
return null;
|
||
|
}
|
||
|
throw err;
|
||
|
});
|
||
|
};
|
||
|
|
||
|
// optional, not implemented
|
||
|
store.accounts.check = function () {
|
||
|
return Promise.resolve(null);
|
||
|
};
|
||
|
|
||
|
store.accounts.checkKeypair = function (opts) {
|
||
|
return config.db.then(function (db) {
|
||
|
return db.Keypair.findOne({
|
||
|
where: {
|
||
|
// using xid because id is reserved by sequelize
|
||
|
xid: opts.account.id || opts.email || 'single-user'
|
||
|
}
|
||
|
});
|
||
|
}).then(function (record) {
|
||
|
if (record) {
|
||
|
return JSON.parse(record.get().content);
|
||
|
}
|
||
|
var err = new Error('keypair record not found');
|
||
|
err.code = 'ENOENT';
|
||
|
throw err;
|
||
|
}).catch(function (err) {
|
||
|
if (err.code == 'ENOENT') {
|
||
|
return null;
|
||
|
}
|
||
|
throw err;
|
||
|
});
|
||
|
};
|
||
|
|
||
|
store.accounts.setKeypair = function (opts) {
|
||
|
return config.db.then(function (db) {
|
||
|
return db.Keypair.findOrCreate({
|
||
|
where: {
|
||
|
// using xid because id is reserved by sequelize
|
||
|
xid: opts.account.id || opts.email || 'single-user'
|
||
|
}
|
||
|
});
|
||
|
}).then(function ([record,created]) {
|
||
|
record.content = JSON.stringify(opts.keypair);
|
||
|
return record.save();
|
||
|
});
|
||
|
};
|
||
|
|
||
|
// optional, not implemented
|
||
|
store.accounts.set = function (opts) {
|
||
|
return Promise.resolve(null);
|
||
|
};
|
||
|
|
||
|
store.certificates.checkKeypair = function (opts) {
|
||
|
return config.db.then(function (db) {
|
||
|
return db.Keypair.findOne({
|
||
|
where: {
|
||
|
// using xid because id is reserved by sequelize
|
||
|
xid: opts.certificate.kid || opts.certificate.id || opts.subject
|
||
|
}
|
||
|
});
|
||
|
}).then(function (record) {
|
||
|
if (record) {
|
||
|
return JSON.parse(record.get().content);
|
||
|
}
|
||
|
var err = new Error('keypair record not found');
|
||
|
err.code = 'ENOENT';
|
||
|
throw err;
|
||
|
}).catch(function (err) {
|
||
|
if (err.code == 'ENOENT') {
|
||
|
return null;
|
||
|
}
|
||
|
throw err;
|
||
|
});
|
||
|
};
|
||
|
|
||
|
store.certificates.setKeypair = function (opts) {
|
||
|
return config.db.then(function (db) {
|
||
|
return db.Keypair.findOrCreate({
|
||
|
where: {
|
||
|
// using xid because id is reserved by sequelize
|
||
|
xid: opts.certificate.kid || opts.certificate.id || opts.subject
|
||
|
}
|
||
|
})
|
||
|
}).then(function ([record,created]) {
|
||
|
// { privateKeyPem, privateKeyJWK }
|
||
|
record.content = JSON.stringify(opts.keypair);
|
||
|
return record.save();
|
||
|
});
|
||
|
};
|
||
|
|
||
|
store.certificates.set = function (opts) {
|
||
|
var chainDbId;
|
||
|
var chainShaId = require('./make-safe-sha-str')(opts.pems.chain);
|
||
|
return config.db.then(function (db) {
|
||
|
return db.Chain.findOrCreate({
|
||
|
where: {
|
||
|
xid: chainShaId
|
||
|
}
|
||
|
}).then(function ([chainRec,created]) {
|
||
|
chainDbId = chainRec.id;
|
||
|
chainRec.content = opts.pems.chain;
|
||
|
return chainRec.save();
|
||
|
}).then(function () {
|
||
|
var query = { where: {} };
|
||
|
if (opts.certificate.id) {
|
||
|
query.where.id = opts.certificate.id;
|
||
|
}
|
||
|
else {
|
||
|
query.where.subject = opts.subject;
|
||
|
}
|
||
|
return db.Certificate.findOrCreate(query);
|
||
|
}).then(function (records) {
|
||
|
var record = records[0];
|
||
|
record.cert = opts.pems.cert;
|
||
|
record.altnames = opts.pems.altnames.join(',');
|
||
|
record.issuedAt = new Date(opts.pems.issuedAt).toISOString();
|
||
|
record.expiresAt = new Date(opts.pems.expiresAt).toISOString();
|
||
|
record.setChain(chainDbId);
|
||
|
return record.save();
|
||
|
});
|
||
|
});
|
||
|
};
|
||
|
|
||
|
return store;
|
||
|
};
|