lint and fix and use domains.generateKeypair
This commit is contained in:
parent
8a0e582962
commit
cda26c98b5
|
@ -444,7 +444,7 @@
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
return BACME.accounts.generateKeypair(opts).then(function (serverJwk) {
|
return BACME.domains.generateKeypair(opts).then(function (serverJwk) {
|
||||||
localStorage.setItem('server:' + key, JSON.stringify(serverJwk));
|
localStorage.setItem('server:' + key, JSON.stringify(serverJwk));
|
||||||
return serverJwk;
|
return serverJwk;
|
||||||
});
|
});
|
||||||
|
|
|
@ -4,6 +4,8 @@
|
||||||
var BACME = exports.BACME = {};
|
var BACME = exports.BACME = {};
|
||||||
var webFetch = exports.fetch;
|
var webFetch = exports.fetch;
|
||||||
var webCrypto = exports.crypto;
|
var webCrypto = exports.crypto;
|
||||||
|
var Promise = window.Promise;
|
||||||
|
var CSR = window.CSR;
|
||||||
|
|
||||||
var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
|
var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
|
||||||
var directory;
|
var directory;
|
||||||
|
@ -15,7 +17,6 @@ var accountKeypair;
|
||||||
var accountJwk;
|
var accountJwk;
|
||||||
|
|
||||||
var accountUrl;
|
var accountUrl;
|
||||||
var signedAccount;
|
|
||||||
|
|
||||||
BACME.challengePrefixes = {
|
BACME.challengePrefixes = {
|
||||||
'http-01': '/.well-known/acme-challenge'
|
'http-01': '/.well-known/acme-challenge'
|
||||||
|
@ -62,35 +63,7 @@ BACME.accounts = {};
|
||||||
// type = ECDSA
|
// type = ECDSA
|
||||||
// bitlength = 256
|
// bitlength = 256
|
||||||
BACME.accounts.generateKeypair = function (opts) {
|
BACME.accounts.generateKeypair = function (opts) {
|
||||||
var wcOpts = {};
|
return BACME.generateKeypair(opts).then(function (result) {
|
||||||
|
|
||||||
// ECDSA has only the P curves and an associated bitlength
|
|
||||||
if (/^EC/i.test(opts.type)) {
|
|
||||||
wcOpts.name = 'ECDSA';
|
|
||||||
if (/256/.test(opts.bitlength)) {
|
|
||||||
wcOpts.namedCurve = 'P-256';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// RSA-PSS is another option, but I don't think it's used for Let's Encrypt
|
|
||||||
// I think the hash is only necessary for signing, not generation or import
|
|
||||||
if (/^RS/i.test(opts.type)) {
|
|
||||||
wcOpts.name = 'RSASSA-PKCS1-v1_5';
|
|
||||||
wcOpts.modulusLength = opts.bitlength;
|
|
||||||
if (opts.bitlength < 2048) {
|
|
||||||
wcOpts.modulusLength = opts.bitlength * 8;
|
|
||||||
}
|
|
||||||
wcOpts.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
|
|
||||||
wcOpts.hash = { name: "SHA-256" };
|
|
||||||
}
|
|
||||||
|
|
||||||
// https://github.com/diafygi/webcrypto-examples#ecdsa---generatekey
|
|
||||||
var extractable = true;
|
|
||||||
return webCrypto.subtle.generateKey(
|
|
||||||
wcOpts
|
|
||||||
, extractable
|
|
||||||
, [ 'sign', 'verify' ]
|
|
||||||
).then(function (result) {
|
|
||||||
accountKeypair = result;
|
accountKeypair = result;
|
||||||
|
|
||||||
return webCrypto.subtle.exportKey(
|
return webCrypto.subtle.exportKey(
|
||||||
|
@ -115,7 +88,7 @@ BACME.accounts.generateKeypair = function (opts) {
|
||||||
//return accountKeypair;
|
//return accountKeypair;
|
||||||
});
|
});
|
||||||
*/
|
*/
|
||||||
})
|
});
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -158,7 +131,7 @@ BACME._importKey = function (jwk) {
|
||||||
e: priv.e
|
e: priv.e
|
||||||
, kty: priv.kty
|
, kty: priv.kty
|
||||||
, n: priv.n
|
, n: priv.n
|
||||||
}
|
};
|
||||||
if (!priv.p) {
|
if (!priv.p) {
|
||||||
priv = null;
|
priv = null;
|
||||||
}
|
}
|
||||||
|
@ -280,7 +253,6 @@ BACME.accounts.sign = function (opts) {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
var account;
|
|
||||||
var accountId;
|
var accountId;
|
||||||
|
|
||||||
BACME.accounts.set = function (opts) {
|
BACME.accounts.set = function (opts) {
|
||||||
|
@ -316,7 +288,6 @@ BACME.accounts.set = function (opts) {
|
||||||
};
|
};
|
||||||
|
|
||||||
var orderUrl;
|
var orderUrl;
|
||||||
var signedOrder;
|
|
||||||
|
|
||||||
BACME.orders = {};
|
BACME.orders = {};
|
||||||
|
|
||||||
|
@ -345,7 +316,6 @@ BACME.orders.sign = function (opts) {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
var order;
|
|
||||||
var currentOrderUrl;
|
var currentOrderUrl;
|
||||||
var authorizationUrls;
|
var authorizationUrls;
|
||||||
var finalizeUrl;
|
var finalizeUrl;
|
||||||
|
@ -571,28 +541,52 @@ BACME.challenges.check = function (opts) {
|
||||||
var domainKeypair;
|
var domainKeypair;
|
||||||
var domainJwk;
|
var domainJwk;
|
||||||
|
|
||||||
BACME.domains = {};
|
BACME.generateKeypair = function (opts) {
|
||||||
// TODO factor out from BACME.accounts.generateKeypair
|
var wcOpts = {};
|
||||||
BACME.domains.generateKeypair = function () {
|
|
||||||
|
// ECDSA has only the P curves and an associated bitlength
|
||||||
|
if (/^EC/i.test(opts.type)) {
|
||||||
|
wcOpts.name = 'ECDSA';
|
||||||
|
if (/256/.test(opts.bitlength)) {
|
||||||
|
wcOpts.namedCurve = 'P-256';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// RSA-PSS is another option, but I don't think it's used for Let's Encrypt
|
||||||
|
// I think the hash is only necessary for signing, not generation or import
|
||||||
|
if (/^RS/i.test(opts.type)) {
|
||||||
|
wcOpts.name = 'RSASSA-PKCS1-v1_5';
|
||||||
|
wcOpts.modulusLength = opts.bitlength;
|
||||||
|
if (opts.bitlength < 2048) {
|
||||||
|
wcOpts.modulusLength = opts.bitlength * 8;
|
||||||
|
}
|
||||||
|
wcOpts.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
|
||||||
|
wcOpts.hash = { name: "SHA-256" };
|
||||||
|
}
|
||||||
var extractable = true;
|
var extractable = true;
|
||||||
return window.crypto.subtle.generateKey(
|
return window.crypto.subtle.generateKey(
|
||||||
{ name: "ECDSA", namedCurve: "P-256" }
|
{ name: "ECDSA", namedCurve: "P-256" }
|
||||||
, extractable
|
, extractable
|
||||||
, [ 'sign', 'verify' ]
|
, [ 'sign', 'verify' ]
|
||||||
).then(function (result) {
|
);
|
||||||
|
};
|
||||||
|
BACME.domains = {};
|
||||||
|
// TODO factor out from BACME.accounts.generateKeypair even more
|
||||||
|
BACME.domains.generateKeypair = function (opts) {
|
||||||
|
return BACME.generateKeypair(opts).then(function (result) {
|
||||||
domainKeypair = result;
|
domainKeypair = result;
|
||||||
|
|
||||||
return window.crypto.subtle.exportKey(
|
return window.crypto.subtle.exportKey(
|
||||||
"jwk"
|
"jwk"
|
||||||
, result.privateKey
|
, result.privateKey
|
||||||
).then(function (jwk) {
|
).then(function (privJwk) {
|
||||||
|
|
||||||
domainJwk = jwk;
|
domainJwk = privJwk;
|
||||||
console.log('private jwk:');
|
console.log('private jwk:');
|
||||||
console.log(JSON.stringify(jwk, null, 2));
|
console.log(JSON.stringify(privJwk, null, 2));
|
||||||
|
|
||||||
return domainKeypair;
|
return privJwk;
|
||||||
})
|
});
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue