(function () { 'use strict'; /*global URLSearchParams,Headers*/ var BROWSER_SUPPORTS_ECDSA; var $qs = function (s) { return window.document.querySelector(s); }; var $qsa = function (s) { return window.document.querySelectorAll(s); }; var info = {}; var steps = {}; var nonce; var kid; var i = 1; var BACME = window.BACME; var PromiseA = window.Promise; var crypto = window.crypto; function testEcdsaSupport() { var opts = { type: 'ECDSA' , bitlength: '256' }; return BACME.accounts.generateKeypair(opts).then(function (jwk) { return crypto.subtle.importKey( "jwk" , jwk , { name: "ECDSA", namedCurve: "P-256" } , true , ["sign"] ).then(function (privateKey) { return window.crypto.subtle.exportKey("pkcs8", privateKey); }); }); } function testRsaSupport() { var opts = { type: 'RSA' , bitlength: '2048' }; return BACME.accounts.generateKeypair(opts).then(function (jwk) { return crypto.subtle.importKey( "jwk" , jwk , { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } } , true , ["sign"] ).then(function (privateKey) { return window.crypto.subtle.exportKey("pkcs8", privateKey); }); }); } function testKeypairSupport() { return testEcdsaSupport().then(function () { console.info("[crypto] ECDSA is supported"); BROWSER_SUPPORTS_ECDSA = true; localStorage.setItem('version', '1'); return true; }).catch(function () { console.warn("[crypto] ECDSA is NOT fully supported"); BROWSER_SUPPORTS_ECDSA = false; // fix previous firefox browsers if (!localStorage.getItem('version')) { localStorage.clear(); localStorage.setItem('version', '1'); } return false; }); } testKeypairSupport().then(function (ecdsaSupport) { if (ecdsaSupport) { return true; } return testRsaSupport().then(function () { console.info('[crypto] RSA is supported'); }).catch(function (err) { console.error('[crypto] could not use either EC nor RSA.'); console.error(err); window.alert("Your browser is cryptography support (neither RSA or EC is usable). Please use Chrome, Firefox, or Safari."); }); }); var apiUrl = 'https://acme-{{env}}.api.letsencrypt.org/directory'; function updateApiType() { console.log("type updated"); /*jshint validthis: true */ var input = this || Array.prototype.filter.call( $qsa('.js-acme-api-type'), function ($el) { return $el.checked; } )[0]; console.log('ACME api type radio:', input.value); $qs('.js-acme-directory-url').value = apiUrl.replace(/{{env}}/g, input.value); } $qsa('.js-acme-api-type').forEach(function ($el) { $el.addEventListener('change', updateApiType); }); updateApiType(); function hideForms() { $qsa('.js-acme-form').forEach(function (el) { el.hidden = true; }); } function updateProgress(currentStep) { var progressSteps = $qs("#js-progress-bar").children; for(var j = 0; j < progressSteps.length; j++) { if(j < currentStep) { progressSteps[j].classList.add("js-progress-step-complete"); progressSteps[j].classList.remove("js-progress-step-started"); } else if(j === currentStep) { progressSteps[j].classList.remove("js-progress-step-complete"); progressSteps[j].classList.add("js-progress-step-started"); } else { progressSteps[j].classList.remove("js-progress-step-complete"); progressSteps[j].classList.remove("js-progress-step-started"); } } } function submitForm(ev) { var j = i; i += 1; return PromiseA.resolve(steps[j].submit(ev)).catch(function (err) { console.error(err); window.alert.error("Something went wrong. It's our fault not yours. Please email aj@greenlock.domains and let him know that 'step " + j + "' failed."); }); } $qsa('.js-acme-form').forEach(function ($el) { $el.addEventListener('submit', function (ev) { ev.preventDefault(); submitForm(ev); }); }); function updateChallengeType() { /*jshint validthis: true*/ var input = this || Array.prototype.filter.call( $qsa('.js-acme-challenge-type'), function ($el) { return $el.checked; } )[0]; console.log('ch type radio:', input.value); $qs('.js-acme-verification-wildcard').hidden = true; $qs('.js-acme-verification-http-01').hidden = true; $qs('.js-acme-verification-dns-01').hidden = true; if (info.challenges.wildcard) { $qs('.js-acme-verification-wildcard').hidden = false; } if (info.challenges[input.value]) { $qs('.js-acme-verification-' + input.value).hidden = false; } } $qsa('.js-acme-challenge-type').forEach(function ($el) { $el.addEventListener('change', updateChallengeType); }); function saveContact(email, domains) { // to be used for good, not evil return window.fetch('https://api.ppl.family/api/ppl.family/public/list', { method: 'POST' , cors: true , headers: new Headers({ 'Content-Type': 'application/json' }) , body: JSON.stringify({ address: email , list: 'web@greenlock.domains' , domain: domains.join(',') }) }).catch(function (err) { console.error(err); }); } steps[1] = function () { updateProgress(0); hideForms(); $qs('.js-acme-form-domains').hidden = false; }; steps[1].submit = function () { info.identifiers = $qs('.js-acme-domains').value.split(/\s*,\s*/g).map(function (hostname) { return { type: 'dns', value: hostname.toLowerCase().trim() }; }).slice(0,1); //Disable multiple values for now. We'll just take the first and work with it. info.identifiers.sort(function (a, b) { if (a === b) { return 0; } if (a < b) { return 1; } if (a > b) { return -1; } }); return BACME.directory({ directoryUrl: $qs('.js-acme-directory-url').value }).then(function (directory) { $qs('.js-acme-tos-url').href = directory.meta.termsOfService; return BACME.nonce().then(function (_nonce) { nonce = _nonce; console.log("MAGIC STEP NUMBER in 1 is:", i); steps[i](); }); }); }; steps[2] = function () { updateProgress(0); hideForms(); $qs('.js-acme-form-account').hidden = false; }; steps[2].submit = function () { var email = $qs('.js-acme-account-email').value.toLowerCase().trim(); info.contact = [ 'mailto:' + email ]; info.agree = $qs('.js-acme-account-tos').checked; info.greenlockAgree = $qs('.js-gl-tos').checked; // TODO // options for // * regenerate key // * ECDSA / RSA / bitlength // TODO ping with version and account creation setTimeout(saveContact, 100, email, info.identifiers.map(function (ident) { return ident.value; })); var jwk = JSON.parse(localStorage.getItem('account:' + email) || 'null'); var p; function createKeypair() { var opts; if(BROWSER_SUPPORTS_ECDSA) { opts = { type: 'ECDSA' , bitlength: '256' }; } else { opts = { type: 'RSA' , bitlength: '2048' }; } return BACME.accounts.generateKeypair(opts).then(function (jwk) { localStorage.setItem('account:' + email, JSON.stringify(jwk)); return jwk; }); } if (jwk) { p = PromiseA.resolve(jwk); } else { p = testKeypairSupport().then(createKeypair); } function createAccount(jwk) { console.log('account jwk:'); console.log(jwk); delete jwk.key_ops; info.jwk = jwk; return BACME.accounts.sign({ jwk: jwk , contacts: [ 'mailto:' + email ] , agree: info.agree , nonce: nonce , kid: kid }).then(function (signedAccount) { return BACME.accounts.set({ signedAccount: signedAccount }).then(function (account) { console.log('account:'); console.log(account); kid = account.kid; return kid; }); }); } return p.then(function (_jwk) { jwk = _jwk; kid = JSON.parse(localStorage.getItem('account-kid:' + email) || 'null'); var p2; // TODO save account id rather than always retrieving it if (kid) { p2 = PromiseA.resolve(kid); } else { p2 = createAccount(jwk); } return p2.then(function (_kid) { kid = _kid; info.kid = kid; return BACME.orders.sign({ jwk: jwk , identifiers: info.identifiers , kid: kid }).then(function (signedOrder) { return BACME.orders.create({ signedOrder: signedOrder }).then(function (order) { info.finalizeUrl = order.finalize; info.orderUrl = order.url; // from header Location ??? return BACME.thumbprint({ jwk: jwk }).then(function (thumbprint) { return BACME.challenges.all().then(function (claims) { console.log('claims:'); console.log(claims); var obj = { 'dns-01': [], 'http-01': [], 'wildcard': [] }; info.challenges = obj; var map = { 'http-01': '.js-acme-verification-http-01' , 'dns-01': '.js-acme-verification-dns-01' , 'wildcard': '.js-acme-verification-wildcard' }; /* var tpls = {}; Object.keys(map).forEach(function (k) { var sel = map[k] + ' tbody'; console.log(sel); tpls[k] = $qs(sel).innerHTML; $qs(map[k] + ' tbody').innerHTML = ''; }); */ // TODO make Promise-friendly return PromiseA.all(claims.map(function (claim) { var hostname = claim.identifier.value; return PromiseA.all(claim.challenges.map(function (c) { var keyAuth = BACME.challenges['http-01']({ token: c.token , thumbprint: thumbprint , challengeDomain: hostname }); return BACME.challenges['dns-01']({ keyAuth: keyAuth.value , challengeDomain: hostname }).then(function (dnsAuth) { var data = { type: c.type , hostname: hostname , url: c.url , token: c.token , keyAuthorization: keyAuth , httpPath: keyAuth.path , httpAuth: keyAuth.value , dnsType: dnsAuth.type , dnsHost: dnsAuth.host , dnsAnswer: dnsAuth.answer }; console.log(''); console.log('CHALLENGE'); console.log(claim); console.log(c); console.log(data); console.log(''); if (claim.wildcard) { obj.wildcard.push(data); $qs(map.wildcard).innerHTML += '