greenlock.js/lib/accounts.js

'use strict';

var PromiseA = require('bluebird');
var LeCore = require('letiny-core');
var leCrypto = LeCore.leCrypto;
var path = require('path');
var mkdirpAsync = PromiseA.promisify(require('mkdirp'));
var fs = PromiseA.promisifyAll(require('fs'));

function createAccount(args, handlers) {
  var os = require("os");
  var localname = os.hostname();

  // TODO support ECDSA
  // arg.rsaBitLength args.rsaExponent
  return leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537).then(function (pems) {
    /* pems = { privateKeyPem, privateKeyJwk, publicKeyPem, publicKeyMd5, publicKeySha256 } */

    return LeCore.registerNewAccountAsync({
      email: args.email
    , newRegUrl: args._acmeUrls.newReg
    , agreeToTerms: function (tosUrl, agree) {
        // args.email = email; // already there
        args.tosUrl = tosUrl;
        handlers.agreeToTerms(args, agree);
      }
    , accountPrivateKeyPem: pems.privateKeyPem

    , debug: args.debug || handlers.debug
    }).then(function (body) {
      // TODO XXX use sha256
      var accountId = pems.publicKeyMd5;
      var accountDir = path.join(args.accountsDir, accountId);
      var regr = { body: body };

      args.accountId = accountId;
      args.accountDir = accountDir;

      return mkdirpAsync(accountDir).then(function () {

        var isoDate = new Date().toISOString();
        var accountMeta = {
          creation_host: localname
        , creation_dt: isoDate
        };

        return PromiseA.all([
          // meta.json {"creation_host": "ns1.redirect-www.org", "creation_dt": "2015-12-11T04:14:38Z"}
          fs.writeFileAsync(path.join(accountDir, 'meta.json'), JSON.stringify(accountMeta), 'utf8')
          // private_key.json { "e", "d", "n", "q", "p", "kty", "qi", "dp", "dq" }
        , fs.writeFileAsync(path.join(accountDir, 'private_key.json'), JSON.stringify(pems.privateKeyJwk), 'utf8')
          // regr.json:
          /*
          { body: { contact: [ 'mailto:coolaj86@gmail.com' ],
           agreement: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf',
           key: { e: 'AQAB', kty: 'RSA', n: '...' } },
            uri: 'https://acme-v01.api.letsencrypt.org/acme/reg/71272',
            new_authzr_uri: 'https://acme-v01.api.letsencrypt.org/acme/new-authz',
            terms_of_service: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf' }
           */
        , fs.writeFileAsync(path.join(accountDir, 'regr.json'), JSON.stringify(regr), 'utf8')
        ]).then(function () {
          pems.meta = accountMeta;
          pems.privateKey = pems.privateKeyJwk;
          pems.regr = regr;
          pems.accountId = accountId;
          pems.id = accountId;
          return pems;
        });
      });
    });
  });
}

function getAccount(args, handlers) {
  var accountId = args.accountId;
  var accountDir = path.join(args.accountsDir, accountId);
  var files = {};
  var configs = ['meta.json', 'private_key.json', 'regr.json'];

  return PromiseA.all(configs.map(function (filename) {
    var keyname = filename.slice(0, -5);

    return fs.readFileAsync(path.join(accountDir, filename), 'utf8').then(function (text) {
      var data;

      try {
        data = JSON.parse(text);
      } catch(e) {
        files[keyname] = { error: e };
        return;
      }

      files[keyname] = data;
    }, function (err) {
      files[keyname] = { error: err };
    });
  })).then(function () {

    if (!Object.keys(files).every(function (key) {
      return !files[key].error;
    })) {
      // TODO log renewal.conf
      console.warn("Account '" + accountId + "' was corrupt. No big deal (I think?). Creating a new one...");
      //console.log(accountId, files);
      return createAccount(args, handlers);
    }

    return leCrypto.privateJwkToPemsAsync(files.private_key).then(function (keypair) {
      files.accountId = accountId;                  // preserve current account id
      files.id = accountId;
      files.publicKeySha256 = keypair.publicKeySha256;
      files.publicKeyMd5 = keypair.publicKeyMd5;
      files.publicKeyPem = keypair.publicKeyPem;    // ascii PEM: ----BEGIN...
      files.privateKeyPem = keypair.privateKeyPem;  // ascii PEM: ----BEGIN...
      files.privateKeyJson = keypair.privateKeyJwk;     // json { n: ..., e: ..., iq: ..., etc }
      files.privateKeyJwk = keypair.privateKeyJwk;      // json { n: ..., e: ..., iq: ..., etc }

      return files;
    });
  });
}

function getAccountIdByEmail(args) {
  // If we read 10,000 account directories looking for
  // just one email address, that could get crazy.
  // We should have a folder per email and list
  // each account as a file in the folder
  // TODO
  var email = args.email;
  if ('string' !== typeof email) {
    if (args.debug) {
      console.log("[LE] No email given");
    }
    return PromiseA.resolve(null);
  }
  return fs.readdirAsync(args.accountsDir).then(function (nodes) {
    if (args.debug) {
      console.log("[LE] arg.accountsDir success");
    }

    return PromiseA.all(nodes.map(function (node) {
      return fs.readFileAsync(path.join(args.accountsDir, node, 'regr.json'), 'utf8').then(function (text) {
        var regr = JSON.parse(text);
        regr.__accountId = node;

        return regr;
      });
    })).then(function (regrs) {
      var accountId;

      /*
      if (args.debug) {
        console.log('read many regrs');
        console.log('regrs', regrs);
      }
      */

      regrs.some(function (regr) {
        return regr.body.contact.some(function (contact) {
          var match = contact.toLowerCase() === 'mailto:' + email.toLowerCase();
          if (match) {
            accountId = regr.__accountId;
            return true;
          }
        });
      });

      if (!accountId) {
        return null;
      }

      return accountId;
    });
  }).then(function (accountId) {
    return accountId;
  }, function (err) {
    if ('ENOENT' === err.code) {
      // ignore error
      return null;
    }

    return PromiseA.reject(err);
  });
}

module.exports.getAccountIdByEmail = getAccountIdByEmail;
module.exports.getAccount = getAccount;
module.exports.createAccount = createAccount;
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`'use strict';`

			`var PromiseA = require('bluebird');`
			`var LeCore = require('letiny-core');`
			`var leCrypto = LeCore.leCrypto;`
			`var path = require('path');`
			`var mkdirpAsync = PromiseA.promisify(require('mkdirp'));`
			`var fs = PromiseA.promisifyAll(require('fs'));`

			`function createAccount(args, handlers) {`
			`var os = require("os");`
			`var localname = os.hostname();`

			`// TODO support ECDSA`
			`// arg.rsaBitLength args.rsaExponent`
multiple bugfixes and enhancements for accounts 2015-12-20 00:27:48 +00:00			`return leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537).then(function (pems) {`
close #9 write rewenal config files 2015-12-19 19:49:34 +00:00			`/* pems = { privateKeyPem, privateKeyJwk, publicKeyPem, publicKeyMd5, publicKeySha256 } */`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00
			`return LeCore.registerNewAccountAsync({`
			`email: args.email`
			`, newRegUrl: args._acmeUrls.newReg`
			`, agreeToTerms: function (tosUrl, agree) {`
			`// args.email = email; // already there`
			`args.tosUrl = tosUrl;`
			`handlers.agreeToTerms(args, agree);`
			`}`
			`, accountPrivateKeyPem: pems.privateKeyPem`

			`, debug: args.debug \|\| handlers.debug`
			`}).then(function (body) {`
close #9 write rewenal config files 2015-12-19 19:49:34 +00:00			`// TODO XXX use sha256`
			`var accountId = pems.publicKeyMd5;`
			`var accountDir = path.join(args.accountsDir, accountId);`
			`var regr = { body: body };`

			`args.accountId = accountId;`
			`args.accountDir = accountDir;`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00
			`return mkdirpAsync(accountDir).then(function () {`

			`var isoDate = new Date().toISOString();`
			`var accountMeta = {`
			`creation_host: localname`
			`, creation_dt: isoDate`
			`};`

			`return PromiseA.all([`
			`// meta.json {"creation_host": "ns1.redirect-www.org", "creation_dt": "2015-12-11T04:14:38Z"}`
			`fs.writeFileAsync(path.join(accountDir, 'meta.json'), JSON.stringify(accountMeta), 'utf8')`
			`// private_key.json { "e", "d", "n", "q", "p", "kty", "qi", "dp", "dq" }`
			`, fs.writeFileAsync(path.join(accountDir, 'private_key.json'), JSON.stringify(pems.privateKeyJwk), 'utf8')`
			`// regr.json:`
			`/*`
			`{ body: { contact: [ 'mailto:coolaj86@gmail.com' ],`
			`agreement: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf',`
			`key: { e: 'AQAB', kty: 'RSA', n: '...' } },`
			`uri: 'https://acme-v01.api.letsencrypt.org/acme/reg/71272',`
			`new_authzr_uri: 'https://acme-v01.api.letsencrypt.org/acme/new-authz',`
			`terms_of_service: 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf' }`
			`*/`
close #9 write rewenal config files 2015-12-19 19:49:34 +00:00			`, fs.writeFileAsync(path.join(accountDir, 'regr.json'), JSON.stringify(regr), 'utf8')`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`]).then(function () {`
close #9 write rewenal config files 2015-12-19 19:49:34 +00:00			`pems.meta = accountMeta;`
			`pems.privateKey = pems.privateKeyJwk;`
			`pems.regr = regr;`
			`pems.accountId = accountId;`
minor fixes 2015-12-20 03:31:05 +00:00			`pems.id = accountId;`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`return pems;`
			`});`
			`});`
			`});`
			`});`
			`}`

manage renewals perfectly :-) 2015-12-20 05:13:41 +00:00			`function getAccount(args, handlers) {`
			`var accountId = args.accountId;`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`var accountDir = path.join(args.accountsDir, accountId);`
			`var files = {};`
			`var configs = ['meta.json', 'private_key.json', 'regr.json'];`

			`return PromiseA.all(configs.map(function (filename) {`
			`var keyname = filename.slice(0, -5);`

			`return fs.readFileAsync(path.join(accountDir, filename), 'utf8').then(function (text) {`
			`var data;`

			`try {`
			`data = JSON.parse(text);`
			`} catch(e) {`
			`files[keyname] = { error: e };`
			`return;`
			`}`

			`files[keyname] = data;`
			`}, function (err) {`
			`files[keyname] = { error: err };`
			`});`
			`})).then(function () {`

			`if (!Object.keys(files).every(function (key) {`
			`return !files[key].error;`
			`})) {`
			`// TODO log renewal.conf`
minor fixes 2015-12-20 03:31:05 +00:00			`console.warn("Account '" + accountId + "' was corrupt. No big deal (I think?). Creating a new one...");`
			`//console.log(accountId, files);`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`return createAccount(args, handlers);`
			`}`

remove deprecated 2015-12-20 01:58:07 +00:00			`return leCrypto.privateJwkToPemsAsync(files.private_key).then(function (keypair) {`
close #9 write rewenal config files 2015-12-19 19:49:34 +00:00			`files.accountId = accountId; // preserve current account id`
minor fixes 2015-12-20 03:31:05 +00:00			`files.id = accountId;`
close #9 write rewenal config files 2015-12-19 19:49:34 +00:00			`files.publicKeySha256 = keypair.publicKeySha256;`
			`files.publicKeyMd5 = keypair.publicKeyMd5;`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`files.publicKeyPem = keypair.publicKeyPem; // ascii PEM: ----BEGIN...`
			`files.privateKeyPem = keypair.privateKeyPem; // ascii PEM: ----BEGIN...`
minor fixes 2015-12-20 03:31:05 +00:00			`files.privateKeyJson = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc }`
			`files.privateKeyJwk = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc }`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00
			`return files;`
			`});`
			`});`
			`}`

minor fixes 2015-12-20 03:31:05 +00:00			`function getAccountIdByEmail(args) {`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`// If we read 10,000 account directories looking for`
			`// just one email address, that could get crazy.`
			`// We should have a folder per email and list`
			`// each account as a file in the folder`
			`// TODO`
multiple bugfixes and enhancements for accounts 2015-12-20 00:27:48 +00:00			`var email = args.email;`
			`if ('string' !== typeof email) {`
			`if (args.debug) {`
			`console.log("[LE] No email given");`
			`}`
			`return PromiseA.resolve(null);`
			`}`
			`return fs.readdirAsync(args.accountsDir).then(function (nodes) {`
			`if (args.debug) {`
			`console.log("[LE] arg.accountsDir success");`
			`}`

			`return PromiseA.all(nodes.map(function (node) {`
			`return fs.readFileAsync(path.join(args.accountsDir, node, 'regr.json'), 'utf8').then(function (text) {`
			`var regr = JSON.parse(text);`
			`regr.__accountId = node;`

			`return regr;`
			`});`
			`})).then(function (regrs) {`
			`var accountId;`

			`/*`
			`if (args.debug) {`
			`console.log('read many regrs');`
			`console.log('regrs', regrs);`
			`}`
			`*/`

			`regrs.some(function (regr) {`
			`return regr.body.contact.some(function (contact) {`
			`var match = contact.toLowerCase() === 'mailto:' + email.toLowerCase();`
			`if (match) {`
			`accountId = regr.__accountId;`
			`return true;`
			`}`
			`});`
			`});`

			`if (!accountId) {`
			`return null;`
			`}`

			`return accountId;`
			`});`
			`}).then(function (accountId) {`
			`return accountId;`
			`}, function (err) {`
minor fixes 2015-12-20 03:31:05 +00:00			`if ('ENOENT' === err.code) {`
multiple bugfixes and enhancements for accounts 2015-12-20 00:27:48 +00:00			`// ignore error`
			`return null;`
			`}`

			`return PromiseA.reject(err);`
			`});`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`}`

multiple bugfixes and enhancements for accounts 2015-12-20 00:27:48 +00:00			`module.exports.getAccountIdByEmail = getAccountIdByEmail;`
moving some parts to letsencrypt-express 2015-12-17 05:44:41 +00:00			`module.exports.getAccount = getAccount;`
updates for letsencrypt-express 2015-12-17 08:46:40 +00:00			`module.exports.createAccount = createAccount;`