From 92e436108efe82136a684900564be592ccbd3078 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 1 Aug 2016 17:11:42 -0400 Subject: [PATCH] moving to rsa-compat for rsa crypto --- lib/accounts.js | 50 ++++++++++++++++++++++++++++++------------------- lib/core.js | 49 +++++++++++++++++++++++++++++++++++------------- 2 files changed, 67 insertions(+), 32 deletions(-) diff --git a/lib/accounts.js b/lib/accounts.js index bff6e2e..6751292 100644 --- a/lib/accounts.js +++ b/lib/accounts.js @@ -1,8 +1,9 @@ 'use strict'; var PromiseA = require('bluebird'); +var crypto = require('crypto'); var LeCore = require('letiny-core'); -var leCrypto = LeCore.leCrypto; +var RSA = PromiseA.promisifyAll(require('rsa-compat').RSA); var path = require('path'); var mkdirpAsync = PromiseA.promisify(require('mkdirp')); var fs = PromiseA.promisifyAll(require('fs')); @@ -13,8 +14,8 @@ function createAccount(args, handlers) { // TODO support ECDSA // arg.rsaBitLength args.rsaExponent - return leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537).then(function (pems) { - /* pems = { privateKeyPem, privateKeyJwk, publicKeyPem, publicKeyMd5, publicKeySha256 } */ + return RSA.generateKeypairAsync(args.rsaKeySize || 1024, 65537, { public: true, pem: true }).then(function (keypair) { + /* pems = { privateKeyPem, privateKeyJwk, publicKeyPem } */ return LeCore.registerNewAccountAsync({ email: args.email @@ -24,12 +25,16 @@ function createAccount(args, handlers) { args.tosUrl = tosUrl; handlers.agreeToTerms(args, agree); } - , accountPrivateKeyPem: pems.privateKeyPem + , accountPrivateKeyPem: RSA.exportPrivatePem(keypair) + , accountKeypair: keypair , debug: args.debug || handlers.debug }).then(function (body) { - // TODO XXX use sha256 - var accountId = pems.publicKeyMd5; + // TODO XXX use sha256 (the python client uses md5) + // TODO ssh fingerprint (noted on rsa-compat issues page, I believe) + keypair.publicKeyMd5 = crypto.createHash('md5').update(RSA.exportPublicPem(keypair)).digest('hex'); + keypair.publicKeySha256 = crypto.createHash('sha256').update(RSA.exportPublicPem(keypair)).digest('hex'); + var accountId = keypair.publicKeyMd5; var accountDir = path.join(args.accountsDir, accountId); var regr = { body: body }; @@ -44,11 +49,12 @@ function createAccount(args, handlers) { , creation_dt: isoDate }; + // TODO abstract file writing return PromiseA.all([ // meta.json {"creation_host": "ns1.redirect-www.org", "creation_dt": "2015-12-11T04:14:38Z"} fs.writeFileAsync(path.join(accountDir, 'meta.json'), JSON.stringify(accountMeta), 'utf8') // private_key.json { "e", "d", "n", "q", "p", "kty", "qi", "dp", "dq" } - , fs.writeFileAsync(path.join(accountDir, 'private_key.json'), JSON.stringify(pems.privateKeyJwk), 'utf8') + , fs.writeFileAsync(path.join(accountDir, 'private_key.json'), JSON.stringify(RSA.exportPrivateJwk(keypair)), 'utf8') // regr.json: /* { body: { contact: [ 'mailto:coolaj86@gmail.com' ], @@ -60,8 +66,10 @@ function createAccount(args, handlers) { */ , fs.writeFileAsync(path.join(accountDir, 'regr.json'), JSON.stringify(regr), 'utf8') ]).then(function () { + var pems = {}; + pems.meta = accountMeta; - pems.privateKey = pems.privateKeyJwk; + pems.privateKey = RSA.exportPrivateJwk(keypair); pems.regr = regr; pems.accountId = accountId; pems.id = accountId; @@ -106,18 +114,22 @@ function getAccount(args, handlers) { return createAccount(args, handlers); } - return leCrypto.privateJwkToPemsAsync(files.private_key).then(function (keypair) { - files.accountId = accountId; // preserve current account id - files.id = accountId; - files.publicKeySha256 = keypair.publicKeySha256; - files.publicKeyMd5 = keypair.publicKeyMd5; - files.publicKeyPem = keypair.publicKeyPem; // ascii PEM: ----BEGIN... - files.privateKeyPem = keypair.privateKeyPem; // ascii PEM: ----BEGIN... - files.privateKeyJson = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc } - files.privateKeyJwk = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc } + var keypair = { privateKeyJwk: files.private_key }; + keypair.privateKeyPem = RSA.exportPrivatePem(keypair); + keypair.publicKeyPem = RSA.exportPublicPem(keypair); + keypair.publicKeyMd5 = crypto.createHash('md5').update(keypair.publicKeyPem).digest('hex'); + keypair.publicKeySha256 = crypto.createHash('sha256').update(keypair.publicKeyPem).digest('hex'); - return files; - }); + files.accountId = accountId; // preserve current account id + files.id = accountId; + files.privateKeyJwk = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc } + //files.privateKeyJson = keypair.privateKeyJwk; // json { n: ..., e: ..., iq: ..., etc } + files.privateKeyPem = keypair.privateKeyPem; // ascii PEM: ----BEGIN... + files.publicKeyPem = keypair.publicKeyPem; // ascii PEM: ----BEGIN... + files.publicKeyMd5 = keypair.publicKeyMd5; + files.publicKeySha256 = keypair.publicKeySha256; + + return files; }); } diff --git a/lib/core.js b/lib/core.js index 0799cf4..0001a6f 100644 --- a/lib/core.js +++ b/lib/core.js @@ -1,6 +1,7 @@ 'use strict'; var PromiseA = require('bluebird'); +var RSA = PromiseA.promisifyAll(require('rsa-compat').RSA); var mkdirpAsync = PromiseA.promisify(require('mkdirp')); var path = require('path'); var fs = PromiseA.promisifyAll(require('fs')); @@ -195,7 +196,12 @@ function writeCertificateAsync(args, defaults, handlers) { sfs.writeFileAsync(certArchive, result.cert, 'ascii') , sfs.writeFileAsync(chainArchive, result.ca || result.chain, 'ascii') , sfs.writeFileAsync(fullchainArchive, result.fullchain, 'ascii') - , sfs.writeFileAsync(privkeyArchive, result.key || result.privkey || args.domainPrivateKeyPem, 'ascii') + , sfs.writeFileAsync( + privkeyArchive + // TODO nix args.key, args.domainPrivateKeyPem ?? + , result.key || result.privkey || args.domainPrivateKeyPem || RSA.exportPrivateKey(args.domainKeypair) + , 'ascii' + ) ]); }).then(function () { return mkdirpAsync(liveDir); @@ -204,7 +210,12 @@ function writeCertificateAsync(args, defaults, handlers) { sfs.writeFileAsync(certPath, result.cert, 'ascii') , sfs.writeFileAsync(chainPath, result.ca || result.chain, 'ascii') , sfs.writeFileAsync(fullchainPath, result.fullchain, 'ascii') - , sfs.writeFileAsync(privkeyPath, result.key || result.privkey || args.domainPrivateKeyPem, 'ascii') + , sfs.writeFileAsync( + privkeyPath + // TODO nix args.key, args.domainPrivateKeyPem ?? + , result.key || result.privkey || args.domainPrivateKeyPem || RSA.exportPrivateKey(args.domainKeypair) + , 'ascii' + ) ]); }).then(function () { obj.checkpoints += 1; @@ -219,8 +230,9 @@ function writeCertificateAsync(args, defaults, handlers) { , fullchainPath: fullchainPath , privkeyPath: privkeyPath + // TODO nix args.key, args.domainPrivateKeyPem ?? // some ambiguity here... - , privkey: result.key || result.privkey || args.domainPrivateKeyPem + , privkey: result.key || result.privkey || args.domainPrivateKeyPem || RSA.exportPrivateKey(args.domainKeypair) , fullchain: result.fullchain || result.cert , chain: result.ca || result.chain // especially this one... might be cert only, might be fullchain @@ -235,21 +247,30 @@ function writeCertificateAsync(args, defaults, handlers) { function getCertificateAsync(args, defaults, handlers) { var account = args.account; var promise; + var keypairOpts = { public: true, pem: true }; - if (args.domainKeyPath) { - // TODO use existing pre-generated key if avaibale - console.warn("[LE /lib/core.js] retrieve from domainKeyPath NOT IMPLEMENTED (please file an issue to remind me about this)"); - promise = leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537); - } else { - promise = leCrypto.generateRsaKeypairAsync(args.rsaKeySize, 65537); + if (!args.domainKeyPath) { + // TODO use default path ??? + promise = RSA.generateKeypairAsync(args.rsaKeySize, 65537, keypairOpts); } - return promise.then(function (domainKey) { + if (args.domainKeyPath) { + promise = fs.readFileAsync(args.domainKeyPath, 'ascii').then(function (pem) { + return RSA.import({ privateKeyPem: pem }); + }, function (err) { + return RSA.generateKeypairAsync(args.rsaKeySize, 65537, keypairOpts).then(function (keypair) { + return fs.writeFileAsync(args.domainKeyPath, keypair.privateKeyPem, 'ascii'); + }); + }); + } + + return promise.then(function (domainKeypair) { if (args.debug) { console.log("[letsencrypt/lib/core.js] get certificate"); } - args.domainPrivateKeyPem = args.domainPrivateKeyPem || domainKey.privateKeyPem; + args.domainKeypair = domainKeypair; + args.domainPrivateKeyPem = RSA.exportPrivateKeyPem(domainKeypair); //args.registration = domainKey; return LeCore.getCertificateAsync({ @@ -258,8 +279,10 @@ function getCertificateAsync(args, defaults, handlers) { , newAuthzUrl: args._acmeUrls.newAuthz , newCertUrl: args._acmeUrls.newCert - , accountPrivateKeyPem: account.privateKeyPem - , domainPrivateKeyPem: domainKey.privateKeyPem + , accountPrivateKeyPem: account.keypair || RSA.import({ privateKeyPem: account.privateKeyPem }) + , accountKeypair: RSA.import(account.keypair || { privateKeyPem: account.privateKeyPem }) + , domainPrivateKeyPem: RSA.exportPrivateKeyPem(domainKeypair) + , domainKeypair: domainKeypair , domains: args.domains //