Browse Source
Add in SSL Certificate provisioning from ZeroSSL to automatically create certificates on bootdependabot/npm_and_yarn/ini-1.3.7
Evan Feenstra
4 years ago
committed by
GitHub
9 changed files with 419 additions and 11 deletions
@ -1 +1 @@ |
|||||
{"version":3,"file":"app.js","sourceRoot":"","sources":["../app.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,mCAAkC;AAClC,0CAAyC;AACzC,iCAAgC;AAChC,8CAA6C;AAC7C,6BAA4B;AAC5B,6BAA4B;AAC5B,+CAAuC;AACvC,mCAAkE;AAClE,6CAA0D;AAC1D,iDAAgD;AAChD,6CAA4C;AAC5C,yCAAwC;AACxC,qCAA+C;AAC/C,mCAAkC;AAElC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,CAAC;AAClD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AACrE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,cAAc,IAAI,IAAI,CAAA;AAE9D,OAAO,CAAC,GAAG,CAAC,SAAS,EAAC,GAAG,CAAC,CAAA;AAC1B,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;AACpD,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAC,MAAM,CAAC,cAAc,CAAC,CAAA;AAE9D,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,YAAY,CAAA;AAEjD,eAAe;AACf,SAAe,KAAK;;QACnB,MAAM,qBAAa,EAAE,CAAA;QACrB,SAAS,EAAE,CAAA;QACX,IAAI,MAAM,CAAC,WAAW,EAAE;YACvB,qBAAe,CAAC,KAAK,CAAC,CAAA;SACtB;IACF,CAAC;CAAA;AACD,KAAK,EAAE,CAAA;AAEP,SAAe,SAAS;;QACvB,MAAM,QAAQ,EAAE,CAAA,CAAC,eAAe;QAChC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;YAC9B,WAAW,EAAE,CAAA;QACd,CAAC,CAAC,CAAA,CAAC,YAAY;IAChB,CAAC;CAAA;AAED,SAAe,WAAW;;QACzB,MAAM,OAAO,CAAC,uBAAuB,EAAE,CAAA;QACvC,IAAI,MAAM,CAAC,WAAW,EAAE;YACvB,6BAAuB,CAAC,IAAI,CAAC,CAAA;SAC7B;QACD,iBAAS,EAAE,CAAA;IACZ,CAAC;CAAA;AAED,SAAS,QAAQ;IAChB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAA,EAAE;QAE3B,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE3C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAClB,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACnD,GAAG,CAAC,GAAG,CAAC,gBAAM,CAAC,CAAA;QACf,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;YACZ,cAAc,EAAC,CAAC,kBAAkB,EAAC,cAAc,EAAC,QAAQ,EAAC,cAAc,CAAC;SAC1E,CAAC,CAAC,CAAA;QACH,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAA;QACvB,IAAI,GAAG,IAAI,aAAa,EAAE;YACzB,GAAG,CAAC,GAAG,CAAC,iBAAU,CAAC,CAAC;SACpB;QACD,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC7C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;QAEhD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,GAAG;gBAAE,MAAM,GAAG,CAAC;YACnB,+BAA+B;YAC/B,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,GAAG,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,oBAAoB;QACpB,IAAG,CAAC,MAAM,CAAC,MAAM,EAAE;YAClB,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;YACtB,OAAO,EAAE,CAAA;SACT;aAAM;YACN,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,UAAe,GAAG,EAAC,GAAG;;oBACzC,MAAM,EAAE,GAAG,MAAM,eAAQ,CAAC,GAAG,EAAC,GAAG,CAAC,CAAA;oBAClC,IAAG,EAAE,EAAE;wBACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;wBACjC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBACrB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;wBACtB,OAAO,EAAE,CAAA;qBACT;gBACF,CAAC;aAAA,CAAC,CAAA;SACF;IAEF,CAAC,CAAC,CAAA;AACH,CAAC"} |
{"version":3,"file":"app.js","sourceRoot":"","sources":["../app.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,mCAAkC;AAClC,0CAAyC;AACzC,iCAAgC;AAChC,8CAA6C;AAC7C,6BAA4B;AAC5B,6BAA4B;AAC5B,+CAAuC;AACvC,mCAAkE;AAClE,6CAA0D;AAC1D,iDAAgD;AAChD,6CAA4C;AAC5C,yCAAwC;AACxC,qCAA+C;AAC/C,mCAAkC;AAClC,yCAAwC;AAExC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,CAAC;AAClD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AACrE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,cAAc,IAAI,IAAI,CAAA;AAE9D,OAAO,CAAC,GAAG,CAAC,SAAS,EAAC,GAAG,CAAC,CAAA;AAC1B,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;AACpD,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAC,MAAM,CAAC,cAAc,CAAC,CAAA;AAE9D,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,YAAY,CAAA;AAEjD,eAAe;AACf,SAAe,KAAK;;QACnB,MAAM,qBAAa,EAAE,CAAA;QACrB,SAAS,EAAE,CAAA;QACX,IAAI,MAAM,CAAC,WAAW,EAAE;YACvB,qBAAe,CAAC,KAAK,CAAC,CAAA;SACtB;IACF,CAAC;CAAA;AACD,KAAK,EAAE,CAAA;AAEP,SAAe,SAAS;;QACvB,MAAM,QAAQ,EAAE,CAAA,CAAC,eAAe;QAChC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;YAC9B,WAAW,EAAE,CAAA;QACd,CAAC,CAAC,CAAA,CAAC,YAAY;IAChB,CAAC;CAAA;AAED,SAAe,WAAW;;QACzB,MAAM,OAAO,CAAC,uBAAuB,EAAE,CAAA;QACvC,IAAI,MAAM,CAAC,WAAW,EAAE;YACvB,6BAAuB,CAAC,IAAI,CAAC,CAAA;SAC7B;QACD,iBAAS,EAAE,CAAA;IACZ,CAAC;CAAA;AAED,SAAS,QAAQ;IAChB,OAAO,IAAI,OAAO,CAAC,CAAM,OAAO,EAAA,EAAE;;QAEjC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QAEtB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAClB,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACnD,GAAG,CAAC,GAAG,CAAC,gBAAM,CAAC,CAAA;QACf,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;YACZ,cAAc,EAAC,CAAC,kBAAkB,EAAC,cAAc,EAAC,QAAQ,EAAC,cAAc,CAAC;SAC1E,CAAC,CAAC,CAAA;QACH,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAA;QACvB,IAAI,GAAG,IAAI,aAAa,EAAE;YACzB,GAAG,CAAC,GAAG,CAAC,iBAAU,CAAC,CAAC;SACpB;QACD,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC7C,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;QAEhD,IAAI,KAAK,IAAI,MAAM,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE;YAC1C,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YAC7F,IAAI,WAAW,GAAG,EAAE,GAAG,QAAE,QAAQ,0CAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,EAAE,QAAE,QAAQ,0CAAE,QAAQ,EAAE,IAAI,QAAE,QAAQ,0CAAE,WAAW,EAAE,CAAC;YAChH,IAAI,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;SAC7D;aAAM;YACN,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SACzC;QAED,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,GAAG;gBAAE,MAAM,GAAG,CAAC;YACnB,+BAA+B;YAC/B,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,GAAG,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,oBAAoB;QACpB,IAAG,CAAC,MAAM,CAAC,MAAM,EAAE;YAClB,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;YACtB,OAAO,EAAE,CAAA;SACT;aAAM;YACN,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,UAAe,GAAG,EAAC,GAAG;;oBACzC,MAAM,EAAE,GAAG,MAAM,eAAQ,CAAC,GAAG,EAAC,GAAG,CAAC,CAAA;oBAClC,IAAG,EAAE,EAAE;wBACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;wBACjC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBACrB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;wBACtB,OAAO,EAAE,CAAA;qBACT;gBACF,CAAC;aAAA,CAAC,CAAA;SACF;IAEF,CAAC,CAAA,CAAC,CAAA;AACH,CAAC"} |
@ -0,0 +1,180 @@ |
|||||
|
"use strict"; |
||||
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { |
||||
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } |
||||
|
return new (P || (P = Promise))(function (resolve, reject) { |
||||
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } |
||||
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } |
||||
|
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } |
||||
|
step((generator = generator.apply(thisArg, _arguments || [])).next()); |
||||
|
}); |
||||
|
}; |
||||
|
Object.defineProperty(exports, "__esModule", { value: true }); |
||||
|
const fs_1 = require("fs"); |
||||
|
const express = require("express"); |
||||
|
const qs = require('qs'); |
||||
|
const axios = require('axios'); |
||||
|
var forge = require('node-forge'); |
||||
|
const apiUrl = "https://api.zerossl.com"; |
||||
|
function sleep(ms) { |
||||
|
return new Promise(resolve => setTimeout(resolve, ms)); |
||||
|
} |
||||
|
function generateCsr(keys, endpoint) { |
||||
|
var csr = forge.pki.createCertificationRequest(); |
||||
|
csr.publicKey = keys.publicKey; |
||||
|
csr.setSubject([{ |
||||
|
name: 'commonName', |
||||
|
value: endpoint |
||||
|
}]); |
||||
|
csr.sign(keys.privateKey); |
||||
|
if (!csr.verify()) { |
||||
|
throw new Error('=> [ssl] Verification of CSR failed.'); |
||||
|
} |
||||
|
var csr = forge.pki.certificationRequestToPem(csr); |
||||
|
return csr.trim(); |
||||
|
} |
||||
|
function requestCert(endpoint, csr, apiKey) { |
||||
|
return __awaiter(this, void 0, void 0, function* () { |
||||
|
let res = yield axios({ |
||||
|
method: 'post', |
||||
|
url: `${apiUrl}/certificates?access_key=${apiKey}`, |
||||
|
data: qs.stringify({ |
||||
|
certificate_domains: endpoint, |
||||
|
certificate_validity_days: '90', |
||||
|
certificate_csr: csr |
||||
|
}), |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}); |
||||
|
return res.data; |
||||
|
}); |
||||
|
} |
||||
|
function validateCert(port, data, endpoint, apiKey) { |
||||
|
return __awaiter(this, void 0, void 0, function* () { |
||||
|
const app = express(); |
||||
|
var validationObject = data.validation.other_methods[endpoint]; |
||||
|
var replacement = new RegExp(`http://${endpoint}`, "g"); |
||||
|
var path = validationObject.file_validation_url_http.replace(replacement, ""); |
||||
|
yield app.get(path, (req, res) => { |
||||
|
res.set('Content-Type', 'text/plain'); |
||||
|
res.send(validationObject.file_validation_content.join('\n')); |
||||
|
}); |
||||
|
let server = yield app.listen(port, () => { |
||||
|
console.log(`=> [ssl] validation server started at http://0.0.0.0:${port}`); |
||||
|
}); |
||||
|
yield requestValidation(data.id, apiKey); |
||||
|
console.log("=> [ssl] waiting for certificate to be issued"); |
||||
|
while (true) { |
||||
|
let certData = yield getCert(data.id, apiKey); |
||||
|
if (certData.status === "issued") { |
||||
|
console.log("=> [ssl] certificate was issued"); |
||||
|
break; |
||||
|
} |
||||
|
console.log("=> [ssl] checking certificate again..."); |
||||
|
yield sleep(2000); |
||||
|
} |
||||
|
yield server.close(() => { |
||||
|
console.log('=> [ssl] validation server stopped.'); |
||||
|
}); |
||||
|
return; |
||||
|
}); |
||||
|
} |
||||
|
function requestValidation(id, apiKey) { |
||||
|
return __awaiter(this, void 0, void 0, function* () { |
||||
|
let res = yield axios({ |
||||
|
method: 'post', |
||||
|
url: `${apiUrl}/certificates/${id}/challenges?access_key=${apiKey}`, |
||||
|
data: qs.stringify({ |
||||
|
validation_method: "HTTP_CSR_HASH" |
||||
|
}), |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}); |
||||
|
if (res.data.success === false) { |
||||
|
console.log("=> [ssl] Failed to request certificate validation"); |
||||
|
console.log(res.data); |
||||
|
throw new Error("=> [ssl] Failing to provision ssl certificate"); |
||||
|
} |
||||
|
return res.data; |
||||
|
}); |
||||
|
} |
||||
|
function getCert(id, apiKey) { |
||||
|
return __awaiter(this, void 0, void 0, function* () { |
||||
|
let res = yield axios({ |
||||
|
method: 'get', |
||||
|
url: `${apiUrl}/certificates/${id}?access_key=${apiKey}`, |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}); |
||||
|
return res.data; |
||||
|
}); |
||||
|
} |
||||
|
function downloadCert(id, apiKey) { |
||||
|
return __awaiter(this, void 0, void 0, function* () { |
||||
|
let res = yield axios({ |
||||
|
method: 'get', |
||||
|
url: `${apiUrl}/certificates/${id}/download/return?access_key=${apiKey}`, |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}); |
||||
|
return res.data; |
||||
|
}); |
||||
|
} |
||||
|
function getCertificate(endpoint, port, save_ssl) { |
||||
|
return __awaiter(this, void 0, void 0, function* () { |
||||
|
if (fs_1.existsSync(__dirname + "/zerossl/tls.cert") && fs_1.existsSync(__dirname + "/zerossl/tls.key")) { |
||||
|
var certificate = fs_1.readFileSync(__dirname + '/zerossl/tls.cert', 'utf-8').toString(); |
||||
|
var caBundle = fs_1.readFileSync(__dirname + '/zerossl/ca.cert', 'utf-8').toString(); |
||||
|
var privateKey = fs_1.readFileSync(__dirname + '/zerossl/tls.key', 'utf-8').toString(); |
||||
|
return { |
||||
|
privateKey: privateKey, |
||||
|
certificate: certificate, |
||||
|
caBundle: caBundle |
||||
|
}; |
||||
|
} |
||||
|
var apiKey = process.env.ZEROSSL_API_KEY; |
||||
|
if (!apiKey) { |
||||
|
throw new Error("=> [ssl] ZEROSSL_API_KEY is not set"); |
||||
|
} |
||||
|
var keys = forge.pki.rsa.generateKeyPair(2048); |
||||
|
var csr = generateCsr(keys, endpoint); |
||||
|
console.log("=> [ssl] Generated CSR"); |
||||
|
var res = yield requestCert(endpoint, csr, apiKey); |
||||
|
console.log("=> [ssl] Requested certificate"); |
||||
|
yield validateCert(port, res, endpoint, apiKey); |
||||
|
var certData = yield downloadCert(res.id, apiKey); |
||||
|
if (save_ssl === true) { |
||||
|
if (!fs_1.existsSync(__dirname + "/zerossl")) { |
||||
|
yield fs_1.mkdirSync(__dirname + "/zerossl"); |
||||
|
} |
||||
|
yield fs_1.writeFile(__dirname + "/zerossl/tls.cert", certData["certificate.crt"], function (err) { |
||||
|
if (err) { |
||||
|
return console.log(err); |
||||
|
} |
||||
|
console.log("=> [ssl] wrote tls certificate"); |
||||
|
}); |
||||
|
yield fs_1.writeFile(__dirname + "/zerossl/ca.cert", certData["ca_bundle.crt"], function (err) { |
||||
|
if (err) { |
||||
|
return console.log(err); |
||||
|
} |
||||
|
console.log("=> [ssl] wrote tls ca bundle"); |
||||
|
}); |
||||
|
yield fs_1.writeFile(__dirname + "/zerossl/tls.key", forge.pki.privateKeyToPem(keys.privateKey), function (err) { |
||||
|
if (err) { |
||||
|
return console.log(err); |
||||
|
} |
||||
|
console.log("=> [ssl] wrote tls key"); |
||||
|
}); |
||||
|
} |
||||
|
return { |
||||
|
privateKey: forge.pki.privateKeyToPem(keys.privateKey), |
||||
|
certificate: certData["certificate.crt"], |
||||
|
caBundle: certData["ca_bundle.crt"] |
||||
|
}; |
||||
|
}); |
||||
|
} |
||||
|
exports.getCertificate = getCertificate; |
||||
|
//# sourceMappingURL=cert.js.map
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,167 @@ |
|||||
|
import { existsSync, readFileSync, writeFile, mkdirSync } from 'fs'; |
||||
|
import * as express from 'express' |
||||
|
const qs = require('qs') |
||||
|
const axios = require('axios') |
||||
|
var forge = require('node-forge'); |
||||
|
const apiUrl = "https://api.zerossl.com" |
||||
|
|
||||
|
function sleep(ms) { |
||||
|
return new Promise(resolve => setTimeout(resolve, ms)); |
||||
|
} |
||||
|
|
||||
|
function generateCsr(keys, endpoint) { |
||||
|
var csr = forge.pki.createCertificationRequest(); |
||||
|
csr.publicKey = keys.publicKey; |
||||
|
csr.setSubject([{ |
||||
|
name: 'commonName', |
||||
|
value: endpoint |
||||
|
}]); |
||||
|
csr.sign(keys.privateKey); |
||||
|
if (!csr.verify()) { |
||||
|
throw new Error('=> [ssl] Verification of CSR failed.'); |
||||
|
} |
||||
|
var csr = forge.pki.certificationRequestToPem(csr) |
||||
|
return csr.trim() |
||||
|
} |
||||
|
|
||||
|
async function requestCert(endpoint, csr, apiKey) { |
||||
|
let res = await axios({ |
||||
|
method: 'post', |
||||
|
url: `${apiUrl}/certificates?access_key=${apiKey}`, |
||||
|
data: qs.stringify({ |
||||
|
certificate_domains: endpoint, |
||||
|
certificate_validity_days: '90', |
||||
|
certificate_csr: csr |
||||
|
}), |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}) |
||||
|
return res.data |
||||
|
} |
||||
|
|
||||
|
async function validateCert(port, data, endpoint, apiKey) { |
||||
|
const app = express() |
||||
|
var validationObject = data.validation.other_methods[endpoint] |
||||
|
var replacement = new RegExp(`http://${endpoint}`, "g"); |
||||
|
var path = validationObject.file_validation_url_http.replace(replacement, "") |
||||
|
await app.get(path, (req, res) => { |
||||
|
res.set('Content-Type', 'text/plain'); |
||||
|
res.send(validationObject.file_validation_content.join('\n')) |
||||
|
}); |
||||
|
let server = await app.listen(port, () => { |
||||
|
console.log(`=> [ssl] validation server started at http://0.0.0.0:${port}`); |
||||
|
}); |
||||
|
await requestValidation(data.id, apiKey) |
||||
|
console.log("=> [ssl] waiting for certificate to be issued") |
||||
|
while (true) { |
||||
|
let certData = await getCert(data.id, apiKey) |
||||
|
if (certData.status === "issued") { |
||||
|
console.log("=> [ssl] certificate was issued") |
||||
|
break |
||||
|
} |
||||
|
console.log("=> [ssl] checking certificate again...") |
||||
|
await sleep(2000); |
||||
|
} |
||||
|
await server.close(() => { |
||||
|
console.log('=> [ssl] validation server stopped.') |
||||
|
}) |
||||
|
return |
||||
|
} |
||||
|
|
||||
|
async function requestValidation(id, apiKey) { |
||||
|
let res = await axios({ |
||||
|
method: 'post', |
||||
|
url: `${apiUrl}/certificates/${id}/challenges?access_key=${apiKey}`, |
||||
|
data: qs.stringify({ |
||||
|
validation_method: "HTTP_CSR_HASH" |
||||
|
}), |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}) |
||||
|
if (res.data.success === false) { |
||||
|
console.log("=> [ssl] Failed to request certificate validation") |
||||
|
console.log(res.data) |
||||
|
throw new Error("=> [ssl] Failing to provision ssl certificate") |
||||
|
} |
||||
|
return res.data |
||||
|
} |
||||
|
|
||||
|
async function getCert(id, apiKey) { |
||||
|
let res = await axios({ |
||||
|
method: 'get', |
||||
|
url: `${apiUrl}/certificates/${id}?access_key=${apiKey}`, |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}) |
||||
|
return res.data |
||||
|
} |
||||
|
|
||||
|
async function downloadCert(id, apiKey) { |
||||
|
let res = await axios({ |
||||
|
method: 'get', |
||||
|
url: `${apiUrl}/certificates/${id}/download/return?access_key=${apiKey}`, |
||||
|
headers: { |
||||
|
'content-type': 'application/x-www-form-urlencoded' |
||||
|
} |
||||
|
}) |
||||
|
return res.data |
||||
|
} |
||||
|
|
||||
|
async function getCertificate(endpoint, port, save_ssl) { |
||||
|
if (existsSync(__dirname + "/zerossl/tls.cert") && existsSync(__dirname + "/zerossl/tls.key")) { |
||||
|
var certificate = readFileSync(__dirname + '/zerossl/tls.cert', 'utf-8').toString(); |
||||
|
var caBundle = readFileSync(__dirname + '/zerossl/ca.cert', 'utf-8').toString(); |
||||
|
var privateKey = readFileSync(__dirname + '/zerossl/tls.key', 'utf-8').toString(); |
||||
|
return { |
||||
|
privateKey: privateKey, |
||||
|
certificate: certificate, |
||||
|
caBundle: caBundle |
||||
|
} |
||||
|
} |
||||
|
var apiKey = process.env.ZEROSSL_API_KEY |
||||
|
if (!apiKey) { |
||||
|
throw new Error("=> [ssl] ZEROSSL_API_KEY is not set") |
||||
|
} |
||||
|
var keys = forge.pki.rsa.generateKeyPair(2048) |
||||
|
var csr = generateCsr(keys, endpoint) |
||||
|
console.log("=> [ssl] Generated CSR") |
||||
|
var res = await requestCert(endpoint, csr, apiKey) |
||||
|
console.log("=> [ssl] Requested certificate") |
||||
|
await validateCert(port, res, endpoint, apiKey) |
||||
|
var certData = await downloadCert(res.id, apiKey) |
||||
|
if (save_ssl === true) { |
||||
|
if (!existsSync(__dirname + "/zerossl")) { |
||||
|
await mkdirSync(__dirname + "/zerossl"); |
||||
|
} |
||||
|
await writeFile(__dirname + "/zerossl/tls.cert", certData["certificate.crt"], function (err) { |
||||
|
if (err) { |
||||
|
return console.log(err); |
||||
|
} |
||||
|
console.log("=> [ssl] wrote tls certificate"); |
||||
|
}) |
||||
|
await writeFile(__dirname + "/zerossl/ca.cert", certData["ca_bundle.crt"], function (err) { |
||||
|
if (err) { |
||||
|
return console.log(err); |
||||
|
} |
||||
|
console.log("=> [ssl] wrote tls ca bundle"); |
||||
|
}) |
||||
|
await writeFile(__dirname + "/zerossl/tls.key", forge.pki.privateKeyToPem(keys.privateKey), function (err) { |
||||
|
if (err) { |
||||
|
return console.log(err); |
||||
|
} |
||||
|
console.log("=> [ssl] wrote tls key"); |
||||
|
}) |
||||
|
} |
||||
|
return { |
||||
|
privateKey: forge.pki.privateKeyToPem(keys.privateKey), |
||||
|
certificate: certData["certificate.crt"], |
||||
|
caBundle: certData["ca_bundle.crt"] |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
export { |
||||
|
getCertificate |
||||
|
} |
Loading…
Reference in new issue