index.js
5.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
"use strict";
var os = require("os");
var path = require("path");
// How Storage Works in Greenlock: High-Level Call Stack
//
// nested === skipped if parent succeeds (or has cached result)
//
// tls.SNICallback() // TLS connection with SNI kicks of the request
//
// greenlock.approveDomains(opts) // Greenlokc does some housekeeping, checks for a cert in
// // an internal cache, and only asks you to approve new
// // certificate // registration if it doesn't find anything.
// // In `opts` you'll receive `domain` and a few other things.
// // You should return { subject: '...', altnames: ['...'] }
// // Anything returned by approveDomains() will be received
// // by all plugins at all stages
//
// greenlock.store.certificates.check() // Certificate checking happens after approval for several
// // reasons, including preventing duplicate registrations
// // but most importantly because you can dynamically swap the
// // storage plugin right from approveDomains().
// greenlock.store.certificates.checkKeypair() // Check for a keypair associated with the domain
//
// greenlock.store.accounts.check() // Optional. If you need it, look at other Greenlock docs
//
// greenlock.store.accounts.checkKeypair() // Check storage for registered account key
// (opts.generateKeypair||RSA.generateKeypair)() // Generates a new keypair
// greenlock.core.accounts.register() // Registers the keypair as an ACME account
// greenlock.store.accounts.setKeypair() // Saves the keypair of the registered account
// greenlock.store.accounts.set() // Optional. Saves superfluous ACME account metadata
//
// greenlock.core.certificates.register() // Begin certificate registration process & housekeeping
// (opts.generateKeypair||RSA.generateKeypair)() // Generates a new certificate keypair
// greenlock.acme.certificates.register() // Performs the ACME challenge processes
// greenlock.store.certificates.setKeypair() // Saves the keypair for the valid certificate
// greenlock.store.certificates.set() // Saves the valid certificate
////////////////////////////////////////////
// Recap of the high-level overview above //
////////////////////////////////////////////
//
// None of this ever gets called except if there's not a cert already cached.
// That only happens on service boot, and about every 75 days for each cert's renewal.
//
// Therefore, none of this needs to be fast, fancy, or clever
//
// For any type of customization, whatever is set in `approveDomains()` is available everywhere else.
// Either your user calls create with specific options, or greenlock calls it for you with a big options blob
module.exports.create = function(config) {
// Bear in mind that the only time any of this gets called is on first access after startup, new registration, and
// renewal - so none of this needs to be particularly fast. It may need to be memory efficient, however - if you have
// more than 10,000 domains, for example.
// basic setup
var store = {
accounts: require("./accounts.js"),
certificates: require("./certificates.js")
};
// For you store.options should probably start empty and get a minimal set of options copied from `config` above.
// Example:
//store.options = {};
//store.options.databaseUrl = config.databaseUrl;
// In the case of greenlock-store-fs there's a bunch of legacy stuff that goes on, so we just clobber it all on.
// Don't be like greenlock-store-fs (see note above).
store.options = mergeOptions(config);
store.accounts.options = store.options;
store.certificates.options = store.options;
if (!config.basePath && !config.configDir) {
console.info("Greenlock Store FS Path:", store.options.configDir);
}
return store;
};
///////////////////////////////////////////////////////////////////////////////
// Ignore //
///////////////////////////////////////////////////////////////////////////////
//
// Everything below this line is just implementation specific
var defaults = {
basePath: path.join(os.homedir(), ".config", "greenlock"),
accountsDir: path.join(":basePath", "accounts", ":directoryUrl"),
serverDirGet: function(copy) {
return (copy.directoryUrl || copy.server || "")
.replace("https://", "")
.replace(/(\/)$/, "")
.replace(/\//g, path.sep);
},
privkeyPath: path.join(":basePath", ":env", ":subject", "privkey.pem"),
fullchainPath: path.join(":basePath", ":env", ":subject", "fullchain.pem"),
certPath: path.join(":basePath", ":env", ":subject", "cert.pem"),
chainPath: path.join(":basePath", ":env", ":subject", "chain.pem"),
bundlePath: path.join(":basePath", ":env", ":subject", "bundle.pem")
};
defaults.configDir = defaults.basePath;
function mergeOptions(configs) {
if (!configs.serverKeyPath) {
configs.serverKeyPath =
configs.domainKeyPath ||
configs.privkeyPath ||
defaults.privkeyPath;
}
Object.keys(defaults).forEach(function(key) {
if (!configs[key]) {
configs[key] = defaults[key];
}
});
return configs;
}