s/privateKeyPem/accountKeyPem

2015-12-09 19:23:19 -08:00
parent 6109da531d
commit c510952c88
1 changed files with 31 additions and 31 deletions
@@ -73,13 +73,13 @@ function b64(str) {
   return urlBase64Encode(buf.toString('base64'));
 }

-function sendSignedRequest(url, privateKeyPem, payload, callback) {
+function sendSignedRequest(url, accountKeyPem, payload, callback) {
    assert.strictEqual(typeof url, 'string');
-    assert(util.isBuffer(privateKeyPem));
+    assert(util.isBuffer(accountKeyPem));
    assert.strictEqual(typeof payload, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var privateKey = ursa.createPrivateKey(privateKeyPem);
+    var privateKey = ursa.createPrivateKey(accountKeyPem);

    var header = {
        alg: 'RS256',
@@ -118,8 +118,8 @@ function sendSignedRequest(url, privateKeyPem, payload, callback) {
    });
 }

-function registerUser(privateKeyPem, email, callback) {
-    assert(util.isBuffer(privateKeyPem));
+function registerUser(accountKeyPem, email, callback) {
+    assert(util.isBuffer(accountKeyPem));
    assert.strictEqual(typeof email, 'string');
    assert.strictEqual(typeof callback, 'function');

@@ -131,7 +131,7 @@ function registerUser(privateKeyPem, email, callback) {

    debug('registerUser: %s', email);

-    sendSignedRequest(CA_STAGING + '/acme/new-reg', privateKeyPem, JSON.stringify(payload), function (error, result) {
+    sendSignedRequest(CA_STAGING + '/acme/new-reg', accountKeyPem, JSON.stringify(payload), function (error, result) {
        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when registering user: ' + error.message));
        if (result.statusCode === 409) return callback(new AcmeError(AcmeError.ALREADY_EXISTS, result.body.detail));
        if (result.statusCode !== 201) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to register user. Expecting 201, got %s %s', result.statusCode, result.text)));
@@ -142,8 +142,8 @@ function registerUser(privateKeyPem, email, callback) {
    });
 }

-function registerDomain(privateKeyPem, domain, callback) {
-    assert(util.isBuffer(privateKeyPem));
+function registerDomain(accountKeyPem, domain, callback) {
+    assert(util.isBuffer(accountKeyPem));
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof callback, 'function');

@@ -157,7 +157,7 @@ function registerDomain(privateKeyPem, domain, callback) {

    debug('registerDomain: %s', domain);

-    sendSignedRequest(CA_STAGING + '/acme/new-authz', privateKeyPem, JSON.stringify(payload), function (error, result) {
+    sendSignedRequest(CA_STAGING + '/acme/new-authz', accountKeyPem, JSON.stringify(payload), function (error, result) {
        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when registering domain: ' + error.message));
        if (result.statusCode === 403) return callback(new AcmeError(AcmeError.FORBIDDEN, result.body.detail));
        if (result.statusCode !== 201) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to register user. Expecting 201, got %s %s', result.statusCode, result.text)));
@@ -168,8 +168,8 @@ function registerDomain(privateKeyPem, domain, callback) {
    });
 }

-function prepareHttpChallenge(privateKeyPem, challenge, callback) {
-    assert(util.isBuffer(privateKeyPem));
+function prepareHttpChallenge(accountKeyPem, challenge, callback) {
+    assert(util.isBuffer(accountKeyPem));
    assert.strictEqual(typeof challenge, 'object');
    assert.strictEqual(typeof callback, 'function');

@@ -177,7 +177,7 @@ function prepareHttpChallenge(privateKeyPem, challenge, callback) {

    var token = challenge.token;

-    var privateKey = ursa.createPrivateKey(privateKeyPem);
+    var privateKey = ursa.createPrivateKey(accountKeyPem);

    var jwk = {
        e: b64(privateKey.getExponent()),
@@ -199,8 +199,8 @@ function prepareHttpChallenge(privateKeyPem, challenge, callback) {
    });
 }

-function notifyChallengeReady(privateKeyPem, challenge, callback) {
-    assert(util.isBuffer(privateKeyPem));
+function notifyChallengeReady(accountKeyPem, challenge, callback) {
+    assert(util.isBuffer(accountKeyPem));
    assert.strictEqual(typeof challenge, 'object');
    assert.strictEqual(typeof callback, 'function');

@@ -213,7 +213,7 @@ function notifyChallengeReady(privateKeyPem, challenge, callback) {
        keyAuthorization: keyAuthorization
    };

-    sendSignedRequest(challenge.uri, privateKeyPem, JSON.stringify(payload), function (error, result) {
+    sendSignedRequest(challenge.uri, accountKeyPem, JSON.stringify(payload), function (error, result) {
        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when notifying challenge: ' + error.message));
        if (result.statusCode !== 202) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to notify challenge. Expecting 202, got %s %s', result.statusCode, result.text)));

@@ -250,8 +250,8 @@ function waitForChallenge(challenge, callback) {
 }

 // https://community.letsencrypt.org/t/public-beta-rate-limits/4772 for rate limits
-function signCertificate(privateKeyPem, certificateDer, callback) {
-    assert(util.isBuffer(privateKeyPem));
+function signCertificate(accountKeyPem, certificateDer, callback) {
+    assert(util.isBuffer(accountKeyPem));
    assert(util.isBuffer(certificateDer));
    assert.strictEqual(typeof callback, 'function');

@@ -262,7 +262,7 @@ function signCertificate(privateKeyPem, certificateDer, callback) {

    debug('signCertificate: signing %s', payload.csr);

-    sendSignedRequest(CA_STAGING + '/acme/new-cert', privateKeyPem, JSON.stringify(payload), function (error, result) {
+    sendSignedRequest(CA_STAGING + '/acme/new-cert', accountKeyPem, JSON.stringify(payload), function (error, result) {
        if (error) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'Network error when signing certificate: ' + error.message));
        if (result.statusCode !== 201) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, util.format('Failed to sign certificate. Expecting 201, got %s %s', result.statusCode, result.text)));

@@ -273,16 +273,16 @@ function signCertificate(privateKeyPem, certificateDer, callback) {
    });
 }

-function acmeFlow(domain, email, privateKeyPem, callback) {
+function acmeFlow(domain, email, accountKeyPem, callback) {
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof email, 'string');
-    assert(util.isBuffer(privateKeyPem));
+    assert(util.isBuffer(accountKeyPem));
    assert.strictEqual(typeof callback, 'function');

-    registerUser(privateKeyPem, email, function (error) {
+    registerUser(accountKeyPem, email, function (error) {
        if (error && error.reason !== AcmeError.ALREADY_EXISTS) return callback(error);

-        registerDomain(privateKeyPem, domain, function (error, result) {
+        registerDomain(accountKeyPem, domain, function (error, result) {
            if (error) return callback(error);

            debug('getCertificate: challenges: %j', result);
@@ -291,10 +291,10 @@ function acmeFlow(domain, email, privateKeyPem, callback) {
            if (httpChallenges.length === 0) return callback(new AcmeError(AcmeError.EXTERNAL_ERROR, 'no http challenges'));
            var challenge = httpChallenges[0];

-            prepareHttpChallenge(privateKeyPem, challenge, function (error) {
+            prepareHttpChallenge(accountKeyPem, challenge, function (error) {
                if (error) return callback(error);

-                notifyChallengeReady(privateKeyPem, challenge, function (error) {
+                notifyChallengeReady(accountKeyPem, challenge, function (error) {
                    if (error) return callback(error);

                    waitForChallenge(challenge, function (error) {
@@ -306,7 +306,7 @@ function acmeFlow(domain, email, privateKeyPem, callback) {
                        var certificateDer = safe.execSync(util.format('openssl req -nodes -outform DER -subj /CN=%s', domain), { stdio: [ serverKey, null, null ] });
                        if (!certificateDer) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));

-                        signCertificate(privateKeyPem, certificateDer, function (error, certificateDer) {
+                        signCertificate(accountKeyPem, certificateDer, function (error, certificateDer) {
                            if (error) return callback(error);

                            var certificatePem = safe.execSync('openssl x509 -inform DER -outform PEM', { stdio: [ certificateDer, null, null ] });
@@ -323,19 +323,19 @@ function acmeFlow(domain, email, privateKeyPem, callback) {

 function getCertificate(domain, callback) {
    var email = 'admin@' + config.fqdn();
-    var privateKeyPem;
+    var accountKeyPem;

    if (!fs.existsSync(paths.ACME_ACCOUNT_KEY_FILE)) {
        debug('getCertificate: generating acme account key on first run');
-        privateKeyPem = safe.execSync('openssl genrsa 4096');
-        if (!privateKeyPem) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));
+        accountKeyPem = safe.execSync('openssl genrsa 4096');
+        if (!accountKeyPem) return callback(new AcmeError(AcmeError.INTERNAL_ERROR, safe.error));

-        safe.fs.writeFileSync(paths.ACME_ACCOUNT_KEY_FILE, privateKeyPem);
+        safe.fs.writeFileSync(paths.ACME_ACCOUNT_KEY_FILE, accountKeyPem);
    } else {
-        privateKeyPem = fs.readFileSync(paths.ACME_ACCOUNT_KEY_FILE);
+        accountKeyPem = fs.readFileSync(paths.ACME_ACCOUNT_KEY_FILE);
    }

-    acmeFlow(domain, email, privateKeyPem, callback);
+    acmeFlow(domain, email, accountKeyPem, callback);
 }

 getCertificate('foobar.girish.in', function (error, key, cert) {