advance to CSR

js/app.js

@@ -19,8 +19,9 @@
   }
 
   function submitForm(ev) {
-    steps[i].submit(ev);
+    var j = i;
     i += 1;
+    steps[j].submit(ev);
   }
   $qsa('.js-acme-form').forEach(function ($el) {
     $el.addEventListener('submit', function (ev) {
@@ -51,7 +52,12 @@
   };
   steps[1].submit = function () {
     info.identifiers = $qs('.js-acme-domains').value.split(/\s*,\s*/g).map(function (hostname) {
-      return { type: 'dns', value: hostname.trim() };
+      return { type: 'dns', value: hostname.toLowerCase().trim() };
+    });
+    info.identifiers.sort(function (a, b) {
+      if (a === b) { return 0; }
+      if (a < b) { return 1; }
+      if (a > b) { return -1; }
     });
 
     return BACME.directory($qs('.js-acme-directory-url').value).then(function (directory) {
@@ -59,6 +65,7 @@
       return BACME.nonce().then(function (_nonce) {
         nonce = _nonce;
 
+        console.log("MAGIC STEP NUMBER in 1 is:", i);
         steps[i]();
       });
     });
@@ -147,6 +154,7 @@
             signedOrder: signedOrder
           }).then(function (order) {
             info.finalizeUrl = order.finalize;
+            info.orderUrl = order.url; // from header Location ???
             return BACME.thumbprint({ jwk: jwk }).then(function (thumbprint) {
               return BACME.challenges.all().then(function (claims) {
                 console.log('claims:');
@@ -176,7 +184,7 @@
                     , challengeDomain: hostname
                     });
                     return BACME.challenges['dns-01']({
-                      keyAuth: keyAuth
+                      keyAuth: keyAuth.value
                     , challengeDomain: hostname
                     }).then(function (dnsAuth) {
                       var data = {
@@ -230,6 +238,7 @@
 
                   updateChallengeType();
 
+                  console.log("MAGIC STEP NUMBER in 2 is:", i);
                   steps[i]();
                 });
 
@@ -249,23 +258,44 @@
     $qs('.js-acme-form-challenges').hidden = false;
   };
   steps[3].submit = function () {
-    var chType = $qs('.js-acme-challenge-type').value;
+    // for now just show the next page immediately (its a spinner)
-    var ps = [];
+    console.log("MAGIC STEP NUMBER is:", i);
+
+    var chType;
+    Array.prototype.some.call($qsa('.js-acme-challenge-type'), function ($el) {
+      if ($el.checked) {
+        chType = $el.value;
+        return true;
+      }
+    });
+    console.log('chType is:', chType);
+    var chs = [];
 
     // do each wildcard, if any
     // do each challenge, by selected type only
     [ 'wildcard', chType].forEach(function (typ) {
       info.challenges[typ].forEach(function (ch) {
         // { jwk, challengeUrl, accountId (kid) }
-        ps.push(BACME.challenges.accept({
+        chs.push({
           jwk: info.jwk
         , challengeUrl: ch.url
         , accountId: info.kid
-        }));
+        });
       });
     });
 
-    return Promise.all(ps).then(function (results) {
+    var results = [];
+    function nextChallenge() {
+      var ch = chs.pop();
+      if (!ch) { return results; }
+      return BACME.challenges.accept(ch).then(function (result) {
+        results.push(result);
+        return nextChallenge();
+      });
+    }
+
+    steps[i]();
+    return nextChallenge().then(function (results) {
       console.log('challenge status:', results);
       var polls = results.slice(0);
       var allsWell = true;
@@ -276,7 +306,9 @@
         }).then(function () {
           return Promise.all(polls.map(function (poll) {
             return BACME.challenges.check({ challengePollUrl: poll.url });
-          })).then(function () {
+          })).then(function (polls) {
+            console.log(polls);
+
             polls = polls.filter(function (poll) {
               //return 'valid' !== poll.status && 'invalid' !== poll.status;
               if ('pending' === poll.status) {
@@ -312,7 +344,63 @@
   }
   steps[4].submit = function () {
     console.log('Congrats! Auto advancing...');
-    return BACME.order
+    var key = info.identifiers.map(function (ident) { return ident.value; }).join(',');
+    var serverJwk = JSON.parse(localStorage.getItem('server:' + key) || 'null');
+    var p;
+
+    function createKeypair() {
+      return BACME.accounts.generateKeypair({
+        type: 'ECDSA'
+      , bitlength: '256'
+      }).then(function (serverJwk) {
+        localStorage.setItem('server:' + key, JSON.stringify(serverJwk));
+        return serverJwk;
+      })
+    }
+
+    if (serverJwk) {
+      p = Promise.resolve(serverJwk);
+    } else {
+      p = createKeypair();
+    }
+
+    return p.then(function (_serverJwk) {
+      serverJwk = _serverJwk;
+      // { serverJwk, domains }
+      return BACME.orders.generateCsr({
+        serverJwk: serverJwk
+      , domains: info.identifiers.map(function (ident) {
+          return ident.value;
+        })
+      }).then(function (csrweb64) {
+        return BACME.order.finalize({
+          csr: csrweb64
+        , jwk: info.jwk
+        , finalizeUrl: info.finalizeUrl
+        , accountId: info.kid
+        });
+      }).then(function () {
+        function checkCert() {
+          return new Promise(function (resolve) {
+            setTimeout(resolve, 1000);
+          }).then(function () {
+            return BACME.order.check({ orderUrl: info.orderUrl });
+          }).then(function (reply) {
+            if ('processing' === reply) {
+              return checkCert();
+            }
+            return reply;
+          });
+        }
+
+        return checkCert();
+      }).then(function (reply) {
+        return BACME.order.receive({ certificateUrl: reply.certificate });
+      }).then(function (certs) {
+        console.log('WINNING!');
+        console.log(certs);
+      });
+    });
   };
 
   steps[5] = function () {

js/bacme.js

@@ -102,6 +102,8 @@ BACME.accounts.generateKeypair = function (opts) {
 			console.log('private jwk:');
 			console.log(JSON.stringify(privJwk, null, 2));
 
+      return privJwk;
+      /*
 			return webCrypto.subtle.exportKey(
 				"pkcs8"
 			, result.privateKey
@@ -112,6 +114,7 @@ BACME.accounts.generateKeypair = function (opts) {
         return privJwk;
         //return accountKeypair;
 			});
+      */
 		})
 	});
 };
@@ -335,6 +338,7 @@ BACME.orders.create = function (opts) {
 			finalizeUrl = result.finalize;
       BACME._logBody(result);
 
+      result.url = currentOrderUrl;
       return result;
 		});
 	});
@@ -404,9 +408,9 @@ BACME.thumbprint = function (opts) {
   var keys;
 
   if (/^EC/i.test(opts.jwk.kty)) {
-    keys = [ 'e', 'kty', 'n' ];
-  } else if (/^RS/i.test(opts.jwk.kty)) {
     keys = [ 'crv', 'kty', 'x', 'y' ];
+  } else if (/^RS/i.test(opts.jwk.kty)) {
+    keys = [ 'e', 'kty', 'n' ];
   }
 
 	var accountPublicStr = '{' + keys.map(function (key) {
@@ -416,12 +420,14 @@ BACME.thumbprint = function (opts) {
 	return window.crypto.subtle.digest(
 		{ name: "SHA-256" } // SHA-256 is spec'd, non-optional
 	, textEncoder.encode(accountPublicStr)
-	).then(function(hash){
+	).then(function (hash) {
 		thumbprint = btoa(Array.prototype.map.call(new Uint8Array(hash), function (ch) {
 			return String.fromCharCode(ch);
 		}).join('')).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
 
 		console.log('Thumbprint:');
+		console.log(opts);
+		console.log(accountPublicStr);
 		console.log(thumbprint);
 
     return thumbprint;
@@ -446,10 +452,12 @@ BACME.challenges['http-01'] = function (opts) {
 
 // { keyAuth }
 BACME.challenges['dns-01'] = function (opts) {
+  console.log('opts.keyAuth for DNS:');
+  console.log(opts.keyAuth);
 	return window.crypto.subtle.digest(
 		{ name: "SHA-256", }
 	, textEncoder.encode(opts.keyAuth)
-	).then(function(hash){
+	).then(function (hash) {
 		dnsAuth = btoa(Array.prototype.map.call(new Uint8Array(hash), function (ch) {
 			return String.fromCharCode(ch);
 		}).join('')).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
@@ -478,8 +486,7 @@ BACME.challenges.accept = function (opts) {
 		{}
 	);
 
-	nonce = null;
+  return BACME._importKey(opts.jwk).then(function (abstractKey) {
-  return BACME._import(opts.jwk).then(function (abstractKey) {
     var protected64 = BACME._jsto64(
       { nonce: nonce, alg: abstractKey.meta.alg/*'ES256'*/, url: opts.challengeUrl, kid: opts.accountId }
     );
@@ -490,6 +497,7 @@ BACME.challenges.accept = function (opts) {
     });
   }).then(function (signedAccept) {
 
+	  nonce = null;
 		return window.fetch(
 			opts.challengeUrl
 		, { mode: 'cors'
@@ -555,8 +563,11 @@ BACME.domains.generateKeypair = function () {
 	});
 };
 
-BACME.orders.generateCsr = function (keypair, domains) {
+// { serverJwk, domains }
-  return Promise.resolve(CSR.generate(keypair, domains));
+BACME.orders.generateCsr = function (opts) {
+  return BACME._importKey(opts.serverJwk).then(function (abstractKey) {
+    return Promise.resolve(CSR.generate({ keypair: abstractKey.wcKey, domains: opts.domains }));
+  });
 };
 
 var certificateUrl;
@@ -567,8 +578,7 @@ BACME.orders.finalize = function (opts) {
 		{ csr: opts.csr }
 	);
 
-	nonce = null;
+  return BACME._importKey(opts.jwk).then(function (abstractKey) {
-  return BACME._import(opts.jwk).then(function (abstractKey) {
     var protected64 = BACME._jsto64(
       { nonce: nonce, alg: abstractKey.meta.alg/*'ES256'*/, url: opts.finalizeUrl, kid: opts.accountId }
     );
@@ -579,8 +589,9 @@ BACME.orders.finalize = function (opts) {
     });
   }).then(function (signedFinal) {
 
+	  nonce = null;
 		return window.fetch(
-			finalizeUrl
+			opts.finalizeUrl
 		, { mode: 'cors'
 			, method: 'POST'
 			, headers: { 'Content-Type': 'application/jose+json' }
@@ -600,4 +611,39 @@ BACME.orders.finalize = function (opts) {
 	});
 };
 
+BACME.orders.receive = function (opts) {
+  return window.fetch(
+    opts.certificateUrl
+  , { mode: 'cors'
+    , method: 'GET'
+    }
+  ).then(function (resp) {
+    BACME._logHeaders(resp);
+    nonce = resp.headers.get('replay-nonce');
+
+    return resp.json().then(function (reply) {
+      BACME._logBody(reply);
+
+      return reply;
+    });
+  });
+};
+
+BACME.orders.check = function (opts) {
+  return window.fetch(
+    opts.orderUrl
+  , { mode: 'cors'
+    , method: 'GET'
+    }
+  ).then(function (resp) {
+    BACME._logHeaders(resp);
+
+    return resp.json().then(function (reply) {
+      BACME._logBody(reply);
+
+      return reply;
+    });
+  });
+};
+
 }(window));