Keystore = require('../model/keystore').Keystore
Certificate = require('../model/keystore').Certificate
Q = require 'q'
logger = require 'winston'
utils = require "../utils"
pem = require "pem"
authorisation = require './authorisation'
readCertificateInfo = Q.denodeify pem.readCertificateInfo
getFingerprint = Q.denodeify pem.getFingerprint
exports.generateCert = ->
# Must be admin
if authorisation.inGroup('admin', this.authenticated) is false
utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to getServerKey by id denied.", 'info'
return
options = this.request.body
if options.type is 'server'
logger.info 'Generating server cert'
result = yield generateServerCert options
else
logger.info 'Generating client cert'
result = yield generateClientCert options
this.status = 201
this.body = result
generateClientCert = (options) ->
keystoreDoc = yield Keystore.findOne().exec()
# Set additional options
options.selfSigned = true
# Attempt to create the certificate
try
this.body = yield createCertificate options
certInfo = yield extractCertMetadata this.body.certificate
keystoreDoc.ca.push certInfo
yield Q.ninvoke keystoreDoc, 'save'
#Add the new certficate to the keystore
this.status = 201
logger.info 'Client certificate created'
catch err
utils.logAndSetResponse this, 'internal server error', "Could not create a client cert via the API: #{err}", 'error'
this.body
generateServerCert = (options) ->
keystoreDoc = yield Keystore.findOne().exec()
options.selfSigned = true
try
this.body = yield createCertificate options
keystoreDoc.cert = yield extractCertMetadata this.body.certificate
keystoreDoc.key = this.body.key
yield Q.ninvoke keystoreDoc, 'save'
#Add the new certficate to the keystore
this.status = 201
logger.info 'Server certificate created'
catch err
utils.logAndSetResponse this, 'internal server error', "Could not create a client cert via the API: #{err}", 'error'
this.body
createCertificate = (options) ->
deferred = Q.defer()
pem.createCertificate options, (err, cert) ->
if (err)
response =
err : err
deferred.resolve response
else
response =
certificate : cert.certificate
key : cert.clientKey
deferred.resolve response
return deferred.promise
extractCertMetadata = (cert) ->
certInfo = yield readCertificateInfo cert
fingerprint = yield getFingerprint cert
certInfo.data = this.body.certificate
certInfo.fingerprint = fingerprint.fingerprint
return certInfo
getRandomInt = (min, max) ->
Math.floor(Math.random() * (max - min + 1)) + min
|