All files / src/api certificateAuthority.coffee

29.41% Statements 15/51
100% Branches 0/0
0% Functions 0/7
29.41% Lines 15/51
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 901x 1x 1x 1x 1x 1x 1x   1x 1x   1x                               1x                                     1x                               1x                             1x             1x          
Keystore = require('../model/keystore').Keystore
Certificate = require('../model/keystore').Certificate
Q = require 'q'
logger = require 'winston'
utils = require "../utils"
pem = require "pem"
authorisation = require './authorisation'
 
readCertificateInfo = Q.denodeify pem.readCertificateInfo
getFingerprint = Q.denodeify pem.getFingerprint
 
exports.generateCert = ->
  # Must be admin
  if authorisation.inGroup('admin', this.authenticated) is false
    utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to getServerKey by id denied.", 'info'
    return
 
  options = this.request.body
  if options.type is 'server'
    logger.info 'Generating server cert'
    result = yield generateServerCert options
  else
    logger.info 'Generating client cert'
    result = yield generateClientCert options
  this.status = 201
  this.body = result
 
generateClientCert = (options) ->
  keystoreDoc = yield Keystore.findOne().exec()
 
  # Set additional options
  options.selfSigned = true
 
  # Attempt to create the certificate
  try
    this.body = yield createCertificate options
    certInfo = yield extractCertMetadata this.body.certificate
    keystoreDoc.ca.push certInfo
    yield Q.ninvoke keystoreDoc, 'save'
    #Add the new certficate to the keystore
    this.status = 201
    logger.info 'Client certificate created'
  catch err
    utils.logAndSetResponse this, 'internal server error', "Could not create a client cert via the API: #{err}", 'error'
  this.body
 
generateServerCert = (options) ->
  keystoreDoc = yield Keystore.findOne().exec()
  options.selfSigned = true
  try
    this.body = yield createCertificate options
    keystoreDoc.cert = yield extractCertMetadata this.body.certificate
    keystoreDoc.key = this.body.key
    yield Q.ninvoke keystoreDoc, 'save'
    #Add the new certficate to the keystore
    this.status = 201
    logger.info 'Server certificate created'
 
  catch err
    utils.logAndSetResponse this, 'internal server error', "Could not create a client cert via the API: #{err}", 'error'
  this.body
 
createCertificate = (options) ->
  deferred = Q.defer()
  pem.createCertificate options, (err, cert) ->
    if (err)
      response =
        err : err
      deferred.resolve response
    else
      response =
        certificate : cert.certificate
        key : cert.clientKey
      deferred.resolve response
 
  return deferred.promise
 
extractCertMetadata = (cert) ->
  certInfo = yield readCertificateInfo cert
  fingerprint = yield getFingerprint cert
  certInfo.data = this.body.certificate
  certInfo.fingerprint = fingerprint.fingerprint
  return certInfo
 
getRandomInt = (min, max) ->
  Math.floor(Math.random() * (max - min + 1)) + min