-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathserver.js
170 lines (136 loc) · 5.64 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
'use strict';
/*
* NodePKI
* ... a NodeJS-based OpenSSL PKI management server.
* Originally developed by Thomas Leister for ADITO GmbH.
* NodePKI is published under MIT License.
*
* NodePKI startup file
* Loads config, prepares CertDB database, starts OCSP server, initializes and starts HTTP server and API.
*/
const fs = require('fs-extra');
const yaml = require('js-yaml');
global.config = yaml.safeLoad(fs.readFileSync('config/server.yml', 'utf8'));
const log = require('debug')('pki:server');
const https = require('https');
const express = require('express');
const commandExists = require('command-exists').sync;
const bodyparser = require('body-parser');
const suspend = require('suspend');
const path = require('path');
const api = require('./api.js');
const auth = require('./api/components/auth.js');
const authority = require('./api/components/authority.js');
const fileTree = require('./api/utils/fileTree.js');
let issuerPath;
const publicApp = express();
const app = express();
/***************
* Start server *
***************/
log("NodePKI is starting up ...");
log('\n' + require('figlet').textSync('MFT PKI', {}));
/*
* Check if the openssl command is available
*/
if (commandExists('openssl') === false) {
log("openssl command is not available. Please install openssl.");
process.exit();
}
/*
* Check if there is a PKI directory with all the OpenSSL contents.
*/
fs.ensureDir(global.config.pkidir);
let mandatoryMutual = true;
if (global.config.server.secure.mutualAuth === false) {
mandatoryMutual = false;
}
suspend.run(function*() {
log('Generate PKI');
const result = yield* require('./genpki').start();
issuerPath = path.join(global.config.pkidir, global.config.users.issuer.root, path.sep);
issuerPath = yield* fileTree.path(issuerPath, global.config.users.issuer.name);
return result;
}, function(err, hasCreated) {
if (err) {
log("PKI creation failed with error", err);
process.exit();
} else {
log("PKI created", hasCreated);
// Make sure DB file exists ...
fs.ensureFileSync(auth.DB_FILE_PATH);
/*
* Start Public and Secured server
*/
const PATH_TO_CHAIN_CLIENT = path.join(issuerPath, 'ca-chain-' + global.config.users.issuer.name + '.cert.pem');
const PATH_TO_CERT = path.join(global.config.pkidir, global.config.certificates.api.directory, global.config.certificates.api.name + '.cert.pem');
const PATH_TO_KEY = path.join(global.config.pkidir, global.config.certificates.api.directory, global.config.certificates.api.name + '.key.pem');
const options = {
ca: [fs.readFileSync(PATH_TO_CHAIN_CLIENT)],
cert: fs.readFileSync(PATH_TO_CERT),
key: fs.readFileSync(PATH_TO_KEY),
passphrase: global.config.certificates.api.passphrase,
requestCert: true,
rejectUnauthorized: mandatoryMutual
};
const publicOpts = {
cert: fs.readFileSync(PATH_TO_CERT),
key: fs.readFileSync(PATH_TO_KEY),
passphrase: global.config.certificates.api.passphrase,
requestCert: false
};
log(">>>>>> API CERT " + PATH_TO_CERT);
log(">>>>>> API KEY " + PATH_TO_KEY);
app.use(bodyparser.json()); // JSON body parser for /api/ paths
const server = https.createServer(options, app);
server.listen(global.config.server.secure.listen.port, global.config.server.secure.listen.ip, function() {
const host = server.address().address;
const port = server.address().port;
log(">>>>>> HTTPS API server is listening on " + host + ":" + port + " <<<<<<");
log("Registering API endpoints");
app.get('/ping', function(req, res) {
const certif = req.socket.getPeerCertificate().subject;
res.send('hello ' + JSON.stringify(certif));
});
api.initAPI(app);
publicApp.use(express.static(global.config.pkidir + 'public')); // Static dir.
publicApp.use(bodyparser.json()); // JSON body parser for public paths
publicApp.get('/ping', function(req, res) {
res.send('hello public API');
});
const publicS = https.createServer(publicOpts, publicApp);
publicS.listen(global.config.server.public.listen.port, global.config.server.public.listen.ip, function() {
const host = publicS.address().address;
const port = publicS.address().port;
log(">>>>>> HTTPS Public server is listening on " + host + ":" + port + " <<<<<<");
log("Public directory is " + global.config.pkidir + "public/ avalaible at https://" + global.config.server.crl.domain + ":" + port + "/");
api.initPublicAPI(publicApp);
});
updateCrl();
const crlInter = setInterval(updateCrl, 24 * 60 * 60 * 1000);
/*********************************
* Server stop routine and events *
*********************************/
const stopServer = function() {
log("Received termination signal.");
log("Bye!");
clearInterval(crlInter);
process.exit();
};
process.on('SIGINT', stopServer);
process.on('SIGHUP', stopServer);
process.on('SIGQUIT', stopServer);
});
}
});
function updateCrl() {
suspend.run(function*() {
return yield* authority.crl();
}, function(err, result) {
log("updateCrl", err, result);
});
}
// Export app constiable
module.exports = {
app
};