UNPKG

openhim-core

Version:

The OpenHIM core application that provides logging and routing of http requests

openhim.org

jembi/openhim-core-js

90 lines (74 loc) 2.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
Keystore = require('../model/keystore').Keystore Certificate = require('../model/keystore').Certificate Q = require 'q' logger = require 'winston' utils = require "../utils" pem = require "pem" authorisation = require './authorisation' readCertificateInfo = Q.denodeify pem.readCertificateInfo getFingerprint = Q.denodeify pem.getFingerprint exports.generateCert = -> # Must be admin if authorisation.inGroup('admin', this.authenticated) is false utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to getServerKey by id denied.", 'info' return options = this.request.body if options.type is 'server' logger.info 'Generating server cert' result = yield generateServerCert options else logger.info 'Generating client cert' result = yield generateClientCert options this.status = 201 this.body = result generateClientCert = (options) -> keystoreDoc = yield Keystore.findOne().exec() # Set additional options options.selfSigned = true # Attempt to create the certificate try this.body = yield createCertificate options certInfo = yield extractCertMetadata this.body.certificate keystoreDoc.ca.push certInfo yield Q.ninvoke keystoreDoc, 'save' #Add the new certficate to the keystore this.status = 201 logger.info 'Client certificate created' catch err utils.logAndSetResponse this, 'internal server error', "Could not create a client cert via the API: #{err}", 'error' this.body generateServerCert = (options) -> keystoreDoc = yield Keystore.findOne().exec() options.selfSigned = true try this.body = yield createCertificate options keystoreDoc.cert = yield extractCertMetadata this.body.certificate keystoreDoc.key = this.body.key yield Q.ninvoke keystoreDoc, 'save' #Add the new certficate to the keystore this.status = 201 logger.info 'Server certificate created' catch err utils.logAndSetResponse this, 'internal server error', "Could not create a client cert via the API: #{err}", 'error' this.body createCertificate = (options) -> deferred = Q.defer() pem.createCertificate options, (err, cert) -> if (err) response = err : err deferred.resolve response else response = certificate : cert.certificate key : cert.clientKey deferred.resolve response return deferred.promise extractCertMetadata = (cert) -> certInfo = yield readCertificateInfo cert fingerprint = yield getFingerprint cert certInfo.data = this.body.certificate certInfo.fingerprint = fingerprint.fingerprint return certInfo getRandomInt = (min, max) -> Math.floor(Math.random() * (max - min + 1)) + min