querysub 0.490.0 → 0.491.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import acme from "acme-client";
|
|
2
|
-
import
|
|
2
|
+
import crypto from "crypto";
|
|
3
|
+
import { parseCert } from "sliftutils/misc/https/certs";
|
|
3
4
|
import { cache, lazy } from "socket-function/src/caching";
|
|
4
5
|
import { hasDNSWritePermissions, setRecord } from "../-b-authorities/dnsAuthority";
|
|
5
6
|
import { magenta } from "socket-function/src/formatting/logColors";
|
|
@@ -13,6 +14,8 @@ import { timeInMinute } from "socket-function/src/misc";
|
|
|
13
14
|
const archives = lazy(() => getArchives(`https_certs_3/`));
|
|
14
15
|
// Expire EXPIRATION_THRESHOLD% of the way through the certificate's lifetime
|
|
15
16
|
const EXPIRATION_THRESHOLD = 0.4;
|
|
17
|
+
// Let's Encrypt only accepts RSA or ECDSA account keys (not Ed25519, which is all sliftutils/certs generates).
|
|
18
|
+
const ACCOUNT_KEY_MODULUS_BITS = 2048;
|
|
16
19
|
|
|
17
20
|
export const getHTTPSKeyCert = cache(async (domain: string): Promise<{ key: string; cert: string }> => {
|
|
18
21
|
if (!await hasDNSWritePermissions()) {
|
|
@@ -112,13 +115,20 @@ let getAccountKey: () => string = lazy(() => {
|
|
|
112
115
|
let keyCache = accountKeyCache.value;
|
|
113
116
|
if (!keyCache) {
|
|
114
117
|
console.log(`Generating new letsencrypt account key`);
|
|
115
|
-
|
|
116
|
-
keyCache = { key: privateKeyToPem(keyPair.privateKey) };
|
|
118
|
+
keyCache = { key: generateRSAPrivateKeyPem() };
|
|
117
119
|
accountKeyCache.value = keyCache;
|
|
118
120
|
}
|
|
119
121
|
return keyCache.key;
|
|
120
122
|
});
|
|
121
123
|
|
|
124
|
+
function generateRSAPrivateKeyPem(): string {
|
|
125
|
+
return crypto.generateKeyPairSync("rsa", {
|
|
126
|
+
modulusLength: ACCOUNT_KEY_MODULUS_BITS,
|
|
127
|
+
publicKeyEncoding: { type: "spki", format: "pem" },
|
|
128
|
+
privateKeyEncoding: { type: "pkcs8", format: "pem" },
|
|
129
|
+
}).privateKey;
|
|
130
|
+
}
|
|
131
|
+
|
|
122
132
|
async function generateCert(config: {
|
|
123
133
|
accountKey: string;
|
|
124
134
|
domain: string;
|
|
@@ -906,7 +906,7 @@ export class Querysub {
|
|
|
906
906
|
globalThis.remapImportRequestsClientside = globalThis.remapImportRequestsClientside || [];
|
|
907
907
|
globalThis.remapImportRequestsClientside.push(async (args) => {
|
|
908
908
|
try {
|
|
909
|
-
let key: typeof identityStorageKey = "
|
|
909
|
+
let key: typeof identityStorageKey = "machineCA_14";
|
|
910
910
|
let storageValueJSON = localStorage.getItem(key);
|
|
911
911
|
if (!storageValueJSON) return args;
|
|
912
912
|
let storageValue = JSON.parse(storageValueJSON) as IdentityStorageType;
|
package/tsconfig.json
CHANGED
|
@@ -18,10 +18,23 @@
|
|
|
18
18
|
"types": [
|
|
19
19
|
"node",
|
|
20
20
|
],
|
|
21
|
+
"paths": {
|
|
22
|
+
"socket-function": [
|
|
23
|
+
"./node_modules/socket-function"
|
|
24
|
+
],
|
|
25
|
+
"socket-function/*": [
|
|
26
|
+
"./node_modules/socket-function/*"
|
|
27
|
+
]
|
|
28
|
+
},
|
|
21
29
|
"experimentalDecorators": true,
|
|
22
30
|
"emitDecoratorMetadata": false,
|
|
23
31
|
"skipLibCheck": true,
|
|
24
32
|
"inlineSourceMap": true,
|
|
25
33
|
"inlineSources": true,
|
|
26
|
-
}
|
|
34
|
+
},
|
|
35
|
+
"exclude": [
|
|
36
|
+
"node_modules",
|
|
37
|
+
"database-storage",
|
|
38
|
+
"sliftutils"
|
|
39
|
+
]
|
|
27
40
|
}
|