add missing node-v6-compat

* Test multiple zone records (@, foo, *.foo)
* Use random _acme-challenge-xxxx

.prettierrc

@@ -0,0 +1,8 @@
+{
+  "bracketSpacing": true,
+  "printWidth": 80,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "none",
+  "useTabs": false
+}

LICENSE

@@ -0,0 +1,375 @@
+Copyright 2019 AJ ONeal
+
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.

README.md

@@ -1,92 +1,70 @@
-# [greenlock-challenge-test](https://git.coolaj86.com/coolaj86/greenlock-challenge-test.js.git)
+# [acme-challenge-test](https://git.rootprojects.org/root/acme-challenge-test.js.git) | a [Root](https://rootprojects.org) project
 
-| A [Root](https://rootprojects.org) Project |
+Test harness for ACME http-01 and dns-01 challenges for Let's Encrypt Free SSL integration.
 
-The test harness you should use when writing an ACME challenge strategy
+This was specificially designed for [ACME.js](https://git.coolaj86.com/coolaj86/acme-v2.js) and [Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock-express.js), but will be generically useful to any ACME module.
-for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js) v2.7+ (and v3).
 
-All implementations MUST pass these tests, which is a very easy thing to do (just `set()`, `get()`, and `remove()`).
+> If you are building a plugin, please let us know.
+> We may like to co-author and help maintain and promote your module.
 
-The tests account for single-domain certificates (`example.com`) as well as multiple domain certs (SAN / AltName),
+This package has been split in two for the purpose of keeping the documentation clear and concise.
-wildcards (`*.example.com`), and valid private / localhost certificates. As someone creating a challenge strategy
-that's not something you have to take special consideration for - just pass the tests.
 
-## Install
+## ACME http-01
 
-```bash
+Use this for quick-and-easy, average-joe kind of stuff.
-npm install --save-dev greenlock-challenge-test@3.x
-```
 
-## Usage
+- See <https://git.rootprojects.org/root/acme-http-01-test.js>
+
+## ACME dns-01
+
+Use this for wildcards, and private and local domains.
+
+- See <https://git.rootprojects.org/root/acme-dns-01-test.js>
+
+## Reference Implementations
+
+These are plugins that use the v2.7+ (v3) API, and pass this test harness,
+which you should use as a model for any plugins that you create.
+
+- http-01
+  - [`acme-http-01-cli`](https://git.rootprojects.org/root/acme-http-01-cli.js)
+  - [`acme-http-01-fs`](https://git.rootprojects.org/root/acme-http-01-fs.js)
+- dns-01
+  - [`acme-dns-01-cli`](https://git.rootprojects.org/root/acme-dns-01-cli.js)
+  - [`acme-dns-01-digitalocean`](https://git.rootprojects.org/root/acme-dns-01-digitalocean.js)
+
+You can find other implementations by searching npm for [acme-http-01-](https://www.npmjs.com/search?q=acme-http-01-)
+and [acme-dns-01-](https://www.npmjs.com/search?q=acme-dns-01-).
+
+## Starter Template
+
+Just so you have an idea, this is typically how you'd start passing the tests:
 
 ```js
-var tester = require('greenlock-challenge-test');
+var tester = require('acme-challenge-test');
-
-//var challenger = require('greenlock-challenge-http').create({});
-//var challenger = require('greenlock-challenge-dns').create({});
-var challenger = require('./YOUR-CHALLENGE-STRATEGY').create({});
 
 // The dry-run tests can pass on, literally, 'example.com'
 // but the integration tests require that you have control over the domain
 var domain = 'example.com';
 
-tester.test('http-01', domain, challenger).then(function () {
+tester
-  console.info("PASS");
+  .testRecord('http-01', domain, {
-});
+    set: function(opts) {
+      console.log('set opts:', opts);
+      throw new Error('set not implemented');
+    },
+
+    remove: function(opts) {
+      console.log('remove opts:', opts);
+      throw new Error('remove not implemented');
+    },
+
+    get: function(opts) {
+      console.log('get opts:', opts);
+      throw new Error('get not implemented');
+    }
+  })
+  .then(function() {
+    console.info('PASS');
+  });
 ```
-
-## Overview
-
-```js
-tester.test('http-01', 'example.com', {
-  set: function (opts) {
-    var ch = opts.challenge;
-    // { type: 'http-01' // or 'dns-01'
-    // , identifier: { type: 'dns', value: 'example.com' }
-    // , wildcard: false
-    // , token: 'xxxx'
-    // , keyAuthorization: 'xxxx.yyyy'
-    // , dnsHost: '_acme-challenge.example.com'
-    // , dnsAuthorization: 'zzzz' }
-
-    return API.set(...);
-  }
-, get: function (query) {
-    var ch = query.challenge;
-    // { type: 'http-01' // or 'dns-01', 'tls-alpn-01', etc
-    // , identifier: { type: 'dns', value: 'example.com' }
-    //   // http-01 only
-    // , token: 'xxxx'
-    // , url: '...' // for testing and debugging
-    //   // dns-01 only, for testing / dubgging
-    // , altname: '...'
-    // , dnsHost: '...'
-    // , wildcard: false }
-    // Note: query.identifier.value is different for http-01 than for dns-01
-
-    return API.get(...).then(function (secret) {
-      // http-01
-      return { keyAuthorization: secret };
-      // dns-01
-      //return { dnsAuthorization: secret };
-    });
-  }
-, remove: function (opts) {
-    var ch = opts.challenge;
-    // same options as in `set()` (which are not the same as `get()`
-
-    return API.remove(...);
-  }
-}).then(function () {
-  console.info("PASS");
-});
-```
-
-Note: The `API.get()`, `API.set()`, and `API.remove()` is where you do your magic up to upload a file to the correct
-location on an http serever, set DNS records, or add the appropriate data to the database that handles such things.
-
-## Example
-
-See `example.js` (it works).
-
-Will post reference implementations here later...

example.js

@@ -1,24 +1,26 @@
 'use strict';
 
-//var tester = require('greenlock-challenge-test');
+//var tester = require('acme-challenge-test');
 var tester = require('./');
 
-var type = 'http-01';
+//var type = 'http-01';
-var challenger = require('greenlock-challenge-http').create({});
+//var challenger = require('acme-http-01-cli').create({});
-//var type = 'dns-01';
+var type = 'dns-01';
-//var challenger = require('greenlock-challenge-dns').create({});
+var challenger = require('acme-dns-01-cli').create({});
 //var challenger = require('./YOUR-CHALLENGE-STRATEGY').create({});
 //var type = 'YOUR-TYPE-01';
 
 // The dry-run tests can pass on, literally, 'example.com'
 // but the integration tests require that you have control over the domain
-var domain = 'example.com';
+var zone = 'example.com';
-//var domain = '*.example.com';
 
-tester.test(type, domain, challenger).then(function () {
+tester
-  console.info("PASS");
+  .test(type, zone, challenger)
-}).catch(function (err) {
+  .then(function() {
-  console.error("FAIL");
+    console.info('ALL PASSED');
-  console.error(err);
+  })
-  process.exit(20);
+  .catch(function(err) {
-});
+    console.error('FAIL');
+    console.error(err);
+    process.exit(20);
+  });

index.js

@@ -1,23 +1,47 @@
 'use strict';
 /*global Promise*/
-var crypto = require('crypto');
 
-module.exports.create = function () {
+if (process.version.match(/^v(\d+)/)[1] > 6) {
-  throw new Error("greenlock-challenge-test is a test fixture for greenlock-challenge-* plugins, not a plugin itself");
+  console.warn();
+  console.warn('#########################');
+  console.warn('# Node v6 Compatibility #');
+  console.warn('#########################');
+  console.warn();
+  console.warn("You're using node " + process.version);
+  console.warn(
+    'Please write node-v6 compatible JavaScript (not Babel/ECMAScript) and test with node v6.'
+  );
+  console.warn();
+  console.warn(
+    '(ACME.js and Greenlock.js are widely deployed in enterprise node v6 environments. The few node v6 bugs in Buffer and Promise are hotfixed by ACME.js in just a few lines of code)'
+  );
+  console.warn();
+}
+require('./lib/node-v6-compat.js');
+
+// Load _after_ node v6 compat
+var crypto = require('crypto');
+var promisify = require('util').promisify;
+var request = require('@root/request');
+request = promisify(request);
+
+module.exports.create = function() {
+  throw new Error(
+    'acme-challenge-test is a test fixture for acme-challenge-* plugins, not a plugin itself'
+  );
 };
 
 // ignore all of this, it's just to normalize Promise vs node-style callback thunk vs synchronous
 function promiseCheckAndCatch(obj, name) {
-  var promisify = require('util').promisify;
   // don't loose this-ness, just in case that's important
   var fn = obj[name].bind(obj);
   var promiser;
 
   // function signature must match, or an error will be thrown
-  if (1 === fn.length) {
+  if (fn.length <= 1) {
     // wrap so that synchronous errors are caught (alsa handles synchronous results)
-    promiser = function (opts) {
+    promiser = function(opts) {
-      return Promise.resolve().then(function () {
+      return Promise.resolve().then(function() {
         return fn(opts);
       });
     };
@@ -25,51 +49,149 @@ function promiseCheckAndCatch(obj, name) {
     // wrap as a promise
     promiser = promisify(fn);
   } else {
-    return Promise.reject(new Error("'challenge." + name + "' should accept either one argument, the options,"
+    throw new Error(
-      + " and return a Promise or accept two arguments, the options and a node-style callback thunk"));
+      "'challenge." +
+        name +
+        "' should accept either one argument, the options," +
+        ' and return a Promise or accept two arguments, the options and a node-style callback thunk'
+    );
   }
 
-  function shouldntBeNull(result) {
+  function shouldntBeUndefined(result) {
     if ('undefined' === typeof result) {
-      throw new Error("'challenge.'" + name + "' should never return `undefined`. Please explicitly return null"
+      throw new Error(
-        + " (or fix the place where a value should have been returned but wasn't).");
+        "'challenge.'" +
+          name +
+          "' should never return `undefined`. Please explicitly `return null`" +
+          " (or fix the place where a value should have been returned but wasn't)."
+      );
     }
     return result;
   }
 
-  return function (opts) {
+  return function(opts) {
-    return promiser(opts).then(shouldntBeNull);
+    return promiser(opts).then(shouldntBeUndefined);
   };
 }
 
+function mapAsync(els, doer) {
+  els = els.slice(0);
+  var results = [];
+  function next() {
+    var el = els.shift();
+    if (!el) {
+      return results;
+    }
+    return doer(el).then(function(result) {
+      results.push(result);
+      return next();
+    });
+  }
+  return next();
+}
+
+function newZoneRegExp(zonename) {
+  // (^|\.)example\.com$
+  // which matches:
+  //  foo.example.com
+  //  example.com
+  // but not:
+  //  fooexample.com
+  return new RegExp('(^|\\.)' + zonename.replace(/\./g, '\\.') + '$');
+}
+
+function pluckZone(zones, dnsHost) {
+  return zones
+    .filter(function(zonename) {
+      // the only character that needs to be escaped for regex
+      // and is allowed in a domain name is '.'
+      return newZoneRegExp(zonename).test(dnsHost);
+    })
+    .sort(function(a, b) {
+      // longest match first
+      return b.length - a.length;
+    })[0];
+}
+
 // Here's the meat, where the tests are happening:
-function run(challenger, opts) {
+function testEach(type, domains, challenger) {
+  var chr = wrapChallenger(type, challenger);
+  // We want the same rnd for all domains so that we catch errors like removing
+  // the apex (bare) domain TXT record to when creating the wildcard record
+  var rnd = crypto.randomBytes(2).toString('hex');
+
+  console.info("Testing each of '%s'", domains.join(', '));
+
+  //
+  // Zones
+  //
+  // Get ALL zones for all records on the certificate
+  //
+  return chr
+    .init({ request: request })
+    .then(function() {
+      return chr.zones({ request: request, dnsHosts: domains });
+    })
+    .then(function(zones) {
+      var all = domains.map(function(domain) {
+        var zone = pluckZone(zones, domain);
+        return {
+          domain: domain,
+          challenge: fakeChallenge(type, zone, domain, rnd),
+          request: request
+        };
+      });
+
+      // resolving for the sake of same indentation / scope
+      return Promise.resolve()
+        .then(function() {
+          return mapAsync(all, function(opts) {
+            return set(chr, opts);
+          });
+        })
+        .then(function() {
+          return mapAsync(all, function(opts) {
+            return check(chr, opts);
+          });
+        })
+        .then(function() {
+          return mapAsync(all, function(opts) {
+            return remove(chr, opts).then(function() {
+              console.info("PASS '%s'", opts.domain);
+            });
+          });
+        })
+        .then(function() {
+          console.info();
+          console.info('It looks like the soft tests all passed.');
+          console.log('It is highly likely that your plugin is correct.');
+          console.log(
+            'Now go test with Greenlock.js and/or ACME.js to be sure.'
+          );
+          console.info();
+        });
+    });
+}
+
+function set(chr, opts) {
   var ch = opts.challenge;
   if ('http-01' === ch.type && ch.wildname) {
-    throw new Error("http-01 cannot be used for wildcard domains");
+    throw new Error('http-01 cannot be used for wildcard domains');
   }
 
-  var set = promiseCheckAndCatch(challenger, 'set');
+  //
-  if ('function' !== typeof challenger.get) {
+  // Set
-    throw new Error("'challenge.get' should be implemented for the sake of testing."
+  //
-      + " It should be implemented as the internal method for fetching the challenge"
+  // Add (not replace) a TXT for the domain
-      + " (i.e. reading from a database, file system or API, not return internal),"
+  //
-      + " not the external check (the http call, dns query, etc), which will already be done as part of this test.");
+  return chr.set(opts).then(function() {
-  }
-  var get = promiseCheckAndCatch(challenger, 'get');
-  var remove = promiseCheckAndCatch(challenger, 'remove');
-
-  // The first time we just check it against itself
-  // this will cause the prompt to appear
-  return set(opts).then(function () {
-    // this will cause the final completion message to appear
     // _test is used by the manual cli reference implementations
     var query = { type: ch.type, /*debug*/ status: ch.status, _test: true };
     if ('http-01' === ch.type) {
       query.identifier = ch.identifier;
       query.token = ch.token;
       // For testing only
-      query.url = ch.token;
+      query.url = ch.challengeUrl;
     } else if ('dns-01' === ch.type) {
       query.identifier = { type: 'dns', value: ch.dnsHost };
       // For testing only
@@ -77,18 +199,45 @@ function run(challenger, opts) {
       // there should only be two possible TXT records per challenge domain:
       // one for the bare domain, and the other if and only if there's a wildcard
       query.wildcard = ch.wildcard;
+      query.dnsAuthorization = ch.dnsAuthorization;
+      query.dnsZone = ch.dnsZone;
+      query.dnsPrefix = ch.dnsPrefix;
     } else {
       query = JSON.parse(JSON.stringify(ch));
-      query.comment = "unknown challenge type, supplying everything";
+      query.comment = 'unknown challenge type, supplying everything';
     }
-    return get({ challenge: query }).then(function (secret) {
+    opts.query = query;
+    return opts;
+  });
+}
+
+function check(chr, opts) {
+  var ch = opts.challenge;
+
+  //
+  // Get
+  //
+  // Check that ONE of the relevant TXT records matches
+  //
+  return chr
+    .get({ request: request, challenge: opts.query })
+    .then(function(secret) {
+      if (!secret) {
+        throw new Error(
+          '`secret` should be an object containing `keyAuthorization` or `dnsAuthorization`'
+        );
+      }
       if ('string' === typeof secret) {
-        console.info("secret was passed as a string, which works historically, but should be an object instead:");
+        console.info(
+          'secret was passed as a string, which works historically, but should be an object instead:'
+        );
         console.info('{ "keyAuthorization": "' + secret + '" }');
-        console.info("or");
+        console.info('or');
         // TODO this should be "keyAuthorizationDigest"
         console.info('{ "dnsAuthorization": "' + secret + '" }');
-        console.info("This is to help keep greenlock (and associated plugins) future-proof for new challenge types");
+        console.info(
+          'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types'
+        );
       }
       // historically 'secret' has been a string, but I'd like it to transition to be an object.
       // to make it backwards compatible in v2.7 to change it,
@@ -96,76 +245,180 @@ function run(challenger, opts) {
       if ('http-01' === ch.type) {
         secret = secret.keyAuthorization || secret;
         if (ch.keyAuthorization !== secret) {
-          throw new Error("http-01 challenge.get() returned '" + secret + "', which does not match the keyAuthorization"
+          throw new Error(
-            + " saved with challenge.set(), which was '" + ch.keyAuthorization + "'");
+            "http-01 challenge.get() returned '" +
+              secret +
+              "', which does not match the keyAuthorization" +
+              " saved with challenge.set(), which was '" +
+              ch.keyAuthorization +
+              "'"
+          );
         }
       } else if ('dns-01' === ch.type) {
         secret = secret.dnsAuthorization || secret;
         if (ch.dnsAuthorization !== secret) {
-          throw new Error("dns-01 challenge.get() returned '" + secret + "', which does not match the dnsAuthorization"
+          throw new Error(
-            + " (keyAuthDigest) saved with challenge.set(), which was '" + ch.dnsAuthorization + "'");
+            "dns-01 challenge.get() returned '" +
+              secret +
+              "', which does not match the dnsAuthorization" +
+              " (keyAuthDigest) saved with challenge.set(), which was '" +
+              ch.dnsAuthorization +
+              "'"
+          );
         }
       } else {
         if ('tls-alpn-01' === ch.type) {
-          console.warn("'tls-alpn-01' support is in development"
+          console.warn(
-            + " (or developed and we haven't update this yet). Please contact us.");
+            "'tls-alpn-01' support is in development" +
+              " (or developed and we haven't update this yet). Please contact us."
+          );
         } else {
-          console.warn("We don't know how to test '" + ch.type + "'... are you sure that's a thing?");
+          console.warn(
+            "We don't know how to test '" +
+              ch.type +
+              "'... are you sure that's a thing?"
+          );
         }
         secret = secret.keyAuthorization || secret;
         if (ch.keyAuthorization !== secret) {
-          console.warn("The returned value doesn't match keyAuthorization", ch.keyAuthorization, secret);
+          console.warn(
+            "The returned value doesn't match keyAuthorization",
+            ch.keyAuthorization,
+            secret
+          );
         }
       }
-    }).then(function () {
-      return remove(opts).then(function () {
-        return get(opts).then(function (result) {
-          if (result) {
-            throw new Error("challenge.remove() should have made it not possible for challenge.get() to return a value");
-          }
-          if (null !== result) {
-            throw new Error("challenge.get() should return null when the value is not set");
-          }
-        });
-      });
     });
-  }).then(function () {
+}
-    console.info("All soft tests: PASS");
+
-    console.warn("Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.");
+function remove(chr, opts) {
-    console.warn("We'll copy them over here as well, but that's a TODO for next week.");
+  //
+  // Remove
+  //
+  // Delete ONLY the SINGLE relevant TXT record
+  //
+  return chr.remove(opts).then(function() {
+    return chr.get(opts).then(function(result) {
+      if (result) {
+        throw new Error(
+          'challenge.remove() should have made it not possible for challenge.get() to return a value'
+        );
+      }
+      if (null !== result) {
+        throw new Error(
+          'challenge.get() should return null when the value is not set'
+        );
+      }
+    });
   });
 }
 
-module.exports.test = function (type, altname, challenger) {
+function wrapChallenger(type, challenger) {
-  var expires = new Date(Date.now() + (10*60*1000)).toISOString();
+  var zones;
+  if ('dns-01' === type) {
+    if ('function' !== typeof challenger.zones) {
+      console.error(
+        'You must implement `zones` to return an array of strings.' +
+          " If you're testing a special type of service that doesn't support" +
+          ' domain zone listing (as opposed to domain record listing),' +
+          ' such as DuckDNS, return an empty array.'
+      );
+      process.exit(28);
+      return;
+    }
+    zones = promiseCheckAndCatch(challenger, 'zones');
+  } else {
+    zones = function() {
+      return Promise.resolve([]);
+    };
+  }
+
+  if ('function' !== typeof challenger.get) {
+    console.error(
+      "'challenge.get' should be implemented for the sake of testing." +
+        ' It should be implemented as the internal method for fetching the challenge' +
+        ' (i.e. reading from a database, file system or API, not return internal),' +
+        ' not the external check (the http call, dns query, etc),' +
+        ' which will already be done as part of this test.'
+    );
+    process.exit(29);
+    return;
+  }
+
+  var init = challenger.init;
+  if ('function' !== typeof init) {
+    init = function(opts) {
+      return null;
+    };
+  }
+  return {
+    init: promiseCheckAndCatch(challenger, 'init'),
+    zones: zones,
+    set: promiseCheckAndCatch(challenger, 'set'),
+    get: promiseCheckAndCatch(challenger, 'get'),
+    remove: promiseCheckAndCatch(challenger, 'remove')
+  };
+}
+
+function fakeChallenge(type, zone, altname, rnd) {
+  var expires = new Date(Date.now() + 10 * 60 * 1000).toISOString();
   var token = crypto.randomBytes(8).toString('hex');
   var thumb = crypto.randomBytes(16).toString('hex');
   var keyAuth = token + '.' + crypto.randomBytes(16).toString('hex');
-  var dnsAuth = crypto.createHash('sha256').update(keyAuth).digest('base64')
+  var dnsAuth = crypto
-    .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+    .createHash('sha256')
+    .update(keyAuth)
+    .digest('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
 
   var challenge = {
-    type: type
+    type: type,
-  , identifier: { type: 'dns', value: null }  // completed below
+    identifier: { type: 'dns', value: null }, // completed below
-  , wildcard: false                           // completed below
+    wildcard: false, // completed below
-  , status: 'pending'
+    status: 'pending',
-  , expires: expires
+    expires: expires,
-  , token: token
+    token: token,
-  , thumbprint: thumb
+    thumbprint: thumb,
-  , keyAuthorization: keyAuth
+    keyAuthorization: keyAuth,
-  , url: null                                 // completed below
+    url: null, // completed below
-  , dnsHost: '_acme-challenge.'               // completed below
+    // we create a random record to prevent self cache-poisoning
-  , dnsAuthorization: dnsAuth
+    dnsHost: '_' + rnd.slice(0, 2) + '-acme-challenge-' + rnd.slice(2) + '.', // completed below
-  , altname: altname
+    dnsAuthorization: dnsAuth,
-  , _test: true                               // used by CLI referenced implementations
+    altname: altname,
+    _test: true // used by CLI referenced implementations
   };
   if ('*.' === altname.slice(0, 2)) {
     challenge.wildcard = true;
     altname = altname.slice(2);
   }
   challenge.identifier.value = altname;
-  challenge.url = 'http://' + altname + '/.well-known/acme-challenge/' + challenge.token;
+  challenge.url =
+    'http://' + altname + '/.well-known/acme-challenge/' + challenge.token;
   challenge.dnsHost += altname;
+  if (zone) {
+    challenge.dnsZone = zone;
+    challenge.dnsPrefix = challenge.dnsHost
+      .replace(newZoneRegExp(zone), '')
+      .replace(/\.$/, '');
+  }
 
-  return run(challenger, { challenge: challenge });
+  return challenge;
-};
+}
+
+function testZone(type, zone, challenger) {
+  var domains = [zone, 'foo.' + zone];
+  if ('dns-01' === type) {
+    domains.push('*.foo.' + zone);
+  }
+  return testEach(type, domains, challenger);
+}
+
+function testRecord(type, altname, challenger) {
+  return testEach(type, [altname], challenger);
+}
+
+module.exports.testRecord = testRecord;
+module.exports.testZone = testZone;
+module.exports.test = testZone;

lib/node-v6-compat.js

@@ -0,0 +1,25 @@
+"use strict";
+
+function requireBluebird() {
+	try {
+		return require("bluebird");
+	} catch (e) {
+		console.error("");
+		console.error("DON'T PANIC. You're running an old version of node with incomplete Promise support.");
+		console.error("EASY FIX: `npm install --save bluebird`");
+		console.error("");
+		throw e;
+	}
+}
+
+if ("undefined" === typeof Promise) {
+	global.Promise = requireBluebird();
+}
+
+if ("function" !== typeof require("util").promisify) {
+	require("util").promisify = requireBluebird().promisify;
+}
+
+if (!console.debug) {
+	console.debug = console.log;
+}

package.json

@@ -1,16 +1,23 @@
 {
-  "name": "greenlock-challenge-test",
+  "name": "acme-challenge-test",
-  "version": "3.0.0",
+  "version": "3.3.2",
-  "description": "The base set of tests for all ACME challenge strategies. Any `greenlock-challenge-` plugin should be able to pass these tests.",
+  "description": "ACME challenge test harness for Let's Encrypt integrations. Any `acme-http-01-` or `acme-dns-01-` challenge strategy or Greenlock plugin should be able to pass these tests.",
   "main": "index.js",
-  "dependencies": {},
+  "homepage": "https://git.rootprojects.org/root/acme-challenge-test.js",
+  "files": [
+    "example.js",
+    "lib"
+  ],
+  "dependencies": {
+    "@root/request": "^1.3.11"
+  },
   "devDependencies": {},
   "scripts": {
     "test": "node example.js"
   },
   "repository": {
     "type": "git",
-    "url": "https://git.coolaj86.com/coolaj86/greenlock-challenge-test.js.git"
+    "url": "https://git.rootprojects.org/root/acme-challenge-test.js.git"
   },
   "keywords": [
     "Let's Encrypt",
@@ -20,8 +27,9 @@
     "challenge",
     "plugin",
     "module",
-    "strategy"
+    "strategy",
+    "greenlock"
   ],
-  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
+  "author": "AJ ONeal <solderjs@gmail.com> (https://solderjs.com/)",
   "license": "MPL-2.0"
 }