| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 'use strict'; | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | /*global Promise*/ | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | var crypto = require('crypto'); | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | module.exports.create = function() { | 
					
						
							|  |  |  | 	throw new Error( | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		'acme-challenge-test is a test fixture for acme-challenge-* plugins, not a plugin itself' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	); | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ignore all of this, it's just to normalize Promise vs node-style callback thunk vs synchronous
 | 
					
						
							|  |  |  | function promiseCheckAndCatch(obj, name) { | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 	var promisify = require('util').promisify; | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	// don't loose this-ness, just in case that's important
 | 
					
						
							|  |  |  | 	var fn = obj[name].bind(obj); | 
					
						
							|  |  |  | 	var promiser; | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	// function signature must match, or an error will be thrown
 | 
					
						
							|  |  |  | 	if (1 === fn.length) { | 
					
						
							|  |  |  | 		// wrap so that synchronous errors are caught (alsa handles synchronous results)
 | 
					
						
							|  |  |  | 		promiser = function(opts) { | 
					
						
							|  |  |  | 			return Promise.resolve().then(function() { | 
					
						
							|  |  |  | 				return fn(opts); | 
					
						
							|  |  |  | 			}); | 
					
						
							|  |  |  | 		}; | 
					
						
							|  |  |  | 	} else if (2 === fn.length) { | 
					
						
							|  |  |  | 		// wrap as a promise
 | 
					
						
							|  |  |  | 		promiser = promisify(fn); | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		return Promise.reject( | 
					
						
							|  |  |  | 			new Error( | 
					
						
							|  |  |  | 				"'challenge." + | 
					
						
							|  |  |  | 					name + | 
					
						
							|  |  |  | 					"' should accept either one argument, the options," + | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 					' and return a Promise or accept two arguments, the options and a node-style callback thunk' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 			) | 
					
						
							|  |  |  | 		); | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	function shouldntBeNull(result) { | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		if ('undefined' === typeof result) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 			throw new Error( | 
					
						
							|  |  |  | 				"'challenge.'" + | 
					
						
							|  |  |  | 					name + | 
					
						
							|  |  |  | 					"' should never return `undefined`. Please explicitly return null" + | 
					
						
							|  |  |  | 					" (or fix the place where a value should have been returned but wasn't)." | 
					
						
							|  |  |  | 			); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		return result; | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	return function(opts) { | 
					
						
							|  |  |  | 		return promiser(opts).then(shouldntBeNull); | 
					
						
							|  |  |  | 	}; | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // Here's the meat, where the tests are happening:
 | 
					
						
							|  |  |  | function run(challenger, opts) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	var ch = opts.challenge; | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 	if ('http-01' === ch.type && ch.wildname) { | 
					
						
							|  |  |  | 		throw new Error('http-01 cannot be used for wildcard domains'); | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 	var set = promiseCheckAndCatch(challenger, 'set'); | 
					
						
							|  |  |  | 	if ('function' !== typeof challenger.get) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 		throw new Error( | 
					
						
							|  |  |  | 			"'challenge.get' should be implemented for the sake of testing." + | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 				' It should be implemented as the internal method for fetching the challenge' + | 
					
						
							|  |  |  | 				' (i.e. reading from a database, file system or API, not return internal),' + | 
					
						
							|  |  |  | 				' not the external check (the http call, dns query, etc), which will already be done as part of this test.' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 		); | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 	var get = promiseCheckAndCatch(challenger, 'get'); | 
					
						
							|  |  |  | 	var remove = promiseCheckAndCatch(challenger, 'remove'); | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	// The first time we just check it against itself
 | 
					
						
							|  |  |  | 	// this will cause the prompt to appear
 | 
					
						
							|  |  |  | 	return set(opts) | 
					
						
							|  |  |  | 		.then(function() { | 
					
						
							|  |  |  | 			// this will cause the final completion message to appear
 | 
					
						
							|  |  |  | 			// _test is used by the manual cli reference implementations
 | 
					
						
							|  |  |  | 			var query = { type: ch.type, /*debug*/ status: ch.status, _test: true }; | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 			if ('http-01' === ch.type) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 				query.identifier = ch.identifier; | 
					
						
							|  |  |  | 				query.token = ch.token; | 
					
						
							|  |  |  | 				// For testing only
 | 
					
						
							|  |  |  | 				query.url = ch.challengeUrl; | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 			} else if ('dns-01' === ch.type) { | 
					
						
							|  |  |  | 				query.identifier = { type: 'dns', value: ch.dnsHost }; | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 				// For testing only
 | 
					
						
							|  |  |  | 				query.altname = ch.altname; | 
					
						
							|  |  |  | 				// there should only be two possible TXT records per challenge domain:
 | 
					
						
							|  |  |  | 				// one for the bare domain, and the other if and only if there's a wildcard
 | 
					
						
							|  |  |  | 				query.wildcard = ch.wildcard; | 
					
						
							| 
									
										
										
										
											2019-06-06 12:17:57 -06:00
										 |  |  | 				query.dnsAuthorization = ch.dnsAuthorization; | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 			} else { | 
					
						
							|  |  |  | 				query = JSON.parse(JSON.stringify(ch)); | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 				query.comment = 'unknown challenge type, supplying everything'; | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 			} | 
					
						
							|  |  |  | 			return get({ challenge: query }) | 
					
						
							|  |  |  | 				.then(function(secret) { | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 					if ('string' === typeof secret) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 						console.info( | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 							'secret was passed as a string, which works historically, but should be an object instead:' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 						); | 
					
						
							|  |  |  | 						console.info('{ "keyAuthorization": "' + secret + '" }'); | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 						console.info('or'); | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 						// TODO this should be "keyAuthorizationDigest"
 | 
					
						
							|  |  |  | 						console.info('{ "dnsAuthorization": "' + secret + '" }'); | 
					
						
							|  |  |  | 						console.info( | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 							'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 						); | 
					
						
							|  |  |  | 					} | 
					
						
							|  |  |  | 					// historically 'secret' has been a string, but I'd like it to transition to be an object.
 | 
					
						
							|  |  |  | 					// to make it backwards compatible in v2.7 to change it,
 | 
					
						
							|  |  |  | 					// so I'm not sure that we really need to.
 | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 					if ('http-01' === ch.type) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 						secret = secret.keyAuthorization || secret; | 
					
						
							|  |  |  | 						if (ch.keyAuthorization !== secret) { | 
					
						
							|  |  |  | 							throw new Error( | 
					
						
							|  |  |  | 								"http-01 challenge.get() returned '" + | 
					
						
							|  |  |  | 									secret + | 
					
						
							|  |  |  | 									"', which does not match the keyAuthorization" + | 
					
						
							|  |  |  | 									" saved with challenge.set(), which was '" + | 
					
						
							|  |  |  | 									ch.keyAuthorization + | 
					
						
							|  |  |  | 									"'" | 
					
						
							|  |  |  | 							); | 
					
						
							|  |  |  | 						} | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 					} else if ('dns-01' === ch.type) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 						secret = secret.dnsAuthorization || secret; | 
					
						
							|  |  |  | 						if (ch.dnsAuthorization !== secret) { | 
					
						
							|  |  |  | 							throw new Error( | 
					
						
							|  |  |  | 								"dns-01 challenge.get() returned '" + | 
					
						
							|  |  |  | 									secret + | 
					
						
							|  |  |  | 									"', which does not match the dnsAuthorization" + | 
					
						
							|  |  |  | 									" (keyAuthDigest) saved with challenge.set(), which was '" + | 
					
						
							|  |  |  | 									ch.dnsAuthorization + | 
					
						
							|  |  |  | 									"'" | 
					
						
							|  |  |  | 							); | 
					
						
							|  |  |  | 						} | 
					
						
							|  |  |  | 					} else { | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 						if ('tls-alpn-01' === ch.type) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 							console.warn( | 
					
						
							|  |  |  | 								"'tls-alpn-01' support is in development" + | 
					
						
							|  |  |  | 									" (or developed and we haven't update this yet). Please contact us." | 
					
						
							|  |  |  | 							); | 
					
						
							|  |  |  | 						} else { | 
					
						
							|  |  |  | 							console.warn( | 
					
						
							|  |  |  | 								"We don't know how to test '" + | 
					
						
							|  |  |  | 									ch.type + | 
					
						
							|  |  |  | 									"'... are you sure that's a thing?" | 
					
						
							|  |  |  | 							); | 
					
						
							|  |  |  | 						} | 
					
						
							|  |  |  | 						secret = secret.keyAuthorization || secret; | 
					
						
							|  |  |  | 						if (ch.keyAuthorization !== secret) { | 
					
						
							|  |  |  | 							console.warn( | 
					
						
							|  |  |  | 								"The returned value doesn't match keyAuthorization", | 
					
						
							|  |  |  | 								ch.keyAuthorization, | 
					
						
							|  |  |  | 								secret | 
					
						
							|  |  |  | 							); | 
					
						
							|  |  |  | 						} | 
					
						
							|  |  |  | 					} | 
					
						
							|  |  |  | 				}) | 
					
						
							|  |  |  | 				.then(function() { | 
					
						
							|  |  |  | 					return remove(opts).then(function() { | 
					
						
							|  |  |  | 						return get(opts).then(function(result) { | 
					
						
							|  |  |  | 							if (result) { | 
					
						
							|  |  |  | 								throw new Error( | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 									'challenge.remove() should have made it not possible for challenge.get() to return a value' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 								); | 
					
						
							|  |  |  | 							} | 
					
						
							|  |  |  | 							if (null !== result) { | 
					
						
							|  |  |  | 								throw new Error( | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 									'challenge.get() should return null when the value is not set' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 								); | 
					
						
							|  |  |  | 							} | 
					
						
							|  |  |  | 						}); | 
					
						
							|  |  |  | 					}); | 
					
						
							|  |  |  | 				}); | 
					
						
							|  |  |  | 		}) | 
					
						
							|  |  |  | 		.then(function() { | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 			console.info('All soft tests: PASS'); | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 			console.warn( | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 				'Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.' | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 			); | 
					
						
							|  |  |  | 			console.warn( | 
					
						
							|  |  |  | 				"We'll copy them over here as well, but that's a TODO for next week." | 
					
						
							|  |  |  | 			); | 
					
						
							|  |  |  | 		}); | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | module.exports.test = function(type, altname, challenger) { | 
					
						
							|  |  |  | 	var expires = new Date(Date.now() + 10 * 60 * 1000).toISOString(); | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 	var token = crypto.randomBytes(8).toString('hex'); | 
					
						
							|  |  |  | 	var thumb = crypto.randomBytes(16).toString('hex'); | 
					
						
							|  |  |  | 	var keyAuth = token + '.' + crypto.randomBytes(16).toString('hex'); | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	var dnsAuth = crypto | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		.createHash('sha256') | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 		.update(keyAuth) | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		.digest('base64') | 
					
						
							|  |  |  | 		.replace(/\+/g, '-') | 
					
						
							|  |  |  | 		.replace(/\//g, '_') | 
					
						
							|  |  |  | 		.replace(/=/g, ''); | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	var challenge = { | 
					
						
							|  |  |  | 		type: type, | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		identifier: { type: 'dns', value: null }, // completed below
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 		wildcard: false, // completed below
 | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		status: 'pending', | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 		expires: expires, | 
					
						
							|  |  |  | 		token: token, | 
					
						
							|  |  |  | 		thumbprint: thumb, | 
					
						
							|  |  |  | 		keyAuthorization: keyAuth, | 
					
						
							|  |  |  | 		url: null, // completed below
 | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		dnsHost: '_acme-challenge.', // completed below
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 		dnsAuthorization: dnsAuth, | 
					
						
							|  |  |  | 		altname: altname, | 
					
						
							|  |  |  | 		_test: true // used by CLI referenced implementations
 | 
					
						
							|  |  |  | 	}; | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 	if ('*.' === altname.slice(0, 2)) { | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 		challenge.wildcard = true; | 
					
						
							|  |  |  | 		altname = altname.slice(2); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	challenge.identifier.value = altname; | 
					
						
							|  |  |  | 	challenge.url = | 
					
						
							| 
									
										
										
										
											2019-06-06 12:15:40 -06:00
										 |  |  | 		'http://' + altname + '/.well-known/acme-challenge/' + challenge.token; | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	challenge.dnsHost += altname; | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-02 22:08:29 -06:00
										 |  |  | 	return run(challenger, { challenge: challenge }); | 
					
						
							| 
									
										
										
										
											2019-04-07 15:55:48 -06:00
										 |  |  | }; |