mirror of
				https://github.com/therootcompany/acme.js.git
				synced 2024-11-16 17:29:00 +00:00 
			
		
		
		
	Compare commits
	
		
			19 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 45fd6962f2 | ||
|  | 829d34f60a | ||
|  | 0aa939a227 | ||
| bef931f28f | |||
| eb432571ca | |||
| 29a47e8fa4 | |||
| 87e3555a5a | |||
| 569c922eb0 | |||
| d10482697b | |||
| aa324e2a29 | |||
| e8c46db062 | |||
|  | 6352961fea | ||
| 333605d9b8 | |||
| 86068fe015 | |||
| cf0ee1c064 | |||
| 606dcf3c4f | |||
| 0803517711 | |||
| 0b91d9a26d | |||
| 0743aa5280 | 
							
								
								
									
										14
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								README.md
									
									
									
									
									
								
							| @ -2,10 +2,16 @@ | ||||
| 
 | ||||
| | Built by [Root](https://therootcompany.com) for [Hub](https://rootprojects.org/hub) | ||||
| 
 | ||||
| ACME.js is a _low-level_ client for Let's Encrypt. | ||||
| ## Automated Certificate Management Environment | ||||
| 
 | ||||
| ACME ([RFC 8555](https://tools.ietf.org/html/rfc8555)) is the protocol that powers **Let's Encrypt**. | ||||
| 
 | ||||
| ACME.js is a _low-level_ client that speaks RFC 8555 to get Free SSL certificates through Let's Encrypt. | ||||
| 
 | ||||
| Looking for an **easy**, _high-level_ client? Check out [Greenlock.js](https://git.rootprojects.org/root/greenlock.js). | ||||
| 
 | ||||
| # Quick Start | ||||
| 
 | ||||
| ```js | ||||
| var acme = ACME.create({ maintainerEmail, packageAgent, notify }); | ||||
| await acme.init(directoryUrl); | ||||
| @ -97,7 +103,7 @@ The public API encapsulates the three high-level steps of the ACME protocol: | ||||
|     - Challenge Presentation | ||||
|     - Certificate Redemption | ||||
| 
 | ||||
| ## Overview | ||||
| ## API Overview | ||||
| 
 | ||||
| The core API can be show in just four functions: | ||||
| 
 | ||||
| @ -177,7 +183,7 @@ These `notify` events are intended for _logging_ and debugging, NOT as a data AP | ||||
| Note: DO NOT rely on **undocumented properties**. They are experimental and **will break**. | ||||
| If you have a use case for a particular property **open an issue** - we can lock it down and document it. | ||||
| 
 | ||||
| # Example | ||||
| # Example (Full Walkthrough) | ||||
| 
 | ||||
| ### See [examples/README.md](https://git.rootprojects.org/root/acme.js/src/branch/master/examples/README.md) | ||||
| 
 | ||||
| @ -416,7 +422,7 @@ We also offer consulting for all-things-ACME and Let's Encrypt. | ||||
| 
 | ||||
| # Legal & Rules of the Road | ||||
| 
 | ||||
| ACME.jsk™ is a [trademark](https://rootprojects.org/legal/#trademark) of AJ ONeal | ||||
| ACME.js™ is a [trademark](https://rootprojects.org/legal/#trademark) of AJ ONeal | ||||
| 
 | ||||
| The rule of thumb is "attribute, but don't confuse". For example: | ||||
| 
 | ||||
|  | ||||
							
								
								
									
										41
									
								
								account.js
									
									
									
									
									
								
							
							
						
						
									
										41
									
								
								account.js
									
									
									
									
									
								
							| @ -5,12 +5,13 @@ var U = require('./utils.js'); | ||||
| 
 | ||||
| var Keypairs = require('@root/keypairs'); | ||||
| var Enc = require('@root/encoding/bytes'); | ||||
| var agreers = {}; | ||||
| 
 | ||||
| A._getAccountKid = function(me, options) { | ||||
| A._getAccountKid = function (me, options) { | ||||
| 	// It's just fine if there's no account, we'll go get the key id we need via the existing key
 | ||||
| 	var kid = | ||||
| 		options.kid || | ||||
| 		(options.account && (options.account.key && options.account.key.kid)); | ||||
| 		(options.account && options.account.key && options.account.key.kid); | ||||
| 
 | ||||
| 	if (kid) { | ||||
| 		return Promise.resolve(kid); | ||||
| @ -18,7 +19,7 @@ A._getAccountKid = function(me, options) { | ||||
| 
 | ||||
| 	//return Promise.reject(new Error("must include KeyID"));
 | ||||
| 	// This is an idempotent request. It'll return the same account for the same public key.
 | ||||
| 	return A._registerAccount(me, options).then(function(account) { | ||||
| 	return A._registerAccount(me, options).then(function (account) { | ||||
| 		return account.key.kid; | ||||
| 	}); | ||||
| }; | ||||
| @ -43,7 +44,7 @@ A._getAccountKid = function(me, options) { | ||||
|    "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I" | ||||
|  } | ||||
| */ | ||||
| A._registerAccount = function(me, options) { | ||||
| A._registerAccount = function (me, options) { | ||||
| 	//#console.debug('[ACME.js] accounts.create');
 | ||||
| 
 | ||||
| 	function agree(agreed) { | ||||
| @ -57,7 +58,7 @@ A._registerAccount = function(me, options) { | ||||
| 	} | ||||
| 
 | ||||
| 	function getAccount() { | ||||
| 		return U._importKeypair(options.accountKey).then(function(pair) { | ||||
| 		return U._importKeypair(options.accountKey).then(function (pair) { | ||||
| 			var contact; | ||||
| 			if (options.contact) { | ||||
| 				contact = options.contact.slice(0); | ||||
| @ -72,14 +73,14 @@ A._registerAccount = function(me, options) { | ||||
| 			}; | ||||
| 
 | ||||
| 			var pub = pair.public; | ||||
| 			return attachExtAcc(pub, accountRequest).then(function(accReq) { | ||||
| 			return attachExtAcc(pub, accountRequest).then(function (accReq) { | ||||
| 				var payload = JSON.stringify(accReq); | ||||
| 				return U._jwsRequest(me, { | ||||
| 					accountKey: options.accountKey, | ||||
| 					url: me._directoryUrls.newAccount, | ||||
| 					protected: { kid: false, jwk: pair.public }, | ||||
| 					payload: Enc.strToBuf(payload) | ||||
| 				}).then(function(resp) { | ||||
| 				}).then(function (resp) { | ||||
| 					var account = resp.body; | ||||
| 
 | ||||
| 					if (resp.statusCode < 200 || resp.statusCode >= 300) { | ||||
| @ -126,20 +127,27 @@ A._registerAccount = function(me, options) { | ||||
| 				url: me._directoryUrls.newAccount | ||||
| 			}, | ||||
| 			payload: Enc.strToBuf(JSON.stringify(pubkey)) | ||||
| 		}).then(function(jws) { | ||||
| 		}).then(function (jws) { | ||||
| 			accountRequest.externalAccountBinding = jws; | ||||
| 			return accountRequest; | ||||
| 		}); | ||||
| 	} | ||||
| 
 | ||||
| 	return Promise.resolve() | ||||
| 		.then(function() { | ||||
| 		.then(function () { | ||||
| 			//#console.debug('[ACME.js] agreeToTerms');
 | ||||
| 			var agreeToTerms = options.agreeToTerms; | ||||
| 			if (!agreeToTerms) { | ||||
| 				agreeToTerms = function(terms) { | ||||
| 					console.log( | ||||
| 						'By using this software you accept this Subscriber Agreement and Terms of Service:' | ||||
| 				agreeToTerms = function (terms) { | ||||
| 					if (agreers[options.subscriberEmail]) { | ||||
| 						return true; | ||||
| 					} | ||||
| 					agreers[options.subscriberEmail] = true; | ||||
| 					console.info(); | ||||
| 					console.info( | ||||
| 						'By using this software you (' + | ||||
| 							options.subscriberEmail + | ||||
| 							') are agreeing to the following:' | ||||
| 					); | ||||
| 					console.info( | ||||
| 						'ACME Subscriber Agreement:', | ||||
| @ -147,18 +155,19 @@ A._registerAccount = function(me, options) { | ||||
| 					); | ||||
| 					console.info( | ||||
| 						'Greenlock/ACME.js Terms of Use:', | ||||
| 						terms.terms.acmeJsTermsUrl | ||||
| 						terms.acmeJsTermsUrl | ||||
| 					); | ||||
| 					console.info(); | ||||
| 					return true; | ||||
| 				}; | ||||
| 			} else if (true === agreeToTerms) { | ||||
| 				agreeToTerms = function(terms) { | ||||
| 				agreeToTerms = function (terms) { | ||||
| 					return terms && true; | ||||
| 				}; | ||||
| 			} | ||||
| 			return agreeToTerms({ | ||||
| 				acmeSubscriberTosUrl: me._tos, | ||||
| 				acmeJsTosUrl: 'https://rootprojects.org/legal/#terms' | ||||
| 				acmeSubscriberTermsUrl: me._tos, | ||||
| 				acmeJsTermsUrl: 'https://rootprojects.org/legal/#terms' | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(agree) | ||||
|  | ||||
							
								
								
									
										386
									
								
								acme.js
									
									
									
									
									
								
							
							
						
						
									
										386
									
								
								acme.js
									
									
									
									
									
								
							| @ -43,7 +43,7 @@ ACME.create = function create(me) { | ||||
| 	} | ||||
| 
 | ||||
| 	if (!me.dns01) { | ||||
| 		me.dns01 = function(ch) { | ||||
| 		me.dns01 = function (ch) { | ||||
| 			return native._dns01(me, ch); | ||||
| 		}; | ||||
| 	} | ||||
| @ -53,7 +53,7 @@ ACME.create = function create(me) { | ||||
| 		if (!me._baseUrl) { | ||||
| 			me._baseUrl = ''; | ||||
| 		} | ||||
| 		me.http01 = function(ch) { | ||||
| 		me.http01 = function (ch) { | ||||
| 			return native._http01(me, ch); | ||||
| 		}; | ||||
| 	} | ||||
| @ -62,11 +62,11 @@ ACME.create = function create(me) { | ||||
| 		me.__request = http.request; | ||||
| 	} | ||||
| 	// passed to dependencies
 | ||||
| 	me.request = function(opts) { | ||||
| 	me.request = function (opts) { | ||||
| 		return U._request(me, opts); | ||||
| 	}; | ||||
| 
 | ||||
| 	me.init = function(opts) { | ||||
| 	me.init = function (opts) { | ||||
| 		M.init(me); | ||||
| 
 | ||||
| 		function fin(dir) { | ||||
| @ -90,14 +90,14 @@ ACME.create = function create(me) { | ||||
| 		if (!me.skipChallengeTest) { | ||||
| 			p = native._canCheck(me); | ||||
| 		} | ||||
| 		return p.then(function() { | ||||
| 			return ACME._directory(me).then(function(resp) { | ||||
| 		return p.then(function () { | ||||
| 			return ACME._directory(me).then(function (resp) { | ||||
| 				return fin(resp.body); | ||||
| 			}); | ||||
| 		}); | ||||
| 	}; | ||||
| 	me.accounts = { | ||||
| 		create: function(options) { | ||||
| 		create: function (options) { | ||||
| 			try { | ||||
| 				return A._registerAccount(me, options); | ||||
| 			} catch (e) { | ||||
| @ -126,8 +126,8 @@ ACME.create = function create(me) { | ||||
| 	}; | ||||
|   */ | ||||
| 	me.certificates = { | ||||
| 		create: function(options) { | ||||
| 			return A._getAccountKid(me, options).then(function(kid) { | ||||
| 		create: function (options) { | ||||
| 			return A._getAccountKid(me, options).then(function (kid) { | ||||
| 				ACME._normalizePresenters(me, options, options.challenges); | ||||
| 				return ACME._getCertificate(me, options, kid); | ||||
| 			}); | ||||
| @ -143,9 +143,9 @@ ACME.challengePrefixes = { | ||||
| 	'dns-01': '_acme-challenge' | ||||
| }; | ||||
| ACME.challengeTests = { | ||||
| 	'http-01': function(me, auth) { | ||||
| 	'http-01': function (me, auth) { | ||||
| 		var ch = auth.challenge; | ||||
| 		return me.http01(ch).then(function(keyAuth) { | ||||
| 		return me.http01(ch).then(function (keyAuth) { | ||||
| 			var err; | ||||
| 
 | ||||
| 			// TODO limit the number of bytes that are allowed to be downloaded
 | ||||
| @ -170,14 +170,14 @@ ACME.challengeTests = { | ||||
| 			throw err; | ||||
| 		}); | ||||
| 	}, | ||||
| 	'dns-01': function(me, auth) { | ||||
| 	'dns-01': function (me, auth) { | ||||
| 		// remove leading *. on wildcard domains
 | ||||
| 		var ch = auth.challenge; | ||||
| 		return me.dns01(ch).then(function(ans) { | ||||
| 		return me.dns01(ch).then(function (ans) { | ||||
| 			var err; | ||||
| 
 | ||||
| 			if ( | ||||
| 				ans.answer.some(function(txt) { | ||||
| 				ans.answer.some(function (txt) { | ||||
| 					return ch.dnsAuthorization === txt.data[0]; | ||||
| 				}) | ||||
| 			) { | ||||
| @ -199,7 +199,7 @@ ACME.challengeTests = { | ||||
| 	} | ||||
| }; | ||||
| 
 | ||||
| ACME._directory = function(me) { | ||||
| ACME._directory = function (me) { | ||||
| 	// TODO cache the directory URL
 | ||||
| 
 | ||||
| 	// GET-as-GET ok
 | ||||
| @ -210,13 +210,13 @@ ACME._directory = function(me) { | ||||
| // postChallenge
 | ||||
| // finalizeOrder
 | ||||
| // getCertificate
 | ||||
| ACME._getCertificate = function(me, options, kid) { | ||||
| ACME._getCertificate = function (me, options, kid) { | ||||
| 	//#console.debug('[ACME.js] certificates.create');
 | ||||
| 	return ACME._orderCert(me, options, kid).then(function(order) { | ||||
| 	return ACME._orderCert(me, options, kid).then(function (order) { | ||||
| 		return ACME._finalizeOrder(me, options, kid, order); | ||||
| 	}); | ||||
| }; | ||||
| ACME._normalizePresenters = function(me, options, presenters) { | ||||
| ACME._normalizePresenters = function (me, options, presenters) { | ||||
| 	// Prefer this order for efficiency:
 | ||||
| 	// * http-01 is the fasest
 | ||||
| 	// * tls-alpn-01 is for networks that don't allow plain traffic
 | ||||
| @ -224,7 +224,7 @@ ACME._normalizePresenters = function(me, options, presenters) { | ||||
| 	//   but is required for private networks and wildcards
 | ||||
| 	var presenterTypes = Object.keys(options.challenges || {}); | ||||
| 	options._presenterTypes = ['http-01', 'tls-alpn-01', 'dns-01'].filter( | ||||
| 		function(typ) { | ||||
| 		function (typ) { | ||||
| 			return -1 !== presenterTypes.indexOf(typ); | ||||
| 		} | ||||
| 	); | ||||
| @ -244,7 +244,7 @@ ACME._normalizePresenters = function(me, options, presenters) { | ||||
| 			ACME._propagationDelayWarning = true; | ||||
| 		} | ||||
| 	} | ||||
| 	Object.keys(presenters || {}).forEach(function(k) { | ||||
| 	Object.keys(presenters || {}).forEach(function (k) { | ||||
| 		var ch = presenters[k]; | ||||
| 		var warned = false; | ||||
| 
 | ||||
| @ -280,9 +280,9 @@ ACME._normalizePresenters = function(me, options, presenters) { | ||||
| 		} | ||||
| 
 | ||||
| 		function promisify(fn) { | ||||
| 			return function(opts) { | ||||
| 				new Promise(function(resolve, reject) { | ||||
| 					fn(opts, function(err, result) { | ||||
| 			return function (opts) { | ||||
| 				new Promise(function (resolve, reject) { | ||||
| 					fn(opts, function (err, result) { | ||||
| 						if (err) { | ||||
| 							reject(err); | ||||
| 							return; | ||||
| @ -344,7 +344,7 @@ ACME._normalizePresenters = function(me, options, presenters) { | ||||
|    "signature": "H6ZXtGjTZyUnPeKn...wEA4TklBdh3e454g" | ||||
|  } | ||||
| */ | ||||
| ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) { | ||||
| ACME._getAuthorization = function (me, options, kid, zonenames, authUrl) { | ||||
| 	//#console.debug('\n[DEBUG] getAuthorization\n');
 | ||||
| 
 | ||||
| 	return U._jwsRequest(me, { | ||||
| @ -352,7 +352,7 @@ ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) { | ||||
| 		url: authUrl, | ||||
| 		protected: { kid: kid }, | ||||
| 		payload: '' | ||||
| 	}).then(function(resp) { | ||||
| 	}).then(function (resp) { | ||||
| 		// Pre-emptive rather than lazy for interfaces that need to show the
 | ||||
| 		// challenges to the user first
 | ||||
| 		return ACME._computeAuths( | ||||
| @ -362,7 +362,7 @@ ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) { | ||||
| 			resp.body, | ||||
| 			zonenames, | ||||
| 			false | ||||
| 		).then(function(auths) { | ||||
| 		).then(function (auths) { | ||||
| 			resp.body._rawChallenges = resp.body.challenges; | ||||
| 			resp.body.challenges = auths; | ||||
| 			return resp.body; | ||||
| @ -370,7 +370,7 @@ ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) { | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| ACME._testChallengeOptions = function() { | ||||
| ACME._testChallengeOptions = function () { | ||||
| 	// we want this to be the same for the whole group
 | ||||
| 	var chToken = ACME._prnd(16); | ||||
| 	return [ | ||||
| @ -396,9 +396,9 @@ ACME._testChallengeOptions = function() { | ||||
| 	]; | ||||
| }; | ||||
| 
 | ||||
| ACME._thumber = function(options, thumb) { | ||||
| ACME._thumber = function (options, thumb) { | ||||
| 	var thumbPromise; | ||||
| 	return function(key) { | ||||
| 	return function (key) { | ||||
| 		if (thumb) { | ||||
| 			return Promise.resolve(thumb); | ||||
| 		} | ||||
| @ -408,7 +408,7 @@ ACME._thumber = function(options, thumb) { | ||||
| 		if (!key) { | ||||
| 			key = options.accountKey || options.accountKeypair; | ||||
| 		} | ||||
| 		thumbPromise = U._importKeypair(key).then(function(pair) { | ||||
| 		thumbPromise = U._importKeypair(key).then(function (pair) { | ||||
| 			return Keypairs.thumbprint({ | ||||
| 				jwk: pair.public | ||||
| 			}); | ||||
| @ -417,9 +417,9 @@ ACME._thumber = function(options, thumb) { | ||||
| 	}; | ||||
| }; | ||||
| 
 | ||||
| ACME._dryRun = function(me, realOptions, zonenames) { | ||||
| ACME._dryRun = function (me, realOptions, zonenames) { | ||||
| 	var noopts = {}; | ||||
| 	Object.keys(realOptions).forEach(function(key) { | ||||
| 	Object.keys(realOptions).forEach(function (key) { | ||||
| 		noopts[key] = realOptions[key]; | ||||
| 	}); | ||||
| 	noopts.order = {}; | ||||
| @ -428,20 +428,20 @@ ACME._dryRun = function(me, realOptions, zonenames) { | ||||
| 	var getThumbprint = ACME._thumber(noopts, ''); | ||||
| 
 | ||||
| 	return Promise.all( | ||||
| 		noopts.domains.map(function(identifierValue) { | ||||
| 		noopts.domains.map(function (identifierValue) { | ||||
| 			// TODO we really only need one to pass, not all to pass
 | ||||
| 			var challenges = ACME._testChallengeOptions(); | ||||
| 			var wild = '*.' === identifierValue.slice(0, 2); | ||||
| 			if (wild) { | ||||
| 				challenges = challenges.filter(function(ch) { | ||||
| 				challenges = challenges.filter(function (ch) { | ||||
| 					return ch._wildcard; | ||||
| 				}); | ||||
| 			} | ||||
| 			challenges = challenges.filter(function(auth) { | ||||
| 			challenges = challenges.filter(function (auth) { | ||||
| 				return me._canCheck[auth.type]; | ||||
| 			}); | ||||
| 
 | ||||
| 			return getThumbprint().then(function(accountKeyThumb) { | ||||
| 			return getThumbprint().then(function (accountKeyThumb) { | ||||
| 				var resp = { | ||||
| 					body: { | ||||
| 						identifier: { | ||||
| @ -464,31 +464,32 @@ ACME._dryRun = function(me, realOptions, zonenames) { | ||||
| 					resp.body, | ||||
| 					zonenames, | ||||
| 					dryrun | ||||
| 				).then(function(auths) { | ||||
| 				).then(function (auths) { | ||||
| 					resp.body.challenges = auths; | ||||
| 					return resp.body; | ||||
| 				}); | ||||
| 			}); | ||||
| 		}) | ||||
| 	).then(function(claims) { | ||||
| 	).then(function (claims) { | ||||
| 		var selected = []; | ||||
| 		noopts.order._claims = claims.slice(0); | ||||
| 		noopts.notify = function(ev, params) { | ||||
| 			if ('challenge_select' === ev) { | ||||
| 		noopts.notify = function (ev, params) { | ||||
| 			if ('_challenge_select' === ev) { | ||||
| 				selected.push(params.challenge); | ||||
| 			} | ||||
| 		}; | ||||
| 
 | ||||
| 		function clear() { | ||||
| 			selected.forEach(function(ch) { | ||||
| 			selected.forEach(function (ch) { | ||||
| 				ACME._notify(me, noopts, 'challenge_remove', { | ||||
| 					altname: ch.altname, | ||||
| 					type: ch.type | ||||
| 					//challenge: ch
 | ||||
| 				}); | ||||
| 				// ignore promise return
 | ||||
| 				noopts.challenges[ch.type] | ||||
| 					.remove({ challenge: ch }) | ||||
| 					.catch(function(err) { | ||||
| 					.catch(function (err) { | ||||
| 						err.action = 'challenge_remove'; | ||||
| 						err.altname = ch.altname; | ||||
| 						err.type = ch.type; | ||||
| @ -498,7 +499,7 @@ ACME._dryRun = function(me, realOptions, zonenames) { | ||||
| 		} | ||||
| 
 | ||||
| 		return ACME._setChallenges(me, noopts, noopts.order) | ||||
| 			.catch(function(err) { | ||||
| 			.catch(function (err) { | ||||
| 				clear(); | ||||
| 				throw err; | ||||
| 			}) | ||||
| @ -509,12 +510,12 @@ ACME._dryRun = function(me, realOptions, zonenames) { | ||||
| // Get the list of challenge types we can validate,
 | ||||
| // which is already ordered by preference.
 | ||||
| // Select the first matching offered challenge type
 | ||||
| ACME._chooseChallenge = function(options, results) { | ||||
| ACME._chooseChallenge = function (options, results) { | ||||
| 	// For each of the challenge types that we support
 | ||||
| 	var challenge; | ||||
| 	options._presenterTypes.some(function(chType) { | ||||
| 	options._presenterTypes.some(function (chType) { | ||||
| 		// And for each of the challenge types that are allowed
 | ||||
| 		return results.challenges.some(function(ch) { | ||||
| 		return results.challenges.some(function (ch) { | ||||
| 			// Check to see if there are any matches
 | ||||
| 			if (ch.type === chType) { | ||||
| 				challenge = ch; | ||||
| @ -526,7 +527,7 @@ ACME._chooseChallenge = function(options, results) { | ||||
| 	return challenge; | ||||
| }; | ||||
| 
 | ||||
| ACME._getZones = function(me, challenges, domains) { | ||||
| ACME._getZones = function (me, challenges, domains) { | ||||
| 	var presenter = challenges['dns-01']; | ||||
| 	if (!presenter) { | ||||
| 		return Promise.resolve([]); | ||||
| @ -537,7 +538,7 @@ ACME._getZones = function(me, challenges, domains) { | ||||
| 
 | ||||
| 	// a little bit of random to ensure that getZones()
 | ||||
| 	// actually returns the zones and not the hosts as zones
 | ||||
| 	var dnsHosts = domains.map(function(d) { | ||||
| 	var dnsHosts = domains.map(function (d) { | ||||
| 		var rnd = ACME._prnd(2); | ||||
| 		return rnd + '.' + d; | ||||
| 	}); | ||||
| @ -551,7 +552,7 @@ ACME._getZones = function(me, challenges, domains) { | ||||
| }; | ||||
| 
 | ||||
| ACME._challengesMap = { 'http-01': 0, 'dns-01': 0, 'tls-alpn-01': 0 }; | ||||
| ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) { | ||||
| ACME._computeAuths = function (me, options, thumb, authz, zonenames, dryrun) { | ||||
| 	// we don't poison the dns cache with our dummy request
 | ||||
| 	var dnsPrefix = ACME.challengePrefixes['dns-01']; | ||||
| 	if (dryrun) { | ||||
| @ -564,7 +565,7 @@ ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) { | ||||
| 	var getThumbprint = ACME._thumber(options, thumb); | ||||
| 
 | ||||
| 	return Promise.all( | ||||
| 		authz.challenges.map(function(challenge) { | ||||
| 		authz.challenges.map(function (challenge) { | ||||
| 			// Don't do extra work for challenges that we can't satisfy
 | ||||
| 			var _types = options._presenterTypes; | ||||
| 			if (_types && !_types.includes(challenge.type)) { | ||||
| @ -575,14 +576,14 @@ ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) { | ||||
| 
 | ||||
| 			// straight copy from the new order response
 | ||||
| 			// { identifier, status, expires, challenges, wildcard }
 | ||||
| 			Object.keys(authz).forEach(function(key) { | ||||
| 			Object.keys(authz).forEach(function (key) { | ||||
| 				auth[key] = authz[key]; | ||||
| 			}); | ||||
| 
 | ||||
| 			// copy from the challenge we've chosen
 | ||||
| 			// { type, status, url, token }
 | ||||
| 			// (note the duplicate status overwrites the one above, but they should be the same)
 | ||||
| 			Object.keys(challenge).forEach(function(key) { | ||||
| 			Object.keys(challenge).forEach(function (key) { | ||||
| 				// don't confused devs with the id url
 | ||||
| 				auth[key] = challenge[key]; | ||||
| 			}); | ||||
| @ -601,19 +602,19 @@ ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) { | ||||
| 				challenge: auth, | ||||
| 				zone: zone, | ||||
| 				dnsPrefix: dnsPrefix | ||||
| 			}).then(function(resp) { | ||||
| 				Object.keys(resp).forEach(function(k) { | ||||
| 			}).then(function (resp) { | ||||
| 				Object.keys(resp).forEach(function (k) { | ||||
| 					auth[k] = resp[k]; | ||||
| 				}); | ||||
| 				return auth; | ||||
| 			}); | ||||
| 		}) | ||||
| 	).then(function(auths) { | ||||
| 	).then(function (auths) { | ||||
| 		return auths.filter(Boolean); | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| ACME.computeChallenge = function(opts) { | ||||
| ACME.computeChallenge = function (opts) { | ||||
| 	var auth = opts.challenge; | ||||
| 	var hostname = auth.hostname || opts.hostname; | ||||
| 	var zone = opts.zone; | ||||
| @ -622,7 +623,7 @@ ACME.computeChallenge = function(opts) { | ||||
| 	var getThumbprint = opts._getThumbprint || ACME._thumber(opts, thumb); | ||||
| 	var dnsPrefix = opts.dnsPrefix || ACME.challengePrefixes['dns-01']; | ||||
| 
 | ||||
| 	return getThumbprint(accountKey).then(function(thumb) { | ||||
| 	return getThumbprint(accountKey).then(function (thumb) { | ||||
| 		var resp = {}; | ||||
| 		resp.thumbprint = thumb; | ||||
| 		//   keyAuthorization = token + '.' + base64url(JWK_Thumbprint(accountKey))
 | ||||
| @ -650,10 +651,10 @@ ACME.computeChallenge = function(opts) { | ||||
| 		// _as part of_ the decision making process
 | ||||
| 		return sha2 | ||||
| 			.sum(256, resp.keyAuthorization) | ||||
| 			.then(function(hash) { | ||||
| 			.then(function (hash) { | ||||
| 				return Enc.bufToUrlBase64(Uint8Array.from(hash)); | ||||
| 			}) | ||||
| 			.then(function(hash64) { | ||||
| 			.then(function (hash64) { | ||||
| 				resp.dnsHost = dnsPrefix + '.' + hostname; // .replace('*.', '');
 | ||||
| 
 | ||||
| 				// deprecated
 | ||||
| @ -673,7 +674,7 @@ ACME.computeChallenge = function(opts) { | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| ACME._untame = function(name, wild) { | ||||
| ACME._untame = function (name, wild) { | ||||
| 	if (wild) { | ||||
| 		name = '*.' + name.replace('*.', ''); | ||||
| 	} | ||||
| @ -681,7 +682,7 @@ ACME._untame = function(name, wild) { | ||||
| }; | ||||
| 
 | ||||
| // https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1
 | ||||
| ACME._postChallenge = function(me, options, kid, auth) { | ||||
| ACME._postChallenge = function (me, options, kid, auth) { | ||||
| 	var RETRY_INTERVAL = me.retryInterval || 1000; | ||||
| 	var DEAUTH_INTERVAL = me.deauthWait || 10 * 1000; | ||||
| 	var MAX_POLL = me.retryPoll || 8; | ||||
| @ -715,7 +716,7 @@ ACME._postChallenge = function(me, options, kid, auth) { | ||||
| 			url: auth.url, | ||||
| 			protected: { kid: kid }, | ||||
| 			payload: Enc.strToBuf(JSON.stringify({ status: 'deactivated' })) | ||||
| 		}).then(function(/*#resp*/) { | ||||
| 		}).then(function (/*#resp*/) { | ||||
| 			//#console.debug('deactivate challenge: resp.body:');
 | ||||
| 			//#console.debug(resp.body);
 | ||||
| 			return ACME._wait(DEAUTH_INTERVAL); | ||||
| @ -755,12 +756,8 @@ ACME._postChallenge = function(me, options, kid, auth) { | ||||
| 			altname: altname | ||||
| 		}); | ||||
| 
 | ||||
| 		if ('processing' === resp.body.status) { | ||||
| 			//#console.debug('poll: again', auth.url);
 | ||||
| 			return ACME._wait(RETRY_INTERVAL).then(pollStatus); | ||||
| 		} | ||||
| 
 | ||||
| 		// This state should never occur
 | ||||
| 		// State can be pending while waiting ACME server to transition to
 | ||||
| 		// processing
 | ||||
| 		if ('pending' === resp.body.status) { | ||||
| 			if (count >= MAX_PEND) { | ||||
| 				return ACME._wait(RETRY_INTERVAL) | ||||
| @ -768,13 +765,25 @@ ACME._postChallenge = function(me, options, kid, auth) { | ||||
| 					.then(respondToChallenge); | ||||
| 			} | ||||
| 			//#console.debug('poll: again', auth.url);
 | ||||
| 			return ACME._wait(RETRY_INTERVAL).then(respondToChallenge); | ||||
| 			return ACME._wait(RETRY_INTERVAL).then(pollStatus); | ||||
| 		} | ||||
| 
 | ||||
| 		if ('processing' === resp.body.status) { | ||||
| 			//#console.debug('poll: again', auth.url);
 | ||||
| 			return ACME._wait(RETRY_INTERVAL).then(pollStatus); | ||||
| 		} | ||||
| 
 | ||||
| 		// REMOVE DNS records as soon as the state is non-processing
 | ||||
| 		// (valid or invalid or other)
 | ||||
| 		try { | ||||
| 			options.challenges[auth.type].remove({ challenge: auth }); | ||||
| 			options.challenges[auth.type] | ||||
| 				.remove({ challenge: auth }) | ||||
| 				.catch(function (err) { | ||||
| 					err.action = 'challenge_remove'; | ||||
| 					err.altname = auth.altname; | ||||
| 					err.type = auth.type; | ||||
| 					ACME._notify(me, options, 'error', err); | ||||
| 				}); | ||||
| 		} catch (e) {} | ||||
| 
 | ||||
| 		if ('valid' === resp.body.status) { | ||||
| @ -850,7 +859,7 @@ ACME._postChallenge = function(me, options, kid, auth) { | ||||
| }; | ||||
| 
 | ||||
| // options = { domains, claims, challenges }
 | ||||
| ACME._setChallenges = function(me, options, order) { | ||||
| ACME._setChallenges = function (me, options, order) { | ||||
| 	var claims = order._claims.slice(0); | ||||
| 	var valids = []; | ||||
| 	var auths = []; | ||||
| @ -867,11 +876,11 @@ ACME._setChallenges = function(me, options, order) { | ||||
| 		} | ||||
| 
 | ||||
| 		return Promise.resolve() | ||||
| 			.then(function() { | ||||
| 			.then(function () { | ||||
| 				// For any challenges that are already valid,
 | ||||
| 				// add to the list and skip any checks.
 | ||||
| 				if ( | ||||
| 					claim.challenges.some(function(ch) { | ||||
| 					claim.challenges.some(function (ch) { | ||||
| 						if ('valid' === ch.status) { | ||||
| 							valids.push(ch); | ||||
| 							return true; | ||||
| @ -893,6 +902,15 @@ ACME._setChallenges = function(me, options, order) { | ||||
| 				placed.push(selected); | ||||
| 				ACME._notify(me, options, 'challenge_select', { | ||||
| 					// API-locked
 | ||||
| 					altname: ACME._untame( | ||||
| 						claim.identifier.value, | ||||
| 						claim.wildcard | ||||
| 					), | ||||
| 					type: selected.type, | ||||
| 					dnsHost: selected.dnsHost, | ||||
| 					keyAuthorization: selected.keyAuthorization | ||||
| 				}); | ||||
| 				ACME._notify(me, options, '_challenge_select', { | ||||
| 					altname: ACME._untame( | ||||
| 						claim.identifier.value, | ||||
| 						claim.wildcard | ||||
| @ -942,7 +960,7 @@ ACME._setChallenges = function(me, options, order) { | ||||
| 		} | ||||
| 
 | ||||
| 		return ACME.challengeTests[auth.type](me, { challenge: auth }) | ||||
| 			.then(function() { | ||||
| 			.then(function () { | ||||
| 				valids.push(auth); | ||||
| 			}) | ||||
| 			.then(checkNext); | ||||
| @ -951,7 +969,7 @@ ACME._setChallenges = function(me, options, order) { | ||||
| 	function removeAll(ch) { | ||||
| 		options.challenges[ch.type] | ||||
| 			.remove({ challenge: ch }) | ||||
| 			.catch(function(err) { | ||||
| 			.catch(function (err) { | ||||
| 				err.action = 'challenge_remove'; | ||||
| 				err.altname = ch.altname; | ||||
| 				err.type = ch.type; | ||||
| @ -964,7 +982,7 @@ ACME._setChallenges = function(me, options, order) { | ||||
| 	return setNext() | ||||
| 		.then(waitAll) | ||||
| 		.then(checkNext) | ||||
| 		.catch(function(err) { | ||||
| 		.catch(function (err) { | ||||
| 			if (!options.debug) { | ||||
| 				placed.forEach(removeAll); | ||||
| 			} | ||||
| @ -972,7 +990,7 @@ ACME._setChallenges = function(me, options, order) { | ||||
| 		}); | ||||
| }; | ||||
| 
 | ||||
| ACME._presentChallenges = function(me, options, kid, readyToPresent) { | ||||
| ACME._presentChallenges = function (me, options, kid, readyToPresent) { | ||||
| 	// Actually sets the challenge via ACME
 | ||||
| 	function challengeNext() { | ||||
| 		// First set, First presented
 | ||||
| @ -985,86 +1003,97 @@ ACME._presentChallenges = function(me, options, kid, readyToPresent) { | ||||
| 
 | ||||
| 	// BTW, these are done serially rather than parallel on purpose
 | ||||
| 	// (rate limits, propagation delays, etc)
 | ||||
| 	return challengeNext().then(function() { | ||||
| 	return challengeNext().then(function () { | ||||
| 		return readyToPresent; | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| ACME._pollOrderStatus = function(me, options, kid, order, verifieds) { | ||||
| ACME._pollOrderStatus = function (me, options, kid, order, verifieds) { | ||||
| 	var csr64 = ACME._csrToUrlBase64(options.csr); | ||||
| 	var body = { csr: csr64 }; | ||||
| 	var payload = JSON.stringify(body); | ||||
| 
 | ||||
| 	function pollCert() { | ||||
| 	function processResponse(resp) { | ||||
| 		ACME._notify(me, options, 'certificate_status', { | ||||
| 			subject: options.domains[0], | ||||
| 			status: resp.body.status | ||||
| 		}); | ||||
| 
 | ||||
| 		// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.1.3
 | ||||
| 		// Possible values are: "pending" => ("invalid" || "ready") => "processing" => "valid"
 | ||||
| 		if ('valid' === resp.body.status) { | ||||
| 			var voucher = resp.body; | ||||
| 			voucher._certificateUrl = resp.body.certificate; | ||||
| 
 | ||||
| 			return voucher; | ||||
| 		} | ||||
| 
 | ||||
| 		if ('processing' === resp.body.status) { | ||||
| 			return ACME._wait().then(pollStatus); | ||||
| 		} | ||||
| 
 | ||||
| 		if (me.debug) { | ||||
| 			console.debug( | ||||
| 				'Error: bad status:\n' + JSON.stringify(resp.body, null, 2) | ||||
| 			); | ||||
| 		} | ||||
| 
 | ||||
| 		if ('pending' === resp.body.status) { | ||||
| 			return Promise.reject( | ||||
| 				new Error( | ||||
| 					"Did not finalize order: status 'pending'." + | ||||
| 						' Best guess: You have not accepted at least one challenge for each domain:\n' + | ||||
| 						"Requested: '" + | ||||
| 						options.domains.join(', ') + | ||||
| 						"'\n" + | ||||
| 						"Validated: '" + | ||||
| 						verifieds.join(', ') + | ||||
| 						"'\n" + | ||||
| 						JSON.stringify(resp.body, null, 2) | ||||
| 				) | ||||
| 			); | ||||
| 		} | ||||
| 
 | ||||
| 		if ('invalid' === resp.body.status) { | ||||
| 			return Promise.reject( | ||||
| 				E.ORDER_INVALID(options, verifieds, resp) | ||||
| 			); | ||||
| 		} | ||||
| 
 | ||||
| 		if ('ready' === resp.body.status) { | ||||
| 			return Promise.reject( | ||||
| 				E.DOUBLE_READY_ORDER(options, verifieds, resp) | ||||
| 			); | ||||
| 		} | ||||
| 
 | ||||
| 		return Promise.reject( | ||||
| 			E.UNHANDLED_ORDER_STATUS(options, verifieds, resp) | ||||
| 		); | ||||
| 	} | ||||
| 
 | ||||
| 	function pollStatus() { | ||||
| 		return U._jwsRequest(me, { | ||||
| 			accountKey: options.accountKey, | ||||
| 			url: order._orderUrl, | ||||
| 			protected: { kid: kid }, | ||||
| 			payload: Enc.binToBuf('') | ||||
| 		}).then(processResponse); | ||||
| 	} | ||||
| 
 | ||||
| 	function finalizeOrder() { | ||||
| 		//#console.debug('[ACME.js] pollCert:', order._finalizeUrl);
 | ||||
| 		return U._jwsRequest(me, { | ||||
| 			accountKey: options.accountKey, | ||||
| 			url: order._finalizeUrl, | ||||
| 			protected: { kid: kid }, | ||||
| 			payload: Enc.strToBuf(payload) | ||||
| 		}).then(function(resp) { | ||||
| 			ACME._notify(me, options, 'certificate_status', { | ||||
| 				subject: options.domains[0], | ||||
| 				status: resp.body.status | ||||
| 			}); | ||||
| 
 | ||||
| 			// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.1.3
 | ||||
| 			// Possible values are: "pending" => ("invalid" || "ready") => "processing" => "valid"
 | ||||
| 			if ('valid' === resp.body.status) { | ||||
| 				var voucher = resp.body; | ||||
| 				voucher._certificateUrl = resp.body.certificate; | ||||
| 
 | ||||
| 				return voucher; | ||||
| 			} | ||||
| 
 | ||||
| 			if ('processing' === resp.body.status) { | ||||
| 				return ACME._wait().then(pollCert); | ||||
| 			} | ||||
| 
 | ||||
| 			if (me.debug) { | ||||
| 				console.debug( | ||||
| 					'Error: bad status:\n' + JSON.stringify(resp.body, null, 2) | ||||
| 				); | ||||
| 			} | ||||
| 
 | ||||
| 			if ('pending' === resp.body.status) { | ||||
| 				return Promise.reject( | ||||
| 					new Error( | ||||
| 						"Did not finalize order: status 'pending'." + | ||||
| 							' Best guess: You have not accepted at least one challenge for each domain:\n' + | ||||
| 							"Requested: '" + | ||||
| 							options.domains.join(', ') + | ||||
| 							"'\n" + | ||||
| 							"Validated: '" + | ||||
| 							verifieds.join(', ') + | ||||
| 							"'\n" + | ||||
| 							JSON.stringify(resp.body, null, 2) | ||||
| 					) | ||||
| 				); | ||||
| 			} | ||||
| 
 | ||||
| 			if ('invalid' === resp.body.status) { | ||||
| 				return Promise.reject( | ||||
| 					E.ORDER_INVALID(options, verifieds, resp) | ||||
| 				); | ||||
| 			} | ||||
| 
 | ||||
| 			if ('ready' === resp.body.status) { | ||||
| 				return Promise.reject( | ||||
| 					E.DOUBLE_READY_ORDER(options, verifieds, resp) | ||||
| 				); | ||||
| 			} | ||||
| 
 | ||||
| 			return Promise.reject( | ||||
| 				E.UNHANDLED_ORDER_STATUS(options, verifieds, resp) | ||||
| 			); | ||||
| 		}); | ||||
| 		}).then(processResponse); | ||||
| 	} | ||||
| 
 | ||||
| 	return pollCert(); | ||||
| 	return finalizeOrder(); | ||||
| }; | ||||
| 
 | ||||
| ACME._redeemCert = function(me, options, kid, voucher) { | ||||
| ACME._redeemCert = function (me, options, kid, voucher) { | ||||
| 	//#console.debug('ACME.js: order was finalized');
 | ||||
| 
 | ||||
| 	// POST-as-GET
 | ||||
| @ -1074,7 +1103,7 @@ ACME._redeemCert = function(me, options, kid, voucher) { | ||||
| 		protected: { kid: kid }, | ||||
| 		payload: Enc.binToBuf(''), | ||||
| 		json: true | ||||
| 	}).then(function(resp) { | ||||
| 	}).then(function (resp) { | ||||
| 		//#console.debug('ACME.js: csr submitted and cert received:');
 | ||||
| 
 | ||||
| 		// https://github.com/certbot/certbot/issues/5721
 | ||||
| @ -1093,12 +1122,12 @@ ACME._redeemCert = function(me, options, kid, voucher) { | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| ACME._finalizeOrder = function(me, options, kid, order) { | ||||
| ACME._finalizeOrder = function (me, options, kid, order) { | ||||
| 	//#console.debug('[ACME.js] finalizeOrder:');
 | ||||
| 	var readyToPresent; | ||||
| 	return A._getAccountKid(me, options).then(function(kid) { | ||||
| 	return A._getAccountKid(me, options).then(function (kid) { | ||||
| 		return ACME._setChallenges(me, options, order) | ||||
| 			.then(function(_readyToPresent) { | ||||
| 			.then(function (_readyToPresent) { | ||||
| 				readyToPresent = _readyToPresent; | ||||
| 				return ACME._presentChallenges( | ||||
| 					me, | ||||
| @ -1107,28 +1136,28 @@ ACME._finalizeOrder = function(me, options, kid, order) { | ||||
| 					readyToPresent | ||||
| 				); | ||||
| 			}) | ||||
| 			.then(function() { | ||||
| 			.then(function () { | ||||
| 				return ACME._pollOrderStatus( | ||||
| 					me, | ||||
| 					options, | ||||
| 					kid, | ||||
| 					order, | ||||
| 					readyToPresent.map(function(ch) { | ||||
| 					readyToPresent.map(function (ch) { | ||||
| 						return ACME._untame(ch.identifier.value, ch.wildcard); | ||||
| 					}) | ||||
| 				); | ||||
| 			}) | ||||
| 			.then(function(voucher) { | ||||
| 			.then(function (voucher) { | ||||
| 				return ACME._redeemCert(me, options, kid, voucher); | ||||
| 			}); | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| // Order a certificate request with all domains
 | ||||
| ACME._orderCert = function(me, options, kid) { | ||||
| ACME._orderCert = function (me, options, kid) { | ||||
| 	var certificateRequest = { | ||||
| 		// raw wildcard syntax MUST be used here
 | ||||
| 		identifiers: options.domains.map(function(hostname) { | ||||
| 		identifiers: options.domains.map(function (hostname) { | ||||
| 			return { type: 'dns', value: hostname }; | ||||
| 		}) | ||||
| 		//, "notBefore": "2016-01-01T00:00:00Z"
 | ||||
| @ -1136,10 +1165,10 @@ ACME._orderCert = function(me, options, kid) { | ||||
| 	}; | ||||
| 
 | ||||
| 	return ACME._prepRequest(me, options) | ||||
| 		.then(function() { | ||||
| 		.then(function () { | ||||
| 			return ACME._getZones(me, options.challenges, options.domains); | ||||
| 		}) | ||||
| 		.then(function(zonenames) { | ||||
| 		.then(function (zonenames) { | ||||
| 			var p; | ||||
| 			// Do a little dry-run / self-test
 | ||||
| 			if (!me.skipDryRun && !options.skipDryRun) { | ||||
| @ -1148,9 +1177,9 @@ ACME._orderCert = function(me, options, kid) { | ||||
| 				p = Promise.resolve(null); | ||||
| 			} | ||||
| 
 | ||||
| 			return p.then(function() { | ||||
| 			return p.then(function () { | ||||
| 				return A._getAccountKid(me, options) | ||||
| 					.then(function(kid) { | ||||
| 					.then(function (kid) { | ||||
| 						ACME._notify(me, options, 'certificate_order', { | ||||
| 							// API-locked
 | ||||
| 							account: { key: { kid: kid } }, | ||||
| @ -1168,7 +1197,7 @@ ACME._orderCert = function(me, options, kid) { | ||||
| 							payload: Enc.binToBuf(payload) | ||||
| 						}); | ||||
| 					}) | ||||
| 					.then(function(resp) { | ||||
| 					.then(function (resp) { | ||||
| 						var order = resp.body; | ||||
| 						order._orderUrl = resp.headers.location; | ||||
| 						order._finalizeUrl = resp.body.finalize; | ||||
| @ -1184,14 +1213,14 @@ ACME._orderCert = function(me, options, kid) { | ||||
| 
 | ||||
| 						return order; | ||||
| 					}) | ||||
| 					.then(function(order) { | ||||
| 					.then(function (order) { | ||||
| 						return ACME._getAllChallenges( | ||||
| 							me, | ||||
| 							options, | ||||
| 							kid, | ||||
| 							zonenames, | ||||
| 							order | ||||
| 						).then(function(claims) { | ||||
| 						).then(function (claims) { | ||||
| 							order._claims = claims; | ||||
| 							return order; | ||||
| 						}); | ||||
| @ -1200,8 +1229,8 @@ ACME._orderCert = function(me, options, kid) { | ||||
| 		}); | ||||
| }; | ||||
| 
 | ||||
| ACME._prepRequest = function(me, options) { | ||||
| 	return Promise.resolve().then(function() { | ||||
| ACME._prepRequest = function (me, options) { | ||||
| 	return Promise.resolve().then(function () { | ||||
| 		// TODO check that all presenterTypes are represented in challenges
 | ||||
| 		if (!options._presenterTypes.length) { | ||||
| 			return Promise.reject( | ||||
| @ -1219,14 +1248,8 @@ ACME._prepRequest = function(me, options) { | ||||
| 		options.domains = options.domains || _csr.altnames; | ||||
| 		_csr.altnames = _csr.altnames || []; | ||||
| 		if ( | ||||
| 			options.domains | ||||
| 				.slice(0) | ||||
| 				.sort() | ||||
| 				.join(' ') !== | ||||
| 			_csr.altnames | ||||
| 				.slice(0) | ||||
| 				.sort() | ||||
| 				.join(' ') | ||||
| 			options.domains.slice(0).sort().join(' ') !== | ||||
| 			_csr.altnames.slice(0).sort().join(' ') | ||||
| 		) { | ||||
| 			return Promise.reject( | ||||
| 				new Error('certificate altnames do not match requested domains') | ||||
| @ -1249,7 +1272,7 @@ ACME._prepRequest = function(me, options) { | ||||
| 		} | ||||
| 
 | ||||
| 		// a cheap check to see if there are non-ascii characters in any of the domains
 | ||||
| 		var nonAsciiDomains = options.domains.some(function(d) { | ||||
| 		var nonAsciiDomains = options.domains.some(function (d) { | ||||
| 			// IDN / unicode / utf-8 / punycode
 | ||||
| 			return Enc.strToBin(d) !== d; | ||||
| 		}); | ||||
| @ -1260,7 +1283,7 @@ ACME._prepRequest = function(me, options) { | ||||
| 		} | ||||
| 
 | ||||
| 		// TODO Promise.all()?
 | ||||
| 		(options._presenterTypes || []).forEach(function(key) { | ||||
| 		(options._presenterTypes || []).forEach(function (key) { | ||||
| 			var presenter = options.challenges[key]; | ||||
| 			if ( | ||||
| 				'function' === typeof presenter.init && | ||||
| @ -1274,7 +1297,7 @@ ACME._prepRequest = function(me, options) { | ||||
| }; | ||||
| 
 | ||||
| // Request a challenge for each authorization in the order
 | ||||
| ACME._getAllChallenges = function(me, options, kid, zonenames, order) { | ||||
| ACME._getAllChallenges = function (me, options, kid, zonenames, order) { | ||||
| 	var claims = []; | ||||
| 	//#console.debug("[acme-v2] POST newOrder has authorizations");
 | ||||
| 	var challengeAuths = order.authorizations.slice(0); | ||||
| @ -1291,14 +1314,14 @@ ACME._getAllChallenges = function(me, options, kid, zonenames, order) { | ||||
| 			kid, | ||||
| 			zonenames, | ||||
| 			authUrl | ||||
| 		).then(function(claim) { | ||||
| 		).then(function (claim) { | ||||
| 			// var domain = options.domains[i]; // claim.identifier.value
 | ||||
| 			claims.push(claim); | ||||
| 			return getNext(); | ||||
| 		}); | ||||
| 	} | ||||
| 
 | ||||
| 	return getNext().then(function() { | ||||
| 	return getNext().then(function () { | ||||
| 		return claims; | ||||
| 	}); | ||||
| }; | ||||
| @ -1316,12 +1339,12 @@ ACME.splitPemChain = function splitPemChain(str) { | ||||
| 	return str | ||||
| 		.trim() | ||||
| 		.split(/[\r\n]{2,}/g) | ||||
| 		.map(function(str) { | ||||
| 		.map(function (str) { | ||||
| 			return str + '\n'; | ||||
| 		}); | ||||
| }; | ||||
| 
 | ||||
| ACME._csrToUrlBase64 = function(csr) { | ||||
| ACME._csrToUrlBase64 = function (csr) { | ||||
| 	// if der, convert to base64
 | ||||
| 	if ('string' !== typeof csr) { | ||||
| 		csr = Enc.bufToUrlBase64(csr); | ||||
| @ -1330,21 +1353,16 @@ ACME._csrToUrlBase64 = function(csr) { | ||||
| 	// TODO use PEM.parseBlock()
 | ||||
| 	// nix PEM headers, if any
 | ||||
| 	if ('-' === csr[0]) { | ||||
| 		csr = csr | ||||
| 			.split(/\n+/) | ||||
| 			.slice(1, -1) | ||||
| 			.join(''); | ||||
| 		csr = csr.split(/\n+/).slice(1, -1).join(''); | ||||
| 	} | ||||
| 	return Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, '')); | ||||
| }; | ||||
| 
 | ||||
| // In v8 this is crypto random, but we're just using it for pseudorandom
 | ||||
| ACME._prnd = function(n) { | ||||
| ACME._prnd = function (n) { | ||||
| 	var rnd = ''; | ||||
| 	while (rnd.length / 2 < n) { | ||||
| 		var i = Math.random() | ||||
| 			.toString() | ||||
| 			.substr(2); | ||||
| 		var i = Math.random().toString().substr(2); | ||||
| 		var h = parseInt(i, 10).toString(16); | ||||
| 		if (h.length % 2) { | ||||
| 			h = '0' + h; | ||||
| @ -1354,7 +1372,7 @@ ACME._prnd = function(n) { | ||||
| 	return rnd.substr(0, n * 2); | ||||
| }; | ||||
| 
 | ||||
| ACME._notify = function(me, options, ev, params) { | ||||
| ACME._notify = function (me, options, ev, params) { | ||||
| 	if (!options.notify && !me.notify) { | ||||
| 		//console.info(ev, params);
 | ||||
| 		return; | ||||
| @ -1368,7 +1386,7 @@ ACME._notify = function(me, options, ev, params) { | ||||
| }; | ||||
| 
 | ||||
| ACME._wait = function wait(ms) { | ||||
| 	return new Promise(function(resolve) { | ||||
| 	return new Promise(function (resolve) { | ||||
| 		setTimeout(resolve, ms || 1100); | ||||
| 	}); | ||||
| }; | ||||
| @ -1385,12 +1403,12 @@ function newZoneRegExp(zonename) { | ||||
| 
 | ||||
| function pluckZone(zonenames, dnsHost) { | ||||
| 	return zonenames | ||||
| 		.filter(function(zonename) { | ||||
| 		.filter(function (zonename) { | ||||
| 			// the only character that needs to be escaped for regex
 | ||||
| 			// and is allowed in a domain name is '.'
 | ||||
| 			return newZoneRegExp(zonename).test(dnsHost); | ||||
| 		}) | ||||
| 		.sort(function(a, b) { | ||||
| 		.sort(function (a, b) { | ||||
| 			// longest match first
 | ||||
| 			return b.length - a.length; | ||||
| 		})[0]; | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| #!/usr/bin/env node
 | ||||
| (async function() { | ||||
| (async function () { | ||||
| 	'use strict'; | ||||
| 
 | ||||
| 	var UglifyJS = require('uglify-js'); | ||||
| @ -22,7 +22,7 @@ | ||||
| 			'../lib/asn1-parser.js', | ||||
| 			'../lib/csr.js', | ||||
| 			'../lib/acme.js' | ||||
| 		].map(async function(file) { | ||||
| 		].map(async function (file) { | ||||
| 			return (await readFile(path.join(__dirname, file), 'utf8')).trim(); | ||||
| 		}) | ||||
| 	); | ||||
|  | ||||
							
								
								
									
										12
									
								
								errors.js
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								errors.js
									
									
									
									
									
								
							| @ -2,13 +2,13 @@ | ||||
| 
 | ||||
| var E = module.exports; | ||||
| 
 | ||||
| E.NO_SUITABLE_CHALLENGE = function(domain, challenges, presenters) { | ||||
| E.NO_SUITABLE_CHALLENGE = function (domain, challenges, presenters) { | ||||
| 	// Bail with a descriptive message if no usable challenge could be selected
 | ||||
| 	// For example, wildcards require dns-01 and, if we don't have that, we have to bail
 | ||||
| 	var enabled = presenters.join(', ') || 'none'; | ||||
| 	var suitable = | ||||
| 		challenges | ||||
| 			.map(function(r) { | ||||
| 			.map(function (r) { | ||||
| 				return r.type; | ||||
| 			}) | ||||
| 			.join(', ') || 'none'; | ||||
| @ -24,7 +24,7 @@ E.NO_SUITABLE_CHALLENGE = function(domain, challenges, presenters) { | ||||
| 			' ).' | ||||
| 	); | ||||
| }; | ||||
| E.UNHANDLED_ORDER_STATUS = function(options, domains, resp) { | ||||
| E.UNHANDLED_ORDER_STATUS = function (options, domains, resp) { | ||||
| 	return new Error( | ||||
| 		"Didn't finalize order: Unhandled status '" + | ||||
| 			resp.body.status + | ||||
| @ -41,7 +41,7 @@ E.UNHANDLED_ORDER_STATUS = function(options, domains, resp) { | ||||
| 			'Please open an issue at https://git.rootprojects.org/root/acme.js' | ||||
| 	); | ||||
| }; | ||||
| E.DOUBLE_READY_ORDER = function(options, domains, resp) { | ||||
| E.DOUBLE_READY_ORDER = function (options, domains, resp) { | ||||
| 	return new Error( | ||||
| 		"Did not finalize order: status 'ready'." + | ||||
| 			" Hmmm... this state shouldn't be possible here. That was the last state." + | ||||
| @ -57,7 +57,7 @@ E.DOUBLE_READY_ORDER = function(options, domains, resp) { | ||||
| 			'Please open an issue at https://git.rootprojects.org/root/acme.js' | ||||
| 	); | ||||
| }; | ||||
| E.ORDER_INVALID = function(options, domains, resp) { | ||||
| E.ORDER_INVALID = function (options, domains, resp) { | ||||
| 	return new Error( | ||||
| 		"Did not finalize order: status 'invalid'." + | ||||
| 			' Best guess: One or more of the domain challenges could not be verified' + | ||||
| @ -71,7 +71,7 @@ E.ORDER_INVALID = function(options, domains, resp) { | ||||
| 			JSON.stringify(resp.body, null, 2) | ||||
| 	); | ||||
| }; | ||||
| E.NO_AUTHORIZATIONS = function(options, resp) { | ||||
| E.NO_AUTHORIZATIONS = function (options, resp) { | ||||
| 	return new Error( | ||||
| 		"[acme-v2.js] authorizations were not fetched for '" + | ||||
| 			options.domains.join() + | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| /*global Promise*/ | ||||
| (function() { | ||||
| (function () { | ||||
| 	'use strict'; | ||||
| 
 | ||||
| 	var Keypairs = require('@root/keypairs'); | ||||
| @ -29,8 +29,8 @@ | ||||
| 		console.log('hello'); | ||||
| 
 | ||||
| 		// Show different options for ECDSA vs RSA
 | ||||
| 		$$('input[name="kty"]').forEach(function($el) { | ||||
| 			$el.addEventListener('change', function(ev) { | ||||
| 		$$('input[name="kty"]').forEach(function ($el) { | ||||
| 			$el.addEventListener('change', function (ev) { | ||||
| 				console.log(this); | ||||
| 				console.log(ev); | ||||
| 				if ('RSA' === ev.target.value) { | ||||
| @ -44,20 +44,20 @@ | ||||
| 		}); | ||||
| 
 | ||||
| 		// Generate a key on submit
 | ||||
| 		$('form.js-keygen').addEventListener('submit', function(ev) { | ||||
| 		$('form.js-keygen').addEventListener('submit', function (ev) { | ||||
| 			ev.preventDefault(); | ||||
| 			ev.stopPropagation(); | ||||
| 			$('.js-loading').hidden = false; | ||||
| 			$('.js-jwk').hidden = true; | ||||
| 			$('.js-toc-der-public').hidden = true; | ||||
| 			$('.js-toc-der-private').hidden = true; | ||||
| 			$$('.js-toc-pem').forEach(function($el) { | ||||
| 			$$('.js-toc-pem').forEach(function ($el) { | ||||
| 				$el.hidden = true; | ||||
| 			}); | ||||
| 			$$('input').map(function($el) { | ||||
| 			$$('input').map(function ($el) { | ||||
| 				$el.disabled = true; | ||||
| 			}); | ||||
| 			$$('button').map(function($el) { | ||||
| 			$$('button').map(function ($el) { | ||||
| 				$el.disabled = true; | ||||
| 			}); | ||||
| 			var opts = { | ||||
| @ -67,7 +67,7 @@ | ||||
| 			}; | ||||
| 			var then = Date.now(); | ||||
| 			console.log('opts', opts); | ||||
| 			Keypairs.generate(opts).then(function(results) { | ||||
| 			Keypairs.generate(opts).then(function (results) { | ||||
| 				console.log('Key generation time:', Date.now() - then + 'ms'); | ||||
| 				var pubDer; | ||||
| 				var privDer; | ||||
| @ -77,19 +77,19 @@ | ||||
| 					Eckles.export({ | ||||
| 						jwk: results.private, | ||||
| 						format: 'sec1' | ||||
| 					}).then(function(pem) { | ||||
| 					}).then(function (pem) { | ||||
| 						$('.js-input-pem-sec1-private').innerText = pem; | ||||
| 						$('.js-toc-pem-sec1-private').hidden = false; | ||||
| 					}); | ||||
| 					Eckles.export({ | ||||
| 						jwk: results.private, | ||||
| 						format: 'pkcs8' | ||||
| 					}).then(function(pem) { | ||||
| 					}).then(function (pem) { | ||||
| 						$('.js-input-pem-pkcs8-private').innerText = pem; | ||||
| 						$('.js-toc-pem-pkcs8-private').hidden = false; | ||||
| 					}); | ||||
| 					Eckles.export({ jwk: results.public, public: true }).then( | ||||
| 						function(pem) { | ||||
| 						function (pem) { | ||||
| 							$('.js-input-pem-spki-public').innerText = pem; | ||||
| 							$('.js-toc-pem-spki-public').hidden = false; | ||||
| 						} | ||||
| @ -100,25 +100,25 @@ | ||||
| 					Rasha.export({ | ||||
| 						jwk: results.private, | ||||
| 						format: 'pkcs1' | ||||
| 					}).then(function(pem) { | ||||
| 					}).then(function (pem) { | ||||
| 						$('.js-input-pem-pkcs1-private').innerText = pem; | ||||
| 						$('.js-toc-pem-pkcs1-private').hidden = false; | ||||
| 					}); | ||||
| 					Rasha.export({ | ||||
| 						jwk: results.private, | ||||
| 						format: 'pkcs8' | ||||
| 					}).then(function(pem) { | ||||
| 					}).then(function (pem) { | ||||
| 						$('.js-input-pem-pkcs8-private').innerText = pem; | ||||
| 						$('.js-toc-pem-pkcs8-private').hidden = false; | ||||
| 					}); | ||||
| 					Rasha.export({ jwk: results.public, format: 'pkcs1' }).then( | ||||
| 						function(pem) { | ||||
| 						function (pem) { | ||||
| 							$('.js-input-pem-pkcs1-public').innerText = pem; | ||||
| 							$('.js-toc-pem-pkcs1-public').hidden = false; | ||||
| 						} | ||||
| 					); | ||||
| 					Rasha.export({ jwk: results.public, format: 'spki' }).then( | ||||
| 						function(pem) { | ||||
| 						function (pem) { | ||||
| 							$('.js-input-pem-spki-public').innerText = pem; | ||||
| 							$('.js-toc-pem-spki-public').hidden = false; | ||||
| 						} | ||||
| @ -132,10 +132,10 @@ | ||||
| 				$('.js-jwk').innerText = JSON.stringify(results, null, 2); | ||||
| 				$('.js-loading').hidden = true; | ||||
| 				$('.js-jwk').hidden = false; | ||||
| 				$$('input').map(function($el) { | ||||
| 				$$('input').map(function ($el) { | ||||
| 					$el.disabled = false; | ||||
| 				}); | ||||
| 				$$('button').map(function($el) { | ||||
| 				$$('button').map(function ($el) { | ||||
| 					$el.disabled = false; | ||||
| 				}); | ||||
| 				$('.js-toc-jwk').hidden = false; | ||||
| @ -145,7 +145,7 @@ | ||||
| 			}); | ||||
| 		}); | ||||
| 
 | ||||
| 		$('form.js-acme-account').addEventListener('submit', function(ev) { | ||||
| 		$('form.js-acme-account').addEventListener('submit', function (ev) { | ||||
| 			ev.preventDefault(); | ||||
| 			ev.stopPropagation(); | ||||
| 			$('.js-loading').hidden = false; | ||||
| @ -155,7 +155,7 @@ | ||||
| 			}); | ||||
| 			acme.init( | ||||
| 				'https://acme-staging-v02.api.letsencrypt.org/directory' | ||||
| 			).then(function(result) { | ||||
| 			).then(function (result) { | ||||
| 				console.log('acme result', result); | ||||
| 				var privJwk = JSON.parse($('.js-jwk').innerText).private; | ||||
| 				var email = $('.js-email').value; | ||||
| @ -165,7 +165,7 @@ | ||||
| 						agreeToTerms: checkTos, | ||||
| 						accountKeypair: { privateKeyJwk: privJwk } | ||||
| 					}) | ||||
| 					.then(function(account) { | ||||
| 					.then(function (account) { | ||||
| 						console.log('account created result:', account); | ||||
| 						accountStuff.account = account; | ||||
| 						accountStuff.privateJwk = privJwk; | ||||
| @ -177,7 +177,7 @@ | ||||
| 							'.js-acme-account-response' | ||||
| 						).innerText = JSON.stringify(account, null, 2); | ||||
| 					}) | ||||
| 					.catch(function(err) { | ||||
| 					.catch(function (err) { | ||||
| 						console.error('A bad thing happened:'); | ||||
| 						console.error(err); | ||||
| 						window.alert( | ||||
| @ -187,13 +187,13 @@ | ||||
| 			}); | ||||
| 		}); | ||||
| 
 | ||||
| 		$('form.js-csr').addEventListener('submit', function(ev) { | ||||
| 		$('form.js-csr').addEventListener('submit', function (ev) { | ||||
| 			ev.preventDefault(); | ||||
| 			ev.stopPropagation(); | ||||
| 			generateCsr(); | ||||
| 		}); | ||||
| 
 | ||||
| 		$('form.js-acme-order').addEventListener('submit', function(ev) { | ||||
| 		$('form.js-acme-order').addEventListener('submit', function (ev) { | ||||
| 			ev.preventDefault(); | ||||
| 			ev.stopPropagation(); | ||||
| 			var account = accountStuff.account; | ||||
| @ -204,7 +204,7 @@ | ||||
| 			var domains = ($('.js-domains').value || 'example.com').split( | ||||
| 				/[, ]+/g | ||||
| 			); | ||||
| 			return getDomainPrivkey().then(function(domainPrivJwk) { | ||||
| 			return getDomainPrivkey().then(function (domainPrivJwk) { | ||||
| 				console.log('Has CSR already?'); | ||||
| 				console.log(accountStuff.csr); | ||||
| 				return acme.certificates | ||||
| @ -219,11 +219,11 @@ | ||||
| 						agreeToTerms: checkTos, | ||||
| 						challenges: { | ||||
| 							'dns-01': { | ||||
| 								set: function(opts) { | ||||
| 								set: function (opts) { | ||||
| 									console.info('dns-01 set challenge:'); | ||||
| 									console.info('TXT', opts.dnsHost); | ||||
| 									console.info(opts.dnsAuthorization); | ||||
| 									return new Promise(function(resolve) { | ||||
| 									return new Promise(function (resolve) { | ||||
| 										while ( | ||||
| 											!window.confirm( | ||||
| 												'Did you set the challenge?' | ||||
| @ -232,11 +232,11 @@ | ||||
| 										resolve(); | ||||
| 									}); | ||||
| 								}, | ||||
| 								remove: function(opts) { | ||||
| 								remove: function (opts) { | ||||
| 									console.log('dns-01 remove challenge:'); | ||||
| 									console.info('TXT', opts.dnsHost); | ||||
| 									console.info(opts.dnsAuthorization); | ||||
| 									return new Promise(function(resolve) { | ||||
| 									return new Promise(function (resolve) { | ||||
| 										while ( | ||||
| 											!window.confirm( | ||||
| 												'Did you delete the challenge?' | ||||
| @ -247,11 +247,11 @@ | ||||
| 								} | ||||
| 							}, | ||||
| 							'http-01': { | ||||
| 								set: function(opts) { | ||||
| 								set: function (opts) { | ||||
| 									console.info('http-01 set challenge:'); | ||||
| 									console.info(opts.challengeUrl); | ||||
| 									console.info(opts.keyAuthorization); | ||||
| 									return new Promise(function(resolve) { | ||||
| 									return new Promise(function (resolve) { | ||||
| 										while ( | ||||
| 											!window.confirm( | ||||
| 												'Did you set the challenge?' | ||||
| @ -260,11 +260,11 @@ | ||||
| 										resolve(); | ||||
| 									}); | ||||
| 								}, | ||||
| 								remove: function(opts) { | ||||
| 								remove: function (opts) { | ||||
| 									console.log('http-01 remove challenge:'); | ||||
| 									console.info(opts.challengeUrl); | ||||
| 									console.info(opts.keyAuthorization); | ||||
| 									return new Promise(function(resolve) { | ||||
| 									return new Promise(function (resolve) { | ||||
| 										while ( | ||||
| 											!window.confirm( | ||||
| 												'Did you delete the challenge?' | ||||
| @ -279,7 +279,7 @@ | ||||
| 							$('input[name="acme-challenge-type"]:checked').value | ||||
| 						] | ||||
| 					}) | ||||
| 					.then(function(results) { | ||||
| 					.then(function (results) { | ||||
| 						console.log('Got Certificates:'); | ||||
| 						console.log(results); | ||||
| 						$('.js-toc-acme-order-response').hidden = false; | ||||
| @ -289,7 +289,7 @@ | ||||
| 							2 | ||||
| 						); | ||||
| 					}) | ||||
| 					.catch(function(err) { | ||||
| 					.catch(function (err) { | ||||
| 						console.error('challenge failed:'); | ||||
| 						console.error(err); | ||||
| 						window.alert( | ||||
| @ -310,7 +310,7 @@ | ||||
| 			kty: $('input[name="kty"]:checked').value, | ||||
| 			namedCurve: $('input[name="ec-crv"]:checked').value, | ||||
| 			modulusLength: $('input[name="rsa-len"]:checked').value | ||||
| 		}).then(function(pair) { | ||||
| 		}).then(function (pair) { | ||||
| 			console.log('domain keypair:', pair); | ||||
| 			accountStuff.domainPrivateJwk = pair.private; | ||||
| 			return pair.private; | ||||
| @ -320,9 +320,9 @@ | ||||
| 	function generateCsr() { | ||||
| 		var domains = ($('.js-domains').value || 'example.com').split(/[, ]+/g); | ||||
| 		//var privJwk = JSON.parse($('.js-jwk').innerText).private;
 | ||||
| 		return getDomainPrivkey().then(function(privJwk) { | ||||
| 		return getDomainPrivkey().then(function (privJwk) { | ||||
| 			accountStuff.domainPrivateJwk = privJwk; | ||||
| 			return CSR({ jwk: privJwk, domains: domains }).then(function(pem) { | ||||
| 			return CSR({ jwk: privJwk, domains: domains }).then(function (pem) { | ||||
| 				// Verify with https://www.sslshopper.com/csr-decoder.html
 | ||||
| 				accountStuff.csr = pem; | ||||
| 				console.log('Created CSR:'); | ||||
|  | ||||
| @ -5,7 +5,7 @@ async function main() { | ||||
| 
 | ||||
| 	var fs = require('fs'); | ||||
| 	// just to trigger the warning message out of the way
 | ||||
| 	await fs.promises.readFile().catch(function() {}); | ||||
| 	await fs.promises.readFile().catch(function () {}); | ||||
| 	console.warn('\n'); | ||||
| 	var MY_DOMAINS = process.env.DOMAINS.split(/[,\s]+/); | ||||
| 
 | ||||
| @ -55,7 +55,7 @@ async function main() { | ||||
| 
 | ||||
| 	// If you are multi-tenanted or white-labled and need to present the terms of
 | ||||
| 	// use to the Subscriber running the service, you can do so with a function.
 | ||||
| 	var agreeToTerms = async function() { | ||||
| 	var agreeToTerms = async function () { | ||||
| 		return true; | ||||
| 	}; | ||||
| 
 | ||||
| @ -126,7 +126,7 @@ async function main() { | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| main().catch(function(e) { | ||||
| main().catch(function (e) { | ||||
| 	console.error(e.stack); | ||||
| }); | ||||
| 
 | ||||
|  | ||||
| @ -7,9 +7,9 @@ var key = fs.readFileSync('./privkey.pem'); | ||||
| var cert = fs.readFileSync('./fullchain.pem'); | ||||
| 
 | ||||
| var server = https | ||||
| 	.createSecureServer({ key, cert }, function(req, res) { | ||||
| 	.createSecureServer({ key, cert }, function (req, res) { | ||||
| 		res.end('Hello, Encrypted World!'); | ||||
| 	}) | ||||
| 	.listen(443, function() { | ||||
| 	.listen(443, function () { | ||||
| 		console.info('Listening on', server.address()); | ||||
| 	}); | ||||
|  | ||||
							
								
								
									
										21
									
								
								examples/https-sni-server.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								examples/https-sni-server.js
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,21 @@ | ||||
| 'use strict'; | ||||
| 
 | ||||
| var https = require('http2'); | ||||
| var tls = require('tls'); | ||||
| var fs = require('fs'); | ||||
| 
 | ||||
| var key = fs.readFileSync('./privkey.pem'); | ||||
| var cert = fs.readFileSync('./fullchain.pem'); | ||||
| 
 | ||||
| function SNICallback(servername, cb) { | ||||
| 	console.log('sni:', servername); | ||||
| 	cb(null, tls.createSecureContext({ key, cert })); | ||||
| } | ||||
| 
 | ||||
| var server = https | ||||
| 	.createSecureServer({ SNICallback: SNICallback }, function (req, res) { | ||||
| 		res.end('Hello, Encrypted World!'); | ||||
| 	}) | ||||
| 	.listen(443, function () { | ||||
| 		console.info('Listening on', server.address()); | ||||
| 	}); | ||||
| @ -13,12 +13,12 @@ var nameserver = nameservers[index]; | ||||
| 
 | ||||
| app.use('/', express.static(__dirname)); | ||||
| app.use('/api', express.json()); | ||||
| app.get('/api/dns/:domain', function(req, res, next) { | ||||
| app.get('/api/dns/:domain', function (req, res, next) { | ||||
| 	var domain = req.params.domain; | ||||
| 	var casedDomain = domain | ||||
| 		.toLowerCase() | ||||
| 		.split('') | ||||
| 		.map(function(ch) { | ||||
| 		.map(function (ch) { | ||||
| 			// dns0x20 takes advantage of the fact that the binary operation for toUpperCase is
 | ||||
| 			// ch = ch | 0x20;
 | ||||
| 			return Math.round(Math.random()) % 2 ? ch : ch.toUpperCase(); | ||||
| @ -46,10 +46,10 @@ app.get('/api/dns/:domain', function(req, res, next) { | ||||
| 		] | ||||
| 	}; | ||||
| 	var opts = { | ||||
| 		onError: function(err) { | ||||
| 		onError: function (err) { | ||||
| 			next(err); | ||||
| 		}, | ||||
| 		onMessage: function(packet) { | ||||
| 		onMessage: function (packet) { | ||||
| 			var fail0x20; | ||||
| 
 | ||||
| 			if (packet.id !== query.id) { | ||||
| @ -62,17 +62,17 @@ app.get('/api/dns/:domain', function(req, res, next) { | ||||
| 				return; | ||||
| 			} | ||||
| 
 | ||||
| 			packet.question.forEach(function(q) { | ||||
| 			packet.question.forEach(function (q) { | ||||
| 				// if (-1 === q.name.lastIndexOf(cli.casedQuery))
 | ||||
| 				if (q.name !== casedDomain) { | ||||
| 					fail0x20 = q.name; | ||||
| 				} | ||||
| 			}); | ||||
| 
 | ||||
| 			['question', 'answer', 'authority', 'additional'].forEach(function( | ||||
| 			['question', 'answer', 'authority', 'additional'].forEach(function ( | ||||
| 				group | ||||
| 			) { | ||||
| 				(packet[group] || []).forEach(function(a) { | ||||
| 				(packet[group] || []).forEach(function (a) { | ||||
| 					var an = a.name; | ||||
| 					var i = domain | ||||
| 						.toLowerCase() | ||||
| @ -133,13 +133,13 @@ app.get('/api/dns/:domain', function(req, res, next) { | ||||
| 				edns_options: packet.edns_options | ||||
| 			}); | ||||
| 		}, | ||||
| 		onListening: function() {}, | ||||
| 		onSent: function(/*res*/) {}, | ||||
| 		onTimeout: function(res) { | ||||
| 		onListening: function () {}, | ||||
| 		onSent: function (/*res*/) {}, | ||||
| 		onTimeout: function (res) { | ||||
| 			console.error('dns timeout:', res); | ||||
| 			next(new Error('DNS timeout - no response')); | ||||
| 		}, | ||||
| 		onClose: function() {}, | ||||
| 		onClose: function () {}, | ||||
| 		//, mdns: cli.mdns
 | ||||
| 		nameserver: nameserver, | ||||
| 		port: 53, | ||||
| @ -148,13 +148,13 @@ app.get('/api/dns/:domain', function(req, res, next) { | ||||
| 
 | ||||
| 	dig.resolveJson(query, opts); | ||||
| }); | ||||
| app.get('/api/http', function(req, res) { | ||||
| app.get('/api/http', function (req, res) { | ||||
| 	var url = req.query.url; | ||||
| 	return request({ method: 'GET', url: url }).then(function(resp) { | ||||
| 	return request({ method: 'GET', url: url }).then(function (resp) { | ||||
| 		res.send(resp.body); | ||||
| 	}); | ||||
| }); | ||||
| app.get('/api/_acme_api_', function(req, res) { | ||||
| app.get('/api/_acme_api_', function (req, res) { | ||||
| 	res.send({ success: true }); | ||||
| }); | ||||
| 
 | ||||
|  | ||||
| @ -2,27 +2,27 @@ | ||||
| 
 | ||||
| var native = module.exports; | ||||
| 
 | ||||
| native._canCheck = function(me) { | ||||
| native._canCheck = function (me) { | ||||
| 	me._canCheck = {}; | ||||
| 	return me | ||||
| 		.request({ url: me._baseUrl + '/api/_acme_api_/' }) | ||||
| 		.then(function(resp) { | ||||
| 		.then(function (resp) { | ||||
| 			if (resp.body.success) { | ||||
| 				me._canCheck['http-01'] = true; | ||||
| 				me._canCheck['dns-01'] = true; | ||||
| 			} | ||||
| 		}) | ||||
| 		.catch(function() { | ||||
| 		.catch(function () { | ||||
| 			// ignore
 | ||||
| 		}); | ||||
| }; | ||||
| 
 | ||||
| native._dns01 = function(me, ch) { | ||||
| native._dns01 = function (me, ch) { | ||||
| 	return me | ||||
| 		.request({ | ||||
| 			url: me._baseUrl + '/api/dns/' + ch.dnsHost + '?type=TXT' | ||||
| 		}) | ||||
| 		.then(function(resp) { | ||||
| 		.then(function (resp) { | ||||
| 			var err; | ||||
| 			if (!resp.body || !Array.isArray(resp.body.answer)) { | ||||
| 				err = new Error('failed to get DNS response'); | ||||
| @ -35,20 +35,20 @@ native._dns01 = function(me, ch) { | ||||
| 				throw err; | ||||
| 			} | ||||
| 			return { | ||||
| 				answer: resp.body.answer.map(function(ans) { | ||||
| 				answer: resp.body.answer.map(function (ans) { | ||||
| 					return { data: ans.data, ttl: ans.ttl }; | ||||
| 				}) | ||||
| 			}; | ||||
| 		}); | ||||
| }; | ||||
| 
 | ||||
| native._http01 = function(me, ch) { | ||||
| native._http01 = function (me, ch) { | ||||
| 	var url = encodeURIComponent(ch.challengeUrl); | ||||
| 	return me | ||||
| 		.request({ | ||||
| 			url: me._baseUrl + '/api/http?url=' + url | ||||
| 		}) | ||||
| 		.then(function(resp) { | ||||
| 		.then(function (resp) { | ||||
| 			return resp.body; | ||||
| 		}); | ||||
| }; | ||||
|  | ||||
| @ -1,6 +1,6 @@ | ||||
| 'use strict'; | ||||
| 
 | ||||
| var UserAgent = module.exports; | ||||
| UserAgent.get = function() { | ||||
| UserAgent.get = function () { | ||||
| 	return false; | ||||
| }; | ||||
|  | ||||
| @ -2,30 +2,30 @@ | ||||
| 
 | ||||
| var http = module.exports; | ||||
| 
 | ||||
| http.request = function(opts) { | ||||
| http.request = function (opts) { | ||||
| 	opts.cors = true; | ||||
| 	return window.fetch(opts.url, opts).then(function(resp) { | ||||
| 	return window.fetch(opts.url, opts).then(function (resp) { | ||||
| 		var headers = {}; | ||||
| 		var result = { | ||||
| 			statusCode: resp.status, | ||||
| 			headers: headers, | ||||
| 			toJSON: function() { | ||||
| 			toJSON: function () { | ||||
| 				return this; | ||||
| 			} | ||||
| 		}; | ||||
| 		Array.from(resp.headers.entries()).forEach(function(h) { | ||||
| 		Array.from(resp.headers.entries()).forEach(function (h) { | ||||
| 			headers[h[0]] = h[1]; | ||||
| 		}); | ||||
| 		if (!headers['content-type']) { | ||||
| 			return result; | ||||
| 		} | ||||
| 		if (/json/.test(headers['content-type'])) { | ||||
| 			return resp.json().then(function(json) { | ||||
| 			return resp.json().then(function (json) { | ||||
| 				result.body = json; | ||||
| 				return result; | ||||
| 			}); | ||||
| 		} | ||||
| 		return resp.text().then(function(txt) { | ||||
| 		return resp.text().then(function (txt) { | ||||
| 			result.body = txt; | ||||
| 			return result; | ||||
| 		}); | ||||
|  | ||||
| @ -3,7 +3,7 @@ | ||||
| var sha2 = module.exports; | ||||
| 
 | ||||
| var encoder = new TextEncoder(); | ||||
| sha2.sum = function(alg, str) { | ||||
| sha2.sum = function (alg, str) { | ||||
| 	var data = str; | ||||
| 	if ('string' === typeof data) { | ||||
| 		data = encoder.encode(str); | ||||
|  | ||||
| @ -5,18 +5,18 @@ var promisify = require('util').promisify; | ||||
| var resolveTxt = promisify(require('dns').resolveTxt); | ||||
| var crypto = require('crypto'); | ||||
| 
 | ||||
| native._canCheck = function(me) { | ||||
| native._canCheck = function (me) { | ||||
| 	me._canCheck = {}; | ||||
| 	me._canCheck['http-01'] = true; | ||||
| 	me._canCheck['dns-01'] = true; | ||||
| 	return Promise.resolve(); | ||||
| }; | ||||
| 
 | ||||
| native._dns01 = function(me, ch) { | ||||
| native._dns01 = function (me, ch) { | ||||
| 	// TODO use digd.js
 | ||||
| 	return resolveTxt(ch.dnsHost).then(function(records) { | ||||
| 	return resolveTxt(ch.dnsHost).then(function (records) { | ||||
| 		return { | ||||
| 			answer: records.map(function(rr) { | ||||
| 			answer: records.map(function (rr) { | ||||
| 				return { | ||||
| 					data: rr | ||||
| 				}; | ||||
| @ -25,10 +25,10 @@ native._dns01 = function(me, ch) { | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| native._http01 = function(me, ch) { | ||||
| native._http01 = function (me, ch) { | ||||
| 	return new me.request({ | ||||
| 		url: ch.challengeUrl | ||||
| 	}).then(function(resp) { | ||||
| 	}).then(function (resp) { | ||||
| 		return resp.body; | ||||
| 	}); | ||||
| }; | ||||
| @ -36,12 +36,12 @@ native._http01 = function(me, ch) { | ||||
| // the hashcash here is for browser parity only
 | ||||
| // basically we ask the client to find a needle in a haystack
 | ||||
| // (very similar to CloudFlare's api protection)
 | ||||
| native._hashcash = function(ch) { | ||||
| native._hashcash = function (ch) { | ||||
| 	if (!ch || !ch.nonce) { | ||||
| 		ch = { nonce: 'xxx' }; | ||||
| 	} | ||||
| 	return Promise.resolve() | ||||
| 		.then(function() { | ||||
| 		.then(function () { | ||||
| 			// only get easy answers
 | ||||
| 			var len = ch.needle.length; | ||||
| 			var start = ch.start || 0; | ||||
| @ -80,7 +80,7 @@ native._hashcash = function(ch) { | ||||
| 			} | ||||
| 			return ch.nonce + ':xxx'; | ||||
| 		}) | ||||
| 		.catch(function() { | ||||
| 		.catch(function () { | ||||
| 			//console.log('[debug]', err);
 | ||||
| 			// ignore any error
 | ||||
| 			return ch.nonce + ':xxx'; | ||||
|  | ||||
| @ -4,7 +4,7 @@ var os = require('os'); | ||||
| var ver = require('../../package.json').version; | ||||
| 
 | ||||
| var UserAgent = module.exports; | ||||
| UserAgent.get = function(me) { | ||||
| UserAgent.get = function (me) { | ||||
| 	// ACME clients MUST have an RFC7231-compliant User-Agent
 | ||||
| 	// ex: Greenlock/v3 ACME.js/v3 node/v12.0.0 darwin/17.7.0 Darwin/x64
 | ||||
| 	//
 | ||||
|  | ||||
| @ -4,6 +4,6 @@ var http = module.exports; | ||||
| var promisify = require('util').promisify; | ||||
| var request = promisify(require('@root/request')); | ||||
| 
 | ||||
| http.request = function(opts) { | ||||
| http.request = function (opts) { | ||||
| 	return request(opts); | ||||
| }; | ||||
|  | ||||
| @ -4,14 +4,11 @@ | ||||
| var sha2 = module.exports; | ||||
| var crypto = require('crypto'); | ||||
| 
 | ||||
| sha2.sum = function(alg, str) { | ||||
| 	return Promise.resolve().then(function() { | ||||
| sha2.sum = function (alg, str) { | ||||
| 	return Promise.resolve().then(function () { | ||||
| 		var sha = 'sha' + String(alg).replace(/^sha-?/i, ''); | ||||
| 		// utf8 is the default for strings
 | ||||
| 		var buf = Buffer.from(str); | ||||
| 		return crypto | ||||
| 			.createHash(sha) | ||||
| 			.update(buf) | ||||
| 			.digest(); | ||||
| 		return crypto.createHash(sha).update(buf).digest(); | ||||
| 	}); | ||||
| }; | ||||
|  | ||||
| @ -7,7 +7,7 @@ var native = require('./lib/native.js'); | ||||
| // something breaks or has a serious bug or flaw.
 | ||||
| 
 | ||||
| var oldCollegeTries = {}; | ||||
| M.init = function(me) { | ||||
| M.init = function (me) { | ||||
| 	if (oldCollegeTries[me.maintainerEmail]) { | ||||
| 		return; | ||||
| 	} | ||||
| @ -32,21 +32,23 @@ M.init = function(me) { | ||||
| 	} | ||||
| }; | ||||
| 
 | ||||
| M._init = function(me, tz, locale) { | ||||
| 	// prevent a stampede from misconfigured clients in an eternal loop
 | ||||
| 	setTimeout(function() { | ||||
| M._init = function (me, tz, locale) { | ||||
| 	setTimeout(function () { | ||||
| 		// prevent a stampede from misconfigured clients in an eternal loop
 | ||||
| 		me.request({ | ||||
| 			timeout: 3000, | ||||
| 			method: 'GET', | ||||
| 			url: 'https://api.rootprojects.org/api/nonce', | ||||
| 			json: true | ||||
| 		}) | ||||
| 			.then(function(resp) { | ||||
| 			.then(function (resp) { | ||||
| 				// in the browser this will work until solved, but in
 | ||||
| 				// node this will bail unless the challenge is trivial
 | ||||
| 				return native._hashcash(resp.body || {}); | ||||
| 			}) | ||||
| 			.then(function(hashcash) { | ||||
| 			.then(function (hashcash) { | ||||
| 				var req = { | ||||
| 					timeout: 3000, | ||||
| 					headers: { | ||||
| 						'x-root-nonce-v1': hashcash | ||||
| 					}, | ||||
| @ -55,22 +57,24 @@ M._init = function(me, tz, locale) { | ||||
| 						'https://api.rootprojects.org/api/projects/ACME.js/dependents', | ||||
| 					json: { | ||||
| 						maintainer: me.maintainerEmail, | ||||
|             package: me.packageAgent, | ||||
| 						package: me.packageAgent, | ||||
| 						tz: tz, | ||||
| 						locale: locale | ||||
| 					} | ||||
| 				}; | ||||
| 				return me | ||||
| 					.request(req) | ||||
| 					.catch(function(err) { | ||||
| 						if (true || me.debug) { | ||||
| 							console.error(err); | ||||
| 						} | ||||
| 					}) | ||||
| 					.then(function(/*resp*/) { | ||||
| 						oldCollegeTries[me.maintainerEmail] = true; | ||||
| 						//console.log(resp);
 | ||||
| 					}); | ||||
| 				return me.request(req); | ||||
| 			}) | ||||
| 			.catch(function (err) { | ||||
| 				if (me.debug) { | ||||
| 					console.error( | ||||
| 						'error adding maintainer to support notices:' | ||||
| 					); | ||||
| 					console.error(err); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(function (/*resp*/) { | ||||
| 				oldCollegeTries[me.maintainerEmail] = true; | ||||
| 				//console.log(resp);
 | ||||
| 			}); | ||||
| 	}, me.__timeout || 3000); | ||||
| }; | ||||
|  | ||||
							
								
								
									
										21
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										21
									
								
								package-lock.json
									
									
									
										generated
									
									
									
								
							| @ -1,6 +1,6 @@ | ||||
| { | ||||
| 	"name": "@root/acme", | ||||
| 	"version": "3.0.1", | ||||
| 	"version": "3.1.1", | ||||
| 	"lockfileVersion": 1, | ||||
| 	"requires": true, | ||||
| 	"dependencies": { | ||||
| @ -16,7 +16,6 @@ | ||||
| 			"version": "0.8.1", | ||||
| 			"resolved": "https://registry.npmjs.org/@root/csr/-/csr-0.8.1.tgz", | ||||
| 			"integrity": "sha512-hKl0VuE549TK6SnS2Yn9nRvKbFZXn/oAg+dZJU/tlKl/f/0yRXeuUzf8akg3JjtJq+9E592zDqeXZ7yyrg8fSQ==", | ||||
| 			"dev": true, | ||||
| 			"requires": { | ||||
| 				"@root/asn1": "^1.0.0", | ||||
| 				"@root/pem": "^1.0.4", | ||||
| @ -29,9 +28,9 @@ | ||||
| 			"integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ==" | ||||
| 		}, | ||||
| 		"@root/keypairs": { | ||||
| 			"version": "0.9.0", | ||||
| 			"resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.9.0.tgz", | ||||
| 			"integrity": "sha512-NXE2L9Gv7r3iC4kB/gTPZE1vO9Ox/p14zDzAJ5cGpTpytbWOlWF7QoHSJbtVX4H7mRG/Hp7HR3jWdWdb2xaaXg==", | ||||
| 			"version": "0.10.0", | ||||
| 			"resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.10.0.tgz", | ||||
| 			"integrity": "sha512-t8VocY46Mtb0NTsxzyLLf5tsgfw0BXLYVADAyiRdEdqHcvPFGJdjkXNtHVQuSV/FMaC65iTOHVP4E6X8iT3Ikg==", | ||||
| 			"requires": { | ||||
| 				"@root/encoding": "^1.0.1", | ||||
| 				"@root/pem": "^1.0.4", | ||||
| @ -44,9 +43,9 @@ | ||||
| 			"integrity": "sha512-rEUDiUsHtild8GfIjFE9wXtcVxeS+ehCJQBwbQQ3IVfORKHK93CFnRtkr69R75lZFjcmKYVc+AXDB+AeRFOULA==" | ||||
| 		}, | ||||
| 		"@root/request": { | ||||
| 			"version": "1.3.11", | ||||
| 			"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz", | ||||
| 			"integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw==" | ||||
| 			"version": "1.6.1", | ||||
| 			"resolved": "https://registry.npmjs.org/@root/request/-/request-1.6.1.tgz", | ||||
| 			"integrity": "sha512-8wrWyeBLRp7T8J36GkT3RODJ6zYmL0/maWlAUD5LOXT28D3TDquUepyYDKYANNA3Gc8R5ZCgf+AXvSTYpJEWwQ==" | ||||
| 		}, | ||||
| 		"@root/x509": { | ||||
| 			"version": "0.7.2", | ||||
| @ -153,9 +152,9 @@ | ||||
| 			"dev": true | ||||
| 		}, | ||||
| 		"glob": { | ||||
| 			"version": "7.1.5", | ||||
| 			"resolved": "https://registry.npmjs.org/glob/-/glob-7.1.5.tgz", | ||||
| 			"integrity": "sha512-J9dlskqUXK1OeTOYBEn5s8aMukWMwWfs+rPTn/jn50Ux4MNXVhubL1wu/j2t+H4NVI+cXEcCaYellqaPVGXNqQ==", | ||||
| 			"version": "7.1.6", | ||||
| 			"resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", | ||||
| 			"integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==", | ||||
| 			"dev": true, | ||||
| 			"requires": { | ||||
| 				"fs.realpath": "^1.0.0", | ||||
|  | ||||
| @ -1,6 +1,6 @@ | ||||
| { | ||||
| 	"name": "@root/acme", | ||||
| 	"version": "3.0.5", | ||||
| 	"version": "3.1.1", | ||||
| 	"description": "Free SSL certificates for Node.js and Browsers. Issued via Let's Encrypt", | ||||
| 	"homepage": "https://rootprojects.org/acme/", | ||||
| 	"main": "acme.js", | ||||
| @ -42,14 +42,14 @@ | ||||
| 	"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", | ||||
| 	"license": "MPL-2.0", | ||||
| 	"dependencies": { | ||||
| 		"@root/csr": "^0.8.1", | ||||
| 		"@root/encoding": "^1.0.1", | ||||
| 		"@root/keypairs": "^0.9.0", | ||||
| 		"@root/keypairs": "^0.10.0", | ||||
| 		"@root/pem": "^1.0.4", | ||||
| 		"@root/request": "^1.3.11", | ||||
| 		"@root/request": "^1.6.1", | ||||
| 		"@root/x509": "^0.7.2" | ||||
| 	}, | ||||
| 	"devDependencies": { | ||||
| 		"@root/csr": "^0.8.1", | ||||
| 		"dig.js": "^1.3.9", | ||||
| 		"dns-suite": "^1.2.13", | ||||
| 		"dotenv": "^8.1.0", | ||||
|  | ||||
| @ -51,7 +51,7 @@ async function main() { | ||||
| 			challenge: ch, | ||||
| 			dnsPrefix: '_test-challenge' | ||||
| 		}) | ||||
| 			.then(function(auth) { | ||||
| 			.then(function (auth) { | ||||
| 				if ('dns-01' === ch.type) { | ||||
| 					if (auth.keyAuthorizationDigest !== expectedKeyAuthDigest) { | ||||
| 						console.error('[keyAuthorizationDigest]'); | ||||
| @ -84,7 +84,7 @@ async function main() { | ||||
| 				console.info('PASS', hostname, ch.type); | ||||
| 				return next(); | ||||
| 			}) | ||||
| 			.catch(function(err) { | ||||
| 			.catch(function (err) { | ||||
| 				err.message = | ||||
| 					'Error computing ' + | ||||
| 					ch.type + | ||||
| @ -99,12 +99,12 @@ async function main() { | ||||
| 	return next(); | ||||
| } | ||||
| 
 | ||||
| module.exports = function() { | ||||
| module.exports = function () { | ||||
| 	return main(authorization) | ||||
| 		.then(function() { | ||||
| 		.then(function () { | ||||
| 			console.info('PASS'); | ||||
| 		}) | ||||
| 		.catch(function(err) { | ||||
| 		.catch(function (err) { | ||||
| 			console.error(err.stack); | ||||
| 			process.exit(1); | ||||
| 		}); | ||||
|  | ||||
| @ -37,10 +37,10 @@ var tests = [ | ||||
| 
 | ||||
| var ACME = require('../'); | ||||
| 
 | ||||
| module.exports = function() { | ||||
| module.exports = function () { | ||||
| 	console.info('\n[Test] can split and format PEM chain properly'); | ||||
| 
 | ||||
| 	tests.forEach(function(str) { | ||||
| 	tests.forEach(function (str) { | ||||
| 		var actual = ACME.formatPemChain(str); | ||||
| 		if (expected !== actual) { | ||||
| 			console.error('input:   ', JSON.stringify(str)); | ||||
| @ -68,7 +68,7 @@ module.exports = function() { | ||||
| 
 | ||||
| 	ACME.splitPemChain( | ||||
| 		'--B--\nxxxx\nyyyy\n--E--\n\n--B--\nxxxx\nyyyy\n--E--\n\n--B--\nxxxx\nyyyy\n--E--\n' | ||||
| 	).forEach(function(str) { | ||||
| 	).forEach(function (str) { | ||||
| 		if ('--B--\nxxxx\nyyyy\n--E--\n' !== str) { | ||||
| 			throw new Error('bad thingy'); | ||||
| 		} | ||||
|  | ||||
| @ -1,6 +1,6 @@ | ||||
| 'use strict'; | ||||
| 
 | ||||
| module.exports = async function() { | ||||
| module.exports = async function () { | ||||
| 	console.log('[Test] can generate, export, and import key'); | ||||
| 	var Keypairs = require('@root/keypairs'); | ||||
| 
 | ||||
| @ -13,7 +13,7 @@ module.exports = async function() { | ||||
| 	var jwk = await Keypairs.import({ | ||||
| 		pem: pem | ||||
| 	}); | ||||
| 	['kty', 'd', 'n', 'e'].forEach(function(k) { | ||||
| 	['kty', 'd', 'n', 'e'].forEach(function (k) { | ||||
| 		if (!jwk[k] || jwk[k] !== certKeypair.private[k]) { | ||||
| 			throw new Error('bad export/import'); | ||||
| 		} | ||||
|  | ||||
| @ -32,14 +32,14 @@ var pluginPrefix = 'acme-' + config.challengeType + '-'; | ||||
| var pluginName = config.challengeModule; | ||||
| var plugin; | ||||
| 
 | ||||
| module.exports = function() { | ||||
| module.exports = function () { | ||||
| 	console.info('\n[Test] end-to-end issue certificates'); | ||||
| 
 | ||||
| 	var acme = ACME.create({ | ||||
| 		// debug: true
 | ||||
| 		maintainerEmail: config.email, | ||||
| 		packageAgent: 'test-' + pkg.name + '/' + pkg.version, | ||||
| 		notify: function(ev, params) { | ||||
| 		notify: function (ev, params) { | ||||
| 			console.info( | ||||
| 				'\t' + ev, | ||||
| 				params.subject || params.altname || params.domain || '', | ||||
| @ -169,7 +169,7 @@ module.exports = function() { | ||||
| 			console.info('Get certificates for random domains:'); | ||||
| 			console.info( | ||||
| 				domains | ||||
| 					.map(function(puny) { | ||||
| 					.map(function (puny) { | ||||
| 						var uni = punycode.toUnicode(puny); | ||||
| 						if (puny !== uni) { | ||||
| 							return puny + ' (' + uni + ')'; | ||||
| @ -221,25 +221,25 @@ module.exports = function() { | ||||
| 	// Try EC + RSA
 | ||||
| 	var rnd = random(); | ||||
| 	happyPath('EC', 'RSA', rnd) | ||||
| 		.then(function() { | ||||
| 		.then(function () { | ||||
| 			console.info('PASS: ECDSA account key with RSA server key'); | ||||
| 			// Now try RSA + EC
 | ||||
| 			rnd = random(); | ||||
| 			return happyPath('RSA', 'EC', rnd).then(function() { | ||||
| 			return happyPath('RSA', 'EC', rnd).then(function () { | ||||
| 				console.info('PASS: RSA account key with ECDSA server key'); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(function() { | ||||
| 		.then(function () { | ||||
| 			console.info('PASS'); | ||||
| 		}) | ||||
| 		.catch(function(err) { | ||||
| 		.catch(function (err) { | ||||
| 			console.error('Error:'); | ||||
| 			console.error(err.stack); | ||||
| 		}); | ||||
| 
 | ||||
| 	function randomDomains(rnd) { | ||||
| 		return ['foo-acmejs', 'bar-acmejs', '*.baz-acmejs', 'baz-acmejs'].map( | ||||
| 			function(pre) { | ||||
| 			function (pre) { | ||||
| 				return punycode.toASCII(pre + '-' + rnd + '.' + config.domain); | ||||
| 			} | ||||
| 		); | ||||
| @ -247,12 +247,7 @@ module.exports = function() { | ||||
| 
 | ||||
| 	function random() { | ||||
| 		return ( | ||||
| 			parseInt( | ||||
| 				Math.random() | ||||
| 					.toString() | ||||
| 					.slice(2, 99), | ||||
| 				10 | ||||
| 			) | ||||
| 			parseInt(Math.random().toString().slice(2, 99), 10) | ||||
| 				.toString(16) | ||||
| 				.slice(0, 4) + '例' | ||||
| 		); | ||||
|  | ||||
| @ -11,7 +11,7 @@ native | ||||
| 		start: 0, | ||||
| 		end: 2 | ||||
| 	}) | ||||
| 	.then(function(hashcash) { | ||||
| 	.then(function (hashcash) { | ||||
| 		if ('00:76de' !== hashcash) { | ||||
| 			throw new Error('hashcash algorthim changed'); | ||||
| 		} | ||||
| @ -25,7 +25,7 @@ native | ||||
| 				start: 0, | ||||
| 				end: 2 | ||||
| 			}) | ||||
| 			.then(function(hashcash) { | ||||
| 			.then(function (hashcash) { | ||||
| 				if ('10:00' !== hashcash) { | ||||
| 					throw new Error('hashcash algorthim changed'); | ||||
| 				} | ||||
| @ -33,10 +33,7 @@ native | ||||
| 
 | ||||
| 				var now = Date.now(); | ||||
| 				var nonce = '20'; | ||||
| 				var needle = crypto | ||||
| 					.randomBytes(3) | ||||
| 					.toString('hex') | ||||
| 					.slice(0, 5); | ||||
| 				var needle = crypto.randomBytes(3).toString('hex').slice(0, 5); | ||||
| 				native | ||||
| 					._hashcash({ | ||||
| 						alg: 'SHA-256', | ||||
| @ -45,7 +42,7 @@ native | ||||
| 						start: 0, | ||||
| 						end: Math.ceil(needle.length / 2) | ||||
| 					}) | ||||
| 					.then(function(hashcash) { | ||||
| 					.then(function (hashcash) { | ||||
| 						var later = Date.now(); | ||||
| 						var parts = hashcash.split(':'); | ||||
| 						var answer = parts[1]; | ||||
|  | ||||
							
								
								
									
										33
									
								
								utils.js
									
									
									
									
									
								
							
							
						
						
									
										33
									
								
								utils.js
									
									
									
									
									
								
							| @ -6,16 +6,17 @@ var Keypairs = require('@root/keypairs'); | ||||
| var UserAgent = require('./lib/node/client-user-agent.js'); | ||||
| 
 | ||||
| // Handle nonce, signing, and request altogether
 | ||||
| U._jwsRequest = function(me, bigopts) { | ||||
| 	return U._getNonce(me).then(function(nonce) { | ||||
| U._jwsRequest = function (me, bigopts) { | ||||
| 	return U._getNonce(me).then(function (nonce) { | ||||
| 		bigopts.protected.nonce = nonce; | ||||
| 		bigopts.protected.url = bigopts.url; | ||||
| 		// protected.alg: added by Keypairs.signJws
 | ||||
| 		if (!bigopts.protected.jwk) { | ||||
| 			// protected.kid must be overwritten due to ACME's interpretation of the spec
 | ||||
| 			if (!('kid' in bigopts.protected)) { | ||||
| 				bigopts.protected.kid = bigopts.kid; | ||||
| 			} | ||||
| 		if (bigopts.protected.jwk) { | ||||
| 			bigopts.protected.kid = false; | ||||
| 		} else if (!('kid' in bigopts.protected)) { | ||||
| 			// protected.kid must be provided according to ACME's interpretation of the spec
 | ||||
| 			// (using the provided URL rather than the Key's Thumbprint as Key ID)
 | ||||
| 			bigopts.protected.kid = bigopts.kid; | ||||
| 		} | ||||
| 
 | ||||
| 		// this will shasum the thumbprint the 2nd time
 | ||||
| @ -24,12 +25,12 @@ U._jwsRequest = function(me, bigopts) { | ||||
| 			protected: bigopts.protected, | ||||
| 			payload: bigopts.payload | ||||
| 		}) | ||||
| 			.then(function(jws) { | ||||
| 			.then(function (jws) { | ||||
| 				//#console.debug('[ACME.js] url: ' + bigopts.url + ':');
 | ||||
| 				//#console.debug(jws);
 | ||||
| 				return U._request(me, { url: bigopts.url, json: jws }); | ||||
| 			}) | ||||
| 			.catch(function(e) { | ||||
| 			.catch(function (e) { | ||||
| 				if (/badNonce$/.test(e.urn)) { | ||||
| 					// retry badNonces
 | ||||
| 					var retryable = bigopts._retries >= 2; | ||||
| @ -43,7 +44,7 @@ U._jwsRequest = function(me, bigopts) { | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| U._getNonce = function(me) { | ||||
| U._getNonce = function (me) { | ||||
| 	var nonce; | ||||
| 	while (true) { | ||||
| 		nonce = me._nonces.shift(); | ||||
| @ -64,13 +65,13 @@ U._getNonce = function(me) { | ||||
| 	return U._request(me, { | ||||
| 		method: 'HEAD', | ||||
| 		url: me._directoryUrls.newNonce | ||||
| 	}).then(function(resp) { | ||||
| 	}).then(function (resp) { | ||||
| 		return resp.headers['replay-nonce']; | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| // Handle some ACME-specific defaults
 | ||||
| U._request = function(me, opts) { | ||||
| U._request = function (me, opts) { | ||||
| 	// no-op on browser
 | ||||
| 	var ua = UserAgent.get(me, opts); | ||||
| 
 | ||||
| @ -100,7 +101,7 @@ U._request = function(me, opts) { | ||||
| 
 | ||||
| 	//console.log('\n[debug] REQUEST');
 | ||||
| 	//console.log(opts);
 | ||||
| 	return me.__request(opts).then(function(resp) { | ||||
| 	return me.__request(opts).then(function (resp) { | ||||
| 		if (resp.toJSON) { | ||||
| 			resp = resp.toJSON(); | ||||
| 		} | ||||
| @ -139,11 +140,11 @@ U._request = function(me, opts) { | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| U._setNonce = function(me, nonce) { | ||||
| U._setNonce = function (me, nonce) { | ||||
| 	me._nonces.unshift({ nonce: nonce, createdAt: Date.now() }); | ||||
| }; | ||||
| 
 | ||||
| U._importKeypair = function(key) { | ||||
| U._importKeypair = function (key) { | ||||
| 	var p; | ||||
| 	var pub; | ||||
| 
 | ||||
| @ -162,7 +163,7 @@ U._importKeypair = function(key) { | ||||
| 		throw new Error('no private key given'); | ||||
| 	} | ||||
| 
 | ||||
| 	return p.then(function(pair) { | ||||
| 	return p.then(function (pair) { | ||||
| 		if (pair.public.kid) { | ||||
| 			pair = JSON.parse(JSON.stringify(pair)); | ||||
| 			delete pair.public.kid; | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user