From ea508c68f41be5dde59bc876224185e5661449e3 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 7 Jun 2019 00:14:10 -0600 Subject: [PATCH] v3.1.1: perform all sets, then all gets, then all removes --- index.js | 310 ++++++++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 171 insertions(+), 141 deletions(-) diff --git a/index.js b/index.js index 4a55220..5746654 100644 --- a/index.js +++ b/index.js @@ -54,13 +54,171 @@ function promiseCheckAndCatch(obj, name) { }; } -// Here's the meat, where the tests are happening: -function run(challenger, opts) { - var ch = opts.challenge; - if ('http-01' === ch.type && ch.wildname) { - throw new Error('http-01 cannot be used for wildcard domains'); +function mapAsync(els, doer) { + els = els.slice(0); + var results = []; + function next() { + var el = els.shift(); + if (!el) { + return results; + } + return doer(el).then(function(result) { + results.push(result); + return next(); + }); } + return next(); +} +// Here's the meat, where the tests are happening: +function testEach(type, domains, challenger) { + var chr = wrapChallenger(challenger); + var all = domains.map(function(d) { + return { domain: d }; + }); + + return mapAsync(all, function(opts) { + console.info("TEST '%s'", opts.domain); + opts.challenge = getChallenge(type, opts.domain); + var ch = opts.challenge; + if ('http-01' === ch.type && ch.wildname) { + throw new Error('http-01 cannot be used for wildcard domains'); + } + + // The first time we just check it against itself + // this will cause the prompt to appear + return chr.set(opts).then(function() { + // this will cause the final completion message to appear + // _test is used by the manual cli reference implementations + var query = { type: ch.type, /*debug*/ status: ch.status, _test: true }; + if ('http-01' === ch.type) { + query.identifier = ch.identifier; + query.token = ch.token; + // For testing only + query.url = ch.challengeUrl; + } else if ('dns-01' === ch.type) { + query.identifier = { type: 'dns', value: ch.dnsHost }; + // For testing only + query.altname = ch.altname; + // there should only be two possible TXT records per challenge domain: + // one for the bare domain, and the other if and only if there's a wildcard + query.wildcard = ch.wildcard; + query.dnsAuthorization = ch.dnsAuthorization; + } else { + query = JSON.parse(JSON.stringify(ch)); + query.comment = 'unknown challenge type, supplying everything'; + } + opts.query = query; + return opts; + }); + }) + .then(function(all) { + return mapAsync(all, function(opts) { + var ch = opts.challenge; + return chr.get({ challenge: opts.query }).then(function(secret) { + if ('string' === typeof secret) { + console.info( + 'secret was passed as a string, which works historically, but should be an object instead:' + ); + console.info('{ "keyAuthorization": "' + secret + '" }'); + console.info('or'); + // TODO this should be "keyAuthorizationDigest" + console.info('{ "dnsAuthorization": "' + secret + '" }'); + console.info( + 'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types' + ); + } + // historically 'secret' has been a string, but I'd like it to transition to be an object. + // to make it backwards compatible in v2.7 to change it, + // so I'm not sure that we really need to. + if ('http-01' === ch.type) { + secret = secret.keyAuthorization || secret; + if (ch.keyAuthorization !== secret) { + throw new Error( + "http-01 challenge.get() returned '" + + secret + + "', which does not match the keyAuthorization" + + " saved with challenge.set(), which was '" + + ch.keyAuthorization + + "'" + ); + } + } else if ('dns-01' === ch.type) { + secret = secret.dnsAuthorization || secret; + if (ch.dnsAuthorization !== secret) { + throw new Error( + "dns-01 challenge.get() returned '" + + secret + + "', which does not match the dnsAuthorization" + + " (keyAuthDigest) saved with challenge.set(), which was '" + + ch.dnsAuthorization + + "'" + ); + } + } else { + if ('tls-alpn-01' === ch.type) { + console.warn( + "'tls-alpn-01' support is in development" + + " (or developed and we haven't update this yet). Please contact us." + ); + } else { + console.warn( + "We don't know how to test '" + + ch.type + + "'... are you sure that's a thing?" + ); + } + secret = secret.keyAuthorization || secret; + if (ch.keyAuthorization !== secret) { + console.warn( + "The returned value doesn't match keyAuthorization", + ch.keyAuthorization, + secret + ); + } + } + }); + }); + }) + .then(function() { + return mapAsync(all, function(opts) { + return chr.remove(opts).then(function() { + return chr.get(opts).then(function(result) { + if (result) { + throw new Error( + 'challenge.remove() should have made it not possible for challenge.get() to return a value' + ); + } + if (null !== result) { + throw new Error( + 'challenge.get() should return null when the value is not set' + ); + } + console.info("PASS '%s'", opts.domain); + }); + }); + }); + }) + .then(function() { + console.info('All soft tests: PASS'); + console.warn( + 'Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.' + ); + console.warn( + "We'll copy them over here as well, but that's a TODO for next week." + ); + }); +} + +function testZone(type, zone, challenger) { + var domains = [zone, 'foo.' + zone]; + if ('dns-01' === type) { + domains.push('*.foo.' + zone); + } + return testEach(type, domains, challenger); +} + +function wrapChallenger(challenger) { var set = promiseCheckAndCatch(challenger, 'set'); if ('function' !== typeof challenger.get) { throw new Error( @@ -73,142 +231,10 @@ function run(challenger, opts) { var get = promiseCheckAndCatch(challenger, 'get'); var remove = promiseCheckAndCatch(challenger, 'remove'); - // The first time we just check it against itself - // this will cause the prompt to appear - return set(opts).then(function() { - // this will cause the final completion message to appear - // _test is used by the manual cli reference implementations - var query = { type: ch.type, /*debug*/ status: ch.status, _test: true }; - if ('http-01' === ch.type) { - query.identifier = ch.identifier; - query.token = ch.token; - // For testing only - query.url = ch.challengeUrl; - } else if ('dns-01' === ch.type) { - query.identifier = { type: 'dns', value: ch.dnsHost }; - // For testing only - query.altname = ch.altname; - // there should only be two possible TXT records per challenge domain: - // one for the bare domain, and the other if and only if there's a wildcard - query.wildcard = ch.wildcard; - query.dnsAuthorization = ch.dnsAuthorization; - } else { - query = JSON.parse(JSON.stringify(ch)); - query.comment = 'unknown challenge type, supplying everything'; - } - return get({ challenge: query }) - .then(function(secret) { - if ('string' === typeof secret) { - console.info( - 'secret was passed as a string, which works historically, but should be an object instead:' - ); - console.info('{ "keyAuthorization": "' + secret + '" }'); - console.info('or'); - // TODO this should be "keyAuthorizationDigest" - console.info('{ "dnsAuthorization": "' + secret + '" }'); - console.info( - 'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types' - ); - } - // historically 'secret' has been a string, but I'd like it to transition to be an object. - // to make it backwards compatible in v2.7 to change it, - // so I'm not sure that we really need to. - if ('http-01' === ch.type) { - secret = secret.keyAuthorization || secret; - if (ch.keyAuthorization !== secret) { - throw new Error( - "http-01 challenge.get() returned '" + - secret + - "', which does not match the keyAuthorization" + - " saved with challenge.set(), which was '" + - ch.keyAuthorization + - "'" - ); - } - } else if ('dns-01' === ch.type) { - secret = secret.dnsAuthorization || secret; - if (ch.dnsAuthorization !== secret) { - throw new Error( - "dns-01 challenge.get() returned '" + - secret + - "', which does not match the dnsAuthorization" + - " (keyAuthDigest) saved with challenge.set(), which was '" + - ch.dnsAuthorization + - "'" - ); - } - } else { - if ('tls-alpn-01' === ch.type) { - console.warn( - "'tls-alpn-01' support is in development" + - " (or developed and we haven't update this yet). Please contact us." - ); - } else { - console.warn( - "We don't know how to test '" + - ch.type + - "'... are you sure that's a thing?" - ); - } - secret = secret.keyAuthorization || secret; - if (ch.keyAuthorization !== secret) { - console.warn( - "The returned value doesn't match keyAuthorization", - ch.keyAuthorization, - secret - ); - } - } - }) - .then(function() { - return remove(opts).then(function() { - return get(opts).then(function(result) { - if (result) { - throw new Error( - 'challenge.remove() should have made it not possible for challenge.get() to return a value' - ); - } - if (null !== result) { - throw new Error( - 'challenge.get() should return null when the value is not set' - ); - } - }); - }); - }); - }); + return { set: set, get: get, remove: remove }; } -function testZone(type, zone, challenger) { - var domains = [zone, 'foo.' + zone]; - if ('dns-01' === type) { - domains.push('*.foo.' + zone); - } - - function next() { - var domain = domains.shift(); - if (!domain) { - return; - } - console.info("TEST '%s'", domain); - return testRecord(type, domain, challenger).then(function() { - console.info("PASS '%s'", domain); - return next(); - }); - } - - return next().then(function() { - console.info('All soft tests: PASS'); - console.warn( - 'Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.' - ); - console.warn( - "We'll copy them over here as well, but that's a TODO for next week." - ); - }); -}; - -function testRecord(type, altname, challenger) { +function getChallenge(type, altname) { var expires = new Date(Date.now() + 10 * 60 * 1000).toISOString(); var token = crypto.randomBytes(8).toString('hex'); var thumb = crypto.randomBytes(16).toString('hex'); @@ -245,7 +271,11 @@ function testRecord(type, altname, challenger) { 'http://' + altname + '/.well-known/acme-challenge/' + challenge.token; challenge.dnsHost += altname; - return run(challenger, { challenge: challenge }); + return challenge; +} + +function testRecord(type, altname, challenger) { + return testEach(type, [altname], challenger); } module.exports.testRecord = testRecord; diff --git a/package.json b/package.json index 4acbe1b..ebfd382 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "acme-challenge-test", - "version": "3.1.0", + "version": "3.1.1", "description": "The base set of tests for all ACME challenge strategies. Any `acme-http-01-`, `acme-dns-01-`, `acme-challenge-`, or greenlock plugin should be able to pass these tests.", "main": "index.js", "homepage": "https://git.rootprojects.org/root/acme-challenge-test.js",