remove cruft

This commit is contained in:
AJ ONeal 2019-10-21 17:03:26 -06:00
parent c89e5b7882
commit d25fa6756c
2 changed files with 62 additions and 67 deletions

109
acme.js
View File

@ -63,7 +63,7 @@ ACME.challengeTests = {
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4' 'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
); );
err.code = 'E_FAIL_DRY_CHALLENGE'; err.code = 'E_FAIL_DRY_CHALLENGE';
return Promise.reject(err); throw err;
}); });
}, },
'dns-01': function(me, auth) { 'dns-01': function(me, auth) {
@ -90,7 +90,7 @@ ACME.challengeTests = {
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4' 'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
); );
err.code = 'E_FAIL_DRY_CHALLENGE'; err.code = 'E_FAIL_DRY_CHALLENGE';
return Promise.reject(err); throw err;
}); });
} }
}; };
@ -389,7 +389,8 @@ ACME._testChallenges = function(me, options) {
}); });
if (!challenge) { if (!challenge) {
// For example, wildcards require dns-01 and, if we don't have that, we have to bail // For example, wildcards require dns-01 and, if we don't have that, we have to bail
var enabled = options.challengeTypes.join(', ') || 'none'; var enabled =
Object.keys(options.challenges).join(', ') || 'none';
var suitable = var suitable =
challenges challenges
.map(function(r) { .map(function(r) {
@ -481,7 +482,7 @@ ACME._testChallenges = function(me, options) {
ACME._chooseChallenge = function(options, results) { ACME._chooseChallenge = function(options, results) {
// For each of the challenge types that we support // For each of the challenge types that we support
var challenge; var challenge;
options.challengeTypes.some(function(chType) { options._challengeTypes.some(function(chType) {
// And for each of the challenge types that are allowed // And for each of the challenge types that are allowed
return results.challenges.some(function(ch) { return results.challenges.some(function(ch) {
// Check to see if there are any matches // Check to see if there are any matches
@ -907,63 +908,54 @@ ACME._getCertificate = function(me, options) {
console.debug('[acme-v2] DEBUG get cert 1'); console.debug('[acme-v2] DEBUG get cert 1');
} }
// Lot's of error checking to inform the user of mistakes // Prefer this order for efficiency:
if (!(options.challengeTypes || []).length) { // * http-01 is the fasest
options.challengeTypes = Object.keys(options.challenges || {}); // * tls-alpn-01 is for networks that don't allow plain traffic
// * dns-01 is the slowest (due to DNS propagation), but is required for private networks and wildcards
var challengeTypes = Object.keys(options.challenges);
options._challengeTypes = ['http-01', 'tls-alpn-01', 'dns-01'].filter(
function(typ) {
return -1 !== challengeTypes.indexOf(typ);
} }
if (!options.challengeTypes.length) {
options.challengeTypes = [options.challengeType].filter(Boolean);
}
if (options.challengeType) {
options.challengeTypes.sort(function(a, b) {
if (a === options.challengeType) {
return -1;
}
if (b === options.challengeType) {
return 1;
}
return 0;
});
if (options.challengeType !== options.challengeTypes[0]) {
return Promise.reject(
new Error(
"options.challengeType is '" +
options.challengeType +
"'," +
" which does not exist in the supplied types '" +
options.challengeTypes.join(',') +
"'"
)
); );
}
}
// TODO check that all challengeTypes are represented in challenges // TODO check that all challengeTypes are represented in challenges
if (!options.challengeTypes.length) { if (!options._challengeTypes.length) {
return Promise.reject( return Promise.reject(
new Error( new Error('options.challenges must be specified')
'options.challengeTypes (string array) must be specified' +
' (and in order of preferential priority).'
)
); );
} }
if (options.csr) {
// TODO validate csr signature if (!options.csr) {
options._csr = me.CSR._info(options.csr); throw new Error(
options.domains = options._csr.altnames; 'no `csr` option given (should be in DER or PEM format)'
);
}
// TODO validate csr signature?
options._csr = CSR._info(options.csr);
options.domains = options.domains || options._csr.altnames;
options._csr.altnames = options._csr.altnames || [];
if (
options.domains
.slice(0)
.sort()
.join(' ') !==
options._csr.altnames
.slice(0)
.sort()
.join(' ')
) {
throw new Error('certificate altnames do not match requested domains');
}
if (options._csr.subject !== options.domains[0]) { if (options._csr.subject !== options.domains[0]) {
return Promise.reject( throw new Error(
new Error(
'certificate subject (commonName) does not match first altname (SAN)' 'certificate subject (commonName) does not match first altname (SAN)'
)
); );
} }
}
if (!(options.domains && options.domains.length)) { if (!(options.domains && options.domains.length)) {
return Promise.reject( throw new Error(
new Error(
'options.domains must be a list of string domain names,' + 'options.domains must be a list of string domain names,' +
' with the first being the subject of the certificate (or options.subject must specified).' ' with the first being the subject of the certificate'
)
); );
} }
@ -1296,16 +1288,6 @@ ACME._generateCsrWeb64 = function(me, options, validatedDomains) {
csr = Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, '')); csr = Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, ''));
return Promise.resolve(csr); return Promise.resolve(csr);
} }
return ACME._importKeypair(me, options.serverKeypair).then(function(pair) {
return me.CSR.csr({
jwk: pair.private,
domains: validatedDomains,
encoding: 'der'
}).then(function(der) {
return Enc.bufToUrlBase64(der);
});
});
}; };
ACME.create = function create(me) { ACME.create = function create(me) {
@ -1315,7 +1297,6 @@ ACME.create = function create(me) {
// me.debug = true; // me.debug = true;
me.challengePrefixes = ACME.challengePrefixes; me.challengePrefixes = ACME.challengePrefixes;
me.Keypairs = me.Keypairs || Keypairs; me.Keypairs = me.Keypairs || Keypairs;
me.CSR = me.CSR || CSR;
me._nonces = []; me._nonces = [];
me._canUse = {}; me._canUse = {};
if (!me._baseUrl) { if (!me._baseUrl) {
@ -1372,12 +1353,20 @@ ACME.create = function create(me) {
}; };
me.accounts = { me.accounts = {
create: function(options) { create: function(options) {
try {
return ACME._registerAccount(me, options); return ACME._registerAccount(me, options);
} catch (e) {
return Promise.reject(e);
}
} }
}; };
me.certificates = { me.certificates = {
create: function(options) { create: function(options) {
try {
return ACME._getCertificate(me, options); return ACME._getCertificate(me, options);
} catch (e) {
return Promise.reject(e);
}
} }
}; };
return me; return me;

View File

@ -13,6 +13,12 @@ var acme = ACME.create({
}); });
// TODO exec npm install --save-dev CHALLENGE_MODULE // TODO exec npm install --save-dev CHALLENGE_MODULE
if (!process.env.CHALLENGE_OPTIONS) {
console.error(
'Please create a .env in the format of examples/example.env to run the tests'
);
process.exit(1);
}
var config = { var config = {
env: process.env.ENV, env: process.env.ENV,