remove cruft

acme.js

@@ -63,7 +63,7 @@ ACME.challengeTests = {
 					'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
 			);
 			err.code = 'E_FAIL_DRY_CHALLENGE';
-			return Promise.reject(err);
+			throw err;
 		});
 	},
 	'dns-01': function(me, auth) {
@@ -90,7 +90,7 @@ ACME.challengeTests = {
 					'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
 			);
 			err.code = 'E_FAIL_DRY_CHALLENGE';
-			return Promise.reject(err);
+			throw err;
 		});
 	}
 };
@@ -389,7 +389,8 @@ ACME._testChallenges = function(me, options) {
 			});
 			if (!challenge) {
 				// For example, wildcards require dns-01 and, if we don't have that, we have to bail
-				var enabled = options.challengeTypes.join(', ') || 'none';
+				var enabled =
+					Object.keys(options.challenges).join(', ') || 'none';
 				var suitable =
 					challenges
 						.map(function(r) {
@@ -481,7 +482,7 @@ ACME._testChallenges = function(me, options) {
 ACME._chooseChallenge = function(options, results) {
 	// For each of the challenge types that we support
 	var challenge;
-	options.challengeTypes.some(function(chType) {
+	options._challengeTypes.some(function(chType) {
 		// And for each of the challenge types that are allowed
 		return results.challenges.some(function(ch) {
 			// Check to see if there are any matches
@@ -907,63 +908,54 @@ ACME._getCertificate = function(me, options) {
 		console.debug('[acme-v2] DEBUG get cert 1');
 	}
 
-	// Lot's of error checking to inform the user of mistakes
+	// Prefer this order for efficiency:
-	if (!(options.challengeTypes || []).length) {
+	// * http-01 is the fasest
-		options.challengeTypes = Object.keys(options.challenges || {});
+	// * tls-alpn-01 is for networks that don't allow plain traffic
-	}
+	// * dns-01 is the slowest (due to DNS propagation), but is required for private networks and wildcards
-	if (!options.challengeTypes.length) {
+	var challengeTypes = Object.keys(options.challenges);
-		options.challengeTypes = [options.challengeType].filter(Boolean);
+	options._challengeTypes = ['http-01', 'tls-alpn-01', 'dns-01'].filter(
-	}
+		function(typ) {
-	if (options.challengeType) {
+			return -1 !== challengeTypes.indexOf(typ);
-		options.challengeTypes.sort(function(a, b) {
-			if (a === options.challengeType) {
-				return -1;
-			}
-			if (b === options.challengeType) {
-				return 1;
-			}
-			return 0;
-		});
-		if (options.challengeType !== options.challengeTypes[0]) {
-			return Promise.reject(
-				new Error(
-					"options.challengeType is '" +
-						options.challengeType +
-						"'," +
-						" which does not exist in the supplied types '" +
-						options.challengeTypes.join(',') +
-						"'"
-				)
-			);
 		}
-	}
+	);
+
 	// TODO check that all challengeTypes are represented in challenges
-	if (!options.challengeTypes.length) {
+	if (!options._challengeTypes.length) {
 		return Promise.reject(
-			new Error(
+			new Error('options.challenges must be specified')
-				'options.challengeTypes (string array) must be specified' +
-					' (and in order of preferential priority).'
-			)
 		);
 	}
-	if (options.csr) {
+
-		// TODO validate csr signature
+	if (!options.csr) {
-		options._csr = me.CSR._info(options.csr);
+		throw new Error(
-		options.domains = options._csr.altnames;
+			'no `csr` option given (should be in DER or PEM format)'
-		if (options._csr.subject !== options.domains[0]) {
+		);
-			return Promise.reject(
+	}
-				new Error(
+	// TODO validate csr signature?
-					'certificate subject (commonName) does not match first altname (SAN)'
+	options._csr = CSR._info(options.csr);
-				)
+	options.domains = options.domains || options._csr.altnames;
-			);
+	options._csr.altnames = options._csr.altnames || [];
-		}
+	if (
+		options.domains
+			.slice(0)
+			.sort()
+			.join(' ') !==
+		options._csr.altnames
+			.slice(0)
+			.sort()
+			.join(' ')
+	) {
+		throw new Error('certificate altnames do not match requested domains');
+	}
+	if (options._csr.subject !== options.domains[0]) {
+		throw new Error(
+			'certificate subject (commonName) does not match first altname (SAN)'
+		);
 	}
 	if (!(options.domains && options.domains.length)) {
-		return Promise.reject(
+		throw new Error(
-			new Error(
+			'options.domains must be a list of string domain names,' +
-				'options.domains must be a list of string domain names,' +
+				' with the first being the subject of the certificate'
-					' with the first being the subject of the certificate (or options.subject must specified).'
-			)
 		);
 	}
 
@@ -1296,16 +1288,6 @@ ACME._generateCsrWeb64 = function(me, options, validatedDomains) {
 		csr = Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, ''));
 		return Promise.resolve(csr);
 	}
-
-	return ACME._importKeypair(me, options.serverKeypair).then(function(pair) {
-		return me.CSR.csr({
-			jwk: pair.private,
-			domains: validatedDomains,
-			encoding: 'der'
-		}).then(function(der) {
-			return Enc.bufToUrlBase64(der);
-		});
-	});
 };
 
 ACME.create = function create(me) {
@@ -1315,7 +1297,6 @@ ACME.create = function create(me) {
 	// me.debug = true;
 	me.challengePrefixes = ACME.challengePrefixes;
 	me.Keypairs = me.Keypairs || Keypairs;
-	me.CSR = me.CSR || CSR;
 	me._nonces = [];
 	me._canUse = {};
 	if (!me._baseUrl) {
@@ -1372,12 +1353,20 @@ ACME.create = function create(me) {
 	};
 	me.accounts = {
 		create: function(options) {
-			return ACME._registerAccount(me, options);
+			try {
+				return ACME._registerAccount(me, options);
+			} catch (e) {
+				return Promise.reject(e);
+			}
 		}
 	};
 	me.certificates = {
 		create: function(options) {
-			return ACME._getCertificate(me, options);
+			try {
+				return ACME._getCertificate(me, options);
+			} catch (e) {
+				return Promise.reject(e);
+			}
 		}
 	};
 	return me;

tests/index.js

@@ -13,6 +13,12 @@ var acme = ACME.create({
 });
 
 // TODO exec npm install --save-dev CHALLENGE_MODULE
+if (!process.env.CHALLENGE_OPTIONS) {
+	console.error(
+		'Please create a .env in the format of examples/example.env to run the tests'
+	);
+	process.exit(1);
+}
 
 var config = {
 	env: process.env.ENV,