2015-12-11 14:22:46 +00:00
'use strict' ;
2016-08-16 00:50:55 +00:00
var DAY = 24 * 60 * 60 * 1000 ;
//var MIN = 60 * 1000;
2018-04-16 01:28:05 +00:00
var ACME = require ( 'acme-v2/compat' ) . ACME ;
2015-12-12 15:05:45 +00:00
2015-12-13 01:04:12 +00:00
var LE = module . exports ;
2016-08-08 19:17:09 +00:00
LE . LE = LE ;
2016-08-05 22:50:42 +00:00
// in-process cache, shared between all instances
var ipc = { } ;
2016-08-04 22:49:35 +00:00
2016-08-25 20:09:23 +00:00
function _log ( debug ) {
if ( debug ) {
var args = Array . prototype . slice . call ( arguments ) ;
args . shift ( ) ;
args . unshift ( "[le/index.js]" ) ;
console . log . apply ( console , args ) ;
}
}
2016-02-13 02:33:50 +00:00
LE . defaults = {
2018-04-16 01:28:05 +00:00
productionServerUrl : 'https://acme-v02.api.letsencrypt.org/directory'
, stagingServerUrl : 'https://acme-staging-v02.api.letsencrypt.org/directory'
2016-08-04 22:49:35 +00:00
2016-08-08 19:17:09 +00:00
, rsaKeySize : ACME . rsaKeySize || 2048
, challengeType : ACME . challengeType || 'http-01'
2018-04-16 01:28:05 +00:00
, challengeTypes : ACME . challengeTypes || [ 'http-01' , 'dns-01' ]
2016-08-05 22:21:10 +00:00
2016-08-08 19:17:09 +00:00
, acmeChallengePrefix : ACME . acmeChallengePrefix
2016-02-13 02:33:50 +00:00
} ;
2015-12-20 10:41:17 +00:00
2015-12-16 09:11:31 +00:00
// backwards compat
2016-08-04 22:49:35 +00:00
Object . keys ( LE . defaults ) . forEach ( function ( key ) {
LE [ key ] = LE . defaults [ key ] ;
} ) ;
2015-12-13 01:04:12 +00:00
2016-08-05 22:21:10 +00:00
// show all possible options
2016-08-05 22:16:29 +00:00
var u ; // undefined
LE . _undefined = {
2016-08-08 15:21:33 +00:00
acme : u
, store : u
2016-08-09 18:05:47 +00:00
, challenge : u
2016-08-15 21:33:26 +00:00
, challenges : u
, sni : u
2017-04-10 20:41:54 +00:00
, tlsOptions : u
2016-08-08 23:14:53 +00:00
2016-08-05 22:16:29 +00:00
, register : u
, check : u
2016-08-08 23:14:53 +00:00
2016-08-16 00:50:55 +00:00
, renewWithin : u // le-auto-sni and core
//, renewBy: u // le-auto-sni
2016-08-05 22:16:29 +00:00
, acmeChallengePrefix : u
2016-08-05 22:21:10 +00:00
, rsaKeySize : u
, challengeType : u
, server : u
2018-04-16 01:28:05 +00:00
, version : u
2016-08-06 05:33:19 +00:00
, agreeToTerms : u
2016-08-05 22:50:42 +00:00
, _ipc : u
2016-08-09 18:05:47 +00:00
, duplicate : u
, _acmeUrls : u
2016-08-05 22:16:29 +00:00
} ;
LE . _undefine = function ( le ) {
Object . keys ( LE . _undefined ) . forEach ( function ( key ) {
if ( ! ( key in le ) ) {
le [ key ] = u ;
}
} ) ;
return le ;
} ;
LE . create = function ( le ) {
2016-08-05 22:50:42 +00:00
var PromiseA = require ( 'bluebird' ) ;
le . store = le . store || require ( 'le-store-certbot' ) . create ( { debug : le . debug } ) ;
le . core = require ( './lib/core' ) ;
2016-08-25 20:09:23 +00:00
var log = le . log || _log ;
2016-08-05 22:16:29 +00:00
2016-08-15 21:33:26 +00:00
if ( ! le . challenges ) {
le . challenges = { } ;
}
if ( ! le . challenges [ 'http-01' ] ) {
le . challenges [ 'http-01' ] = require ( 'le-challenge-fs' ) . create ( { debug : le . debug } ) ;
}
2018-04-16 01:28:05 +00:00
/ *
2016-08-15 21:33:26 +00:00
if ( ! le . challenges [ 'tls-sni-01' ] ) {
2016-10-08 11:29:17 +00:00
le . challenges [ 'tls-sni-01' ] = require ( 'le-challenge-sni' ) . create ( { debug : le . debug } ) ;
2016-08-15 21:33:26 +00:00
}
2018-04-16 01:28:05 +00:00
* /
2016-08-15 21:33:26 +00:00
if ( ! le . challenges [ 'dns-01' ] ) {
try {
le . challenges [ 'dns-01' ] = require ( 'le-challenge-ddns' ) . create ( { debug : le . debug } ) ;
} catch ( e ) {
try {
le . challenges [ 'dns-01' ] = require ( 'le-challenge-dns' ) . create ( { debug : le . debug } ) ;
} catch ( e ) {
// not yet implemented
}
}
}
2016-08-05 22:50:42 +00:00
le = LE . _undefine ( le ) ;
2016-08-05 22:16:29 +00:00
le . acmeChallengePrefix = LE . acmeChallengePrefix ;
2016-08-05 22:21:10 +00:00
le . rsaKeySize = le . rsaKeySize || LE . rsaKeySize ;
le . challengeType = le . challengeType || LE . challengeType ;
2016-08-05 22:50:42 +00:00
le . _ipc = ipc ;
2016-08-08 23:14:53 +00:00
le . agreeToTerms = le . agreeToTerms || function ( args , agreeCb ) {
agreeCb ( new Error ( "'agreeToTerms' was not supplied to LE and 'agreeTos' was not supplied to LE.register" ) ) ;
} ;
2016-08-05 22:16:29 +00:00
2016-08-16 00:50:55 +00:00
if ( ! le . renewWithin ) { le . renewWithin = 7 * DAY ; }
// renewBy has a default in le-sni-auto
2016-08-05 22:16:29 +00:00
if ( ! le . server ) {
throw new Error ( "opts.server must be set to 'staging' or a production url, such as LE.productionServerUrl'" ) ;
}
if ( 'staging' === le . server ) {
le . server = LE . stagingServerUrl ;
}
else if ( 'production' === le . server ) {
le . server = LE . productionServerUrl ;
2015-12-13 05:03:48 +00:00
}
2015-12-17 08:46:40 +00:00
2018-04-16 01:28:05 +00:00
if ( - 1 !== [ 'https://acme-v01.api.letsencrypt.org/directory'
, 'https://acme-staging.api.letsencrypt.org/directory' ] . indexOf ( le . server ) ) {
ACME = require ( 'le-acme-core' ) . ACME ;
console . warn ( "Let's Encrypt v1 is deprecated. Please update to Let's Encrypt v2 (ACME draft 11)" ) ;
}
2018-04-16 05:29:12 +00:00
else if ( - 1 !== [ 'https://acme-v02.api.letsencrypt.org/directory'
2018-04-16 01:28:05 +00:00
, 'https://acme-staging-v02.api.letsencrypt.org/directory' ] . indexOf ( le . server ) ) {
if ( 'v02' !== le . version && 'draft-11' !== le . version ) {
ACME = require ( 'le-acme-core' ) . ACME ;
if ( 'v01' !== le . version ) {
//console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-11' (Let's Encrypt v2 / ACME draft 11)");
console . warn ( "" ) ;
console . warn ( "" ) ;
console . warn ( "" ) ;
console . warn ( "====================================================================" ) ;
console . warn ( "== greenlock.js (v2.2.0+) ==" ) ;
console . warn ( "====================================================================" ) ;
console . warn ( "" ) ;
console . warn ( "Please specify 'version' option:" ) ;
console . warn ( "" ) ;
console . warn ( " 'v01' for Let's Encrypt v1" ) ;
console . warn ( " or" ) ;
console . warn ( " 'draft-11' for Let's Encrypt v2 and ACME draft 11" ) ;
console . warn ( " ('v02' is an alias of 'draft-11'" ) ;
console . warn ( "" ) ;
console . warn ( "====================================================================" ) ;
console . warn ( "== this will be required from version v2.3 forward ==" ) ;
console . warn ( "====================================================================" ) ;
console . warn ( "" ) ;
console . warn ( "" ) ;
console . warn ( "" ) ;
}
}
}
le . acme = le . acme || ACME . create ( { debug : le . debug } ) ;
2016-08-08 15:21:33 +00:00
if ( le . acme . create ) {
le . acme = le . acme . create ( le ) ;
}
le . acme = PromiseA . promisifyAll ( le . acme ) ;
le . _acmeOpts = le . acme . getOptions ( ) ;
Object . keys ( le . _acmeOpts ) . forEach ( function ( key ) {
if ( ! ( key in le ) ) {
le [ key ] = le . _acmeOpts [ key ] ;
}
} ) ;
2016-08-05 22:50:42 +00:00
if ( le . store . create ) {
le . store = le . store . create ( le ) ;
2015-12-15 15:40:44 +00:00
}
2016-08-05 22:50:42 +00:00
le . store = PromiseA . promisifyAll ( le . store ) ;
2016-08-13 19:54:07 +00:00
le . store . accounts = PromiseA . promisifyAll ( le . store . accounts ) ;
le . store . certificates = PromiseA . promisifyAll ( le . store . certificates ) ;
2016-08-05 22:50:42 +00:00
le . _storeOpts = le . store . getOptions ( ) ;
2016-08-05 22:16:29 +00:00
Object . keys ( le . _storeOpts ) . forEach ( function ( key ) {
2016-08-08 15:21:33 +00:00
if ( ! ( key in le ) ) {
2016-08-05 22:16:29 +00:00
le [ key ] = le . _storeOpts [ key ] ;
2015-12-12 14:20:12 +00:00
}
2016-08-05 22:16:29 +00:00
} ) ;
2016-09-21 23:30:47 +00:00
//
// Backwards compat for <= v2.1.7
//
if ( le . challenge ) {
console . warn ( "Deprecated use of le.challenge. Use le.challenges['" + LE . challengeType + "'] instead." ) ;
le . challenges [ le . challengeType ] = le . challenge ;
}
2016-08-15 21:33:26 +00:00
LE . challengeTypes . forEach ( function ( challengeType ) {
2016-09-21 23:30:47 +00:00
var challenger = le . challenges [ challengeType ] ;
if ( ! challenger ) {
2016-08-16 16:35:18 +00:00
return ;
}
2016-09-21 23:30:47 +00:00
if ( challenger . create ) {
challenger = le . challenges [ challengeType ] = challenger . create ( le ) ;
2015-12-20 10:41:17 +00:00
}
2016-09-21 23:30:47 +00:00
challenger = le . challenges [ challengeType ] = PromiseA . promisifyAll ( challenger ) ;
le [ '_challengeOpts_' + challengeType ] = challenger . getOptions ( ) ;
2016-08-16 16:35:18 +00:00
Object . keys ( le [ '_challengeOpts_' + challengeType ] ) . forEach ( function ( key ) {
2016-08-15 21:33:26 +00:00
if ( ! ( key in le ) ) {
2016-08-16 16:35:18 +00:00
le [ key ] = le [ '_challengeOpts_' + challengeType ] [ key ] ;
2016-08-15 21:33:26 +00:00
}
} ) ;
2016-08-12 21:24:28 +00:00
2016-09-21 23:30:47 +00:00
// TODO wrap these here and now with tplCopy?
if ( ! challenger . set || 5 !== challenger . set . length ) {
throw new Error ( "le.challenges[" + challengeType + "].set receives the wrong number of arguments."
+ " You must define setChallenge as function (opts, domain, token, keyAuthorization, cb) { }" ) ;
2016-08-15 21:33:26 +00:00
}
2016-09-21 23:30:47 +00:00
if ( challenger . get && 4 !== challenger . get . length ) {
throw new Error ( "le.challenges[" + challengeType + "].get receives the wrong number of arguments."
+ " You must define getChallenge as function (opts, domain, token, cb) { }" ) ;
}
if ( ! challenger . remove || 4 !== challenger . remove . length ) {
throw new Error ( "le.challenges[" + challengeType + "].remove receives the wrong number of arguments."
+ " You must define removeChallenge as function (opts, domain, token, cb) { }" ) ;
}
2016-10-12 23:25:05 +00:00
2018-04-16 01:28:05 +00:00
/ *
2016-10-12 23:25:05 +00:00
if ( ! le . _challengeWarn && ( ! challenger . loopback || 4 !== challenger . loopback . length ) ) {
le . _challengeWarn = true ;
console . warn ( "le.challenges[" + challengeType + "].loopback should be defined as function (opts, domain, token, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed" ) ;
}
else if ( ! le . _challengeWarn && ( ! challenger . test || 5 !== challenger . test . length ) ) {
le . _challengeWarn = true ;
console . warn ( "le.challenges[" + challengeType + "].test should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed" ) ;
2016-09-21 23:30:47 +00:00
}
2018-04-16 01:28:05 +00:00
* /
2016-09-21 23:30:47 +00:00
} ) ;
2016-08-15 21:33:26 +00:00
2016-08-15 20:36:58 +00:00
le . sni = le . sni || null ;
2017-04-10 20:41:54 +00:00
le . tlsOptions = le . tlsOptions || le . httpsOptions || { } ;
if ( ! le . tlsOptions . SNICallback ) {
2016-08-16 00:42:11 +00:00
if ( ! le . getCertificatesAsync && ! le . getCertificates ) {
2016-08-17 15:19:52 +00:00
if ( Array . isArray ( le . approveDomains ) ) {
le . approvedDomains = le . approveDomains ;
le . approveDomains = null ;
}
2016-08-16 00:42:11 +00:00
if ( ! le . approveDomains ) {
2016-08-16 19:03:15 +00:00
le . approvedDomains = le . approvedDomains || [ ] ;
2016-08-16 00:42:11 +00:00
le . approveDomains = function ( lexOpts , certs , cb ) {
2017-04-18 21:42:47 +00:00
if ( ! le . email ) {
throw new Error ( "le-sni-auto is not properly configured. Missing email" ) ;
}
if ( ! le . agreeTos ) {
throw new Error ( "le-sni-auto is not properly configured. Missing agreeTos" ) ;
}
if ( ! le . approvedDomains . length ) {
throw new Error ( "le-sni-auto is not properly configured. Missing approveDomains(domain, certs, callback)" ) ;
2016-08-16 19:03:15 +00:00
}
2016-08-16 00:42:11 +00:00
if ( lexOpts . domains . every ( function ( domain ) {
2016-08-16 16:35:18 +00:00
return - 1 !== le . approvedDomains . indexOf ( domain ) ;
2016-08-16 00:42:11 +00:00
} ) ) {
lexOpts . domains = le . approvedDomains . slice ( 0 ) ;
lexOpts . email = le . email ;
lexOpts . agreeTos = le . agreeTos ;
2016-08-16 16:35:18 +00:00
return cb ( null , { options : lexOpts , certs : certs } ) ;
}
2016-08-25 20:09:23 +00:00
log ( le . debug , 'unapproved domain' , lexOpts . domains , le . approvedDomains ) ;
2016-08-16 00:42:11 +00:00
cb ( new Error ( "unapproved domain" ) ) ;
} ;
}
le . getCertificates = function ( domain , certs , cb ) {
2016-08-16 17:02:14 +00:00
// certs come from current in-memory cache, not lookup
2016-08-25 20:09:23 +00:00
log ( le . debug , 'le.getCertificates called for' , domain , 'with certs for' , certs && certs . altnames || 'NONE' ) ;
2016-08-16 00:42:11 +00:00
var opts = { domain : domain , domains : certs && certs . altnames || [ domain ] } ;
le . approveDomains ( opts , certs , function ( _err , results ) {
if ( _err ) {
2016-08-30 14:21:42 +00:00
log ( le . debug , 'le.approveDomains called with error' , _err ) ;
2016-08-16 00:42:11 +00:00
cb ( _err ) ;
return ;
}
2016-08-30 14:21:42 +00:00
log ( le . debug , 'le.approveDomains called with certs for' , results . certs && results . certs . altnames || 'NONE' , 'and options:' ) ;
log ( le . debug , results . options ) ;
2016-08-16 00:42:11 +00:00
var promise ;
if ( results . certs ) {
2016-08-25 20:09:23 +00:00
log ( le . debug , 'le renewing' ) ;
2016-08-16 00:42:11 +00:00
promise = le . core . certificates . renewAsync ( results . options , results . certs ) ;
}
else {
2016-08-25 20:09:23 +00:00
log ( le . debug , 'le getting from disk or registering new' ) ;
2016-08-16 17:02:14 +00:00
promise = le . core . certificates . getAsync ( results . options ) ;
2016-08-16 00:42:11 +00:00
}
return promise . then ( function ( certs ) { cb ( null , certs ) ; } , cb ) ;
} ) ;
} ;
}
2016-08-15 20:36:58 +00:00
le . sni = le . sni || require ( 'le-sni-auto' ) ;
if ( le . sni . create ) {
le . sni = le . sni . create ( le ) ;
}
2017-04-10 20:41:54 +00:00
le . tlsOptions . SNICallback = le . sni . sniCallback ;
2016-08-15 20:36:58 +00:00
}
2017-04-10 20:41:54 +00:00
if ( ! le . tlsOptions . key || ! le . tlsOptions . cert ) {
le . tlsOptions = require ( 'localhost.daplie.me-certificates' ) . merge ( le . tlsOptions ) ;
2016-08-12 21:24:28 +00:00
}
2017-04-10 20:41:54 +00:00
// We want to move to using tlsOptions instead of httpsOptions, but we also need to make
// sure anything that uses this object will still work if looking for httpsOptions.
le . httpsOptions = le . tlsOptions ;
2016-08-12 21:24:28 +00:00
2016-08-05 22:50:42 +00:00
if ( le . core . create ) {
le . core = le . core . create ( le ) ;
}
2016-08-05 22:16:29 +00:00
2016-08-16 16:35:18 +00:00
le . renew = function ( args , certs ) {
return le . core . certificates . renewAsync ( args , certs ) ;
} ;
2016-08-05 22:16:29 +00:00
le . register = function ( args ) {
2016-08-07 06:02:02 +00:00
return le . core . certificates . getAsync ( args ) ;
2015-12-12 14:20:12 +00:00
} ;
2015-12-11 14:22:46 +00:00
2016-08-05 22:16:29 +00:00
le . check = function ( args ) {
// TODO must return email, domains, tos, pems
2016-08-07 06:02:02 +00:00
return le . core . certificates . checkAsync ( args ) ;
2016-08-05 22:16:29 +00:00
} ;
2016-08-09 18:05:47 +00:00
le . middleware = le . middleware || require ( './lib/middleware' ) ;
if ( le . middleware . create ) {
le . middleware = le . middleware . create ( le ) ;
}
2016-08-05 08:14:40 +00:00
2015-12-12 14:20:12 +00:00
return le ;
2015-12-11 14:22:46 +00:00
} ;