From d1ecac53225982a21faec04dae1e32e210fe8906 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 12 Dec 2015 06:39:20 +0000 Subject: [PATCH] preparing to test --- tests/config.js | 7 +++ tests/serve-acme-challenges.js | 87 ++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 tests/config.js create mode 100644 tests/serve-acme-challenges.js diff --git a/tests/config.js b/tests/config.js new file mode 100644 index 0000000..ec07da5 --- /dev/null +++ b/tests/config.js @@ -0,0 +1,7 @@ +'use strict'; + +module.exports = { + server: "https://acme-staging.api.letsencrypt.org/directory" +, tlsSni01Port: 5001 +, http01Port: 80 +}; diff --git a/tests/serve-acme-challenges.js b/tests/serve-acme-challenges.js new file mode 100644 index 0000000..ef5709b --- /dev/null +++ b/tests/serve-acme-challenges.js @@ -0,0 +1,87 @@ +'use strict'; + +var fs = require('fs'); +var path = require('path'); +var localCerts = require('localhost.daplie.com-certificates'); +var https = require('https'); +var http = require('http'); +var express = require('express'); +var app = express(); +var server; +var insecureServer; + +var config = require('./config'); + + +function getSecureContext(domainname, opts, cb) { + var letsetc = '/etc/letsencrypt/live/'; + + if (!opts) { opts = {}; } + + opts.key = fs.readFileSync(path.join(letsetc, domainname, 'privkey.pem')); + opts.cert = fs.readFileSync(path.join(letsetc, domainname, 'cert.pem')); + opts.ca = fs.readFileSync(path.join(letsetc, domainname, 'chain.pem'), 'ascii') + .split('-----END CERTIFICATE-----') + .filter(function (ca) { + return ca.trim(); + }).map(function (ca) { + return (ca + '-----END CERTIFICATE-----').trim(); + }); + + cb(null, require('tls').createSecureContext(opts)); +} + + +// +// SSL Certificates +// +var options = { + requestCert: false +, rejectUnauthorized: true + + // If you need to use SNICallback you should be using io.js >= 1.x (possibly node >= 0.12) +, SNICallback: function (domainname, cb) { + var secureContext = getSecureContext(domainname); + cb(null, secureContext); + } + // If you need to support HTTP2 this is what you need to work with +//, NPNProtocols: ['http/2.0', 'http/1.1', 'http/1.0'] +//, NPNProtocols: ['http/1.1'] +, key: null +, cert: null +//, ca: null +}; +options.key = localCerts.key; +options.cert = localCerts.cert; + + +// log the requests +app.use('/', function (req, res, next) { + console.log(req.method + ' ' + req.headers['host'], req.protocol + req.url); +}); +// handle static requests to /.well-known/acme-challenge +app.use( + '/.well-known/acme-challenge' +, express.static(path.join(__dirname, 'acme-challenge'), { dotfiles: undefined }) +); + + +// Start the tls sni server +server = https.createServer(options); +server.on('error', function (err) { + console.error(err); +}); +server.listen(config.tlsSni01Port, function () { + console.log('Listening'); +}); +server.on('request', app); + +// Start the http server +insecureServer = http.createServer(); +insecureServer.on('error', function (err) { + console.error(err); +}); +insecureServer.listen(config.http01Port, function () { + console.log('Listening'); +}); +insecureServer.on('request', app);