sam-lord/acme.js
1
0
Fork 0
forked from root/acme.js
Code Issues Pull Requests Projects Releases Wiki Activity

Bug fix: Polling status using POST-as-GET wherever possible

Browse Source 
Avoid repeating finalize POST request and challenge POST requests by
using POST-as-GET requests instead. Allows for testing with Pebble,
and more correctly follows the spec.
This commit is contained in:
Sam Lord 2021-04-08 14:19:33 +01:00
parent bef931f28f
commit 0aa939a227
1 changed files with 78 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
acme.js
View File

@ -756,12 +756,8 @@ ACME._postChallenge = function (me, options, kid, auth) {
altname: altname altname: altname
}); });
if ('processing' === resp.body.status) { // State can be pending while waiting ACME server to transition to
//#console.debug('poll: again', auth.url); // processing
return ACME._wait(RETRY_INTERVAL).then(pollStatus);
}
// This state should never occur
if ('pending' === resp.body.status) { if ('pending' === resp.body.status) {
if (count >= MAX_PEND) { if (count >= MAX_PEND) {
return ACME._wait(RETRY_INTERVAL) return ACME._wait(RETRY_INTERVAL)
@ -769,7 +765,12 @@ ACME._postChallenge = function (me, options, kid, auth) {
.then(respondToChallenge); .then(respondToChallenge);
} }
//#console.debug('poll: again', auth.url); //#console.debug('poll: again', auth.url);
return ACME._wait(RETRY_INTERVAL).then(respondToChallenge); return ACME._wait(RETRY_INTERVAL).then(pollStatus);
}
if ('processing' === resp.body.status) {
//#console.debug('poll: again', auth.url);
return ACME._wait(RETRY_INTERVAL).then(pollStatus);
} }
// REMOVE DNS records as soon as the state is non-processing // REMOVE DNS records as soon as the state is non-processing
@ -1012,14 +1013,7 @@ ACME._pollOrderStatus = function (me, options, kid, order, verifieds) {
var body = { csr: csr64 }; var body = { csr: csr64 };
var payload = JSON.stringify(body); var payload = JSON.stringify(body);
function pollCert() { function processResponse(resp) {
//#console.debug('[ACME.js] pollCert:', order._finalizeUrl);
return U._jwsRequest(me, {
accountKey: options.accountKey,
url: order._finalizeUrl,
protected: { kid: kid },
payload: Enc.strToBuf(payload)
}).then(function (resp) {
ACME._notify(me, options, 'certificate_status', { ACME._notify(me, options, 'certificate_status', {
subject: options.domains[0], subject: options.domains[0],
status: resp.body.status status: resp.body.status
@ -1035,7 +1029,7 @@ ACME._pollOrderStatus = function (me, options, kid, order, verifieds) {
} }
if ('processing' === resp.body.status) { if ('processing' === resp.body.status) {
return ACME._wait().then(pollCert); return ACME._wait().then(pollStatus);
} }
if (me.debug) { if (me.debug) {
@ -1075,10 +1069,28 @@ ACME._pollOrderStatus = function (me, options, kid, order, verifieds) {
return Promise.reject( return Promise.reject(
E.UNHANDLED_ORDER_STATUS(options, verifieds, resp) E.UNHANDLED_ORDER_STATUS(options, verifieds, resp)
); );
});
} }
return pollCert(); function pollStatus() {
return U._jwsRequest(me, {
accountKey: options.accountKey,
url: order._orderUrl,
protected: { kid: kid },
payload: Enc.binToBuf('')
}).then(processResponse);
}
function finalizeOrder() {
//#console.debug('[ACME.js] pollCert:', order._finalizeUrl);
return U._jwsRequest(me, {
accountKey: options.accountKey,
url: order._finalizeUrl,
protected: { kid: kid },
payload: Enc.strToBuf(payload)
}).then(processResponse);
}
return finalizeOrder();
}; };
ACME._redeemCert = function (me, options, kid, voucher) { ACME._redeemCert = function (me, options, kid, voucher) {