sam-lord/acme.js
1
0
Fork 0
forked from root/acme.js
Code Issues Pull Requests Projects Releases Wiki Activity

v1.2.1: made magic numbers (for status polling) configurable, updated deps

Browse Source
This commit is contained in:
AJ ONeal 2018-08-16 18:32:14 -06:00
parent 098e05f3ef
commit ca15b8faf0
3 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -129,8 +129,17 @@ var ACME = require('acme-v2').ACME.create({
, userAgent: 'My custom UA String' , userAgent: 'My custom UA String'
, getUserAgentString: function (deps) { return 'My custom UA String'; } , getUserAgentString: function (deps) { return 'My custom UA String'; }
// don't try to validate challenges locally // don't try to validate challenges locally
, skipChallengeTest: false , skipChallengeTest: false
// ask if the certificate can be issued up to 10 times before failing
, retryPoll: 8
// ask if the certificate has been validated up to 6 times before cancelling
, retryPending: 4
// Wait 1000ms between retries
, retryInterval: 1000
// Wait 10,000ms after deauthorizing a challenge before retrying
, deauthWait: 10 * 1000
}); });

26
node.js
View File

@ -255,6 +255,10 @@ ACME._wait = function wait(ms) {
}; };
// https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1 // https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1
ACME._postChallenge = function (me, options, identifier, ch) { ACME._postChallenge = function (me, options, identifier, ch) {
var RETRY_INTERVAL = me.retryInterval || 1000;
var DEAUTH_INTERVAL = me.deauthWait || 10 * 1000;
var MAX_POLL = me.retryPoll || 8;
var MAX_PEND = me.retryPending || 4;
var count = 0; var count = 0;
var thumbprint = me.RSA.thumbprint(options.accountKeypair); var thumbprint = me.RSA.thumbprint(options.accountKeypair);
@ -314,12 +318,12 @@ ACME._postChallenge = function (me, options, identifier, ch) {
me._nonce = resp.toJSON().headers['replay-nonce']; me._nonce = resp.toJSON().headers['replay-nonce'];
if (me.debug) { console.debug('deactivate challenge: resp.body:'); } if (me.debug) { console.debug('deactivate challenge: resp.body:'); }
if (me.debug) { console.debug(resp.body); } if (me.debug) { console.debug(resp.body); }
return ACME._wait(10 * 1000); return ACME._wait(DEAUTH_INTERVAL);
}); });
} }
function pollStatus() { function pollStatus() {
if (count >= 5) { if (count >= MAX_POLL) {
return Promise.reject(new Error("[acme-v2] stuck in bad pending/processing state")); return Promise.reject(new Error("[acme-v2] stuck in bad pending/processing state"));
} }
@ -330,16 +334,16 @@ ACME._postChallenge = function (me, options, identifier, ch) {
if ('processing' === resp.body.status) { if ('processing' === resp.body.status) {
if (me.debug) { console.debug('poll: again'); } if (me.debug) { console.debug('poll: again'); }
return ACME._wait(1 * 1000).then(pollStatus); return ACME._wait(RETRY_INTERVAL).then(pollStatus);
} }
// This state should never occur // This state should never occur
if ('pending' === resp.body.status) { if ('pending' === resp.body.status) {
if (count >= 4) { if (count >= MAX_PEND) {
return ACME._wait(1 * 1000).then(deactivate).then(testChallenge); return ACME._wait(RETRY_INTERVAL).then(deactivate).then(testChallenge);
} }
if (me.debug) { console.debug('poll: again'); } if (me.debug) { console.debug('poll: again'); }
return ACME._wait(1 * 1000).then(testChallenge); return ACME._wait(RETRY_INTERVAL).then(testChallenge);
} }
if ('valid' === resp.body.status) { if ('valid' === resp.body.status) {
@ -361,13 +365,13 @@ ACME._postChallenge = function (me, options, identifier, ch) {
console.error("[acme-v2] (E_STATE_EMPTY) empty challenge state:"); console.error("[acme-v2] (E_STATE_EMPTY) empty challenge state:");
} }
else if ('invalid' === resp.body.status) { else if ('invalid' === resp.body.status) {
console.error("[acme-v2] (E_STATE_INVALID) invalid challenge state:"); console.error("[acme-v2] (E_STATE_INVALID) challenge state: '" + resp.body.status + "'");
} }
else { else {
console.error("[acme-v2] (E_STATE_UKN) unkown challenge state:"); console.error("[acme-v2] (E_STATE_UKN) challenge state: '" + resp.body.status + "'");
} }
return Promise.reject(new Error("[acme-v2] challenge state error")); return Promise.reject(new Error("[acme-v2] [error] unacceptable challenge state '" + resp.body.status + "'"));
}); });
} }
@ -393,7 +397,7 @@ ACME._postChallenge = function (me, options, identifier, ch) {
me._nonce = resp.toJSON().headers['replay-nonce']; me._nonce = resp.toJSON().headers['replay-nonce'];
if (me.debug) { console.debug('respond to challenge: resp.body:'); } if (me.debug) { console.debug('respond to challenge: resp.body:'); }
if (me.debug) { console.debug(resp.body); } if (me.debug) { console.debug(resp.body); }
return ACME._wait(1 * 1000).then(pollStatus); return ACME._wait(RETRY_INTERVAL).then(pollStatus);
}); });
} }
@ -405,7 +409,7 @@ ACME._postChallenge = function (me, options, identifier, ch) {
if (me.debug) {console.debug('\n[DEBUG] postChallenge\n'); } if (me.debug) {console.debug('\n[DEBUG] postChallenge\n'); }
//if (me.debug) console.debug('\n[DEBUG] stop to fix things\n'); return; //if (me.debug) console.debug('\n[DEBUG] stop to fix things\n'); return;
return ACME._wait(1 * 1000).then(function () { return ACME._wait(RETRY_INTERVAL).then(function () {
if (!me.skipChallengeTest) { if (!me.skipChallengeTest) {
return ACME.challengeTests[ch.type](me, auth); return ACME.challengeTests[ch.type](me, auth);
} }

6
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "acme-v2", "name": "acme-v2",
"version": "1.2.0", "version": "1.2.1",
"description": "Free SSL. A framework for building Let's Encrypt v2 clients, and other ACME v2 (draft 11) clients. Successor to le-acme-core.js", "description": "Free SSL. A framework for building Let's Encrypt v2 clients, and other ACME v2 (draft 11) clients. Successor to le-acme-core.js",
"homepage": "https://git.coolaj86.com/coolaj86/acme-v2.js", "homepage": "https://git.coolaj86.com/coolaj86/acme-v2.js",
"main": "node.js", "main": "node.js",
@ -26,7 +26,7 @@
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "(MIT OR Apache-2.0)", "license": "(MIT OR Apache-2.0)",
"dependencies": { "dependencies": {
"@coolaj86/urequest": "^1.1.1", "@coolaj86/urequest": "^1.3.6",
"rsa-compat": "^1.3.0" "rsa-compat": "^1.5.1"
} }
} }