forked from root/acme.js
remove cruft
This commit is contained in:
parent
c89e5b7882
commit
d25fa6756c
109
acme.js
109
acme.js
|
@ -63,7 +63,7 @@ ACME.challengeTests = {
|
||||||
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
|
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
|
||||||
);
|
);
|
||||||
err.code = 'E_FAIL_DRY_CHALLENGE';
|
err.code = 'E_FAIL_DRY_CHALLENGE';
|
||||||
return Promise.reject(err);
|
throw err;
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
'dns-01': function(me, auth) {
|
'dns-01': function(me, auth) {
|
||||||
|
@ -90,7 +90,7 @@ ACME.challengeTests = {
|
||||||
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
|
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
|
||||||
);
|
);
|
||||||
err.code = 'E_FAIL_DRY_CHALLENGE';
|
err.code = 'E_FAIL_DRY_CHALLENGE';
|
||||||
return Promise.reject(err);
|
throw err;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
@ -389,7 +389,8 @@ ACME._testChallenges = function(me, options) {
|
||||||
});
|
});
|
||||||
if (!challenge) {
|
if (!challenge) {
|
||||||
// For example, wildcards require dns-01 and, if we don't have that, we have to bail
|
// For example, wildcards require dns-01 and, if we don't have that, we have to bail
|
||||||
var enabled = options.challengeTypes.join(', ') || 'none';
|
var enabled =
|
||||||
|
Object.keys(options.challenges).join(', ') || 'none';
|
||||||
var suitable =
|
var suitable =
|
||||||
challenges
|
challenges
|
||||||
.map(function(r) {
|
.map(function(r) {
|
||||||
|
@ -481,7 +482,7 @@ ACME._testChallenges = function(me, options) {
|
||||||
ACME._chooseChallenge = function(options, results) {
|
ACME._chooseChallenge = function(options, results) {
|
||||||
// For each of the challenge types that we support
|
// For each of the challenge types that we support
|
||||||
var challenge;
|
var challenge;
|
||||||
options.challengeTypes.some(function(chType) {
|
options._challengeTypes.some(function(chType) {
|
||||||
// And for each of the challenge types that are allowed
|
// And for each of the challenge types that are allowed
|
||||||
return results.challenges.some(function(ch) {
|
return results.challenges.some(function(ch) {
|
||||||
// Check to see if there are any matches
|
// Check to see if there are any matches
|
||||||
|
@ -907,63 +908,54 @@ ACME._getCertificate = function(me, options) {
|
||||||
console.debug('[acme-v2] DEBUG get cert 1');
|
console.debug('[acme-v2] DEBUG get cert 1');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Lot's of error checking to inform the user of mistakes
|
// Prefer this order for efficiency:
|
||||||
if (!(options.challengeTypes || []).length) {
|
// * http-01 is the fasest
|
||||||
options.challengeTypes = Object.keys(options.challenges || {});
|
// * tls-alpn-01 is for networks that don't allow plain traffic
|
||||||
|
// * dns-01 is the slowest (due to DNS propagation), but is required for private networks and wildcards
|
||||||
|
var challengeTypes = Object.keys(options.challenges);
|
||||||
|
options._challengeTypes = ['http-01', 'tls-alpn-01', 'dns-01'].filter(
|
||||||
|
function(typ) {
|
||||||
|
return -1 !== challengeTypes.indexOf(typ);
|
||||||
}
|
}
|
||||||
if (!options.challengeTypes.length) {
|
|
||||||
options.challengeTypes = [options.challengeType].filter(Boolean);
|
|
||||||
}
|
|
||||||
if (options.challengeType) {
|
|
||||||
options.challengeTypes.sort(function(a, b) {
|
|
||||||
if (a === options.challengeType) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (b === options.challengeType) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
});
|
|
||||||
if (options.challengeType !== options.challengeTypes[0]) {
|
|
||||||
return Promise.reject(
|
|
||||||
new Error(
|
|
||||||
"options.challengeType is '" +
|
|
||||||
options.challengeType +
|
|
||||||
"'," +
|
|
||||||
" which does not exist in the supplied types '" +
|
|
||||||
options.challengeTypes.join(',') +
|
|
||||||
"'"
|
|
||||||
)
|
|
||||||
);
|
);
|
||||||
}
|
|
||||||
}
|
|
||||||
// TODO check that all challengeTypes are represented in challenges
|
// TODO check that all challengeTypes are represented in challenges
|
||||||
if (!options.challengeTypes.length) {
|
if (!options._challengeTypes.length) {
|
||||||
return Promise.reject(
|
return Promise.reject(
|
||||||
new Error(
|
new Error('options.challenges must be specified')
|
||||||
'options.challengeTypes (string array) must be specified' +
|
|
||||||
' (and in order of preferential priority).'
|
|
||||||
)
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if (options.csr) {
|
|
||||||
// TODO validate csr signature
|
if (!options.csr) {
|
||||||
options._csr = me.CSR._info(options.csr);
|
throw new Error(
|
||||||
options.domains = options._csr.altnames;
|
'no `csr` option given (should be in DER or PEM format)'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
// TODO validate csr signature?
|
||||||
|
options._csr = CSR._info(options.csr);
|
||||||
|
options.domains = options.domains || options._csr.altnames;
|
||||||
|
options._csr.altnames = options._csr.altnames || [];
|
||||||
|
if (
|
||||||
|
options.domains
|
||||||
|
.slice(0)
|
||||||
|
.sort()
|
||||||
|
.join(' ') !==
|
||||||
|
options._csr.altnames
|
||||||
|
.slice(0)
|
||||||
|
.sort()
|
||||||
|
.join(' ')
|
||||||
|
) {
|
||||||
|
throw new Error('certificate altnames do not match requested domains');
|
||||||
|
}
|
||||||
if (options._csr.subject !== options.domains[0]) {
|
if (options._csr.subject !== options.domains[0]) {
|
||||||
return Promise.reject(
|
throw new Error(
|
||||||
new Error(
|
|
||||||
'certificate subject (commonName) does not match first altname (SAN)'
|
'certificate subject (commonName) does not match first altname (SAN)'
|
||||||
)
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if (!(options.domains && options.domains.length)) {
|
if (!(options.domains && options.domains.length)) {
|
||||||
return Promise.reject(
|
throw new Error(
|
||||||
new Error(
|
|
||||||
'options.domains must be a list of string domain names,' +
|
'options.domains must be a list of string domain names,' +
|
||||||
' with the first being the subject of the certificate (or options.subject must specified).'
|
' with the first being the subject of the certificate'
|
||||||
)
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1296,16 +1288,6 @@ ACME._generateCsrWeb64 = function(me, options, validatedDomains) {
|
||||||
csr = Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, ''));
|
csr = Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, ''));
|
||||||
return Promise.resolve(csr);
|
return Promise.resolve(csr);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ACME._importKeypair(me, options.serverKeypair).then(function(pair) {
|
|
||||||
return me.CSR.csr({
|
|
||||||
jwk: pair.private,
|
|
||||||
domains: validatedDomains,
|
|
||||||
encoding: 'der'
|
|
||||||
}).then(function(der) {
|
|
||||||
return Enc.bufToUrlBase64(der);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
};
|
};
|
||||||
|
|
||||||
ACME.create = function create(me) {
|
ACME.create = function create(me) {
|
||||||
|
@ -1315,7 +1297,6 @@ ACME.create = function create(me) {
|
||||||
// me.debug = true;
|
// me.debug = true;
|
||||||
me.challengePrefixes = ACME.challengePrefixes;
|
me.challengePrefixes = ACME.challengePrefixes;
|
||||||
me.Keypairs = me.Keypairs || Keypairs;
|
me.Keypairs = me.Keypairs || Keypairs;
|
||||||
me.CSR = me.CSR || CSR;
|
|
||||||
me._nonces = [];
|
me._nonces = [];
|
||||||
me._canUse = {};
|
me._canUse = {};
|
||||||
if (!me._baseUrl) {
|
if (!me._baseUrl) {
|
||||||
|
@ -1372,12 +1353,20 @@ ACME.create = function create(me) {
|
||||||
};
|
};
|
||||||
me.accounts = {
|
me.accounts = {
|
||||||
create: function(options) {
|
create: function(options) {
|
||||||
|
try {
|
||||||
return ACME._registerAccount(me, options);
|
return ACME._registerAccount(me, options);
|
||||||
|
} catch (e) {
|
||||||
|
return Promise.reject(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
me.certificates = {
|
me.certificates = {
|
||||||
create: function(options) {
|
create: function(options) {
|
||||||
|
try {
|
||||||
return ACME._getCertificate(me, options);
|
return ACME._getCertificate(me, options);
|
||||||
|
} catch (e) {
|
||||||
|
return Promise.reject(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
return me;
|
return me;
|
||||||
|
|
|
@ -13,6 +13,12 @@ var acme = ACME.create({
|
||||||
});
|
});
|
||||||
|
|
||||||
// TODO exec npm install --save-dev CHALLENGE_MODULE
|
// TODO exec npm install --save-dev CHALLENGE_MODULE
|
||||||
|
if (!process.env.CHALLENGE_OPTIONS) {
|
||||||
|
console.error(
|
||||||
|
'Please create a .env in the format of examples/example.env to run the tests'
|
||||||
|
);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
var config = {
|
var config = {
|
||||||
env: process.env.ENV,
|
env: process.env.ENV,
|
||||||
|
|
Loading…
Reference in New Issue