acme-dns-01-cli.js/index.js

188 lines
5.0 KiB
JavaScript
Raw Normal View History

2016-09-07 20:58:25 +00:00
'use strict';
// See https://tools.ietf.org/html/draft-ietf-acme-acme-01
// also https://gitlab.com/pushrocks/cert/blob/master/ts/cert.hook.ts
2016-09-07 20:58:25 +00:00
var PromiseA = require('bluebird');
var dns = PromiseA.promisifyAll(require('dns'));
2016-09-09 01:10:50 +00:00
var DDNS = require('ddns-cli');
2016-09-07 20:58:25 +00:00
2016-09-09 00:56:58 +00:00
//var count = 0;
2016-09-07 20:58:25 +00:00
var defaults = {
oauth3: 'oauth3.org'
, debug: false
, acmeChallengeDns: '_acme-challenge.' // _acme-challenge.example.com TXT xxxxxxxxxxxxxxxx
, memstoreConfig: {
2016-09-09 00:56:58 +00:00
name: 'le-dns'
2016-09-07 20:58:25 +00:00
}
};
var Challenge = module.exports;
Challenge.create = function (options) {
2016-09-09 00:56:58 +00:00
// count += 1;
var store = require('cluster-store');
2016-09-07 20:58:25 +00:00
var results = {};
Object.keys(Challenge).forEach(function (key) {
results[key] = Challenge[key];
});
results.create = undefined;
Object.keys(defaults).forEach(function (key) {
if (!(key in options)) {
options[key] = defaults[key];
}
});
results._options = options;
results.getOptions = function () {
return results._options;
};
// TODO fix race condition at startup
results._memstore = options.memstore;
if (!results._memstore) {
store.create(options.memstoreConfig).then(function (store) {
// same api as new sqlite3.Database(options.filename)
results._memstore = store;
// app.use(expressSession({ secret: 'keyboard cat', store: store }));
});
}
return results;
};
//
// NOTE: the "args" here in `set()` are NOT accessible to `get()` and `remove()`
// They are provided so that you can store them in an implementation-specific way
// if you need access to them.
//
Challenge.set = function (args, domain, challenge, keyAuthorization, done) {
2016-09-07 23:10:04 +00:00
var me = this;
// TODO use base64url module
var keyAuthDigest = require('crypto').createHash('sha256').update(keyAuthorization||'').digest('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/g, '')
;
if (!challenge || !keyAuthorization) {
console.warn("SANITY FAIL: missing challenge or keyAuthorization", domain, challenge, keyAuthorization);
}
2016-09-07 20:58:25 +00:00
return me._memstore.set(domain, {
2016-09-07 20:58:25 +00:00
email: args.email
, refreshToken: args.refreshToken
, keyAuthDigest: keyAuthDigest
2016-09-07 23:10:04 +00:00
}, function (err) {
if (err) { done(err); return; }
var challengeDomain = (args.test || '') + args.acmeChallengeDns + domain;
var update = {
2016-09-07 20:58:25 +00:00
email: args.email
, refreshToken: args.refreshToken
2016-09-09 01:01:03 +00:00
, silent: true
2016-09-07 20:58:25 +00:00
2016-09-07 23:10:04 +00:00
, name: challengeDomain
2016-09-07 20:58:25 +00:00
, type: "TXT"
, value: keyAuthDigest || challenge
, ttl: args.ttl || 0
};
return DDNS.update(update, {
2016-09-07 23:10:04 +00:00
//debug: true
}).then(function () {
if (args.debug) {
console.log("Test DNS Record:");
console.log("dig TXT +noall +answer @ns1.redirect-www.org '" + challengeDomain + "' # " + challenge);
}
done(null);
}, function (err) {
console.error(err);
done(err);
return PromiseA.reject(err);
});
2016-09-07 20:58:25 +00:00
});
};
//
// NOTE: the "defaults" here are still merged and templated, just like "args" would be,
// but if you specifically need "args" you must retrieve them from some storage mechanism
// based on domain and key
//
Challenge.get = function (defaults, domain, challenge, done) {
done = null; // nix linter error for unused vars
2016-09-07 20:58:25 +00:00
throw new Error("Challenge.get() does not need an implementation for dns-01. (did you mean Challenge.loopback?)");
};
Challenge.remove = function (defaults, domain, challenge, done) {
2016-09-07 23:10:04 +00:00
var me = this;
return me._memstore.get(domain, function (err, data) {
2016-09-07 23:10:04 +00:00
if (err) { done(err); return; }
var challengeDomain = (defaults.test || '') + defaults.acmeChallengeDns + domain;
2016-09-07 23:10:04 +00:00
return DDNS.update({
2016-09-07 20:58:25 +00:00
email: data.email
, refreshToken: data.refreshToken
2016-09-09 01:01:03 +00:00
, silent: true
2016-09-07 20:58:25 +00:00
2016-09-07 23:10:04 +00:00
, name: challengeDomain
2016-09-07 20:58:25 +00:00
, type: "TXT"
, value: data.keyAuthDigest || challenge
, ttl: defaults.ttl || 0
2016-09-07 20:58:25 +00:00
, remove: true
2016-09-07 23:10:04 +00:00
}, {
//debug: true
2016-09-07 20:58:25 +00:00
}).then(function () {
done(null);
}, done).then(function () {
2016-09-07 23:10:04 +00:00
me._memstore.destroy(domain);
2016-09-07 20:58:25 +00:00
});
});
};
// same as get, but external
Challenge.loopback = function (defaults, domain, challenge, done) {
var challengeDomain = (defaults.test || '') + defaults.acmeChallengeDns + domain;
2016-09-07 23:10:04 +00:00
dns.resolveTxtAsync(challengeDomain).then(function () { done(null); }, done);
2016-09-07 20:58:25 +00:00
};
Challenge.test = function (args, domain, challenge, keyAuthorization, done) {
2016-09-07 23:10:04 +00:00
var me = this;
2016-09-07 20:58:25 +00:00
2016-09-07 23:10:04 +00:00
args.test = args.test || '_test.';
defaults.test = args.test;
2016-09-07 20:58:25 +00:00
me.set(args, domain, challenge, keyAuthorization || challenge, function (err) {
2016-09-07 20:58:25 +00:00
if (err) { done(err); return; }
2016-09-07 23:10:04 +00:00
me.loopback(defaults, domain, challenge, function (err) {
2016-09-07 20:58:25 +00:00
if (err) { done(err); return; }
2016-09-07 23:10:04 +00:00
me.remove(defaults, domain, challenge, function (err) {
2016-09-07 20:58:25 +00:00
if (err) { done(err); return; }
// TODO needs to use native-dns so that specific nameservers can be used
// (otherwise the cache will still have the old answer)
done();
/*
2016-09-07 23:10:04 +00:00
me.loopback(defaults, domain, challenge, function (err) {
2016-09-07 20:58:25 +00:00
if (err) { done(err); return; }
done();
});
*/
});
});
});
};