coolaj86
/
acme-dns-01-cli.js
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

use sha256sum of keyAuthorization as per spec

This commit is contained in:
AJ ONeal 2016-09-15 00:51:29 -06:00
parent 715c759423
commit b49f4a1b65
2 changed files with 34 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
index.js
View File

@ -1,15 +1,12 @@
'use strict'; 'use strict';
// See https://gitlab.com/pushrocks/cert/blob/master/ts/cert.hook.ts // See https://tools.ietf.org/html/draft-ietf-acme-acme-01
// also https://gitlab.com/pushrocks/cert/blob/master/ts/cert.hook.ts
var PromiseA = require('bluebird'); var PromiseA = require('bluebird');
var dns = PromiseA.promisifyAll(require('dns')); var dns = PromiseA.promisifyAll(require('dns'));
var DDNS = require('ddns-cli'); var DDNS = require('ddns-cli');
var fs = require('fs');
var path = require('path');
var cluster = require('cluster');
var numCores = require('os').cpus().length;
//var count = 0; //var count = 0;
var defaults = { var defaults = {
oauth3: 'oauth3.org' oauth3: 'oauth3.org'
@ -66,26 +63,37 @@ Challenge.create = function (options) {
// //
Challenge.set = function (args, domain, challenge, keyAuthorization, done) { Challenge.set = function (args, domain, challenge, keyAuthorization, done) {
var me = this; var me = this;
// Note: keyAuthorization is not used for dns-01 // TODO use base64url module
var keyAuthDigest = require('crypto').createHash('sha256').update(keyAuthorization||'').digest('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/g, '')
;
me._memstore.set(domain, { if (!challenge || !keyAuthorization) {
console.warn("SANITY FAIL: missing challenge or keyAuthorization", domain, challenge, keyAuthorization);
}
return me._memstore.set(domain, {
email: args.email email: args.email
, refreshToken: args.refreshToken , refreshToken: args.refreshToken
, keyAuthDigest: keyAuthDigest
}, function (err) { }, function (err) {
if (err) { done(err); return; } if (err) { done(err); return; }
var challengeDomain = args.test + args.acmeChallengeDns + domain; var challengeDomain = (args.test || '') + args.acmeChallengeDns + domain;
var update = {
return DDNS.update({
email: args.email email: args.email
, refreshToken: args.refreshToken , refreshToken: args.refreshToken
, silent: true , silent: true
, name: challengeDomain , name: challengeDomain
, type: "TXT" , type: "TXT"
, value: challenge , value: keyAuthDigest || challenge
, ttl: 60 , ttl: args.ttl || 0
}, { };
return DDNS.update(update, {
//debug: true //debug: true
}).then(function () { }).then(function () {
if (args.debug) { if (args.debug) {
@ -93,7 +101,11 @@ Challenge.set = function (args, domain, challenge, keyAuthorization, done) {
console.log("dig TXT +noall +answer @ns1.redirect-www.org '" + challengeDomain + "' # " + challenge); console.log("dig TXT +noall +answer @ns1.redirect-www.org '" + challengeDomain + "' # " + challenge);
} }
done(null); done(null);
}, done); }, function (err) {
console.error(err);
done(err);
return PromiseA.reject(err);
});
}); });
}; };
@ -104,16 +116,17 @@ Challenge.set = function (args, domain, challenge, keyAuthorization, done) {
// based on domain and key // based on domain and key
// //
Challenge.get = function (defaults, domain, challenge, done) { Challenge.get = function (defaults, domain, challenge, done) {
done = null; // nix linter error for unused vars
throw new Error("Challenge.get() does not need an implementation for dns-01. (did you mean Challenge.loopback?)"); throw new Error("Challenge.get() does not need an implementation for dns-01. (did you mean Challenge.loopback?)");
}; };
Challenge.remove = function (defaults, domain, challenge, done) { Challenge.remove = function (defaults, domain, challenge, done) {
var me = this; var me = this;
me._memstore.get(domain, function (err, data) { return me._memstore.get(domain, function (err, data) {
if (err) { done(err); return; } if (err) { done(err); return; }
var challengeDomain = defaults.test + defaults.acmeChallengeDns + domain; var challengeDomain = (defaults.test || '') + defaults.acmeChallengeDns + domain;
return DDNS.update({ return DDNS.update({
email: data.email email: data.email
@ -122,8 +135,8 @@ Challenge.remove = function (defaults, domain, challenge, done) {
, name: challengeDomain , name: challengeDomain
, type: "TXT" , type: "TXT"
, value: challenge , value: data.keyAuthDigest || challenge
, ttl: 60 , ttl: defaults.ttl || 0
, remove: true , remove: true
}, { }, {
@ -139,18 +152,17 @@ Challenge.remove = function (defaults, domain, challenge, done) {
// same as get, but external // same as get, but external
Challenge.loopback = function (defaults, domain, challenge, done) { Challenge.loopback = function (defaults, domain, challenge, done) {
var challengeDomain = defaults.test + defaults.acmeChallengeDns + domain; var challengeDomain = (defaults.test || '') + defaults.acmeChallengeDns + domain;
dns.resolveTxtAsync(challengeDomain).then(function () { done(null); }, done); dns.resolveTxtAsync(challengeDomain).then(function () { done(null); }, done);
}; };
Challenge.test = function (args, domain, challenge, keyAuthorization, done) { Challenge.test = function (args, domain, challenge, keyAuthorization, done) {
var me = this; var me = this;
// Note: keyAuthorization is not used for dns-01
args.test = args.test || '_test.'; args.test = args.test || '_test.';
defaults.test = args.test; defaults.test = args.test;
me.set(args, domain, challenge, null, function (err) { me.set(args, domain, challenge, keyAuthorization || challenge, function (err) {
if (err) { done(err); return; } if (err) { done(err); return; }
me.loopback(defaults, domain, challenge, function (err) { me.loopback(defaults, domain, challenge, function (err) {

1
test.js
View File

@ -12,6 +12,7 @@ var leChallengeDns = require('./').create({
var opts = leChallengeDns.getOptions(); var opts = leChallengeDns.getOptions();
var domain = 'test.daplie.me'; var domain = 'test.daplie.me';
var challenge = 'xxx-acme-challenge-xxx'; var challenge = 'xxx-acme-challenge-xxx';
var keyAuthorization = 'xxx-acme-challenge-xxx.xxx-acme-authorization-xxx';
setTimeout(function () { setTimeout(function () {
leChallengeDns.test(opts, domain, challenge, null, function (err) { leChallengeDns.test(opts, domain, challenge, null, function (err) {