Browse Source

make Prettier v2

master
AJ ONeal 4 years ago
parent
commit
29a47e8fa4
  1. 22
      account.js
  2. 225
      acme.js
  3. 4
      bin/bundle.js
  4. 12
      errors.js
  5. 74
      examples/app.js
  6. 6
      examples/get-certificate-full.js
  7. 4
      examples/https-server.js
  8. 4
      examples/https-sni-server.js
  9. 28
      examples/server.js
  10. 16
      lib/browser.js
  11. 2
      lib/browser/client-user-agent.js
  12. 12
      lib/browser/http.js
  13. 2
      lib/browser/sha2.js
  14. 18
      lib/native.js
  15. 2
      lib/node/client-user-agent.js
  16. 2
      lib/node/http.js
  17. 9
      lib/node/sha2.js
  18. 14
      maintainers.js
  19. 10
      tests/compute-authorization-response.js
  20. 6
      tests/format-pem-chains.js
  21. 4
      tests/generate-cert-key.js
  22. 23
      tests/issue-certificates.js
  23. 11
      tests/maintainer.js
  24. 22
      utils.js

22
account.js

@ -7,11 +7,11 @@ var Keypairs = require('@root/keypairs');
var Enc = require('@root/encoding/bytes');
var agreers = {};
A._getAccountKid = function(me, options) {
A._getAccountKid = function (me, options) {
// It's just fine if there's no account, we'll go get the key id we need via the existing key
var kid =
options.kid ||
(options.account && (options.account.key && options.account.key.kid));
(options.account && options.account.key && options.account.key.kid);
if (kid) {
return Promise.resolve(kid);
@ -19,7 +19,7 @@ A._getAccountKid = function(me, options) {
//return Promise.reject(new Error("must include KeyID"));
// This is an idempotent request. It'll return the same account for the same public key.
return A._registerAccount(me, options).then(function(account) {
return A._registerAccount(me, options).then(function (account) {
return account.key.kid;
});
};
@ -44,7 +44,7 @@ A._getAccountKid = function(me, options) {
"signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I"
}
*/
A._registerAccount = function(me, options) {
A._registerAccount = function (me, options) {
//#console.debug('[ACME.js] accounts.create');
function agree(agreed) {
@ -58,7 +58,7 @@ A._registerAccount = function(me, options) {
}
function getAccount() {
return U._importKeypair(options.accountKey).then(function(pair) {
return U._importKeypair(options.accountKey).then(function (pair) {
var contact;
if (options.contact) {
contact = options.contact.slice(0);
@ -73,14 +73,14 @@ A._registerAccount = function(me, options) {
};
var pub = pair.public;
return attachExtAcc(pub, accountRequest).then(function(accReq) {
return attachExtAcc(pub, accountRequest).then(function (accReq) {
var payload = JSON.stringify(accReq);
return U._jwsRequest(me, {
accountKey: options.accountKey,
url: me._directoryUrls.newAccount,
protected: { kid: false, jwk: pair.public },
payload: Enc.strToBuf(payload)
}).then(function(resp) {
}).then(function (resp) {
var account = resp.body;
if (resp.statusCode < 200 || resp.statusCode >= 300) {
@ -127,18 +127,18 @@ A._registerAccount = function(me, options) {
url: me._directoryUrls.newAccount
},
payload: Enc.strToBuf(JSON.stringify(pubkey))
}).then(function(jws) {
}).then(function (jws) {
accountRequest.externalAccountBinding = jws;
return accountRequest;
});
}
return Promise.resolve()
.then(function() {
.then(function () {
//#console.debug('[ACME.js] agreeToTerms');
var agreeToTerms = options.agreeToTerms;
if (!agreeToTerms) {
agreeToTerms = function(terms) {
agreeToTerms = function (terms) {
if (agreers[options.subscriberEmail]) {
return true;
}
@ -161,7 +161,7 @@ A._registerAccount = function(me, options) {
return true;
};
} else if (true === agreeToTerms) {
agreeToTerms = function(terms) {
agreeToTerms = function (terms) {
return terms && true;
};
}

225
acme.js

@ -43,7 +43,7 @@ ACME.create = function create(me) {
}
if (!me.dns01) {
me.dns01 = function(ch) {
me.dns01 = function (ch) {
return native._dns01(me, ch);
};
}
@ -53,7 +53,7 @@ ACME.create = function create(me) {
if (!me._baseUrl) {
me._baseUrl = '';
}
me.http01 = function(ch) {
me.http01 = function (ch) {
return native._http01(me, ch);
};
}
@ -62,11 +62,11 @@ ACME.create = function create(me) {
me.__request = http.request;
}
// passed to dependencies
me.request = function(opts) {
me.request = function (opts) {
return U._request(me, opts);
};
me.init = function(opts) {
me.init = function (opts) {
M.init(me);
function fin(dir) {
@ -90,14 +90,14 @@ ACME.create = function create(me) {
if (!me.skipChallengeTest) {
p = native._canCheck(me);
}
return p.then(function() {
return ACME._directory(me).then(function(resp) {
return p.then(function () {
return ACME._directory(me).then(function (resp) {
return fin(resp.body);
});
});
};
me.accounts = {
create: function(options) {
create: function (options) {
try {
return A._registerAccount(me, options);
} catch (e) {
@ -126,8 +126,8 @@ ACME.create = function create(me) {
};
*/
me.certificates = {
create: function(options) {
return A._getAccountKid(me, options).then(function(kid) {
create: function (options) {
return A._getAccountKid(me, options).then(function (kid) {
ACME._normalizePresenters(me, options, options.challenges);
return ACME._getCertificate(me, options, kid);
});
@ -143,9 +143,9 @@ ACME.challengePrefixes = {
'dns-01': '_acme-challenge'
};
ACME.challengeTests = {
'http-01': function(me, auth) {
'http-01': function (me, auth) {
var ch = auth.challenge;
return me.http01(ch).then(function(keyAuth) {
return me.http01(ch).then(function (keyAuth) {
var err;
// TODO limit the number of bytes that are allowed to be downloaded
@ -170,14 +170,14 @@ ACME.challengeTests = {
throw err;
});
},
'dns-01': function(me, auth) {
'dns-01': function (me, auth) {
// remove leading *. on wildcard domains
var ch = auth.challenge;
return me.dns01(ch).then(function(ans) {
return me.dns01(ch).then(function (ans) {
var err;
if (
ans.answer.some(function(txt) {
ans.answer.some(function (txt) {
return ch.dnsAuthorization === txt.data[0];
})
) {
@ -199,7 +199,7 @@ ACME.challengeTests = {
}
};
ACME._directory = function(me) {
ACME._directory = function (me) {
// TODO cache the directory URL
// GET-as-GET ok
@ -210,13 +210,13 @@ ACME._directory = function(me) {
// postChallenge
// finalizeOrder
// getCertificate
ACME._getCertificate = function(me, options, kid) {
ACME._getCertificate = function (me, options, kid) {
//#console.debug('[ACME.js] certificates.create');
return ACME._orderCert(me, options, kid).then(function(order) {
return ACME._orderCert(me, options, kid).then(function (order) {
return ACME._finalizeOrder(me, options, kid, order);
});
};
ACME._normalizePresenters = function(me, options, presenters) {
ACME._normalizePresenters = function (me, options, presenters) {
// Prefer this order for efficiency:
// * http-01 is the fasest
// * tls-alpn-01 is for networks that don't allow plain traffic
@ -224,7 +224,7 @@ ACME._normalizePresenters = function(me, options, presenters) {
// but is required for private networks and wildcards
var presenterTypes = Object.keys(options.challenges || {});
options._presenterTypes = ['http-01', 'tls-alpn-01', 'dns-01'].filter(
function(typ) {
function (typ) {
return -1 !== presenterTypes.indexOf(typ);
}
);
@ -244,7 +244,7 @@ ACME._normalizePresenters = function(me, options, presenters) {
ACME._propagationDelayWarning = true;
}
}
Object.keys(presenters || {}).forEach(function(k) {
Object.keys(presenters || {}).forEach(function (k) {
var ch = presenters[k];
var warned = false;
@ -280,9 +280,9 @@ ACME._normalizePresenters = function(me, options, presenters) {
}
function promisify(fn) {
return function(opts) {
new Promise(function(resolve, reject) {
fn(opts, function(err, result) {
return function (opts) {
new Promise(function (resolve, reject) {
fn(opts, function (err, result) {
if (err) {
reject(err);
return;
@ -344,7 +344,7 @@ ACME._normalizePresenters = function(me, options, presenters) {
"signature": "H6ZXtGjTZyUnPeKn...wEA4TklBdh3e454g"
}
*/
ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) {
ACME._getAuthorization = function (me, options, kid, zonenames, authUrl) {
//#console.debug('\n[DEBUG] getAuthorization\n');
return U._jwsRequest(me, {
@ -352,7 +352,7 @@ ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) {
url: authUrl,
protected: { kid: kid },
payload: ''
}).then(function(resp) {
}).then(function (resp) {
// Pre-emptive rather than lazy for interfaces that need to show the
// challenges to the user first
return ACME._computeAuths(
@ -362,7 +362,7 @@ ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) {
resp.body,
zonenames,
false
).then(function(auths) {
).then(function (auths) {
resp.body._rawChallenges = resp.body.challenges;
resp.body.challenges = auths;
return resp.body;
@ -370,7 +370,7 @@ ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) {
});
};
ACME._testChallengeOptions = function() {
ACME._testChallengeOptions = function () {
// we want this to be the same for the whole group
var chToken = ACME._prnd(16);
return [
@ -396,9 +396,9 @@ ACME._testChallengeOptions = function() {
];
};
ACME._thumber = function(options, thumb) {
ACME._thumber = function (options, thumb) {
var thumbPromise;
return function(key) {
return function (key) {
if (thumb) {
return Promise.resolve(thumb);
}
@ -408,7 +408,7 @@ ACME._thumber = function(options, thumb) {
if (!key) {
key = options.accountKey || options.accountKeypair;
}
thumbPromise = U._importKeypair(key).then(function(pair) {
thumbPromise = U._importKeypair(key).then(function (pair) {
return Keypairs.thumbprint({
jwk: pair.public
});
@ -417,9 +417,9 @@ ACME._thumber = function(options, thumb) {
};
};
ACME._dryRun = function(me, realOptions, zonenames) {
ACME._dryRun = function (me, realOptions, zonenames) {
var noopts = {};
Object.keys(realOptions).forEach(function(key) {
Object.keys(realOptions).forEach(function (key) {
noopts[key] = realOptions[key];
});
noopts.order = {};
@ -428,20 +428,20 @@ ACME._dryRun = function(me, realOptions, zonenames) {
var getThumbprint = ACME._thumber(noopts, '');
return Promise.all(
noopts.domains.map(function(identifierValue) {
noopts.domains.map(function (identifierValue) {
// TODO we really only need one to pass, not all to pass
var challenges = ACME._testChallengeOptions();
var wild = '*.' === identifierValue.slice(0, 2);
if (wild) {
challenges = challenges.filter(function(ch) {
challenges = challenges.filter(function (ch) {
return ch._wildcard;
});
}
challenges = challenges.filter(function(auth) {
challenges = challenges.filter(function (auth) {
return me._canCheck[auth.type];
});
return getThumbprint().then(function(accountKeyThumb) {
return getThumbprint().then(function (accountKeyThumb) {
var resp = {
body: {
identifier: {
@ -464,23 +464,23 @@ ACME._dryRun = function(me, realOptions, zonenames) {
resp.body,
zonenames,
dryrun
).then(function(auths) {
).then(function (auths) {
resp.body.challenges = auths;
return resp.body;
});
});
})
).then(function(claims) {
).then(function (claims) {
var selected = [];
noopts.order._claims = claims.slice(0);
noopts.notify = function(ev, params) {
noopts.notify = function (ev, params) {
if ('_challenge_select' === ev) {
selected.push(params.challenge);
}
};
function clear() {
selected.forEach(function(ch) {
selected.forEach(function (ch) {
ACME._notify(me, noopts, 'challenge_remove', {
altname: ch.altname,
type: ch.type
@ -489,7 +489,7 @@ ACME._dryRun = function(me, realOptions, zonenames) {
// ignore promise return
noopts.challenges[ch.type]
.remove({ challenge: ch })
.catch(function(err) {
.catch(function (err) {
err.action = 'challenge_remove';
err.altname = ch.altname;
err.type = ch.type;
@ -499,7 +499,7 @@ ACME._dryRun = function(me, realOptions, zonenames) {
}
return ACME._setChallenges(me, noopts, noopts.order)
.catch(function(err) {
.catch(function (err) {
clear();
throw err;
})
@ -510,12 +510,12 @@ ACME._dryRun = function(me, realOptions, zonenames) {
// Get the list of challenge types we can validate,
// which is already ordered by preference.
// Select the first matching offered challenge type
ACME._chooseChallenge = function(options, results) {
ACME._chooseChallenge = function (options, results) {
// For each of the challenge types that we support
var challenge;
options._presenterTypes.some(function(chType) {
options._presenterTypes.some(function (chType) {
// And for each of the challenge types that are allowed
return results.challenges.some(function(ch) {
return results.challenges.some(function (ch) {
// Check to see if there are any matches
if (ch.type === chType) {
challenge = ch;
@ -527,7 +527,7 @@ ACME._chooseChallenge = function(options, results) {
return challenge;
};
ACME._getZones = function(me, challenges, domains) {
ACME._getZones = function (me, challenges, domains) {
var presenter = challenges['dns-01'];
if (!presenter) {
return Promise.resolve([]);
@ -538,7 +538,7 @@ ACME._getZones = function(me, challenges, domains) {
// a little bit of random to ensure that getZones()
// actually returns the zones and not the hosts as zones
var dnsHosts = domains.map(function(d) {
var dnsHosts = domains.map(function (d) {
var rnd = ACME._prnd(2);
return rnd + '.' + d;
});
@ -552,7 +552,7 @@ ACME._getZones = function(me, challenges, domains) {
};
ACME._challengesMap = { 'http-01': 0, 'dns-01': 0, 'tls-alpn-01': 0 };
ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) {
ACME._computeAuths = function (me, options, thumb, authz, zonenames, dryrun) {
// we don't poison the dns cache with our dummy request
var dnsPrefix = ACME.challengePrefixes['dns-01'];
if (dryrun) {
@ -565,7 +565,7 @@ ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) {
var getThumbprint = ACME._thumber(options, thumb);
return Promise.all(
authz.challenges.map(function(challenge) {
authz.challenges.map(function (challenge) {
// Don't do extra work for challenges that we can't satisfy
var _types = options._presenterTypes;
if (_types && !_types.includes(challenge.type)) {
@ -576,14 +576,14 @@ ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) {
// straight copy from the new order response
// { identifier, status, expires, challenges, wildcard }
Object.keys(authz).forEach(function(key) {
Object.keys(authz).forEach(function (key) {
auth[key] = authz[key];
});
// copy from the challenge we've chosen
// { type, status, url, token }
// (note the duplicate status overwrites the one above, but they should be the same)
Object.keys(challenge).forEach(function(key) {
Object.keys(challenge).forEach(function (key) {
// don't confused devs with the id url
auth[key] = challenge[key];
});
@ -602,19 +602,19 @@ ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) {
challenge: auth,
zone: zone,
dnsPrefix: dnsPrefix
}).then(function(resp) {
Object.keys(resp).forEach(function(k) {
}).then(function (resp) {
Object.keys(resp).forEach(function (k) {
auth[k] = resp[k];
});
return auth;
});
})
).then(function(auths) {
).then(function (auths) {
return auths.filter(Boolean);
});
};
ACME.computeChallenge = function(opts) {
ACME.computeChallenge = function (opts) {
var auth = opts.challenge;
var hostname = auth.hostname || opts.hostname;
var zone = opts.zone;
@ -623,7 +623,7 @@ ACME.computeChallenge = function(opts) {
var getThumbprint = opts._getThumbprint || ACME._thumber(opts, thumb);
var dnsPrefix = opts.dnsPrefix || ACME.challengePrefixes['dns-01'];
return getThumbprint(accountKey).then(function(thumb) {
return getThumbprint(accountKey).then(function (thumb) {
var resp = {};
resp.thumbprint = thumb;
// keyAuthorization = token + '.' + base64url(JWK_Thumbprint(accountKey))
@ -651,10 +651,10 @@ ACME.computeChallenge = function(opts) {
// _as part of_ the decision making process
return sha2
.sum(256, resp.keyAuthorization)
.then(function(hash) {
.then(function (hash) {
return Enc.bufToUrlBase64(Uint8Array.from(hash));
})
.then(function(hash64) {
.then(function (hash64) {
resp.dnsHost = dnsPrefix + '.' + hostname; // .replace('*.', '');
// deprecated
@ -674,7 +674,7 @@ ACME.computeChallenge = function(opts) {
});
};
ACME._untame = function(name, wild) {
ACME._untame = function (name, wild) {
if (wild) {
name = '*.' + name.replace('*.', '');
}
@ -682,7 +682,7 @@ ACME._untame = function(name, wild) {
};
// https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1
ACME._postChallenge = function(me, options, kid, auth) {
ACME._postChallenge = function (me, options, kid, auth) {
var RETRY_INTERVAL = me.retryInterval || 1000;
var DEAUTH_INTERVAL = me.deauthWait || 10 * 1000;
var MAX_POLL = me.retryPoll || 8;
@ -716,7 +716,7 @@ ACME._postChallenge = function(me, options, kid, auth) {
url: auth.url,
protected: { kid: kid },
payload: Enc.strToBuf(JSON.stringify({ status: 'deactivated' }))
}).then(function(/*#resp*/) {
}).then(function (/*#resp*/) {
//#console.debug('deactivate challenge: resp.body:');
//#console.debug(resp.body);
return ACME._wait(DEAUTH_INTERVAL);
@ -777,7 +777,7 @@ ACME._postChallenge = function(me, options, kid, auth) {
try {
options.challenges[auth.type]
.remove({ challenge: auth })
.catch(function(err) {
.catch(function (err) {
err.action = 'challenge_remove';
err.altname = auth.altname;
err.type = auth.type;
@ -858,7 +858,7 @@ ACME._postChallenge = function(me, options, kid, auth) {
};
// options = { domains, claims, challenges }
ACME._setChallenges = function(me, options, order) {
ACME._setChallenges = function (me, options, order) {
var claims = order._claims.slice(0);
var valids = [];
var auths = [];
@ -875,11 +875,11 @@ ACME._setChallenges = function(me, options, order) {
}
return Promise.resolve()
.then(function() {
.then(function () {
// For any challenges that are already valid,
// add to the list and skip any checks.
if (
claim.challenges.some(function(ch) {
claim.challenges.some(function (ch) {
if ('valid' === ch.status) {
valids.push(ch);
return true;
@ -959,7 +959,7 @@ ACME._setChallenges = function(me, options, order) {
}
return ACME.challengeTests[auth.type](me, { challenge: auth })
.then(function() {
.then(function () {
valids.push(auth);
})
.then(checkNext);
@ -968,7 +968,7 @@ ACME._setChallenges = function(me, options, order) {
function removeAll(ch) {
options.challenges[ch.type]
.remove({ challenge: ch })
.catch(function(err) {
.catch(function (err) {
err.action = 'challenge_remove';
err.altname = ch.altname;
err.type = ch.type;
@ -981,7 +981,7 @@ ACME._setChallenges = function(me, options, order) {
return setNext()
.then(waitAll)
.then(checkNext)
.catch(function(err) {
.catch(function (err) {
if (!options.debug) {
placed.forEach(removeAll);
}
@ -989,7 +989,7 @@ ACME._setChallenges = function(me, options, order) {
});
};
ACME._presentChallenges = function(me, options, kid, readyToPresent) {
ACME._presentChallenges = function (me, options, kid, readyToPresent) {
// Actually sets the challenge via ACME
function challengeNext() {
// First set, First presented
@ -1002,12 +1002,12 @@ ACME._presentChallenges = function(me, options, kid, readyToPresent) {
// BTW, these are done serially rather than parallel on purpose
// (rate limits, propagation delays, etc)
return challengeNext().then(function() {
return challengeNext().then(function () {
return readyToPresent;
});
};
ACME._pollOrderStatus = function(me, options, kid, order, verifieds) {
ACME._pollOrderStatus = function (me, options, kid, order, verifieds) {
var csr64 = ACME._csrToUrlBase64(options.csr);
var body = { csr: csr64 };
var payload = JSON.stringify(body);
@ -1019,7 +1019,7 @@ ACME._pollOrderStatus = function(me, options, kid, order, verifieds) {
url: order._finalizeUrl,
protected: { kid: kid },
payload: Enc.strToBuf(payload)
}).then(function(resp) {
}).then(function (resp) {
ACME._notify(me, options, 'certificate_status', {
subject: options.domains[0],
status: resp.body.status
@ -1081,7 +1081,7 @@ ACME._pollOrderStatus = function(me, options, kid, order, verifieds) {
return pollCert();
};
ACME._redeemCert = function(me, options, kid, voucher) {
ACME._redeemCert = function (me, options, kid, voucher) {
//#console.debug('ACME.js: order was finalized');
// POST-as-GET
@ -1091,7 +1091,7 @@ ACME._redeemCert = function(me, options, kid, voucher) {
protected: { kid: kid },
payload: Enc.binToBuf(''),
json: true
}).then(function(resp) {
}).then(function (resp) {
//#console.debug('ACME.js: csr submitted and cert received:');
// https://github.com/certbot/certbot/issues/5721
@ -1110,12 +1110,12 @@ ACME._redeemCert = function(me, options, kid, voucher) {
});
};
ACME._finalizeOrder = function(me, options, kid, order) {
ACME._finalizeOrder = function (me, options, kid, order) {
//#console.debug('[ACME.js] finalizeOrder:');
var readyToPresent;
return A._getAccountKid(me, options).then(function(kid) {
return A._getAccountKid(me, options).then(function (kid) {
return ACME._setChallenges(me, options, order)
.then(function(_readyToPresent) {
.then(function (_readyToPresent) {
readyToPresent = _readyToPresent;
return ACME._presentChallenges(
me,
@ -1124,28 +1124,28 @@ ACME._finalizeOrder = function(me, options, kid, order) {
readyToPresent
);
})
.then(function() {
.then(function () {
return ACME._pollOrderStatus(
me,
options,
kid,
order,
readyToPresent.map(function(ch) {
readyToPresent.map(function (ch) {
return ACME._untame(ch.identifier.value, ch.wildcard);
})
);
})
.then(function(voucher) {
.then(function (voucher) {
return ACME._redeemCert(me, options, kid, voucher);
});
});
};
// Order a certificate request with all domains
ACME._orderCert = function(me, options, kid) {
ACME._orderCert = function (me, options, kid) {
var certificateRequest = {
// raw wildcard syntax MUST be used here
identifiers: options.domains.map(function(hostname) {
identifiers: options.domains.map(function (hostname) {
return { type: 'dns', value: hostname };
})
//, "notBefore": "2016-01-01T00:00:00Z"
@ -1153,10 +1153,10 @@ ACME._orderCert = function(me, options, kid) {
};
return ACME._prepRequest(me, options)
.then(function() {
.then(function () {
return ACME._getZones(me, options.challenges, options.domains);
})
.then(function(zonenames) {
.then(function (zonenames) {
var p;
// Do a little dry-run / self-test
if (!me.skipDryRun && !options.skipDryRun) {
@ -1165,9 +1165,9 @@ ACME._orderCert = function(me, options, kid) {
p = Promise.resolve(null);
}
return p.then(function() {
return p.then(function () {
return A._getAccountKid(me, options)
.then(function(kid) {
.then(function (kid) {
ACME._notify(me, options, 'certificate_order', {
// API-locked
account: { key: { kid: kid } },
@ -1185,7 +1185,7 @@ ACME._orderCert = function(me, options, kid) {
payload: Enc.binToBuf(payload)
});
})
.then(function(resp) {
.then(function (resp) {
var order = resp.body;
order._orderUrl = resp.headers.location;
order._finalizeUrl = resp.body.finalize;
@ -1201,14 +1201,14 @@ ACME._orderCert = function(me, options, kid) {
return order;
})
.then(function(order) {
.then(function (order) {
return ACME._getAllChallenges(
me,
options,
kid,
zonenames,
order
).then(function(claims) {
).then(function (claims) {
order._claims = claims;
return order;
});
@ -1217,8 +1217,8 @@ ACME._orderCert = function(me, options, kid) {
});
};
ACME._prepRequest = function(me, options) {
return Promise.resolve().then(function() {
ACME._prepRequest = function (me, options) {
return Promise.resolve().then(function () {
// TODO check that all presenterTypes are represented in challenges
if (!options._presenterTypes.length) {
return Promise.reject(
@ -1236,14 +1236,8 @@ ACME._prepRequest = function(me, options) {
options.domains = options.domains || _csr.altnames;
_csr.altnames = _csr.altnames || [];
if (
options.domains
.slice(0)
.sort()
.join(' ') !==
_csr.altnames
.slice(0)
.sort()
.join(' ')
options.domains.slice(0).sort().join(' ') !==
_csr.altnames.slice(0).sort().join(' ')
) {
return Promise.reject(
new Error('certificate altnames do not match requested domains')
@ -1266,7 +1260,7 @@ ACME._prepRequest = function(me, options) {
}
// a cheap check to see if there are non-ascii characters in any of the domains
var nonAsciiDomains = options.domains.some(function(d) {
var nonAsciiDomains = options.domains.some(function (d) {
// IDN / unicode / utf-8 / punycode
return Enc.strToBin(d) !== d;
});
@ -1277,7 +1271,7 @@ ACME._prepRequest = function(me, options) {
}
// TODO Promise.all()?
(options._presenterTypes || []).forEach(function(key) {
(options._presenterTypes || []).forEach(function (key) {
var presenter = options.challenges[key];
if (
'function' === typeof presenter.init &&
@ -1291,7 +1285,7 @@ ACME._prepRequest = function(me, options) {
};
// Request a challenge for each authorization in the order
ACME._getAllChallenges = function(me, options, kid, zonenames, order) {
ACME._getAllChallenges = function (me, options, kid, zonenames, order) {
var claims = [];
//#console.debug("[acme-v2] POST newOrder has authorizations");
var challengeAuths = order.authorizations.slice(0);
@ -1308,14 +1302,14 @@ ACME._getAllChallenges = function(me, options, kid, zonenames, order) {
kid,
zonenames,
authUrl
).then(function(claim) {
).then(function (claim) {
// var domain = options.domains[i]; // claim.identifier.value
claims.push(claim);
return getNext();
});
}
return getNext().then(function() {
return getNext().then(function () {
return claims;
});
};
@ -1333,12 +1327,12 @@ ACME.splitPemChain = function splitPemChain(str) {
return str
.trim()
.split(/[\r\n]{2,}/g)
.map(function(str) {
.map(function (str) {
return str + '\n';
});
};
ACME._csrToUrlBase64 = function(csr) {
ACME._csrToUrlBase64 = function (csr) {
// if der, convert to base64
if ('string' !== typeof csr) {
csr = Enc.bufToUrlBase64(csr);
@ -1347,21 +1341,16 @@ ACME._csrToUrlBase64 = function(csr) {
// TODO use PEM.parseBlock()
// nix PEM headers, if any
if ('-' === csr[0]) {
csr = csr
.split(/\n+/)
.slice(1, -1)
.join('');
csr = csr.split(/\n+/).slice(1, -1).join('');
}
return Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, ''));
};
// In v8 this is crypto random, but we're just using it for pseudorandom
ACME._prnd = function(n) {
ACME._prnd = function (n) {
var rnd = '';
while (rnd.length / 2 < n) {
var i = Math.random()
.toString()
.substr(2);
var i = Math.random().toString().substr(2);
var h = parseInt(i, 10).toString(16);
if (h.length % 2) {
h = '0' + h;
@ -1371,7 +1360,7 @@ ACME._prnd = function(n) {
return rnd.substr(0, n * 2);
};
ACME._notify = function(me, options, ev, params) {
ACME._notify = function (me, options, ev, params) {
if (!options.notify && !me.notify) {
//console.info(ev, params);
return;
@ -1385,7 +1374,7 @@ ACME._notify = function(me, options, ev, params) {
};
ACME._wait = function wait(ms) {
return new Promise(function(resolve) {
return new Promise(function (resolve) {
setTimeout(resolve, ms || 1100);
});
};
@ -1402,12 +1391,12 @@ function newZoneRegExp(zonename) {
function pluckZone(zonenames, dnsHost) {
return zonenames
.filter(function(zonename) {
.filter(function (zonename) {
// the only character that needs to be escaped for regex
// and is allowed in a domain name is '.'
return newZoneRegExp(zonename).test(dnsHost);
})
.sort(function(a, b) {
.sort(function (a, b) {
// longest match first
return b.length - a.length;
})[0];

4
bin/bundle.js

@ -1,5 +1,5 @@
#!/usr/bin/env node
(async function() {
(async function () {
'use strict';
var UglifyJS = require('uglify-js');
@ -22,7 +22,7 @@
'../lib/asn1-parser.js',
'../lib/csr.js',
'../lib/acme.js'
].map(async function(file) {
].map(async function (file) {
return (await readFile(path.join(__dirname, file), 'utf8')).trim();
})
);

12
errors.js

@ -2,13 +2,13 @@
var E = module.exports;
E.NO_SUITABLE_CHALLENGE = function(domain, challenges, presenters) {
E.NO_SUITABLE_CHALLENGE = function (domain, challenges, presenters) {
// Bail with a descriptive message if no usable challenge could be selected
// For example, wildcards require dns-01 and, if we don't have that, we have to bail
var enabled = presenters.join(', ') || 'none';
var suitable =
challenges
.map(function(r) {
.map(function (r) {
return r.type;
})
.join(', ') || 'none';
@ -24,7 +24,7 @@ E.NO_SUITABLE_CHALLENGE = function(domain, challenges, presenters) {
' ).'
);
};
E.UNHANDLED_ORDER_STATUS = function(options, domains, resp) {
E.UNHANDLED_ORDER_STATUS = function (options, domains, resp) {
return new Error(
"Didn't finalize order: Unhandled status '" +
resp.body.status +
@ -41,7 +41,7 @@ E.UNHANDLED_ORDER_STATUS = function(options, domains, resp) {
'Please open an issue at https://git.rootprojects.org/root/acme.js'
);
};
E.DOUBLE_READY_ORDER = function(options, domains, resp) {
E.DOUBLE_READY_ORDER = function (options, domains, resp) {
return new Error(
"Did not finalize order: status 'ready'." +
" Hmmm... this state shouldn't be possible here. That was the last state." +
@ -57,7 +57,7 @@ E.DOUBLE_READY_ORDER = function(options, domains, resp) {
'Please open an issue at https://git.rootprojects.org/root/acme.js'
);
};
E.ORDER_INVALID = function(options, domains, resp) {
E.ORDER_INVALID = function (options, domains, resp) {
return new Error(
"Did not finalize order: status 'invalid'." +
' Best guess: One or more of the domain challenges could not be verified' +
@ -71,7 +71,7 @@ E.ORDER_INVALID = function(options, domains, resp) {
JSON.stringify(resp.body, null, 2)
);
};
E.NO_AUTHORIZATIONS = function(options, resp) {
E.NO_AUTHORIZATIONS = function (options, resp) {
return new Error(
"[acme-v2.js] authorizations were not fetched for '" +
options.domains.join() +

74
examples/app.js

@ -1,5 +1,5 @@
/*global Promise*/
(function() {
(function () {
'use strict';
var Keypairs = require('@root/keypairs');
@ -29,8 +29,8 @@
console.log('hello');
// Show different options for ECDSA vs RSA
$$('input[name="kty"]').forEach(function($el) {
$el.addEventListener('change', function(ev) {
$$('input[name="kty"]').forEach(function ($el) {
$el.addEventListener('change', function (ev) {
console.log(this);
console.log(ev);
if ('RSA' === ev.target.value) {
@ -44,20 +44,20 @@
});
// Generate a key on submit
$('form.js-keygen').addEventListener('submit', function(ev) {
$('form.js-keygen').addEventListener('submit', function (ev) {
ev.preventDefault();
ev.stopPropagation();
$('.js-loading').hidden = false;
$('.js-jwk').hidden = true;
$('.js-toc-der-public').hidden = true;
$('.js-toc-der-private').hidden = true;
$$('.js-toc-pem').forEach(function($el) {
$$('.js-toc-pem').forEach(function ($el) {
$el.hidden = true;
});
$$('input').map(function($el) {
$$('input').map(function ($el) {
$el.disabled = true;
});
$$('button').map(function($el) {
$$('button').map(function ($el) {
$el.disabled = true;
});
var opts = {
@ -67,7 +67,7 @@
};
var then = Date.now();
console.log('opts', opts);
Keypairs.generate(opts).then(function(results) {
Keypairs.generate(opts).then(function (results) {
console.log('Key generation time:', Date.now() - then + 'ms');
var pubDer;
var privDer;
@ -77,19 +77,19 @@
Eckles.export({
jwk: results.private,
format: 'sec1'
}).then(function(pem) {
}).then(function (pem) {
$('.js-input-pem-sec1-private').innerText = pem;
$('.js-toc-pem-sec1-private').hidden = false;
});
Eckles.export({
jwk: results.private,
format: 'pkcs8'
}).then(function(pem) {
}).then(function (pem) {
$('.js-input-pem-pkcs8-private').innerText = pem;
$('.js-toc-pem-pkcs8-private').hidden = false;
});
Eckles.export({ jwk: results.public, public: true }).then(
function(pem) {
function (pem) {
$('.js-input-pem-spki-public').innerText = pem;
$('.js-toc-pem-spki-public').hidden = false;
}
@ -100,25 +100,25 @@
Rasha.export({
jwk: results.private,
format: 'pkcs1'
}).then(function(pem) {
}).then(function (pem) {
$('.js-input-pem-pkcs1-private').innerText = pem;
$('.js-toc-pem-pkcs1-private').hidden = false;
});
Rasha.export({
jwk: results.private,
format: 'pkcs8'
}).then(function(pem) {
}).then(function (pem) {
$('.js-input-pem-pkcs8-private').innerText = pem;
$('.js-toc-pem-pkcs8-private').hidden = false;
});
Rasha.export({ jwk: results.public, format: 'pkcs1' }).then(
function(pem) {
function (pem) {
$('.js-input-pem-pkcs1-public').innerText = pem;
$('.js-toc-pem-pkcs1-public').hidden = false;
}
);
Rasha.export({ jwk: results.public, format: 'spki' }).then(
function(pem) {
function (pem) {
$('.js-input-pem-spki-public').innerText = pem;
$('.js-toc-pem-spki-public').hidden = false;
}
@ -132,10 +132,10 @@
$('.js-jwk').innerText = JSON.stringify(results, null, 2);
$('.js-loading').hidden = true;
$('.js-jwk').hidden = false;
$$('input').map(function($el) {
$$('input').map(function ($el) {
$el.disabled = false;
});
$$('button').map(function($el) {
$$('button').map(function ($el) {
$el.disabled = false;
});
$('.js-toc-jwk').hidden = false;
@ -145,7 +145,7 @@
});
});
$('form.js-acme-account').addEventListener('submit', function(ev) {
$('form.js-acme-account').addEventListener('submit', function (ev) {
ev.preventDefault();
ev.stopPropagation();
$('.js-loading').hidden = false;
@ -155,7 +155,7 @@
});
acme.init(
'https://acme-staging-v02.api.letsencrypt.org/directory'
).then(function(result) {
).then(function (result) {
console.log('acme result', result);
var privJwk = JSON.parse($('.js-jwk').innerText).private;
var email = $('.js-email').value;
@ -165,7 +165,7 @@
agreeToTerms: checkTos,
accountKeypair: { privateKeyJwk: privJwk }
})
.then(function(account) {
.then(function (account) {
console.log('account created result:', account);
accountStuff.account = account;
accountStuff.privateJwk = privJwk;
@ -177,7 +177,7 @@
'.js-acme-account-response'
).innerText = JSON.stringify(account, null, 2);
})
.catch(function(err) {
.catch(function (err) {
console.error('A bad thing happened:');
console.error(err);
window.alert(
@ -187,13 +187,13 @@
});
});
$('form.js-csr').addEventListener('submit', function(ev) {
$('form.js-csr').addEventListener('submit', function (ev) {
ev.preventDefault();
ev.stopPropagation();
generateCsr();
});
$('form.js-acme-order').addEventListener('submit', function(ev) {
$('form.js-acme-order').addEventListener('submit', function (ev) {
ev.preventDefault();
ev.stopPropagation();
var account = accountStuff.account;
@ -204,7 +204,7 @@
var domains = ($('.js-domains').value || 'example.com').split(
/[, ]+/g
);
return getDomainPrivkey().then(function(domainPrivJwk) {
return getDomainPrivkey().then(function (domainPrivJwk) {
console.log('Has CSR already?');
console.log(accountStuff.csr);
return acme.certificates
@ -219,11 +219,11 @@
agreeToTerms: checkTos,
challenges: {
'dns-01': {
set: function(opts) {
set: function (opts) {
console.info('dns-01 set challenge:');
console.info('TXT', opts.dnsHost);
console.info(opts.dnsAuthorization);
return new Promise(function(resolve) {
return new Promise(function (resolve) {
while (
!window.confirm(
'Did you set the challenge?'
@ -232,11 +232,11 @@
resolve();
});
},
remove: function(opts) {
remove: function (opts) {
console.log('dns-01 remove challenge:');
console.info('TXT', opts.dnsHost);
console.info(opts.dnsAuthorization);
return new Promise(function(resolve) {
return new Promise(function (resolve) {
while (
!window.confirm(
'Did you delete the challenge?'
@ -247,11 +247,11 @@
}
},
'http-01': {
set: function(opts) {
set: function (opts) {
console.info('http-01 set challenge:');
console.info(opts.challengeUrl);
console.info(opts.keyAuthorization);
return new Promise(function(resolve) {
return new Promise(function (resolve) {
while (
!window.confirm(
'Did you set the challenge?'
@ -260,11 +260,11 @@
resolve();
});
},
remove: function(opts) {
remove: function (opts) {
console.log('http-01 remove challenge:');
console.info(opts.challengeUrl);
console.info(opts.keyAuthorization);
return new Promise(function(resolve) {
return new Promise(function (resolve) {
while (
!window.confirm(
'Did you delete the challenge?'
@ -279,7 +279,7 @@
$('input[name="acme-challenge-type"]:checked').value
]
})
.then(function(results) {
.then(function (results) {
console.log('Got Certificates:');
console.log(results);
$('.js-toc-acme-order-response').hidden = false;
@ -289,7 +289,7 @@
2
);
})
.catch(function(err) {
.catch(function (err) {
console.error('challenge failed:');
console.error(err);
window.alert(
@ -310,7 +310,7 @@
kty: $('input[name="kty"]:checked').value,
namedCurve: $('input[name="ec-crv"]:checked').value,
modulusLength: $('input[name="rsa-len"]:checked').value
}).then(function(pair) {
}).then(function (pair) {
console.log('domain keypair:', pair);
accountStuff.domainPrivateJwk = pair.private;
return pair.private;
@ -320,9 +320,9 @@
function generateCsr() {
var domains = ($('.js-domains').value || 'example.com').split(/[, ]+/g);
//var privJwk = JSON.parse($('.js-jwk').innerText).private;
return getDomainPrivkey().then(function(privJwk) {
return getDomainPrivkey().then(function (privJwk) {
accountStuff.domainPrivateJwk = privJwk;
return CSR({ jwk: privJwk, domains: domains }).then(function(pem) {
return CSR({ jwk: privJwk, domains: domains }).then(function (pem) {
// Verify with https://www.sslshopper.com/csr-decoder.html
accountStuff.csr = pem;
console.log('Created CSR:');

6
examples/get-certificate-full.js

@ -5,7 +5,7 @@ async function main() {
var fs = require('fs');
// just to trigger the warning message out of the way
await fs.promises.readFile().catch(function() {});
await fs.promises.readFile().catch(function () {});
console.warn('\n');
var MY_DOMAINS = process.env.DOMAINS.split(/[,\s]+/);
@ -55,7 +55,7 @@ async function main() {
// If you are multi-tenanted or white-labled and need to present the terms of
// use to the Subscriber running the service, you can do so with a function.
var agreeToTerms = async function() {
var agreeToTerms = async function () {
return true;
};
@ -126,7 +126,7 @@ async function main() {
}
}
main().catch(function(e) {
main().catch(function (e) {
console.error(e.stack);
});

4
examples/https-server.js

@ -7,9 +7,9 @@ var key = fs.readFileSync('./privkey.pem');
var cert = fs.readFileSync('./fullchain.pem');
var server = https
.createSecureServer({ key, cert }, function(req, res) {
.createSecureServer({ key, cert }, function (req, res) {
res.end('Hello, Encrypted World!');
})
.listen(443, function() {
.listen(443, function () {
console.info('Listening on', server.address());
});

4
examples/https-sni-server.js

@ -13,9 +13,9 @@ function SNICallback(servername, cb) {
}
var server = https
.createSecureServer({ SNICallback: SNICallback }, function(req, res) {
.createSecureServer({ SNICallback: SNICallback }, function (req, res) {
res.end('Hello, Encrypted World!');
})
.listen(443, function() {
.listen(443, function () {
console.info('Listening on', server.address());
});

28
examples/server.js

@ -13,12 +13,12 @@ var nameserver = nameservers[index];
app.use('/', express.static(__dirname));
app.use('/api', express.json());
app.get('/api/dns/:domain', function(req, res, next) {
app.get('/api/dns/:domain', function (req, res, next) {
var domain = req.params.domain;
var casedDomain = domain
.toLowerCase()
.split('')
.map(function(ch) {
.map(function (ch) {
// dns0x20 takes advantage of the fact that the binary operation for toUpperCase is
// ch = ch | 0x20;
return Math.round(Math.random()) % 2 ? ch : ch.toUpperCase();
</