Browse Source

v1.0.8

tags/v1.0.8
AJ ONeal 1 year ago
parent
commit
11a8c5d363
8 changed files with 126 additions and 996 deletions
  1. 2
    0
      .gitignore
  2. 86
    61
      README.md
  3. 0
    79
      compat.js
  4. 29
    33
      examples/cli.js
  5. 3
    684
      node.js
  6. 6
    5
      package.json
  7. 0
    79
      tests/cb.js
  8. 0
    55
      tests/compat.js

+ 2
- 0
.gitignore View File

@@ -0,0 +1,2 @@
1
+node_modules
2
+tests/*.pem

+ 86
- 61
README.md View File

@@ -1,31 +1,67 @@
1
+acme.js
2
+==========
3
+
4
+Free SSL for everybody. The bare essentials of the Let's Encrypt v2 (ACME draft 11) API. Built for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js), [by request](https://git.coolaj86.com/coolaj86/greenlock.js/issues/5#issuecomment-8).
5
+
6
+!["Monthly Downloads"](https://img.shields.io/npm/dm/acme-v2.svg "Monthly Download Count can't be shown")
7
+!["Weekly Downloads"](https://img.shields.io/npm/dw/acme-v2.svg "Weekly Download Count can't be shown")
8
+!["Stackoverflow Questions"](https://img.shields.io/stackexchange/stackoverflow/t/greenlock.svg "S.O. Question count can't be shown")
9
+
1 10
 | Sponsored by [ppl](https://ppl.family)
2
-| **acme-v2.js** ([npm](https://www.npmjs.com/package/acme-v2))
3
-| [acme-v2-cli.js](https://git.coolaj86.com/coolaj86/acme-v2-cli.js)
4
-| [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js)
5
-| [goldilocks.js](https://git.coolaj86.com/coolaj86/goldilocks.js)
11
+| **acme.js** ([npm](https://www.npmjs.com/package/acme))
12
+| [Greenlock for Web Servers](https://git.coolaj86.com/coolaj86/greenlock-cli.js)
13
+| [Greenlock for Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js)
14
+| [Greenlock for API Integrations](https://git.coolaj86.com/coolaj86/greenlock.js)
15
+| [Greenlock for Web Browsers](https://git.coolaj86.com/coolaj86/greenlock.html)
6 16
 |
7 17
 
8
-acme-v2.js
9
-==========
10
-
11
-A framework for building Let's Encrypt v2 (ACME draft 11) clients, successor to `le-acme-core.js`.
12
-Built [by request](https://git.coolaj86.com/coolaj86/greenlock.js/issues/5#issuecomment-8).
18
+This is intented for building ACME API clients in node.js.
13 19
 
14
-## Looking for Quick 'n' Easy™?
20
+Looking for Quick 'n' Easy™?
21
+=======
15 22
 
16
-If you're looking for an *ACME-enabled webserver*, try [goldilocks.js](https://git.coolaj86.com/coolaj86/goldilocks.js).
17
-If you're looking to *build a webserver*, try [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js).
23
+If you're looking to *build* a *browser* client, try [Greenlock Web Browsers](https://git.coolaj86.com/coolaj86/greenlock.html).
24
+If you're looking to *build* a node.js *service* or *cli*, try [Greenlock for node.js](https://git.coolaj86.com/coolaj86/greenlock.js).
25
+If you're looking for an *ACME-enabled webserver*, try [Greenlock for Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js) or [goldilocks.js](https://git.coolaj86.com/coolaj86/goldilocks.js).
18 26
 
19
-* [greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js)
27
+* [Greenlock for Web Browsers](https://git.coolaj86.com/coolaj86/greenlock.html)
28
+* [Greenlock for node.js](https://git.coolaj86.com/coolaj86/greenlock.js)
29
+* [Greenlock for Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js)
20 30
 * [goldilocks.js](https://git.coolaj86.com/coolaj86/goldilocks.js)
21 31
 
22
-## How to build ACME clients
32
+Let's Encrypt v2 / ACME draft 11 Support
33
+========
34
+
35
+This library (acme.js) supports ACME [*draft 11*](https://tools.ietf.org/html/draft-ietf-acme-acme-11),
36
+otherwise known as Let's Encrypt v2 (or v02).
37
+
38
+  * ACME draft 11
39
+  * Let's Encrypt v2
40
+  * Let's Encrypt v02
41
+
42
+```
43
+# Production URL
44
+https://acme-v02.api.letsencrypt.org/directory
45
+```
46
+
47
+```
48
+# Staging URL
49
+https://acme-staging-v02.api.letsencrypt.org/directory
50
+```
51
+
52
+Demonstration
53
+=============
23 54
 
24 55
 As this is intended to build ACME clients, there is not a simple 2-line example.
25 56
 
26
-I'd recommend first running the example CLI client with a test domain and then investigating the files used for that example:
57
+I'd recommend first trying out one of the [Greenlock for Web Servers](https://git.coolaj86.com/coolaj86/greenlock-cli.js)
58
+examples, which are guaranteed to work and have great error checking to help you debug.
59
+
60
+Then I'd recommend running the example CLI client with a test domain and then investigating the files used for that example:
27 61
 
28 62
 ```bash
63
+git clone https://git.coolaj86.com/coolaj86/acme.js.git
64
+pushd acme.js/
29 65
 node examples/cli.js
30 66
 ```
31 67
 
@@ -35,7 +71,7 @@ The example cli has the following prompts:
35 71
 What web address(es) would you like to get certificates for? (ex: example.com,*.example.com)
36 72
 What challenge will you be testing today? http-01 or dns-01? [http-01]
37 73
 What email should we use? (optional)
38
-What API style would you like to test? v1-compat or promise? [v1-compat]
74
+What directoryUrl should we use? [https://acme-staging-v02.api.letsencrypt.org/directory]
39 75
 
40 76
 Put the string 'mBfh0SqaAV3MOK3B6cAhCbIReAyDuwuxlO1Sl70x6bM.VNAzCR4THe4czVzo9piNn73B1ZXRLaB2CESwJfKkvRM' into a file at 'example.com/.well-known/acme-challenge/mBfh0SqaAV3MOK3B6cAhCbIReAyDuwuxlO1Sl70x6bM'
41 77
 
@@ -47,74 +83,60 @@ Then hit the 'any' key to continue...
47 83
 When you've completed the challenge you can hit a key to continue the process.
48 84
 
49 85
 If you place the certificate you receive back in `tests/fullchain.pem`
50
-you can then test it with `examples/https-server.js`.
86
+then you can test it with `examples/https-server.js`.
51 87
 
52 88
 ```
53 89
 examples/cli.js
54 90
 examples/genkeypair.js
55
-tests/compat.js
56 91
 examples/https-server.js
57 92
 examples/http-server.js
58 93
 ```
59 94
 
60
-## Let's Encrypt Directory URLs
95
+Install
96
+=======
61 97
 
62
-```
63
-# Production URL
64
-https://acme-v02.api.letsencrypt.org/directory
65
-```
98
+Install via npm
66 99
 
67
-```
68
-# Staging URL
69
-https://acme-staging-v02.api.letsencrypt.org/directory
100
+```bash
101
+npm install --save acme
70 102
 ```
71 103
 
72
-## Two API versions, Two Implementations
104
+Install via git
73 105
 
74
-This library (acme-v2.js) supports ACME [*draft 11*](https://tools.ietf.org/html/draft-ietf-acme-acme-11),
75
-otherwise known as Let's Encrypt v2 (or v02).
106
+```bash
107
+npm install https://git.coolaj86.com/coolaj86/acme.js.git
108
+```
76 109
 
77
-  * ACME draft 11
78
-  * Let's Encrypt v2
79
-  * Let's Encrypt v02
110
+API
111
+===
80 112
 
81
-The predecessor (le-acme-core) supports Let's Encrypt v1 (or v01), which was a
82
-[hodge-podge of various drafts](https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md)
83
-of the ACME spec early on.
113
+This API is an evolution of le-acme-core,
114
+but tries to provide a better mapping to the new draft 11 APIs.
84 115
 
85
-  * ACME early draft
86
-  * Let's Encrypt v1
87
-  * Let's Encrypt v01
116
+Status: Almost stable, but **not semver locked**.
88 117
 
89
-This library maintains compatibility with le-acme-core so that it can be used as a **drop-in replacement**
90
-and requires **no changes to existing code**,
91
-but also provides an updated API more congruent with draft 11.
118
+Patch versions will not introduce breaking changes,
119
+but may introduce lower-level APIs.
120
+Minor versions may change return values to include more information.
92 121
 
93
-## le-acme-core-compatible API (recommended)
122
+Overview:
94 123
 
95
-Status: Stable, Locked, Bugfix-only
124
+```
125
+var ACME = require('acme').ACME;
96 126
 
97
-See Full Documentation at <https://git.coolaj86.com/coolaj86/le-acme-core.js>
127
+ACME.create(opts)
98 128
 
129
+acme.init(acmeDirectoryUrl)
130
+acme.accounts.create(opts)
131
+acme.certificates.create(opts)
99 132
 ```
100
-var RSA = require('rsa-compat').RSA;
101
-var acme = require('acme-v2/compat.js').ACME.create({ RSA: RSA });
102 133
 
103
-//
104
-// Use exactly the same as le-acme-core
105
-//
134
+Detailed Explanation:
106 135
 ```
136
+var ACME = require('acme').ACME;
107 137
 
108
-## Promise API (dev)
109
-
110
-Status: Almost stable, but **not semver locked**
111
-
112
-This API is a simple evolution of le-acme-core,
113
-but tries to provide a better mapping to the new draft 11 APIs.
114
-
115
-```
116 138
 // Create Instance (Dependency Injection)
117
-var ACME = require('acme-v2').ACME.create({
139
+var acme = ACME.create({
118 140
   RSA: require('rsa-compat').RSA
119 141
 
120 142
   // other overrides
@@ -135,11 +157,11 @@ var ACME = require('acme-v2').ACME.create({
135 157
 
136 158
 
137 159
 // Discover Directory URLs
138
-ACME.init(acmeDirectoryUrl)                   // returns Promise<acmeUrls={keyChange,meta,newAccount,newNonce,newOrder,revokeCert}>
160
+acme.init(acmeDirectoryUrl)                   // returns Promise<acmeUrls={keyChange,meta,newAccount,newNonce,newOrder,revokeCert}>
139 161
 
140 162
 
141 163
 // Accounts
142
-ACME.accounts.create(options)                 // returns Promise<regr> registration data
164
+acme.accounts.create(options)                 // returns Promise<regr> registration data
143 165
 
144 166
     { email: '<email>'                        //    valid email (server checks MX records)
145 167
     , accountKeypair: {                       //    privateKeyPem or privateKeyJwt
@@ -150,7 +172,7 @@ ACME.accounts.create(options)                 // returns Promise<regr> registrat
150 172
 
151 173
 
152 174
 // Registration
153
-ACME.certificates.create(options)             // returns Promise<pems={ privkey (key), cert, chain (ca) }>
175
+acme.certificates.create(options)             // returns Promise<pems={ privkey (key), cert, chain (ca) }>
154 176
 
155 177
     { newAuthzUrl: '<url>'                    //    specify acmeUrls.newAuthz
156 178
     , newCertUrl: '<url>'                     //    specify acmeUrls.newCert
@@ -179,6 +201,9 @@ ACME.challengePrefixes['dns-01']              // '_acme-challenge'
179 201
 Changelog
180 202
 ---------
181 203
 
204
+* v1.0.8 - rename to acme.js
205
+* v1.0.7 - improved error handling again, after user testing
206
+* v1.0.6 - improved error handling
182 207
 * v1.0.5 - cleanup logging
183 208
 * v1.0.4 - v6- compat use `promisify` from node's util or bluebird
184 209
 * v1.0.3 - documentation cleanup

+ 0
- 79
compat.js View File

@@ -1,79 +0,0 @@
1
-'use strict';
2
-
3
-var ACME2 = require('./').ACME;
4
-
5
-function resolveFn(cb) {
6
-  return function (val) {
7
-    // nextTick to get out of Promise chain
8
-    process.nextTick(function () { cb(null, val); });
9
-  };
10
-}
11
-function rejectFn(cb) {
12
-  return function (err) {
13
-    console.error('[acme-v2] handled(?) rejection as errback:');
14
-    console.error(err.stack);
15
-
16
-    // nextTick to get out of Promise chain
17
-    process.nextTick(function () { cb(err); });
18
-
19
-    // do not resolve promise further
20
-    return new Promise(function () {});
21
-  };
22
-}
23
-
24
-function create(deps) {
25
-  deps.LeCore = {};
26
-  var acme2 = ACME2.create(deps);
27
-  acme2.registerNewAccount = function (options, cb) {
28
-    acme2.accounts.create(options).then(resolveFn(cb), rejectFn(cb));
29
-  };
30
-  acme2.getCertificate = function (options, cb) {
31
-    options.agreeToTerms = options.agreeToTerms || function (tos) {
32
-      return Promise.resolve(tos);
33
-    };
34
-    acme2.certificates.create(options).then(function (chainPem) {
35
-      var privkeyPem = acme2.RSA.exportPrivatePem(options.domainKeypair);
36
-      resolveFn(cb)({
37
-        cert: chainPem.split(/[\r\n]{2,}/g)[0] + '\r\n'
38
-      , privkey: privkeyPem 
39
-      , chain: chainPem.split(/[\r\n]{2,}/g)[1] + '\r\n'
40
-      });
41
-    }, rejectFn(cb));
42
-  };
43
-  acme2.getAcmeUrls = function (options, cb) {
44
-    acme2.init(options).then(resolveFn(cb), rejectFn(cb));
45
-  };
46
-  acme2.getOptions = function () {
47
-    var defs = {};
48
-
49
-    Object.keys(module.exports.defaults).forEach(function (key) {
50
-      defs[key] = defs[deps] || module.exports.defaults[key];
51
-    });
52
-
53
-    return defs;
54
-  };
55
-  acme2.stagingServerUrl = module.exports.defaults.stagingServerUrl;
56
-  acme2.productionServerUrl = module.exports.defaults.productionServerUrl;
57
-  acme2.acmeChallengePrefix = module.exports.defaults.acmeChallengePrefix;
58
-  return acme2;
59
-}
60
-
61
-module.exports.ACME = { };
62
-module.exports.defaults = {
63
-  productionServerUrl:    'https://acme-v02.api.letsencrypt.org/directory'
64
-, stagingServerUrl:       'https://acme-staging-v02.api.letsencrypt.org/directory'
65
-, knownEndpoints:         [ 'keyChange', 'meta', 'newAccount', 'newNonce', 'newOrder', 'revokeCert' ]
66
-, challengeTypes:         [ 'http-01', 'dns-01' ]
67
-, challengeType:          'http-01'
68
-//, keyType:                'rsa' // ecdsa
69
-//, keySize:                2048 // 256
70
-, rsaKeySize:             2048 // 256
71
-, acmeChallengePrefix:    '/.well-known/acme-challenge/'
72
-};
73
-Object.keys(module.exports.defaults).forEach(function (key) {
74
-  module.exports.ACME[key] = module.exports.defaults[key];
75
-});
76
-Object.keys(ACME2).forEach(function (key) {
77
-  module.exports.ACME[key] = ACME2[key];
78
-});
79
-module.exports.ACME.create = create;

+ 29
- 33
examples/cli.js View File

@@ -1,7 +1,7 @@
1 1
 'use strict';
2 2
 
3
-var RSA = require('rsa-compat').RSA;
4 3
 var readline = require('readline');
4
+var inquisitor = {};
5 5
 var rl = readline.createInterface({
6 6
   input: process.stdin,
7 7
   output: process.stdout
@@ -9,60 +9,56 @@ var rl = readline.createInterface({
9 9
 
10 10
 require('./genkeypair.js');
11 11
 
12
-function getWeb() {
12
+inquisitor.getWeb = function getWeb() {
13 13
   rl.question('What web address(es) would you like to get certificates for? (ex: example.com,*.example.com) ', function (web) {
14 14
     web = (web||'').trim().split(/,/g);
15
-    if (!web[0]) { getWeb(); return; }
15
+    if (!web[0]) { inquisitor.getWeb(); return; }
16 16
 
17 17
     if (web.some(function (w) { return '*' === w[0]; })) {
18 18
       console.log('Wildcard domains must use dns-01');
19
-      getEmail(web, 'dns-01');
19
+      inquisitor.getEmail(web, 'dns-01');
20 20
     } else {
21
-      getChallengeType(web);
21
+      inquisitor.getChallengeType(web);
22 22
     }
23 23
   });
24
-}
24
+};
25 25
 
26
-function getChallengeType(web) {
26
+inquisitor.getChallengeType = function getChallengeType(web) {
27 27
   rl.question('What challenge will you be testing today? http-01 or dns-01? [http-01] ', function (chType) {
28 28
     chType = (chType||'').trim();
29 29
     if (!chType) { chType = 'http-01'; }
30 30
 
31
-    getEmail(web, chType);
31
+    inquisitor.getEmail(web, chType);
32 32
   });
33
-}
33
+};
34 34
 
35
-function getEmail(web, chType) {
35
+inquisitor.getEmail = function getEmail(web, chType) {
36 36
   rl.question('What email should we use? (optional) ', function (email) {
37 37
     email = (email||'').trim();
38 38
     if (!email) { email = null; }
39 39
 
40
-    getApiStyle(web, chType, email);
40
+    inquisitor.getDirectoryUrl(web, chType, email);
41 41
   });
42
-}
42
+};
43 43
 
44
-function getApiStyle(web, chType, email) {
45
-  var defaultStyle = 'compat';
46
-  rl.question('What API style would you like to test? v1-compat or promise? [v1-compat] ', function (apiStyle) {
47
-    apiStyle = (apiStyle||'').trim();
48
-    if (!apiStyle) { apiStyle = 'v1-compat'; }
44
+inquisitor.getDirectoryUrl = function getDirectoryUrl(web, chType, email) {
45
+  var defaultDirectoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
46
+  rl.question('What directoryUrl should we use? [' + defaultDirectoryUrl + '] ', function (directoryUrl) {
47
+    directoryUrl = (directoryUrl||'').trim();
48
+    if (!directoryUrl) { directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory'; }
49 49
 
50
-    rl.close();
50
+    inquisitor.run(directoryUrl, web, chType, email);
51
+  });
52
+};
51 53
 
52
-    var RSA = require('rsa-compat').RSA;
53
-    var accountKeypair = RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/../tests/account.privkey.pem') });
54
-    var domainKeypair = RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/../tests/privkey.pem') });
55
-    var directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
54
+inquisitor.run = function run(directoryUrl, web, chType, email) {
55
+  rl.close();
56 56
 
57
-    if ('promise' === apiStyle) {
58
-      require('../tests/promise.js').run(directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair);
59
-    } else if ('cb' === apiStyle) {
60
-      require('../tests/cb.js').run(directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair);
61
-    } else {
62
-      if ('v1-compat' !== apiStyle) { console.warn("Didn't understand '" + apiStyle + "', using 'v1-compat' instead..."); }
63
-      require('../tests/compat.js').run(directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair);
64
-    }
65
-  });
66
-}
57
+  var RSA = require('rsa-compat').RSA;
58
+  var accountKeypair = RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/../tests/account.privkey.pem') });
59
+  var domainKeypair = RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/../tests/privkey.pem') });
60
+
61
+  require('../tests/promise.js').run(directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair);
62
+};
67 63
 
68
-getWeb();
64
+inquisitor.getWeb();

+ 3
- 684
node.js View File

@@ -1,684 +1,3 @@
1
-/*!
2
- * acme-v2.js
3
- * Copyright(c) 2018 AJ ONeal <aj@ppl.family> https://ppl.family
4
- * Apache-2.0 OR MIT (and hence also MPL 2.0)
5
- */
6
-'use strict';
7
-/* globals Promise */
8
-
9
-var ACME = module.exports.ACME = {};
10
-
11
-ACME.challengePrefixes = {
12
-  'http-01': '/.well-known/acme-challenge'
13
-, 'dns-01': '_acme-challenge'
14
-};
15
-ACME.challengeTests = {
16
-  'http-01': function (me, auth) {
17
-    var url = 'http://' + auth.hostname + ACME.challengePrefixes['http-01'] + '/' + auth.token;
18
-    return me._request({ url: url }).then(function (resp) {
19
-      var err;
20
-
21
-      if (auth.keyAuthorization === resp.body.toString('utf8').trim()) {
22
-        return true;
23
-      }
24
-
25
-      err = new Error(
26
-        "Error: Failed HTTP-01 Dry Run.\n"
27
-      + "curl '" + url + "' does not return '" + auth.keyAuthorization + "'\n"
28
-      + "See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4"
29
-      );
30
-      err.code = 'E_FAIL_DRY_CHALLENGE';
31
-      return Promise.reject(err);
32
-    });
33
-  }
34
-, 'dns-01': function (me, auth) {
35
-    var hostname = ACME.challengePrefixes['dns-01'] + '.' + auth.hostname;
36
-    return me._dig({
37
-      type: 'TXT'
38
-    , name: hostname
39
-    }).then(function (ans) {
40
-      var err;
41
-
42
-      if (ans.answer.some(function (txt) {
43
-        return auth.dnsAuthorization === txt.data[0];
44
-      })) {
45
-        return true;
46
-      }
47
-
48
-      err = new Error(
49
-        "Error: Failed DNS-01 Dry Run.\n"
50
-      + "dig TXT '" + hostname + "' does not return '" + auth.dnsAuthorization + "'\n"
51
-      + "See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4"
52
-      );
53
-      err.code = 'E_FAIL_DRY_CHALLENGE';
54
-      return Promise.reject(err);
55
-    });
56
-  }
57
-};
58
-
59
-ACME._getUserAgentString = function (deps) {
60
-  var uaDefaults = {
61
-      pkg: "Greenlock/" + deps.pkg.version
62
-    , os: "(" + deps.os.type() + "; " + deps.process.arch + " " + deps.os.platform() + " " + deps.os.release() + ")"
63
-    , node: "Node.js/" + deps.process.version
64
-    , user: ''
65
-  };
66
-
67
-  var userAgent = [];
68
-
69
-  //Object.keys(currentUAProps)
70
-  Object.keys(uaDefaults).forEach(function (key) {
71
-    if (uaDefaults[key]) {
72
-      userAgent.push(uaDefaults[key]);
73
-    }
74
-  });
75
-
76
-  return userAgent.join(' ').trim();
77
-};
78
-ACME._directory = function (me) {
79
-  return me._request({ url: me.directoryUrl, json: true });
80
-};
81
-ACME._getNonce = function (me) {
82
-  if (me._nonce) { return new Promise(function (resolve) { resolve(me._nonce); return; }); }
83
-  return me._request({ method: 'HEAD', url: me._directoryUrls.newNonce }).then(function (resp) {
84
-    me._nonce = resp.toJSON().headers['replay-nonce'];
85
-    return me._nonce;
86
-  });
87
-};
88
-// ACME RFC Section 7.3 Account Creation
89
-/*
90
- {
91
-   "protected": base64url({
92
-     "alg": "ES256",
93
-     "jwk": {...},
94
-     "nonce": "6S8IqOGY7eL2lsGoTZYifg",
95
-     "url": "https://example.com/acme/new-account"
96
-   }),
97
-   "payload": base64url({
98
-     "termsOfServiceAgreed": true,
99
-     "onlyReturnExisting": false,
100
-     "contact": [
101
-       "mailto:cert-admin@example.com",
102
-       "mailto:admin@example.com"
103
-     ]
104
-   }),
105
-   "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I"
106
- }
107
-*/
108
-ACME._registerAccount = function (me, options) {
109
-  if (me.debug) console.debug('[acme-v2] accounts.create');
110
-
111
-  return ACME._getNonce(me).then(function () {
112
-    return new Promise(function (resolve, reject) {
113
-
114
-      function agree(tosUrl) {
115
-        var err;
116
-        if (me._tos !== tosUrl) {
117
-          err = new Error("You must agree to the ToS at '" + me._tos + "'");
118
-          err.code = "E_AGREE_TOS";
119
-          reject(err);
120
-          return;
121
-        }
122
-
123
-        var jwk = me.RSA.exportPublicJwk(options.accountKeypair);
124
-        var contact;
125
-        if (options.contact) {
126
-          contact = options.contact.slice(0);
127
-        } else if (options.email) {
128
-          contact = [ 'mailto:' + options.email ]
129
-        }
130
-        var body = {
131
-          termsOfServiceAgreed: tosUrl === me._tos
132
-        , onlyReturnExisting: false
133
-        , contact: contact
134
-        };
135
-        if (options.externalAccount) {
136
-          body.externalAccountBinding = me.RSA.signJws(
137
-            options.externalAccount.secret
138
-          , undefined
139
-          , { alg: "HS256"
140
-            , kid: options.externalAccount.id
141
-            , url: me._directoryUrls.newAccount
142
-            }
143
-          , new Buffer(JSON.stringify(jwk))
144
-          );
145
-        }
146
-        var payload = JSON.stringify(body);
147
-        var jws = me.RSA.signJws(
148
-          options.accountKeypair
149
-        , undefined
150
-        , { nonce: me._nonce
151
-          , alg: 'RS256'
152
-          , url: me._directoryUrls.newAccount
153
-          , jwk: jwk
154
-          }
155
-        , new Buffer(payload)
156
-        );
157
-
158
-        delete jws.header;
159
-        if (me.debug) console.debug('[acme-v2] accounts.create JSON body:');
160
-        if (me.debug) console.debug(jws);
161
-        me._nonce = null;
162
-        return me._request({
163
-          method: 'POST'
164
-        , url: me._directoryUrls.newAccount
165
-        , headers: { 'Content-Type': 'application/jose+json' }
166
-        , json: jws
167
-        }).then(function (resp) {
168
-          var account = resp.body;
169
-
170
-          me._nonce = resp.toJSON().headers['replay-nonce'];
171
-          var location = resp.toJSON().headers.location;
172
-          // the account id url
173
-          me._kid = location;
174
-          if (me.debug) console.debug('[DEBUG] new account location:');
175
-          if (me.debug) console.debug(location);
176
-          if (me.debug) console.debug(resp.toJSON());
177
-
178
-          /*
179
-          {
180
-            id: 5925245,
181
-            key:
182
-             { kty: 'RSA',
183
-               n: 'tBr7m1hVaUNQjUeakznGidnrYyegVUQrsQjNrcipljI9Vxvxd0baHc3vvRZWFyFO5BlS7UDl-KHQdbdqb-MQzfP6T2sNXsOHARQ41pCGY5BYzIPRJF0nD48-CY717is-7BKISv8rf9yx5iSjvK1wZ3Ke3YIpxzK2fWRqccVxXQ92VYioxOfGObACgEUSvdoEttWV2B0Uv4Sdi6zZbk5eo2zALvyGb1P4fKVfQycGLXC41AyhHOAuTqzNCyIkiWEkbfh2lZNcYClP2epS0pHRFXYyjJN6-c8InfM3PISo4k6Qew65HZ-oqUow0tTIgNwuen9q5O6Hc73GvU-2npGJVQ',
184
-               e: 'AQAB' },
185
-            contact: [],
186
-            initialIp: '198.199.82.211',
187
-            createdAt: '2018-04-16T00:41:00.720584972Z',
188
-            status: 'valid'
189
-          }
190
-          */
191
-          if (!account) { account = { _emptyResponse: true, key: {} }; }
192
-          account.key.kid = me._kid;
193
-          return account;
194
-        }).then(resolve, reject);
195
-      }
196
-
197
-      if (me.debug) console.debug('[acme-v2] agreeToTerms');
198
-      if (1 === options.agreeToTerms.length) {
199
-        // newer promise API
200
-        return options.agreeToTerms(me._tos).then(agree, reject);
201
-      }
202
-      else if (2 === options.agreeToTerms.length) {
203
-        // backwards compat cb API
204
-        return options.agreeToTerms(me._tos, function (err, tosUrl) {
205
-          if (!err) { agree(tosUrl); return; }
206
-          reject(err);
207
-        });
208
-      }
209
-      else {
210
-        reject(new Error('agreeToTerms has incorrect function signature.'
211
-          + ' Should be fn(tos) { return Promise<tos>; }'));
212
-      }
213
-    });
214
-  });
215
-};
216
-/*
217
- POST /acme/new-order HTTP/1.1
218
- Host: example.com
219
- Content-Type: application/jose+json
220
-
221
- {
222
-   "protected": base64url({
223
-     "alg": "ES256",
224
-     "kid": "https://example.com/acme/acct/1",
225
-     "nonce": "5XJ1L3lEkMG7tR6pA00clA",
226
-     "url": "https://example.com/acme/new-order"
227
-   }),
228
-   "payload": base64url({
229
-     "identifiers": [{"type:"dns","value":"example.com"}],
230
-     "notBefore": "2016-01-01T00:00:00Z",
231
-     "notAfter": "2016-01-08T00:00:00Z"
232
-   }),
233
-   "signature": "H6ZXtGjTZyUnPeKn...wEA4TklBdh3e454g"
234
- }
235
-*/
236
-ACME._getChallenges = function (me, options, auth) {
237
-  if (me.debug) console.debug('\n[DEBUG] getChallenges\n');
238
-  return me._request({ method: 'GET', url: auth, json: true }).then(function (resp) {
239
-    return resp.body;
240
-  });
241
-};
242
-ACME._wait = function wait(ms) {
243
-  return new Promise(function (resolve) {
244
-    setTimeout(resolve, (ms || 1100));
245
-  });
246
-};
247
-// https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1
248
-ACME._postChallenge = function (me, options, identifier, ch) {
249
-  var count = 0;
250
-
251
-  var thumbprint = me.RSA.thumbprint(options.accountKeypair);
252
-  var keyAuthorization = ch.token + '.' + thumbprint;
253
-  //   keyAuthorization = token || '.' || base64url(JWK_Thumbprint(accountKey))
254
-  //   /.well-known/acme-challenge/:token
255
-  var auth = {
256
-    identifier: identifier
257
-  , hostname: identifier.value
258
-  , type: ch.type
259
-  , token: ch.token
260
-  , thumbprint: thumbprint
261
-  , keyAuthorization: keyAuthorization
262
-  , dnsAuthorization: me.RSA.utils.toWebsafeBase64(
263
-      require('crypto').createHash('sha256').update(keyAuthorization).digest('base64')
264
-    )
265
-  };
266
-
267
-  return new Promise(function (resolve, reject) {
268
-    /*
269
-     POST /acme/authz/1234 HTTP/1.1
270
-     Host: example.com
271
-     Content-Type: application/jose+json
272
-
273
-     {
274
-       "protected": base64url({
275
-         "alg": "ES256",
276
-         "kid": "https://example.com/acme/acct/1",
277
-         "nonce": "xWCM9lGbIyCgue8di6ueWQ",
278
-         "url": "https://example.com/acme/authz/1234"
279
-       }),
280
-       "payload": base64url({
281
-         "status": "deactivated"
282
-       }),
283
-       "signature": "srX9Ji7Le9bjszhu...WTFdtujObzMtZcx4"
284
-     }
285
-     */
286
-    function deactivate() {
287
-      var jws = me.RSA.signJws(
288
-        options.accountKeypair
289
-      , undefined
290
-      , { nonce: me._nonce, alg: 'RS256', url: ch.url, kid: me._kid }
291
-      , new Buffer(JSON.stringify({ "status": "deactivated" }))
292
-      );
293
-      me._nonce = null;
294
-      return me._request({
295
-        method: 'POST'
296
-      , url: ch.url
297
-      , headers: { 'Content-Type': 'application/jose+json' }
298
-      , json: jws
299
-      }).then(function (resp) {
300
-        if (me.debug) console.debug('[acme-v2.js] deactivate:');
301
-        if (me.debug) console.debug(resp.headers);
302
-        if (me.debug) console.debug(resp.body);
303
-        if (me.debug) console.debug();
304
-
305
-        me._nonce = resp.toJSON().headers['replay-nonce'];
306
-        if (me.debug) console.debug('deactivate challenge: resp.body:');
307
-        if (me.debug) console.debug(resp.body);
308
-        return ACME._wait(10 * 1000);
309
-      });
310
-    }
311
-
312
-    function pollStatus() {
313
-      if (count >= 5) {
314
-        return Promise.reject(new Error("[acme-v2] stuck in bad pending/processing state"));
315
-      }
316
-
317
-      count += 1;
318
-
319
-      if (me.debug) console.debug('\n[DEBUG] statusChallenge\n');
320
-      return me._request({ method: 'GET', url: ch.url, json: true }).then(function (resp) {
321
-
322
-        if ('processing' === resp.body.status) {
323
-          if (me.debug) console.debug('poll: again');
324
-          return ACME._wait(1 * 1000).then(pollStatus);
325
-        }
326
-
327
-        // This state should never occur
328
-        if ('pending' === resp.body.status) {
329
-          if (count >= 4) {
330
-            return ACME._wait(1 * 1000).then(deactivate).then(testChallenge);
331
-          }
332
-          if (me.debug) console.debug('poll: again');
333
-          return ACME._wait(1 * 1000).then(testChallenge);
334
-        }
335
-
336
-        if ('valid' === resp.body.status) {
337
-          if (me.debug) console.debug('poll: valid');
338
-
339
-          try {
340
-            if (1 === options.removeChallenge.length) {
341
-              options.removeChallenge(auth).then(function () {}, function () {});
342
-            } else if (2 === options.removeChallenge.length) {
343
-              options.removeChallenge(auth, function (err) { return err; });
344
-            } else {
345
-              options.removeChallenge(identifier.value, ch.token, function () {});
346
-            }
347
-          } catch(e) {}
348
-          return resp.body;
349
-        }
350
-
351
-        if (!resp.body.status) {
352
-          console.error("[acme-v2] (E_STATE_EMPTY) empty challenge state:");
353
-        }
354
-        else if ('invalid' === resp.body.status) {
355
-          console.error("[acme-v2] (E_STATE_INVALID) invalid challenge state:");
356
-        }
357
-        else {
358
-          console.error("[acme-v2] (E_STATE_UKN) unkown challenge state:");
359
-        }
360
-
361
-        return Promise.reject(new Error("[acme-v2] challenge state error"));
362
-      });
363
-    }
364
-
365
-    function respondToChallenge() {
366
-      var jws = me.RSA.signJws(
367
-        options.accountKeypair
368
-      , undefined
369
-      , { nonce: me._nonce, alg: 'RS256', url: ch.url, kid: me._kid }
370
-      , new Buffer(JSON.stringify({ }))
371
-      );
372
-      me._nonce = null;
373
-      return me._request({
374
-        method: 'POST'
375
-      , url: ch.url
376
-      , headers: { 'Content-Type': 'application/jose+json' }
377
-      , json: jws
378
-      }).then(function (resp) {
379
-        if (me.debug) console.debug('[acme-v2.js] challenge accepted!');
380
-        if (me.debug) console.debug(resp.headers);
381
-        if (me.debug) console.debug(resp.body);
382
-        if (me.debug) console.debug();
383
-
384
-        me._nonce = resp.toJSON().headers['replay-nonce'];
385
-        if (me.debug) console.debug('respond to challenge: resp.body:');
386
-        if (me.debug) console.debug(resp.body);
387
-        return ACME._wait(1 * 1000).then(pollStatus).then(resolve, reject);
388
-      });
389
-    }
390
-
391
-    function failChallenge(err) {
392
-      if (err) { reject(err); return; }
393
-      return testChallenge();
394
-    }
395
-
396
-    function testChallenge() {
397
-      // TODO put check dns / http checks here?
398
-      // http-01: GET https://example.org/.well-known/acme-challenge/{{token}} => {{keyAuth}}
399
-      // dns-01: TXT _acme-challenge.example.org. => "{{urlSafeBase64(sha256(keyAuth))}}"
400
-
401
-      if (me.debug) {console.debug('\n[DEBUG] postChallenge\n'); }
402
-      //if (me.debug) console.debug('\n[DEBUG] stop to fix things\n'); return;
403
-
404
-      return ACME._wait(1 * 1000).then(function () {
405
-        if (!me.skipChallengeTest) {
406
-          return ACME.challengeTests[ch.type](me, auth);
407
-        }
408
-      }).then(respondToChallenge);
409
-    }
410
-
411
-    try {
412
-      if (1 === options.setChallenge.length) {
413
-        options.setChallenge(auth).then(testChallenge, reject);
414
-      } else if (2 === options.setChallenge.length) {
415
-        options.setChallenge(auth, failChallenge);
416
-      } else {
417
-        options.setChallenge(identifier.value, ch.token, keyAuthorization, failChallenge);
418
-      }
419
-    } catch(e) {
420
-      reject(e);
421
-    }
422
-  });
423
-};
424
-ACME._finalizeOrder = function (me, options, validatedDomains) {
425
-  if (me.debug) console.debug('finalizeOrder:');
426
-  var csr = me.RSA.generateCsrWeb64(options.domainKeypair, validatedDomains);
427
-  var body = { csr: csr };
428
-  var payload = JSON.stringify(body);
429
-
430
-  function pollCert() {
431
-    var jws = me.RSA.signJws(
432
-      options.accountKeypair
433
-    , undefined
434
-    , { nonce: me._nonce, alg: 'RS256', url: me._finalize, kid: me._kid }
435
-    , new Buffer(payload)
436
-    );
437
-
438
-    if (me.debug) console.debug('finalize:', me._finalize);
439
-    me._nonce = null;
440
-    return me._request({
441
-      method: 'POST'
442
-    , url: me._finalize
443
-    , headers: { 'Content-Type': 'application/jose+json' }
444
-    , json: jws
445
-    }).then(function (resp) {
446
-      // https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.1.3
447
-      // Possible values are: "pending" => ("invalid" || "ready") => "processing" => "valid"
448
-      me._nonce = resp.toJSON().headers['replay-nonce'];
449
-
450
-      if (me.debug) console.debug('order finalized: resp.body:');
451
-      if (me.debug) console.debug(resp.body);
452
-
453
-      if ('valid' === resp.body.status) {
454
-        me._expires = resp.body.expires;
455
-        me._certificate = resp.body.certificate;
456
-
457
-        return resp.body;
458
-      }
459
-
460
-      if ('processing' === resp.body.status) {
461
-        return ACME._wait().then(pollCert);
462
-      }
463
-
464
-      if (me.debug) console.debug("Error: bad status:\n" + JSON.stringify(resp.body, null, 2));
465
-
466
-      if ('pending' === resp.body.status) {
467
-        return Promise.reject(new Error(
468
-          "Did not finalize order: status 'pending'."
469
-        + " Best guess: You have not accepted at least one challenge for each domain." + "\n\n"
470
-        + JSON.stringify(resp.body, null, 2)
471
-        ));
472
-      }
473
-
474
-      if ('invalid' === resp.body.status) {
475
-        return Promise.reject(new Error(
476
-          "Did not finalize order: status 'invalid'."
477
-        + " Best guess: One or more of the domain challenges could not be verified"
478
-        + " (or the order was canceled)." + "\n\n"
479
-        + JSON.stringify(resp.body, null, 2)
480
-        ));
481
-      }
482
-
483
-      if ('ready' === resp.body.status) {
484
-        return Promise.reject(new Error(
485
-          "Did not finalize order: status 'ready'."
486
-        + " Hmmm... this state shouldn't be possible here. That was the last state."
487
-        + " This one should at least be 'processing'." + "\n\n"
488
-        + JSON.stringify(resp.body, null, 2) + "\n\n"
489
-        + "Please open an issue at https://git.coolaj86.com/coolaj86/acme-v2.js"
490
-        ));
491
-      }
492
-
493
-      return Promise.reject(new Error(
494
-        "Didn't finalize order: Unhandled status '" + resp.body.status + "'."
495
-      + " This is not one of the known statuses...\n\n"
496
-      + JSON.stringify(resp.body, null, 2) + "\n\n"
497
-      + "Please open an issue at https://git.coolaj86.com/coolaj86/acme-v2.js"
498
-      ));
499
-    });
500
-  }
501
-
502
-  return pollCert();
503
-};
504
-ACME._getCertificate = function (me, options) {
505
-  if (me.debug) console.debug('[acme-v2] DEBUG get cert 1');
506
-
507
-  if (!options.challengeTypes) {
508
-    if (!options.challengeType) {
509
-      return Promise.reject(new Error("challenge type must be specified"));
510
-    }
511
-    options.challengeTypes = [ options.challengeType ];
512
-  }
513
-
514
-  if (!me._kid) {
515
-    if (options.accountKid) {
516
-      me._kid = options.accountKid;
517
-    } else {
518
-      //return Promise.reject(new Error("must include KeyID"));
519
-      return ACME._registerAccount(me, options).then(function () {
520
-        return ACME._getCertificate(me, options);
521
-      });
522
-    }
523
-  }
524
-
525
-  if (me.debug) console.debug('[acme-v2] certificates.create');
526
-  return ACME._getNonce(me).then(function () {
527
-    var body = {
528
-      identifiers: options.domains.map(function (hostname) {
529
-        return { type: "dns" , value: hostname };
530
-      })
531
-      //, "notBefore": "2016-01-01T00:00:00Z"
532
-      //, "notAfter": "2016-01-08T00:00:00Z"
533
-    };
534
-
535
-    var payload = JSON.stringify(body);
536
-    var jws = me.RSA.signJws(
537
-      options.accountKeypair
538
-    , undefined
539
-    , { nonce: me._nonce, alg: 'RS256', url: me._directoryUrls.newOrder, kid: me._kid }
540
-    , new Buffer(payload)
541
-    );
542
-
543
-    if (me.debug) console.debug('\n[DEBUG] newOrder\n');
544
-    me._nonce = null;
545
-    return me._request({
546
-      method: 'POST'
547
-    , url: me._directoryUrls.newOrder
548
-    , headers: { 'Content-Type': 'application/jose+json' }
549
-    , json: jws
550
-    }).then(function (resp) {
551
-      me._nonce = resp.toJSON().headers['replay-nonce'];
552
-      var location = resp.toJSON().headers.location;
553
-      var auths;
554
-      if (me.debug) console.debug(location); // the account id url
555
-      if (me.debug) console.debug(resp.toJSON());
556
-      me._authorizations = resp.body.authorizations;
557
-      me._order = location;
558
-      me._finalize = resp.body.finalize;
559
-      //if (me.debug) console.debug('[DEBUG] finalize:', me._finalize); return;
560
-
561
-      if (!me._authorizations) {
562
-        console.error("[acme-v2.js] authorizations were not fetched:");
563
-        console.error(resp.body);
564
-        return Promise.reject(new Error("authorizations were not fetched"));
565
-      }
566
-      if (me.debug) console.debug("47 &#&#&#&#&#&#&&##&#&#&#&#&#&#&#&");
567
-
568
-      //return resp.body;
569
-      auths = me._authorizations.slice(0);
570
-
571
-      function next() {
572
-        var authUrl = auths.shift();
573
-        if (!authUrl) { return; }
574
-
575
-        return ACME._getChallenges(me, options, authUrl).then(function (results) {
576
-          // var domain = options.domains[i]; // results.identifier.value
577
-          var chType = options.challengeTypes.filter(function (chType) {
578
-            return results.challenges.some(function (ch) {
579
-              return ch.type === chType;
580
-            });
581
-          })[0];
582
-
583
-          var challenge = results.challenges.filter(function (ch) {
584
-            if (chType === ch.type) {
585
-              return ch;
586
-            }
587
-          })[0];
588
-
589
-          if (!challenge) {
590
-            return Promise.reject(new Error("Server didn't offer any challenge we can handle."));
591
-          }
592
-
593
-          return ACME._postChallenge(me, options, results.identifier, challenge);
594
-        }).then(function () {
595
-          return next();
596
-        });
597
-      }
598
-
599
-      return next().then(function () {
600
-        if (me.debug) console.debug("37 &#&#&#&#&#&#&&##&#&#&#&#&#&#&#&");
601
-        var validatedDomains = body.identifiers.map(function (ident) {
602
-          return ident.value;
603
-        });
604
-
605
-        return ACME._finalizeOrder(me, options, validatedDomains);
606
-      }).then(function () {
607
-        if (me.debug) console.debug('acme-v2: order was finalized');
608
-        return me._request({ method: 'GET', url: me._certificate, json: true }).then(function (resp) {
609
-          if (me.debug) console.debug('acme-v2: csr submitted and cert received:');
610
-          if (me.debug) console.debug(resp.body);
611
-          return resp.body;
612
-        });
613
-      });
614
-    });
615
-  });
616
-};
617
-
618
-ACME.create = function create(me) {
619
-  if (!me) { me = {}; }
620
-  // me.debug = true;
621
-  me.challengePrefixes = ACME.challengePrefixes;
622
-  me.RSA = me.RSA || require('rsa-compat').RSA;
623
-  me.request = me.request || require('request');
624
-  me._dig = function (query) {
625
-    // TODO use digd.js
626
-    return new Promise(function (resolve, reject) {
627
-      var dns = require('dns');
628
-      dns.resolveTxt(query.name, function (err, records) {
629
-        if (err) { reject(err); return; }
630
-
631
-        resolve({
632
-          answer: records.map(function (rr) {
633
-            return {
634
-              data: rr
635
-            };
636
-          })
637
-        });
638
-      });
639
-    });
640
-  };
641
-  me.promisify = me.promisify || require('util').promisify /*node v8+*/ || require('bluebird').promisify /*node v6*/;
642
-
643
-
644
-  if ('function' !== typeof me.getUserAgentString) {
645
-    me.pkg = me.pkg || require('./package.json');
646
-    me.os = me.os || require('os');
647
-    me.process = me.process || require('process');
648
-    me.userAgent = ACME._getUserAgentString(me);
649
-  }
650
-
651
-  function getRequest(opts) {
652
-    if (!opts) { opts = {}; }
653
-
654
-    return me.request.defaults({
655
-      headers: {
656
-        'User-Agent': opts.userAgent || me.userAgent || me.getUserAgentString(me)
657
-      }
658
-    });
659
-  }
660
-
661
-  if ('function' !== typeof me._request) {
662
-    me._request = me.promisify(getRequest({}));
663
-  }
664
-
665
-  me.init = function (_directoryUrl) {
666
-    me.directoryUrl = me.directoryUrl || _directoryUrl;
667
-    return ACME._directory(me).then(function (resp) {
668
-      me._directoryUrls = resp.body;
669
-      me._tos = me._directoryUrls.meta.termsOfService;
670
-      return me._directoryUrls;
671
-    });
672
-  };
673
-  me.accounts = {
674
-    create: function (options) {
675
-      return ACME._registerAccount(me, options);
676
-    }
677
-  };
678
-  me.certificates = {
679
-    create: function (options) {
680
-      return ACME._getCertificate(me, options);
681
-    }
682
-  };
683
-  return me;
684
-};
1
+// For the time being I'm still pulling in my acme-v2 module until I transition over
2
+// I export as ".ACME" rather than bare so that this can be compatible with the browser version too
3
+module.exports.ACME = require('acme-v2').ACME;

+ 6
- 5
package.json View File

@@ -1,15 +1,15 @@
1 1
 {
2
-  "name": "acme-v2",
3
-  "version": "1.0.7",
4
-  "description": "Free SSL. A framework for building Let's Encrypt v2 clients, and other ACME v2 (draft 11) clients. Successor to le-acme-core.js",
5
-  "homepage": "https://git.coolaj86.com/coolaj86/acme-v2.js",
2
+  "name": "acme",
3
+  "version": "1.0.0",
4
+  "description": "Free SSL for everybody. The bare essentials of the Let's Encrypt v2 (ACME draft 11) API. Built for Greenlock.",
5
+  "homepage": "https://git.coolaj86.com/coolaj86/acme.js",
6 6
   "main": "node.js",
7 7
   "scripts": {
8 8
     "test": "echo \"Error: no test specified\" && exit 1"
9 9
   },
10 10
   "repository": {
11 11
     "type": "git",
12
-    "url": "ssh://gitea@git.coolaj86.com:22042/coolaj86/acme-v2.js.git"
12
+    "url": "ssh://gitea@git.coolaj86.com:22042/coolaj86/acme.js.git"
13 13
   },
14 14
   "keywords": [
15 15
     "acmev2",
@@ -39,6 +39,7 @@
39 39
   "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
40 40
   "license": "(MIT OR Apache-2.0)",
41 41
   "dependencies": {
42
+    "acme-v2": "^1.0.7",
42 43
     "request": "^2.85.0",
43 44
     "rsa-compat": "^1.3.0"
44 45
   },

+ 0
- 79
tests/cb.js View File

@@ -1,79 +0,0 @@
1
-'use strict';
2
-
3
-module.exports.run = function run(directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair) {
4
-  // [ 'test.ppl.family' ] 'coolaj86@gmail.com''http-01'
5
-  var acme2 = require('../').ACME.create({ RSA: RSA });
6
-  acme2.init(directoryUrl).then(function () {
7
-    var options = {
8
-      agreeToTerms: function (tosUrl, agree) {
9
-        agree(null, tosUrl);
10
-      }
11
-    , setChallenge: function (opts, cb) {
12
-        var pathname;
13
-
14
-        console.log("");
15
-        console.log('identifier:');
16
-        console.log(opts.identifier);
17
-        console.log('hostname:');
18
-        console.log(opts.hostname);
19
-        console.log('type:');
20
-        console.log(opts.type);
21
-        console.log('token:');
22
-        console.log(opts.token);
23
-        console.log('thumbprint:');
24
-        console.log(opts.thumbprint);
25
-        console.log('keyAuthorization:');
26
-        console.log(opts.keyAuthorization);
27
-        console.log('dnsAuthorization:');
28
-        console.log(opts.dnsAuthorization);
29
-        console.log("");
30
-
31
-        if ('http-01' === opts.type) {
32
-          pathname = opts.hostname + acme2.challengePrefixes['http-01'] + "/" + opts.token;
33
-          console.log("Put the string '" + opts.keyAuthorization + "' into a file at '" + pathname + "'");
34
-          console.log("echo '" + opts.keyAuthorization + "' > '" + pathname + "'");
35
-        } else if ('dns-01' === opts.type) {
36
-          pathname = acme2.challengePrefixes['dns-01'] + "." + opts.hostname.replace(/^\*\./, '');
37
-          console.log("Put the string '" + opts.dnsAuthorization + "' into the TXT record '" + pathname + "'");
38
-          console.log("ddig TXT " + pathname + " '" + opts.dnsAuthorization + "'");
39
-        } else {
40
-          cb(new Error("[acme-v2] unrecognized challenge type"));
41
-          return;
42
-        }
43
-        console.log("\nThen hit the 'any' key to continue...");
44
-
45
-        function onAny() {
46
-          console.log("'any' key was hit");
47
-          process.stdin.pause();
48
-          process.stdin.removeListener('data', onAny);
49
-          process.stdin.setRawMode(false);
50
-          cb();
51
-        }
52
-
53
-        process.stdin.setRawMode(true);
54
-        process.stdin.resume();
55
-        process.stdin.on('data', onAny);
56
-      }
57
-    , removeChallenge: function (opts, cb) {
58
-        // hostname, key
59
-        console.log('[acme-v2] remove challenge', opts.hostname, opts.keyAuthorization);
60
-        setTimeout(cb, 1 * 1000);
61
-      }
62
-    , challengeType: chType
63
-    , email: email
64
-    , accountKeypair: accountKeypair
65
-    , domainKeypair: domainKeypair
66
-    , domains: web
67
-    };
68
-
69
-    acme2.accounts.create(options).then(function (account) {
70
-      console.log('[acme-v2] account:');
71
-      console.log(account);
72
-
73
-      acme2.certificates.create(options).then(function (fullchainPem) {
74
-        console.log('[acme-v2] fullchain.pem:');
75
-        console.log(fullchainPem);
76
-      });
77
-    });
78
-  });
79
-};

+ 0
- 55
tests/compat.js View File

@@ -1,55 +0,0 @@
1
-'use strict';
2
-
3
-module.exports.run = function (directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair) {
4
-  console.log('[DEBUG] run', web, chType, email);
5
-
6
-  var acme2 = require('../compat.js').ACME.create({ RSA: RSA });
7
-  acme2.getAcmeUrls(acme2.stagingServerUrl, function (err/*, directoryUrls*/) {
8
-    if (err) { console.log('err 1'); throw err; }
9
-
10
-    var options = {
11
-      agreeToTerms: function (tosUrl, agree) {
12
-        agree(null, tosUrl);
13
-      }
14
-    , setChallenge: function (hostname, token, val, cb) {
15
-        var pathname = hostname + acme2.acmeChallengePrefix + token;
16
-        console.log("Put the string '" + val + "' into a file at '" + pathname + "'");
17
-        console.log("echo '" + val + "' > '" + pathname + "'");
18
-        console.log("\nThen hit the 'any' key to continue...");
19
-
20
-        function onAny() {
21
-          console.log("'any' key was hit");
22
-          process.stdin.pause();
23
-          process.stdin.removeListener('data', onAny);
24
-          process.stdin.setRawMode(false);
25
-          cb();
26
-        }
27
-
28
-        process.stdin.setRawMode(true);
29
-        process.stdin.resume();
30
-        process.stdin.on('data', onAny);
31
-      }
32
-    , removeChallenge: function (hostname, key, cb) {
33
-        console.log('[DEBUG] remove challenge', hostname, key);
34
-        setTimeout(cb, 1 * 1000);
35
-      }
36
-    , challengeType: chType
37
-    , email: email
38
-    , accountKeypair: accountKeypair
39
-    , domainKeypair: domainKeypair
40
-    , domains: web
41
-    };
42
-
43
-    acme2.registerNewAccount(options, function (err, account) {
44
-      if (err) { console.log('err 2'); throw err; }
45
-      if (options.debug) console.debug('account:');
46
-      if (options.debug) console.log(account);
47
-
48
-      acme2.getCertificate(options, function (err, fullchainPem) {
49
-        if (err) { console.log('err 3'); throw err; }
50
-        console.log('[acme-v2] A fullchain.pem:');
51
-        console.log(fullchainPem);
52
-      });
53
-    });
54
-  });
55
-};

Loading…
Cancel
Save