closer to v1

This commit is contained in:
AJ ONeal 2018-04-11 17:34:18 +00:00
parent b630c118cc
commit 263eed0475
5 changed files with 91 additions and 46 deletions

113
README.md
View File

@ -1,41 +1,12 @@
acme-v2.js acme-v2.js (draft 11)
========== ==========
| Sponsored by [ppl](https://ppl.family) | Sponsored by [ppl](https://ppl.family)
A framework for building letsencrypt clients (and other ACME v2 clients), forked from `le-acme-core.js`. A framework for building letsencrypt v2 (IETF ACME draft 11), forked from `le-acme-core.js`.
Summary of spec that I'm working off of here: https://git.coolaj86.com/coolaj86/greenlock.js/issues/5#issuecomment-8 Summary of spec that I'm working off of here: https://git.coolaj86.com/coolaj86/greenlock.js/issues/5#issuecomment-8
In progress
* Mar 15, 2018 - get directory
* Mar 15, 2018 - get nonce
* Mar 15, 2018 - generate account keypair
* Mar 15, 2018 - create account
* Mar 16, 2018 - new order
* Mar 16, 2018 - get challenges
* Mar 20, 2018 - respond to challenges
* Mar 20, 2018 - generate domain keypair
* Mar 20, 2018 - finalize order (submit csr)
* Mar 20, 2018 - poll for status
* Mar 20, 2018 - download certificate
* Mar 20, 2018 - SUCCESS - got a test certificate (hard-coded)
* Mar 21, 2018 - can now accept values (not hard coded)
* Mar 21, 2018 - *mostly* matches le-acme-core.js API
* Apr 5, 2018 - completely match api for acme v1 (le-acme-core.js)
* Apr 5, 2018 - test wildcard
* Apr 5, 2018 - test two subdomains
* Apr 5, 2018 - test subdomains and its wildcard
* Apr 5, 2018 - test http and dns challenges (success and failure)
* Apr 5, 2018 - export http and dns challenge tests
* Apr 10, 2018 - tested backwards-compatibility using greenlock.js
Todo
* support ECDSA keys
* Apr 5, 2018 - appears that sometimes 'pending' status cannot be progressed to 'processing' nor 'deactivated'
## Let's Encrypt Directory URLs ## Let's Encrypt Directory URLs
``` ```
@ -48,7 +19,48 @@ https://acme-v02.api.letsencrypt.org/directory
https://acme-staging-v02.api.letsencrypt.org/directory https://acme-staging-v02.api.letsencrypt.org/directory
``` ```
## API ## Two API versions, Two Implementations
This library (acme-v2.js) supports ACME [*draft 11*](https://tools.ietf.org/html/draft-ietf-acme-acme-11),
otherwise known as Let's Encrypt v2 (or v02).
* ACME draft 11
* Let's Encrypt v2
* Let's Encrypt v02
The predecessor (le-acme-core) supports Let's Encrypt v1 (or v01), which was a
[hodge-podge of various drafts](https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md)
of the ACME spec early on.
* ACME early draft
* Let's Encrypt v1
* Let's Encrypt v01
This library maintains compatibility with le-acme-core so that it can be used as a **drop-in replacement**
and requires **no changes to existing code**,
but also provides an updated API more congruent with draft 11.
## le-acme-core-compatible API (recommended)
Status: Stable, Locked, Bugfix-only
```
var RSA = require('rsa-compat').RSA;
var acme = require('acme-v2/compat.js').ACME.create({ RSA: RSA });
//
// Use exactly the same as le-acme-core
//
```
See documentation at <https://git.coolaj86.com/coolaj86/le-acme-core.js>
## draft API (dev)
Status: Almost stable, not locked
This API is a simple evolution of le-acme-core,
but tries to provide a better mapping to the new draft 11 APIs.
``` ```
var ACME = require('acme-v2').ACME.create({ var ACME = require('acme-v2').ACME.create({
@ -110,6 +122,41 @@ Helpers & Stuff
```javascript ```javascript
// Constants // Constants
ACME.acmeChallengePrefix // /.well-known/acme-challenge/ ACME.challengePrefixes['http-01'] // '/.well-known/acme-challenge'
ACME.challengePrefixes['dns-01'] // '_acme-challenge'
``` ```
Todo
----
* support ECDSA keys
* Apr 5, 2018 - appears that sometimes 'pending' status cannot be progressed to 'processing' nor 'deactivated'
* this may be a bug in the staging API as it appears it cannot be cancelled either, but returns success status code
Changelog
---------
* v1.0.0
* Compat API is ready for use
* Eliminate debug logging
* Apr 10, 2018 - tested backwards-compatibility using greenlock.js
* Apr 5, 2018 - export http and dns challenge tests
* Apr 5, 2018 - test http and dns challenges (success and failure)
* Apr 5, 2018 - test subdomains and its wildcard
* Apr 5, 2018 - test two subdomains
* Apr 5, 2018 - test wildcard
* Apr 5, 2018 - completely match api for acme v1 (le-acme-core.js)
* Mar 21, 2018 - *mostly* matches le-acme-core.js API
* Mar 21, 2018 - can now accept values (not hard coded)
* Mar 20, 2018 - SUCCESS - got a test certificate (hard-coded)
* Mar 20, 2018 - download certificate
* Mar 20, 2018 - poll for status
* Mar 20, 2018 - finalize order (submit csr)
* Mar 20, 2018 - generate domain keypair
* Mar 20, 2018 - respond to challenges
* Mar 16, 2018 - get challenges
* Mar 16, 2018 - new order
* Mar 15, 2018 - create account
* Mar 15, 2018 - generate account keypair
* Mar 15, 2018 - get nonce
* Mar 15, 2018 - get directory

View File

@ -50,6 +50,7 @@ function create(deps) {
}; };
acme2.stagingServerUrl = module.exports.defaults.stagingServerUrl; acme2.stagingServerUrl = module.exports.defaults.stagingServerUrl;
acme2.productionServerUrl = module.exports.defaults.productionServerUrl; acme2.productionServerUrl = module.exports.defaults.productionServerUrl;
acme2.acmeChallengePrefix = module.exports.defaults.acmeChallengePrefix;
return acme2; return acme2;
} }
@ -63,11 +64,12 @@ module.exports.defaults = {
//, keyType: 'rsa' // ecdsa //, keyType: 'rsa' // ecdsa
//, keySize: 2048 // 256 //, keySize: 2048 // 256
, rsaKeySize: 2048 // 256 , rsaKeySize: 2048 // 256
, acmeChallengePrefix: '/.well-known/acme-challenge/';
}; };
Object.keys(module.exports.defaults).forEach(function (key) { Object.keys(module.exports.defaults).forEach(function (key) {
module.exports.ACME[key] = module.exports.defaults[key]; module.exports.ACME[key] = module.exports.defaults[key];
}); });
Object.keys(ACME2).forEach(function (key) { Object.keys(ACME2).forEach(function (key) {
module.exports.ACME[key] = ACME2[key]; module.exports.ACME[key] = ACME2[key];
module.exports.ACME.create = create;
}); });
module.exports.ACME.create = create;

12
node.js
View File

@ -8,15 +8,13 @@
var ACME = module.exports.ACME = {}; var ACME = module.exports.ACME = {};
ACME.acmeChallengePrefix = '/.well-known/acme-challenge/'; ACME.challengePrefixes = {
ACME.acmeChallengeDnsPrefix = '_acme-challenge';
ACME.acmeChallengePrefixes = {
'http-01': '/.well-known/acme-challenge' 'http-01': '/.well-known/acme-challenge'
, 'dns-01': '_acme-challenge' , 'dns-01': '_acme-challenge'
}; };
ACME.challengeTests = { ACME.challengeTests = {
'http-01': function (me, auth) { 'http-01': function (me, auth) {
var url = 'http://' + auth.hostname + ACME.acmeChallengePrefixes['http-01'] + '/' + auth.token; var url = 'http://' + auth.hostname + ACME.challengePrefixes['http-01'] + '/' + auth.token;
return me._request({ url: url }).then(function (resp) { return me._request({ url: url }).then(function (resp) {
var err; var err;
@ -32,7 +30,7 @@ ACME.challengeTests = {
, 'dns-01': function (me, auth) { , 'dns-01': function (me, auth) {
return me._dig({ return me._dig({
type: 'TXT' type: 'TXT'
, name: ACME.acmeChallengePrefixes['dns-01'] + '.' + auth.hostname , name: ACME.challengePrefixes['dns-01'] + '.' + auth.hostname
}).then(function (ans) { }).then(function (ans) {
var err; var err;
@ -562,9 +560,7 @@ ACME.create = function create(me) {
if (!me) { me = {}; } if (!me) { me = {}; }
// //
me.debug = true; me.debug = true;
me.acmeChallengePrefix = ACME.acmeChallengePrefix; me.challengePrefixes = ACME.challengePrefixes;
me.acmeChallengeDnsPrefix = ACME.acmeChallengeDnsPrefix;
me.acmeChallengePrefixes = ACME.acmeChallengePrefixes;
me.RSA = me.RSA || require('rsa-compat').RSA; me.RSA = me.RSA || require('rsa-compat').RSA;
me.request = me.request || require('request'); me.request = me.request || require('request');
me._dig = function (query) { me._dig = function (query) {

View File

@ -31,11 +31,11 @@ module.exports.run = function run(web, chType, email, accountKeypair, domainKeyp
console.log(""); console.log("");
if ('http-01' === opts.type) { if ('http-01' === opts.type) {
pathname = opts.hostname + acme2.acmeChallengePrefixes['http-01'] + "/" + opts.token; pathname = opts.hostname + acme2.challengePrefixes['http-01'] + "/" + opts.token;
console.log("Put the string '" + opts.keyAuthorization + "' into a file at '" + pathname + "'"); console.log("Put the string '" + opts.keyAuthorization + "' into a file at '" + pathname + "'");
console.log("echo '" + opts.keyAuthorization + "' > '" + pathname + "'"); console.log("echo '" + opts.keyAuthorization + "' > '" + pathname + "'");
} else if ('dns-01' === opts.type) { } else if ('dns-01' === opts.type) {
pathname = acme2.acmeChallengeDnsPrefix + "." + opts.hostname.replace(/^\*\./, ''); pathname = acme2.challengePrefixes['dns-01'] + "." + opts.hostname.replace(/^\*\./, '');
console.log("Put the string '" + opts.dnsAuthorization + "' into the TXT record '" + pathname + "'"); console.log("Put the string '" + opts.dnsAuthorization + "' into the TXT record '" + pathname + "'");
console.log("ddig TXT " + pathname + " '" + opts.dnsAuthorization + "'"); console.log("ddig TXT " + pathname + " '" + opts.dnsAuthorization + "'");
} else { } else {

View File

@ -33,11 +33,11 @@ module.exports.run = function run(web, chType, email, accountKeypair, domainKeyp
console.log(""); console.log("");
if ('http-01' === opts.type) { if ('http-01' === opts.type) {
pathname = opts.hostname + acme2.acmeChallengePrefixes['http-01'] + "/" + opts.token; pathname = opts.hostname + acme2.challengePrefixes['http-01'] + "/" + opts.token;
console.log("Put the string '" + opts.keyAuthorization + "' into a file at '" + pathname + "'"); console.log("Put the string '" + opts.keyAuthorization + "' into a file at '" + pathname + "'");
console.log("echo '" + opts.keyAuthorization + "' > '" + pathname + "'"); console.log("echo '" + opts.keyAuthorization + "' > '" + pathname + "'");
} else if ('dns-01' === opts.type) { } else if ('dns-01' === opts.type) {
pathname = acme2.acmeChallengeDnsPrefix + "." + opts.hostname.replace(/^\*\./, '');; pathname = acme2.challengePrefixes['dns-01'] + "." + opts.hostname.replace(/^\*\./, '');;
console.log("Put the string '" + opts.dnsAuthorization + "' into the TXT record '" + pathname + "'"); console.log("Put the string '" + opts.dnsAuthorization + "' into the TXT record '" + pathname + "'");
console.log("ddig TXT " + pathname + " '" + opts.dnsAuthorization + "'"); console.log("ddig TXT " + pathname + " '" + opts.dnsAuthorization + "'");
} else { } else {