fix: poll order status, not finalize status

2024-05-13 12:23:36 -06:00 · 2024-05-13 12:23:36 -06:00 · 61a435d6c2
parent 005b496054
commit 61a435d6c2
1 changed files with 129 additions and 97 deletions
--- a/index.js
+++ b/index.js
@ -900,9 +900,15 @@ ACME._finalizeOrder = function (me, options, validatedDomains) {
 	var csr = me.RSA.generateCsrWeb64(options.domainKeypair, validatedDomains);
 	var body = { csr: csr };
 	var payload = JSON.stringify(body);
+	var tried = false;
+	var orderUrl = '';

 	function pollCert() {
-		var jws = me.RSA.signJws(
+		var certReq;
+		var jws;
+		if (!tried) {
+			tried = true;
+			jws = me.RSA.signJws(
 				options.accountKeypair,
 				undefined,
 				{
@ -913,22 +919,44 @@ ACME._finalizeOrder = function (me, options, validatedDomains) {
 				},
 				Buffer.from(payload)
 			);
+			certReq = {
+				method: 'POST',
+				url: me._finalize,
+				headers: { 'Content-Type': 'application/jose+json' },
+				json: jws
+			};
+		} else {
+			jws = me.RSA.signJws(
+				options.accountKeypair,
+				undefined,
+				{
+					nonce: me._nonce,
+					alg: me._alg || 'RS256',
+					url: orderUrl,
+					kid: me._kid
+				},
+				''
+			);
+			certReq = {
+				method: 'POST',
+				url: orderUrl,
+				headers: { 'Content-Type': 'application/jose+json' },
+				json: jws
+			};
+		}

 		if (me.debug) {
 			console.debug('finalize:', me._finalize);
 		}
 		me._nonce = null;
-		return me
-			._request({
-				method: 'POST',
-				url: me._finalize,
-				headers: { 'Content-Type': 'application/jose+json' },
-				json: jws
-			})
-			.then(function (resp) {
+
+		return me._request(certReq).then(function (resp) {
 			// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.1.3
 			// Possible values are: "pending" => ("invalid" || "ready") => "processing" => "valid"
 			me._nonce = resp.toJSON().headers['replay-nonce'];
+			if (resp.headers.location) {
+				orderUrl = resp.headers.location;
+			}

 			if (me.debug) {
 				console.debug('order finalized: resp.body:');
@ -1177,7 +1205,11 @@ ACME._getCertificate = function (me, options) {
 							me._authorizations = resp.body.authorizations;
 							me._order = location;
 							me._finalize = resp.body.finalize;
-							//if (me.debug) console.debug('[DEBUG] finalize:', me._finalize); return;
+							if (me.debug)
+								console.debug('[DEBUG] pre-finalize:', resp.headers);
+							if (me.debug) console.debug('[DEBUG] pre-finalize:', resp.body);
+							if (me.debug)
+								console.debug('[DEBUG] pre-finalize:', me._finalize);

 							if (!me._authorizations) {
 								return Promise.reject(