coolaj86
/
acme.js
mirror of https://github.com/therootcompany/acme.js
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
Browse Source

remove cruft

v3
AJ ONeal 5 years ago
parent
c89e5b7882
commit
d25fa6756c
2 changed files with 62 additions and 67 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 123
      acme.js
  2. 6
      tests/index.js

123
acme.js
View File

@ -63,7 +63,7 @@ ACME.challengeTests = {
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
);
err.code = 'E_FAIL_DRY_CHALLENGE';
return Promise.reject(err);
throw err;
});
},
'dns-01': function(me, auth) {
@ -90,7 +90,7 @@ ACME.challengeTests = {
'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'
);
err.code = 'E_FAIL_DRY_CHALLENGE';
return Promise.reject(err);
throw err;
});
}
};
@ -389,7 +389,8 @@ ACME._testChallenges = function(me, options) {
});
if (!challenge) {
// For example, wildcards require dns-01 and, if we don't have that, we have to bail
var enabled = options.challengeTypes.join(', ') || 'none';
var enabled =
Object.keys(options.challenges).join(', ') || 'none';
var suitable =
challenges
.map(function(r) {
@ -481,7 +482,7 @@ ACME._testChallenges = function(me, options) {
ACME._chooseChallenge = function(options, results) {
// For each of the challenge types that we support
var challenge;
options.challengeTypes.some(function(chType) {
options._challengeTypes.some(function(chType) {
// And for each of the challenge types that are allowed
return results.challenges.some(function(ch) {
// Check to see if there are any matches
@ -907,63 +908,54 @@ ACME._getCertificate = function(me, options) {
console.debug('[acme-v2] DEBUG get cert 1');
}
// Lot's of error checking to inform the user of mistakes
if (!(options.challengeTypes || []).length) {
options.challengeTypes = Object.keys(options.challenges || {});
}
if (!options.challengeTypes.length) {
options.challengeTypes = [options.challengeType].filter(Boolean);
}
if (options.challengeType) {
options.challengeTypes.sort(function(a, b) {
if (a === options.challengeType) {
return -1;
}
if (b === options.challengeType) {
return 1;
}
return 0;
});
if (options.challengeType !== options.challengeTypes[0]) {
return Promise.reject(
new Error(
"options.challengeType is '" +
options.challengeType +
"'," +
" which does not exist in the supplied types '" +
options.challengeTypes.join(',') +
"'"
)
);
// Prefer this order for efficiency:
// * http-01 is the fasest
// * tls-alpn-01 is for networks that don't allow plain traffic
// * dns-01 is the slowest (due to DNS propagation), but is required for private networks and wildcards
var challengeTypes = Object.keys(options.challenges);
options._challengeTypes = ['http-01', 'tls-alpn-01', 'dns-01'].filter(
function(typ) {
return -1 !== challengeTypes.indexOf(typ);
}
}
);
// TODO check that all challengeTypes are represented in challenges
if (!options.challengeTypes.length) {
if (!options._challengeTypes.length) {
return Promise.reject(
new Error(
'options.challengeTypes (string array) must be specified' +
' (and in order of preferential priority).'
)
new Error('options.challenges must be specified')
);
}
if (options.csr) {
// TODO validate csr signature
options._csr = me.CSR._info(options.csr);
options.domains = options._csr.altnames;
if (options._csr.subject !== options.domains[0]) {
return Promise.reject(
new Error(
'certificate subject (commonName) does not match first altname (SAN)'
)
);
}
if (!options.csr) {
throw new Error(
'no `csr` option given (should be in DER or PEM format)'
);
}
// TODO validate csr signature?
options._csr = CSR._info(options.csr);
options.domains = options.domains || options._csr.altnames;
options._csr.altnames = options._csr.altnames || [];
if (
options.domains
.slice(0)
.sort()
.join(' ') !==
options._csr.altnames
.slice(0)
.sort()
.join(' ')
) {
throw new Error('certificate altnames do not match requested domains');
}
if (options._csr.subject !== options.domains[0]) {
throw new Error(
'certificate subject (commonName) does not match first altname (SAN)'
);
}
if (!(options.domains && options.domains.length)) {
return Promise.reject(
new Error(
'options.domains must be a list of string domain names,' +
' with the first being the subject of the certificate (or options.subject must specified).'
)
throw new Error(
'options.domains must be a list of string domain names,' +
' with the first being the subject of the certificate'
);
}
@ -1296,16 +1288,6 @@ ACME._generateCsrWeb64 = function(me, options, validatedDomains) {
csr = Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, ''));
return Promise.resolve(csr);
}
return ACME._importKeypair(me, options.serverKeypair).then(function(pair) {
return me.CSR.csr({
jwk: pair.private,
domains: validatedDomains,
encoding: 'der'
}).then(function(der) {
return Enc.bufToUrlBase64(der);
});
});
};
ACME.create = function create(me) {
@ -1315,7 +1297,6 @@ ACME.create = function create(me) {
// me.debug = true;
me.challengePrefixes = ACME.challengePrefixes;
me.Keypairs = me.Keypairs || Keypairs;
me.CSR = me.CSR || CSR;
me._nonces = [];
me._canUse = {};
if (!me._baseUrl) {
@ -1372,12 +1353,20 @@ ACME.create = function create(me) {
};
me.accounts = {
create: function(options) {
return ACME._registerAccount(me, options);
try {
return ACME._registerAccount(me, options);
} catch (e) {
return Promise.reject(e);
}
}
};
me.certificates = {
create: function(options) {
return ACME._getCertificate(me, options);
try {
return ACME._getCertificate(me, options);
} catch (e) {
return Promise.reject(e);
}
}
};
return me;

6
tests/index.js
View File

@ -13,6 +13,12 @@ var acme = ACME.create({
});
// TODO exec npm install --save-dev CHALLENGE_MODULE
if (!process.env.CHALLENGE_OPTIONS) {
console.error(
'Please create a .env in the format of examples/example.env to run the tests'
);
process.exit(1);
}
var config = {
env: process.env.ENV,

Write Preview
Loading…
Cancel
Save