WIP make checks more optional

This commit is contained in:
AJ ONeal 2019-05-03 23:49:32 -06:00
parent c974cb7039
commit 11ca005142
1 changed files with 31 additions and 8 deletions

View File

@ -284,10 +284,6 @@ ACME._testChallengeOptions = function () {
];
};
ACME._testChallenges = function (me, options) {
if (me.skipChallengeTest) {
return Promise.resolve();
}
var CHECK_DELAY = 0;
return Promise.all(options.domains.map(function (identifierValue) {
// TODO we really only need one to pass, not all to pass
@ -307,6 +303,12 @@ ACME._testChallenges = function (me, options) {
+ " You must enable one of ( " + suitable + " )."
));
}
// TODO remove skipChallengeTest
if (me.skipDryRun || me.skipChallengeTest) {
return null;
}
if ('dns-01' === challenge.type) {
// Give the nameservers a moment to propagate
CHECK_DELAY = 1.5 * 1000;
@ -327,12 +329,15 @@ ACME._testChallenges = function (me, options) {
// (and protecting against challenge failure rate limits)
var dryrun = true;
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
if (!me._canUse[auth.type]) { return; }
return ACME._setChallenge(me, options, auth).then(function () {
return auth;
});
});
});
})).then(function (auths) {
auths = auths.filter(Boolean);
if (!auths.length) { /*skip actual test*/ return; }
return ACME._wait(CHECK_DELAY).then(function () {
return Promise.all(auths.map(function (auth) {
return ACME.challengeTests[auth.type](me, auth).then(function (result) {
@ -712,6 +717,7 @@ ACME._getCertificate = function (me, options) {
}).then(function (resp) {
var location = resp.headers.location;
var setAuths;
var validAuths = [];
var auths = [];
if (me.debug) { console.debug('[ordered]', location); } // the account id url
if (me.debug) { console.debug(resp); }
@ -756,16 +762,32 @@ ACME._getCertificate = function (me, options) {
});
}
function challengeNext() {
function checkNext() {
var auth = auths.shift();
if (!auth) { return; }
if (!me._canUse[auth.type] || me.skipChallengeTest) {
// not so much "valid" as "not invalid"
// but in this case we can't confirm either way
validAuths.push(auth);
return Promise.resolve();
}
return ACME.challengeTests[auth.type](me, auth).then(function () {
validAuths.push(auth);
}).then(checkNext);
}
function challengeNext() {
var auth = validAuths.shift();
if (!auth) { return; }
return ACME._postChallenge(me, options, auth).then(challengeNext);
}
// First we set every challenge
// Then we ask for each challenge to be checked
// Doing otherwise would potentially cause us to poison our own DNS cache with misses
return setNext().then(challengeNext).then(function () {
return setNext().then(checkNext).then(challengeNext).then(function () {
if (me.debug) { console.debug("[getCertificate] next.then"); }
var validatedDomains = body.identifiers.map(function (ident) {
return ident.value;
@ -809,6 +831,7 @@ ACME.create = function create(me) {
me.challengePrefixes = ACME.challengePrefixes;
me.Keypairs = me.Keypairs || me.RSA || require('rsa-compat').RSA;
me._nonces = [];
me._canCheck = {};
if (!me._baseUrl) {
me._baseUrl = "";
}
@ -848,8 +871,8 @@ ACME.create = function create(me) {
if (!me.skipChallengeTest) {
p = me.request({ url: me._baseUrl + "/api/_acme_api_/" }).then(function (resp) {
if (resp.body.success) {
me._canCheckHttp01 = true;
me._canCheckDns01 = true;
me._canCheck['http-01'] = true;
me._canCheck['dns-01'] = true;
}
}).catch(function () {
// ignore