From 11ca0051422dbba64f786728f0e2d8e9382ab3a1 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 3 May 2019 23:49:32 -0600 Subject: [PATCH] WIP make checks more optional --- lib/acme.js | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/lib/acme.js b/lib/acme.js index 5bb6da6..87668c4 100644 --- a/lib/acme.js +++ b/lib/acme.js @@ -284,10 +284,6 @@ ACME._testChallengeOptions = function () { ]; }; ACME._testChallenges = function (me, options) { - if (me.skipChallengeTest) { - return Promise.resolve(); - } - var CHECK_DELAY = 0; return Promise.all(options.domains.map(function (identifierValue) { // TODO we really only need one to pass, not all to pass @@ -307,6 +303,12 @@ ACME._testChallenges = function (me, options) { + " You must enable one of ( " + suitable + " )." )); } + + // TODO remove skipChallengeTest + if (me.skipDryRun || me.skipChallengeTest) { + return null; + } + if ('dns-01' === challenge.type) { // Give the nameservers a moment to propagate CHECK_DELAY = 1.5 * 1000; @@ -327,12 +329,15 @@ ACME._testChallenges = function (me, options) { // (and protecting against challenge failure rate limits) var dryrun = true; return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) { + if (!me._canUse[auth.type]) { return; } return ACME._setChallenge(me, options, auth).then(function () { return auth; }); }); }); })).then(function (auths) { + auths = auths.filter(Boolean); + if (!auths.length) { /*skip actual test*/ return; } return ACME._wait(CHECK_DELAY).then(function () { return Promise.all(auths.map(function (auth) { return ACME.challengeTests[auth.type](me, auth).then(function (result) { @@ -712,6 +717,7 @@ ACME._getCertificate = function (me, options) { }).then(function (resp) { var location = resp.headers.location; var setAuths; + var validAuths = []; var auths = []; if (me.debug) { console.debug('[ordered]', location); } // the account id url if (me.debug) { console.debug(resp); } @@ -756,16 +762,32 @@ ACME._getCertificate = function (me, options) { }); } - function challengeNext() { + function checkNext() { var auth = auths.shift(); if (!auth) { return; } + + if (!me._canUse[auth.type] || me.skipChallengeTest) { + // not so much "valid" as "not invalid" + // but in this case we can't confirm either way + validAuths.push(auth); + return Promise.resolve(); + } + + return ACME.challengeTests[auth.type](me, auth).then(function () { + validAuths.push(auth); + }).then(checkNext); + } + + function challengeNext() { + var auth = validAuths.shift(); + if (!auth) { return; } return ACME._postChallenge(me, options, auth).then(challengeNext); } // First we set every challenge // Then we ask for each challenge to be checked // Doing otherwise would potentially cause us to poison our own DNS cache with misses - return setNext().then(challengeNext).then(function () { + return setNext().then(checkNext).then(challengeNext).then(function () { if (me.debug) { console.debug("[getCertificate] next.then"); } var validatedDomains = body.identifiers.map(function (ident) { return ident.value; @@ -809,6 +831,7 @@ ACME.create = function create(me) { me.challengePrefixes = ACME.challengePrefixes; me.Keypairs = me.Keypairs || me.RSA || require('rsa-compat').RSA; me._nonces = []; + me._canCheck = {}; if (!me._baseUrl) { me._baseUrl = ""; } @@ -848,8 +871,8 @@ ACME.create = function create(me) { if (!me.skipChallengeTest) { p = me.request({ url: me._baseUrl + "/api/_acme_api_/" }).then(function (resp) { if (resp.body.success) { - me._canCheckHttp01 = true; - me._canCheckDns01 = true; + me._canCheck['http-01'] = true; + me._canCheck['dns-01'] = true; } }).catch(function () { // ignore