http-01 and dns-01 challenges can pass
This commit is contained in:
parent
e479d79c15
commit
ad81b6c339
53
lib/acme.js
53
lib/acme.js
|
@ -322,6 +322,9 @@ ACME._testChallenges = function (me, options) {
|
|||
, expires: new Date(Date.now() + (60 * 1000)).toISOString()
|
||||
, wildcard: identifierValue.includes('*.') || undefined
|
||||
};
|
||||
|
||||
// The dry-run comes first in the spirit of "fail fast"
|
||||
// (and protecting against challenge failure rate limits)
|
||||
var dryrun = true;
|
||||
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
|
||||
return ACME._setChallenge(me, options, auth).then(function () {
|
||||
|
@ -332,7 +335,11 @@ ACME._testChallenges = function (me, options) {
|
|||
})).then(function (auths) {
|
||||
return ACME._wait(CHECK_DELAY).then(function () {
|
||||
return Promise.all(auths.map(function (auth) {
|
||||
return ACME.challengeTests[auth.type](me, auth);
|
||||
return ACME.challengeTests[auth.type](me, auth).then(function (result) {
|
||||
// not a blocker
|
||||
ACME._removeChallenge(me, options, auth);
|
||||
return result;
|
||||
});
|
||||
}));
|
||||
});
|
||||
});
|
||||
|
@ -475,18 +482,7 @@ ACME._postChallenge = function (me, options, auth) {
|
|||
if (me.debug) { console.debug('poll: valid'); }
|
||||
|
||||
try {
|
||||
if (1 === options.removeChallenge.length) {
|
||||
options.removeChallenge(auth).then(function () {}, function () {});
|
||||
} else if (2 === options.removeChallenge.length) {
|
||||
options.removeChallenge(auth, function (err) { return err; });
|
||||
} else {
|
||||
if (!ACME._removeChallengeWarn) {
|
||||
console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
|
||||
console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
|
||||
ACME._removeChallengeWarn = true;
|
||||
}
|
||||
options.removeChallenge(auth.request.identifier, auth.token, function () {});
|
||||
}
|
||||
ACME._removeChallenge(me, options, auth);
|
||||
} catch(e) {}
|
||||
return resp.body;
|
||||
}
|
||||
|
@ -523,8 +519,6 @@ ACME._postChallenge = function (me, options, auth) {
|
|||
return respondToChallenge();
|
||||
};
|
||||
ACME._setChallenge = function (me, options, auth) {
|
||||
console.log('challenge auth:', auth);
|
||||
console.log('challenges:', options.challenges);
|
||||
return new Promise(function (resolve, reject) {
|
||||
var challengers = options.challenges || {};
|
||||
var challenger = (challengers[auth.type] && challengers[auth.type].set) || options.setChallenge;
|
||||
|
@ -886,6 +880,10 @@ ACME._jwsRequest = function (me, bigopts) {
|
|||
bigopts.protected.nonce = nonce;
|
||||
bigopts.protected.url = bigopts.url;
|
||||
// protected.alg: added by Keypairs.signJws
|
||||
if (!bigopts.protected.jwk) {
|
||||
// protected.kid must be overwritten due to ACME's interpretation of the spec
|
||||
if (!bigopts.protected.kid) { bigopts.protected.kid = bigopts.options._kid; }
|
||||
}
|
||||
return me.Keypairs.signJws(
|
||||
{ jwk: bigopts.options.accountKeypair.privateKeyJwk
|
||||
, protected: bigopts.protected
|
||||
|
@ -1010,13 +1008,16 @@ ACME._dns01 = function (me, auth) {
|
|||
console.error(err);
|
||||
throw err;
|
||||
}
|
||||
var result = {
|
||||
if (!resp.body.answer.length) {
|
||||
err = new Error("failed to get DNS answer record in response");
|
||||
console.error(err);
|
||||
throw err;
|
||||
}
|
||||
return {
|
||||
answer: resp.body.answer.map(function (ans) {
|
||||
return { data: ans.data, ttl: ans.ttl };
|
||||
})
|
||||
};
|
||||
console.log(result);
|
||||
return result;
|
||||
});
|
||||
};
|
||||
ACME._http01 = function (me, auth) {
|
||||
|
@ -1025,6 +1026,22 @@ ACME._http01 = function (me, auth) {
|
|||
return resp.body;
|
||||
});
|
||||
};
|
||||
ACME._removeChallenge = function (me, options, auth) {
|
||||
var challengers = options.challenges || {};
|
||||
var removeChallenge = (challengers[auth.type] && challengers[auth.type].remove) || options.removeChallenge;
|
||||
if (1 === removeChallenge.length) {
|
||||
removeChallenge(auth).then(function () {}, function () {});
|
||||
} else if (2 === removeChallenge.length) {
|
||||
removeChallenge(auth, function (err) { return err; });
|
||||
} else {
|
||||
if (!ACME._removeChallengeWarn) {
|
||||
console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
|
||||
console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
|
||||
ACME._removeChallengeWarn = true;
|
||||
}
|
||||
removeChallenge(auth.request.identifier, auth.token, function () {});
|
||||
}
|
||||
};
|
||||
|
||||
Enc.bufToUrlBase64 = function (u8) {
|
||||
return Enc.bufToBase64(u8)
|
||||
|
|
Loading…
Reference in New Issue