From ad81b6c3394ab1cae814de06772816b081823aa4 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Fri, 3 May 2019 01:30:05 -0600
Subject: [PATCH] http-01 and dns-01 challenges can pass

---
 lib/acme.js | 53 +++++++++++++++++++++++++++++++++++------------------
 1 file changed, 35 insertions(+), 18 deletions(-)

diff --git a/lib/acme.js b/lib/acme.js
index 8bfba66..5bb6da6 100644
--- a/lib/acme.js
+++ b/lib/acme.js
@@ -322,6 +322,9 @@ ACME._testChallenges = function (me, options) {
       , expires: new Date(Date.now() + (60 * 1000)).toISOString()
       , wildcard: identifierValue.includes('*.') || undefined
       };
+
+      // The dry-run comes first in the spirit of "fail fast"
+      // (and protecting against challenge failure rate limits)
       var dryrun = true;
       return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
         return ACME._setChallenge(me, options, auth).then(function () {
@@ -332,7 +335,11 @@ ACME._testChallenges = function (me, options) {
   })).then(function (auths) {
     return ACME._wait(CHECK_DELAY).then(function () {
       return Promise.all(auths.map(function (auth) {
-        return ACME.challengeTests[auth.type](me, auth);
+        return ACME.challengeTests[auth.type](me, auth).then(function (result) {
+          // not a blocker
+          ACME._removeChallenge(me, options, auth);
+          return result;
+        });
       }));
     });
   });
@@ -475,18 +482,7 @@ ACME._postChallenge = function (me, options, auth) {
         if (me.debug) { console.debug('poll: valid'); }
 
         try {
-          if (1 === options.removeChallenge.length) {
-            options.removeChallenge(auth).then(function () {}, function () {});
-          } else if (2 === options.removeChallenge.length) {
-            options.removeChallenge(auth, function (err) { return err; });
-          } else {
-            if (!ACME._removeChallengeWarn) {
-              console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
-              console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
-              ACME._removeChallengeWarn = true;
-            }
-            options.removeChallenge(auth.request.identifier, auth.token, function () {});
-          }
+          ACME._removeChallenge(me, options, auth);
         } catch(e) {}
         return resp.body;
       }
@@ -523,8 +519,6 @@ ACME._postChallenge = function (me, options, auth) {
   return respondToChallenge();
 };
 ACME._setChallenge = function (me, options, auth) {
-  console.log('challenge auth:', auth);
-  console.log('challenges:', options.challenges);
   return new Promise(function (resolve, reject) {
     var challengers = options.challenges || {};
     var challenger = (challengers[auth.type] && challengers[auth.type].set) || options.setChallenge;
@@ -886,6 +880,10 @@ ACME._jwsRequest = function (me, bigopts) {
     bigopts.protected.nonce = nonce;
     bigopts.protected.url = bigopts.url;
     // protected.alg: added by Keypairs.signJws
+    if (!bigopts.protected.jwk) {
+      // protected.kid must be overwritten due to ACME's interpretation of the spec
+      if (!bigopts.protected.kid) { bigopts.protected.kid = bigopts.options._kid; }
+    }
     return me.Keypairs.signJws(
       { jwk: bigopts.options.accountKeypair.privateKeyJwk
       , protected: bigopts.protected
@@ -1010,13 +1008,16 @@ ACME._dns01 = function (me, auth) {
       console.error(err);
       throw err;
     }
-    var result = {
+    if (!resp.body.answer.length) {
+      err = new Error("failed to get DNS answer record in response");
+      console.error(err);
+      throw err;
+    }
+    return {
       answer: resp.body.answer.map(function (ans) {
         return { data: ans.data, ttl: ans.ttl };
       })
     };
-    console.log(result);
-    return result;
   });
 };
 ACME._http01 = function (me, auth) {
@@ -1025,6 +1026,22 @@ ACME._http01 = function (me, auth) {
     return resp.body;
   });
 };
+ACME._removeChallenge = function (me, options, auth) {
+  var challengers = options.challenges || {};
+  var removeChallenge = (challengers[auth.type] && challengers[auth.type].remove) || options.removeChallenge;
+  if (1 === removeChallenge.length) {
+    removeChallenge(auth).then(function () {}, function () {});
+  } else if (2 === removeChallenge.length) {
+    removeChallenge(auth, function (err) { return err; });
+  } else {
+    if (!ACME._removeChallengeWarn) {
+      console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
+      console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
+      ACME._removeChallengeWarn = true;
+    }
+    removeChallenge(auth.request.identifier, auth.token, function () {});
+  }
+};
 
 Enc.bufToUrlBase64 = function (u8) {
   return Enc.bufToBase64(u8)