From ad81b6c3394ab1cae814de06772816b081823aa4 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 3 May 2019 01:30:05 -0600 Subject: [PATCH] http-01 and dns-01 challenges can pass --- lib/acme.js | 53 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 18 deletions(-) diff --git a/lib/acme.js b/lib/acme.js index 8bfba66..5bb6da6 100644 --- a/lib/acme.js +++ b/lib/acme.js @@ -322,6 +322,9 @@ ACME._testChallenges = function (me, options) { , expires: new Date(Date.now() + (60 * 1000)).toISOString() , wildcard: identifierValue.includes('*.') || undefined }; + + // The dry-run comes first in the spirit of "fail fast" + // (and protecting against challenge failure rate limits) var dryrun = true; return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) { return ACME._setChallenge(me, options, auth).then(function () { @@ -332,7 +335,11 @@ ACME._testChallenges = function (me, options) { })).then(function (auths) { return ACME._wait(CHECK_DELAY).then(function () { return Promise.all(auths.map(function (auth) { - return ACME.challengeTests[auth.type](me, auth); + return ACME.challengeTests[auth.type](me, auth).then(function (result) { + // not a blocker + ACME._removeChallenge(me, options, auth); + return result; + }); })); }); }); @@ -475,18 +482,7 @@ ACME._postChallenge = function (me, options, auth) { if (me.debug) { console.debug('poll: valid'); } try { - if (1 === options.removeChallenge.length) { - options.removeChallenge(auth).then(function () {}, function () {}); - } else if (2 === options.removeChallenge.length) { - options.removeChallenge(auth, function (err) { return err; }); - } else { - if (!ACME._removeChallengeWarn) { - console.warn("Please update to acme-v2 removeChallenge(options) or removeChallenge(options, cb)."); - console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types."); - ACME._removeChallengeWarn = true; - } - options.removeChallenge(auth.request.identifier, auth.token, function () {}); - } + ACME._removeChallenge(me, options, auth); } catch(e) {} return resp.body; } @@ -523,8 +519,6 @@ ACME._postChallenge = function (me, options, auth) { return respondToChallenge(); }; ACME._setChallenge = function (me, options, auth) { - console.log('challenge auth:', auth); - console.log('challenges:', options.challenges); return new Promise(function (resolve, reject) { var challengers = options.challenges || {}; var challenger = (challengers[auth.type] && challengers[auth.type].set) || options.setChallenge; @@ -886,6 +880,10 @@ ACME._jwsRequest = function (me, bigopts) { bigopts.protected.nonce = nonce; bigopts.protected.url = bigopts.url; // protected.alg: added by Keypairs.signJws + if (!bigopts.protected.jwk) { + // protected.kid must be overwritten due to ACME's interpretation of the spec + if (!bigopts.protected.kid) { bigopts.protected.kid = bigopts.options._kid; } + } return me.Keypairs.signJws( { jwk: bigopts.options.accountKeypair.privateKeyJwk , protected: bigopts.protected @@ -1010,13 +1008,16 @@ ACME._dns01 = function (me, auth) { console.error(err); throw err; } - var result = { + if (!resp.body.answer.length) { + err = new Error("failed to get DNS answer record in response"); + console.error(err); + throw err; + } + return { answer: resp.body.answer.map(function (ans) { return { data: ans.data, ttl: ans.ttl }; }) }; - console.log(result); - return result; }); }; ACME._http01 = function (me, auth) { @@ -1025,6 +1026,22 @@ ACME._http01 = function (me, auth) { return resp.body; }); }; +ACME._removeChallenge = function (me, options, auth) { + var challengers = options.challenges || {}; + var removeChallenge = (challengers[auth.type] && challengers[auth.type].remove) || options.removeChallenge; + if (1 === removeChallenge.length) { + removeChallenge(auth).then(function () {}, function () {}); + } else if (2 === removeChallenge.length) { + removeChallenge(auth, function (err) { return err; }); + } else { + if (!ACME._removeChallengeWarn) { + console.warn("Please update to acme-v2 removeChallenge(options) or removeChallenge(options, cb)."); + console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types."); + ACME._removeChallengeWarn = true; + } + removeChallenge(auth.request.identifier, auth.token, function () {}); + } +}; Enc.bufToUrlBase64 = function (u8) { return Enc.bufToBase64(u8)