http-01 and dns-01 challenges can pass

This commit is contained in:
AJ ONeal 2019-05-03 01:30:05 -06:00
parent e479d79c15
commit ad81b6c339
1 changed files with 35 additions and 18 deletions

View File

@ -322,6 +322,9 @@ ACME._testChallenges = function (me, options) {
, expires: new Date(Date.now() + (60 * 1000)).toISOString() , expires: new Date(Date.now() + (60 * 1000)).toISOString()
, wildcard: identifierValue.includes('*.') || undefined , wildcard: identifierValue.includes('*.') || undefined
}; };
// The dry-run comes first in the spirit of "fail fast"
// (and protecting against challenge failure rate limits)
var dryrun = true; var dryrun = true;
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) { return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
return ACME._setChallenge(me, options, auth).then(function () { return ACME._setChallenge(me, options, auth).then(function () {
@ -332,7 +335,11 @@ ACME._testChallenges = function (me, options) {
})).then(function (auths) { })).then(function (auths) {
return ACME._wait(CHECK_DELAY).then(function () { return ACME._wait(CHECK_DELAY).then(function () {
return Promise.all(auths.map(function (auth) { return Promise.all(auths.map(function (auth) {
return ACME.challengeTests[auth.type](me, auth); return ACME.challengeTests[auth.type](me, auth).then(function (result) {
// not a blocker
ACME._removeChallenge(me, options, auth);
return result;
});
})); }));
}); });
}); });
@ -475,18 +482,7 @@ ACME._postChallenge = function (me, options, auth) {
if (me.debug) { console.debug('poll: valid'); } if (me.debug) { console.debug('poll: valid'); }
try { try {
if (1 === options.removeChallenge.length) { ACME._removeChallenge(me, options, auth);
options.removeChallenge(auth).then(function () {}, function () {});
} else if (2 === options.removeChallenge.length) {
options.removeChallenge(auth, function (err) { return err; });
} else {
if (!ACME._removeChallengeWarn) {
console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
ACME._removeChallengeWarn = true;
}
options.removeChallenge(auth.request.identifier, auth.token, function () {});
}
} catch(e) {} } catch(e) {}
return resp.body; return resp.body;
} }
@ -523,8 +519,6 @@ ACME._postChallenge = function (me, options, auth) {
return respondToChallenge(); return respondToChallenge();
}; };
ACME._setChallenge = function (me, options, auth) { ACME._setChallenge = function (me, options, auth) {
console.log('challenge auth:', auth);
console.log('challenges:', options.challenges);
return new Promise(function (resolve, reject) { return new Promise(function (resolve, reject) {
var challengers = options.challenges || {}; var challengers = options.challenges || {};
var challenger = (challengers[auth.type] && challengers[auth.type].set) || options.setChallenge; var challenger = (challengers[auth.type] && challengers[auth.type].set) || options.setChallenge;
@ -886,6 +880,10 @@ ACME._jwsRequest = function (me, bigopts) {
bigopts.protected.nonce = nonce; bigopts.protected.nonce = nonce;
bigopts.protected.url = bigopts.url; bigopts.protected.url = bigopts.url;
// protected.alg: added by Keypairs.signJws // protected.alg: added by Keypairs.signJws
if (!bigopts.protected.jwk) {
// protected.kid must be overwritten due to ACME's interpretation of the spec
if (!bigopts.protected.kid) { bigopts.protected.kid = bigopts.options._kid; }
}
return me.Keypairs.signJws( return me.Keypairs.signJws(
{ jwk: bigopts.options.accountKeypair.privateKeyJwk { jwk: bigopts.options.accountKeypair.privateKeyJwk
, protected: bigopts.protected , protected: bigopts.protected
@ -1010,13 +1008,16 @@ ACME._dns01 = function (me, auth) {
console.error(err); console.error(err);
throw err; throw err;
} }
var result = { if (!resp.body.answer.length) {
err = new Error("failed to get DNS answer record in response");
console.error(err);
throw err;
}
return {
answer: resp.body.answer.map(function (ans) { answer: resp.body.answer.map(function (ans) {
return { data: ans.data, ttl: ans.ttl }; return { data: ans.data, ttl: ans.ttl };
}) })
}; };
console.log(result);
return result;
}); });
}; };
ACME._http01 = function (me, auth) { ACME._http01 = function (me, auth) {
@ -1025,6 +1026,22 @@ ACME._http01 = function (me, auth) {
return resp.body; return resp.body;
}); });
}; };
ACME._removeChallenge = function (me, options, auth) {
var challengers = options.challenges || {};
var removeChallenge = (challengers[auth.type] && challengers[auth.type].remove) || options.removeChallenge;
if (1 === removeChallenge.length) {
removeChallenge(auth).then(function () {}, function () {});
} else if (2 === removeChallenge.length) {
removeChallenge(auth, function (err) { return err; });
} else {
if (!ACME._removeChallengeWarn) {
console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
ACME._removeChallengeWarn = true;
}
removeChallenge(auth.request.identifier, auth.token, function () {});
}
};
Enc.bufToUrlBase64 = function (u8) { Enc.bufToUrlBase64 = function (u8) {
return Enc.bufToBase64(u8) return Enc.bufToBase64(u8)