http-01 and dns-01 challenges can pass
This commit is contained in:
parent
e479d79c15
commit
ad81b6c339
53
lib/acme.js
53
lib/acme.js
|
@ -322,6 +322,9 @@ ACME._testChallenges = function (me, options) {
|
||||||
, expires: new Date(Date.now() + (60 * 1000)).toISOString()
|
, expires: new Date(Date.now() + (60 * 1000)).toISOString()
|
||||||
, wildcard: identifierValue.includes('*.') || undefined
|
, wildcard: identifierValue.includes('*.') || undefined
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// The dry-run comes first in the spirit of "fail fast"
|
||||||
|
// (and protecting against challenge failure rate limits)
|
||||||
var dryrun = true;
|
var dryrun = true;
|
||||||
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
|
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
|
||||||
return ACME._setChallenge(me, options, auth).then(function () {
|
return ACME._setChallenge(me, options, auth).then(function () {
|
||||||
|
@ -332,7 +335,11 @@ ACME._testChallenges = function (me, options) {
|
||||||
})).then(function (auths) {
|
})).then(function (auths) {
|
||||||
return ACME._wait(CHECK_DELAY).then(function () {
|
return ACME._wait(CHECK_DELAY).then(function () {
|
||||||
return Promise.all(auths.map(function (auth) {
|
return Promise.all(auths.map(function (auth) {
|
||||||
return ACME.challengeTests[auth.type](me, auth);
|
return ACME.challengeTests[auth.type](me, auth).then(function (result) {
|
||||||
|
// not a blocker
|
||||||
|
ACME._removeChallenge(me, options, auth);
|
||||||
|
return result;
|
||||||
|
});
|
||||||
}));
|
}));
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -475,18 +482,7 @@ ACME._postChallenge = function (me, options, auth) {
|
||||||
if (me.debug) { console.debug('poll: valid'); }
|
if (me.debug) { console.debug('poll: valid'); }
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if (1 === options.removeChallenge.length) {
|
ACME._removeChallenge(me, options, auth);
|
||||||
options.removeChallenge(auth).then(function () {}, function () {});
|
|
||||||
} else if (2 === options.removeChallenge.length) {
|
|
||||||
options.removeChallenge(auth, function (err) { return err; });
|
|
||||||
} else {
|
|
||||||
if (!ACME._removeChallengeWarn) {
|
|
||||||
console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
|
|
||||||
console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
|
|
||||||
ACME._removeChallengeWarn = true;
|
|
||||||
}
|
|
||||||
options.removeChallenge(auth.request.identifier, auth.token, function () {});
|
|
||||||
}
|
|
||||||
} catch(e) {}
|
} catch(e) {}
|
||||||
return resp.body;
|
return resp.body;
|
||||||
}
|
}
|
||||||
|
@ -523,8 +519,6 @@ ACME._postChallenge = function (me, options, auth) {
|
||||||
return respondToChallenge();
|
return respondToChallenge();
|
||||||
};
|
};
|
||||||
ACME._setChallenge = function (me, options, auth) {
|
ACME._setChallenge = function (me, options, auth) {
|
||||||
console.log('challenge auth:', auth);
|
|
||||||
console.log('challenges:', options.challenges);
|
|
||||||
return new Promise(function (resolve, reject) {
|
return new Promise(function (resolve, reject) {
|
||||||
var challengers = options.challenges || {};
|
var challengers = options.challenges || {};
|
||||||
var challenger = (challengers[auth.type] && challengers[auth.type].set) || options.setChallenge;
|
var challenger = (challengers[auth.type] && challengers[auth.type].set) || options.setChallenge;
|
||||||
|
@ -886,6 +880,10 @@ ACME._jwsRequest = function (me, bigopts) {
|
||||||
bigopts.protected.nonce = nonce;
|
bigopts.protected.nonce = nonce;
|
||||||
bigopts.protected.url = bigopts.url;
|
bigopts.protected.url = bigopts.url;
|
||||||
// protected.alg: added by Keypairs.signJws
|
// protected.alg: added by Keypairs.signJws
|
||||||
|
if (!bigopts.protected.jwk) {
|
||||||
|
// protected.kid must be overwritten due to ACME's interpretation of the spec
|
||||||
|
if (!bigopts.protected.kid) { bigopts.protected.kid = bigopts.options._kid; }
|
||||||
|
}
|
||||||
return me.Keypairs.signJws(
|
return me.Keypairs.signJws(
|
||||||
{ jwk: bigopts.options.accountKeypair.privateKeyJwk
|
{ jwk: bigopts.options.accountKeypair.privateKeyJwk
|
||||||
, protected: bigopts.protected
|
, protected: bigopts.protected
|
||||||
|
@ -1010,13 +1008,16 @@ ACME._dns01 = function (me, auth) {
|
||||||
console.error(err);
|
console.error(err);
|
||||||
throw err;
|
throw err;
|
||||||
}
|
}
|
||||||
var result = {
|
if (!resp.body.answer.length) {
|
||||||
|
err = new Error("failed to get DNS answer record in response");
|
||||||
|
console.error(err);
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
|
return {
|
||||||
answer: resp.body.answer.map(function (ans) {
|
answer: resp.body.answer.map(function (ans) {
|
||||||
return { data: ans.data, ttl: ans.ttl };
|
return { data: ans.data, ttl: ans.ttl };
|
||||||
})
|
})
|
||||||
};
|
};
|
||||||
console.log(result);
|
|
||||||
return result;
|
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
ACME._http01 = function (me, auth) {
|
ACME._http01 = function (me, auth) {
|
||||||
|
@ -1025,6 +1026,22 @@ ACME._http01 = function (me, auth) {
|
||||||
return resp.body;
|
return resp.body;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
ACME._removeChallenge = function (me, options, auth) {
|
||||||
|
var challengers = options.challenges || {};
|
||||||
|
var removeChallenge = (challengers[auth.type] && challengers[auth.type].remove) || options.removeChallenge;
|
||||||
|
if (1 === removeChallenge.length) {
|
||||||
|
removeChallenge(auth).then(function () {}, function () {});
|
||||||
|
} else if (2 === removeChallenge.length) {
|
||||||
|
removeChallenge(auth, function (err) { return err; });
|
||||||
|
} else {
|
||||||
|
if (!ACME._removeChallengeWarn) {
|
||||||
|
console.warn("Please update to acme-v2 removeChallenge(options) <Promise> or removeChallenge(options, cb).");
|
||||||
|
console.warn("The API has been changed for compatibility with all ACME / Let's Encrypt challenge types.");
|
||||||
|
ACME._removeChallengeWarn = true;
|
||||||
|
}
|
||||||
|
removeChallenge(auth.request.identifier, auth.token, function () {});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
Enc.bufToUrlBase64 = function (u8) {
|
Enc.bufToUrlBase64 = function (u8) {
|
||||||
return Enc.bufToBase64(u8)
|
return Enc.bufToBase64(u8)
|
||||||
|
|
Loading…
Reference in New Issue