WIP Building out all features necessary for Let's Encrypt #6
39
lib/acme.js
39
lib/acme.js
|
@ -284,10 +284,6 @@ ACME._testChallengeOptions = function () {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
ACME._testChallenges = function (me, options) {
|
ACME._testChallenges = function (me, options) {
|
||||||
if (me.skipChallengeTest) {
|
|
||||||
return Promise.resolve();
|
|
||||||
}
|
|
||||||
|
|
||||||
var CHECK_DELAY = 0;
|
var CHECK_DELAY = 0;
|
||||||
return Promise.all(options.domains.map(function (identifierValue) {
|
return Promise.all(options.domains.map(function (identifierValue) {
|
||||||
// TODO we really only need one to pass, not all to pass
|
// TODO we really only need one to pass, not all to pass
|
||||||
|
@ -307,6 +303,12 @@ ACME._testChallenges = function (me, options) {
|
||||||
+ " You must enable one of ( " + suitable + " )."
|
+ " You must enable one of ( " + suitable + " )."
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO remove skipChallengeTest
|
||||||
|
if (me.skipDryRun || me.skipChallengeTest) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
if ('dns-01' === challenge.type) {
|
if ('dns-01' === challenge.type) {
|
||||||
// Give the nameservers a moment to propagate
|
// Give the nameservers a moment to propagate
|
||||||
CHECK_DELAY = 1.5 * 1000;
|
CHECK_DELAY = 1.5 * 1000;
|
||||||
|
@ -327,12 +329,15 @@ ACME._testChallenges = function (me, options) {
|
||||||
// (and protecting against challenge failure rate limits)
|
// (and protecting against challenge failure rate limits)
|
||||||
var dryrun = true;
|
var dryrun = true;
|
||||||
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
|
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
|
||||||
|
if (!me._canUse[auth.type]) { return; }
|
||||||
return ACME._setChallenge(me, options, auth).then(function () {
|
return ACME._setChallenge(me, options, auth).then(function () {
|
||||||
return auth;
|
return auth;
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
})).then(function (auths) {
|
})).then(function (auths) {
|
||||||
|
auths = auths.filter(Boolean);
|
||||||
|
if (!auths.length) { /*skip actual test*/ return; }
|
||||||
return ACME._wait(CHECK_DELAY).then(function () {
|
return ACME._wait(CHECK_DELAY).then(function () {
|
||||||
return Promise.all(auths.map(function (auth) {
|
return Promise.all(auths.map(function (auth) {
|
||||||
return ACME.challengeTests[auth.type](me, auth).then(function (result) {
|
return ACME.challengeTests[auth.type](me, auth).then(function (result) {
|
||||||
|
@ -712,6 +717,7 @@ ACME._getCertificate = function (me, options) {
|
||||||
}).then(function (resp) {
|
}).then(function (resp) {
|
||||||
var location = resp.headers.location;
|
var location = resp.headers.location;
|
||||||
var setAuths;
|
var setAuths;
|
||||||
|
var validAuths = [];
|
||||||
var auths = [];
|
var auths = [];
|
||||||
if (me.debug) { console.debug('[ordered]', location); } // the account id url
|
if (me.debug) { console.debug('[ordered]', location); } // the account id url
|
||||||
if (me.debug) { console.debug(resp); }
|
if (me.debug) { console.debug(resp); }
|
||||||
|
@ -756,16 +762,32 @@ ACME._getCertificate = function (me, options) {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function challengeNext() {
|
function checkNext() {
|
||||||
var auth = auths.shift();
|
var auth = auths.shift();
|
||||||
if (!auth) { return; }
|
if (!auth) { return; }
|
||||||
|
|
||||||
|
if (!me._canUse[auth.type] || me.skipChallengeTest) {
|
||||||
|
// not so much "valid" as "not invalid"
|
||||||
|
// but in this case we can't confirm either way
|
||||||
|
validAuths.push(auth);
|
||||||
|
return Promise.resolve();
|
||||||
|
}
|
||||||
|
|
||||||
|
return ACME.challengeTests[auth.type](me, auth).then(function () {
|
||||||
|
validAuths.push(auth);
|
||||||
|
}).then(checkNext);
|
||||||
|
}
|
||||||
|
|
||||||
|
function challengeNext() {
|
||||||
|
var auth = validAuths.shift();
|
||||||
|
if (!auth) { return; }
|
||||||
return ACME._postChallenge(me, options, auth).then(challengeNext);
|
return ACME._postChallenge(me, options, auth).then(challengeNext);
|
||||||
}
|
}
|
||||||
|
|
||||||
// First we set every challenge
|
// First we set every challenge
|
||||||
// Then we ask for each challenge to be checked
|
// Then we ask for each challenge to be checked
|
||||||
// Doing otherwise would potentially cause us to poison our own DNS cache with misses
|
// Doing otherwise would potentially cause us to poison our own DNS cache with misses
|
||||||
return setNext().then(challengeNext).then(function () {
|
return setNext().then(checkNext).then(challengeNext).then(function () {
|
||||||
if (me.debug) { console.debug("[getCertificate] next.then"); }
|
if (me.debug) { console.debug("[getCertificate] next.then"); }
|
||||||
var validatedDomains = body.identifiers.map(function (ident) {
|
var validatedDomains = body.identifiers.map(function (ident) {
|
||||||
return ident.value;
|
return ident.value;
|
||||||
|
@ -809,6 +831,7 @@ ACME.create = function create(me) {
|
||||||
me.challengePrefixes = ACME.challengePrefixes;
|
me.challengePrefixes = ACME.challengePrefixes;
|
||||||
me.Keypairs = me.Keypairs || me.RSA || require('rsa-compat').RSA;
|
me.Keypairs = me.Keypairs || me.RSA || require('rsa-compat').RSA;
|
||||||
me._nonces = [];
|
me._nonces = [];
|
||||||
|
me._canCheck = {};
|
||||||
if (!me._baseUrl) {
|
if (!me._baseUrl) {
|
||||||
me._baseUrl = "";
|
me._baseUrl = "";
|
||||||
}
|
}
|
||||||
|
@ -848,8 +871,8 @@ ACME.create = function create(me) {
|
||||||
if (!me.skipChallengeTest) {
|
if (!me.skipChallengeTest) {
|
||||||
p = me.request({ url: me._baseUrl + "/api/_acme_api_/" }).then(function (resp) {
|
p = me.request({ url: me._baseUrl + "/api/_acme_api_/" }).then(function (resp) {
|
||||||
if (resp.body.success) {
|
if (resp.body.success) {
|
||||||
me._canCheckHttp01 = true;
|
me._canCheck['http-01'] = true;
|
||||||
me._canCheckDns01 = true;
|
me._canCheck['dns-01'] = true;
|
||||||
}
|
}
|
||||||
}).catch(function () {
|
}).catch(function () {
|
||||||
// ignore
|
// ignore
|
||||||
|
|
Loading…
Reference in New Issue