WIP Building out all features necessary for Let's Encrypt #6
39
lib/acme.js
39
lib/acme.js
|
@ -284,10 +284,6 @@ ACME._testChallengeOptions = function () {
|
|||
];
|
||||
};
|
||||
ACME._testChallenges = function (me, options) {
|
||||
if (me.skipChallengeTest) {
|
||||
return Promise.resolve();
|
||||
}
|
||||
|
||||
var CHECK_DELAY = 0;
|
||||
return Promise.all(options.domains.map(function (identifierValue) {
|
||||
// TODO we really only need one to pass, not all to pass
|
||||
|
@ -307,6 +303,12 @@ ACME._testChallenges = function (me, options) {
|
|||
+ " You must enable one of ( " + suitable + " )."
|
||||
));
|
||||
}
|
||||
|
||||
// TODO remove skipChallengeTest
|
||||
if (me.skipDryRun || me.skipChallengeTest) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ('dns-01' === challenge.type) {
|
||||
// Give the nameservers a moment to propagate
|
||||
CHECK_DELAY = 1.5 * 1000;
|
||||
|
@ -327,12 +329,15 @@ ACME._testChallenges = function (me, options) {
|
|||
// (and protecting against challenge failure rate limits)
|
||||
var dryrun = true;
|
||||
return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
|
||||
if (!me._canUse[auth.type]) { return; }
|
||||
return ACME._setChallenge(me, options, auth).then(function () {
|
||||
return auth;
|
||||
});
|
||||
});
|
||||
});
|
||||
})).then(function (auths) {
|
||||
auths = auths.filter(Boolean);
|
||||
if (!auths.length) { /*skip actual test*/ return; }
|
||||
return ACME._wait(CHECK_DELAY).then(function () {
|
||||
return Promise.all(auths.map(function (auth) {
|
||||
return ACME.challengeTests[auth.type](me, auth).then(function (result) {
|
||||
|
@ -712,6 +717,7 @@ ACME._getCertificate = function (me, options) {
|
|||
}).then(function (resp) {
|
||||
var location = resp.headers.location;
|
||||
var setAuths;
|
||||
var validAuths = [];
|
||||
var auths = [];
|
||||
if (me.debug) { console.debug('[ordered]', location); } // the account id url
|
||||
if (me.debug) { console.debug(resp); }
|
||||
|
@ -756,16 +762,32 @@ ACME._getCertificate = function (me, options) {
|
|||
});
|
||||
}
|
||||
|
||||
function challengeNext() {
|
||||
function checkNext() {
|
||||
var auth = auths.shift();
|
||||
if (!auth) { return; }
|
||||
|
||||
if (!me._canUse[auth.type] || me.skipChallengeTest) {
|
||||
// not so much "valid" as "not invalid"
|
||||
// but in this case we can't confirm either way
|
||||
validAuths.push(auth);
|
||||
return Promise.resolve();
|
||||
}
|
||||
|
||||
return ACME.challengeTests[auth.type](me, auth).then(function () {
|
||||
validAuths.push(auth);
|
||||
}).then(checkNext);
|
||||
}
|
||||
|
||||
function challengeNext() {
|
||||
var auth = validAuths.shift();
|
||||
if (!auth) { return; }
|
||||
return ACME._postChallenge(me, options, auth).then(challengeNext);
|
||||
}
|
||||
|
||||
// First we set every challenge
|
||||
// Then we ask for each challenge to be checked
|
||||
// Doing otherwise would potentially cause us to poison our own DNS cache with misses
|
||||
return setNext().then(challengeNext).then(function () {
|
||||
return setNext().then(checkNext).then(challengeNext).then(function () {
|
||||
if (me.debug) { console.debug("[getCertificate] next.then"); }
|
||||
var validatedDomains = body.identifiers.map(function (ident) {
|
||||
return ident.value;
|
||||
|
@ -809,6 +831,7 @@ ACME.create = function create(me) {
|
|||
me.challengePrefixes = ACME.challengePrefixes;
|
||||
me.Keypairs = me.Keypairs || me.RSA || require('rsa-compat').RSA;
|
||||
me._nonces = [];
|
||||
me._canCheck = {};
|
||||
if (!me._baseUrl) {
|
||||
me._baseUrl = "";
|
||||
}
|
||||
|
@ -848,8 +871,8 @@ ACME.create = function create(me) {
|
|||
if (!me.skipChallengeTest) {
|
||||
p = me.request({ url: me._baseUrl + "/api/_acme_api_/" }).then(function (resp) {
|
||||
if (resp.body.success) {
|
||||
me._canCheckHttp01 = true;
|
||||
me._canCheckDns01 = true;
|
||||
me._canCheck['http-01'] = true;
|
||||
me._canCheck['dns-01'] = true;
|
||||
}
|
||||
}).catch(function () {
|
||||
// ignore
|
||||
|
|
Loading…
Reference in New Issue