v2.7.23: regression bugfixes: node v6 and cloudflare dns-01
This commit is contained in:
parent
93b9158b1b
commit
5316af67be
576
index.js
576
index.js
|
@ -1,4 +1,6 @@
|
|||
'use strict';
|
||||
"use strict";
|
||||
/*global Promise*/
|
||||
require("./lib/compat.js");
|
||||
|
||||
// I hate this code so much.
|
||||
// Soooo many shims for backwards compatibility (some stuff dating back to v1)
|
||||
|
@ -6,40 +8,41 @@
|
|||
|
||||
var DAY = 24 * 60 * 60 * 1000;
|
||||
//var MIN = 60 * 1000;
|
||||
var ACME = require('acme-v2/compat').ACME;
|
||||
var pkg = require('./package.json');
|
||||
var PromiseA;
|
||||
try {
|
||||
PromiseA = require('bluebird');
|
||||
} catch(e) {
|
||||
PromiseA = global.Promise;
|
||||
}
|
||||
if (!PromiseA.promisify) {
|
||||
PromiseA.promisify = require('util').promisify;
|
||||
}
|
||||
var ACME = require("acme-v2/compat").ACME;
|
||||
var pkg = require("./package.json");
|
||||
var util = require("util");
|
||||
|
||||
function promisifyAllSelf(obj) {
|
||||
if (obj.__promisified) { return obj; }
|
||||
Object.keys(obj).forEach(function (key) {
|
||||
if ('function' === typeof obj[key] && !/Async$/.test(key)) {
|
||||
obj[key + 'Async'] = PromiseA.promisify(obj[key]);
|
||||
if (obj.__promisified) {
|
||||
return obj;
|
||||
}
|
||||
Object.keys(obj).forEach(function(key) {
|
||||
if ("function" === typeof obj[key] && !/Async$/.test(key)) {
|
||||
obj[key + "Async"] = util.promisify(obj[key]);
|
||||
}
|
||||
});
|
||||
obj.__promisified = true;
|
||||
return obj;
|
||||
}
|
||||
function promisifyAllStore(obj) {
|
||||
Object.keys(obj).forEach(function (key) {
|
||||
if ('function' !== typeof obj[key] || /Async$/.test(key)) { return; }
|
||||
Object.keys(obj).forEach(function(key) {
|
||||
if ("function" !== typeof obj[key] || /Async$/.test(key)) {
|
||||
return;
|
||||
}
|
||||
|
||||
var p;
|
||||
if (0 === obj[key].length || 1 === obj[key].length) {
|
||||
// wrap just in case it's synchronous (or improperly throws)
|
||||
p = function (opts) { return PromiseA.resolve().then(function () { return obj[key](opts); }); };
|
||||
p = function(opts) {
|
||||
return Promise.resolve().then(function() {
|
||||
return obj[key](opts);
|
||||
});
|
||||
};
|
||||
} else {
|
||||
p = PromiseA.promisify(obj[key]);
|
||||
p = util.promisify(obj[key]);
|
||||
}
|
||||
// internal backwards compat
|
||||
obj[key + 'Async'] = p;
|
||||
obj[key + "Async"] = p;
|
||||
});
|
||||
obj.__promisified = true;
|
||||
return obj;
|
||||
|
@ -61,48 +64,48 @@ function _log(debug) {
|
|||
}
|
||||
|
||||
Greenlock.defaults = {
|
||||
productionServerUrl: 'https://acme-v01.api.letsencrypt.org/directory'
|
||||
, stagingServerUrl: 'https://acme-staging.api.letsencrypt.org/directory'
|
||||
productionServerUrl: "https://acme-v01.api.letsencrypt.org/directory",
|
||||
stagingServerUrl: "https://acme-staging.api.letsencrypt.org/directory",
|
||||
|
||||
, rsaKeySize: ACME.rsaKeySize || 2048
|
||||
, challengeType: ACME.challengeType || 'http-01'
|
||||
, challengeTypes: ACME.challengeTypes || [ 'http-01', 'dns-01' ]
|
||||
rsaKeySize: ACME.rsaKeySize || 2048,
|
||||
challengeType: ACME.challengeType || "http-01",
|
||||
challengeTypes: ACME.challengeTypes || ["http-01", "dns-01"],
|
||||
|
||||
, acmeChallengePrefix: ACME.acmeChallengePrefix
|
||||
acmeChallengePrefix: ACME.acmeChallengePrefix
|
||||
};
|
||||
|
||||
// backwards compat
|
||||
Object.keys(Greenlock.defaults).forEach(function (key) {
|
||||
Object.keys(Greenlock.defaults).forEach(function(key) {
|
||||
Greenlock[key] = Greenlock.defaults[key];
|
||||
});
|
||||
|
||||
// show all possible options
|
||||
var u; // undefined
|
||||
Greenlock._undefined = {
|
||||
acme: u
|
||||
, store: u
|
||||
//, challenge: u
|
||||
, challenges: u
|
||||
, sni: u
|
||||
, tlsOptions: u
|
||||
acme: u,
|
||||
store: u,
|
||||
//, challenge: u
|
||||
challenges: u,
|
||||
sni: u,
|
||||
tlsOptions: u,
|
||||
|
||||
, register: u
|
||||
, check: u
|
||||
register: u,
|
||||
check: u,
|
||||
|
||||
, renewWithin: u // le-auto-sni and core
|
||||
//, renewBy: u // le-auto-sni
|
||||
, acmeChallengePrefix: u
|
||||
, rsaKeySize: u
|
||||
, challengeType: u
|
||||
, server: u
|
||||
, version: u
|
||||
, agreeToTerms: u
|
||||
, _ipc: u
|
||||
, duplicate: u
|
||||
, _acmeUrls: u
|
||||
renewWithin: u, // le-auto-sni and core
|
||||
//, renewBy: u // le-auto-sni
|
||||
acmeChallengePrefix: u,
|
||||
rsaKeySize: u,
|
||||
challengeType: u,
|
||||
server: u,
|
||||
version: u,
|
||||
agreeToTerms: u,
|
||||
_ipc: u,
|
||||
duplicate: u,
|
||||
_acmeUrls: u
|
||||
};
|
||||
Greenlock._undefine = function (gl) {
|
||||
Object.keys(Greenlock._undefined).forEach(function (key) {
|
||||
Greenlock._undefine = function(gl) {
|
||||
Object.keys(Greenlock._undefined).forEach(function(key) {
|
||||
if (!(key in gl)) {
|
||||
gl[key] = u;
|
||||
}
|
||||
|
@ -110,37 +113,43 @@ Greenlock._undefine = function (gl) {
|
|||
|
||||
return gl;
|
||||
};
|
||||
Greenlock.create = function (gl) {
|
||||
Greenlock.create = function(gl) {
|
||||
if (!gl.store) {
|
||||
console.warn("Deprecation Notice: You're haven't chosen a storage strategy."
|
||||
+ " The old default is 'le-store-certbot', but the new default will be 'greenlock-store-fs'."
|
||||
+ " Please `npm install greenlock-store-fs@3` and explicitly set `{ store: require('greenlock-store-fs') }`.");
|
||||
gl.store = require('le-store-certbot').create({
|
||||
debug: gl.debug
|
||||
, configDir: gl.configDir
|
||||
, logsDir: gl.logsDir
|
||||
, webrootPath: gl.webrootPath
|
||||
console.warn(
|
||||
"Deprecation Notice: You're haven't chosen a storage strategy." +
|
||||
" The old default is 'le-store-certbot', but the new default will be 'greenlock-store-fs'." +
|
||||
" Please `npm install greenlock-store-fs@3` and explicitly set `{ store: require('greenlock-store-fs') }`."
|
||||
);
|
||||
gl.store = require("le-store-certbot").create({
|
||||
debug: gl.debug,
|
||||
configDir: gl.configDir,
|
||||
logsDir: gl.logsDir,
|
||||
webrootPath: gl.webrootPath
|
||||
});
|
||||
}
|
||||
gl.core = require('./lib/core');
|
||||
gl.core = require("./lib/core");
|
||||
var log = gl.log || _log;
|
||||
|
||||
if (!gl.challenges) {
|
||||
gl.challenges = {};
|
||||
}
|
||||
if (!gl.challenges['http-01']) {
|
||||
gl.challenges['http-01'] = require('le-challenge-fs').create({
|
||||
debug: gl.debug
|
||||
, webrootPath: gl.webrootPath
|
||||
if (!gl.challenges["http-01"]) {
|
||||
gl.challenges["http-01"] = require("le-challenge-fs").create({
|
||||
debug: gl.debug,
|
||||
webrootPath: gl.webrootPath
|
||||
});
|
||||
}
|
||||
if (!gl.challenges['dns-01']) {
|
||||
if (!gl.challenges["dns-01"]) {
|
||||
try {
|
||||
gl.challenges['dns-01'] = require('le-challenge-ddns').create({ debug: gl.debug });
|
||||
} catch(e) {
|
||||
gl.challenges["dns-01"] = require("le-challenge-ddns").create({
|
||||
debug: gl.debug
|
||||
});
|
||||
} catch (e) {
|
||||
try {
|
||||
gl.challenges['dns-01'] = require('le-challenge-dns').create({ debug: gl.debug });
|
||||
} catch(e) {
|
||||
gl.challenges["dns-01"] = require("le-challenge-dns").create({
|
||||
debug: gl.debug
|
||||
});
|
||||
} catch (e) {
|
||||
// not yet implemented
|
||||
}
|
||||
}
|
||||
|
@ -151,27 +160,34 @@ Greenlock.create = function (gl) {
|
|||
gl.rsaKeySize = gl.rsaKeySize || Greenlock.rsaKeySize;
|
||||
gl.challengeType = gl.challengeType || Greenlock.challengeType;
|
||||
gl._ipc = ipc;
|
||||
gl._communityPackage = gl._communityPackage || 'greenlock.js';
|
||||
if ('greenlock.js' === gl._communityPackage) {
|
||||
gl._communityPackage = gl._communityPackage || "greenlock.js";
|
||||
if ("greenlock.js" === gl._communityPackage) {
|
||||
gl._communityPackageVersion = pkg.version;
|
||||
} else {
|
||||
gl._communityPackageVersion = gl._communityPackageVersion || ('greenlock.js-' + pkg.version);
|
||||
gl._communityPackageVersion =
|
||||
gl._communityPackageVersion || "greenlock.js-" + pkg.version;
|
||||
}
|
||||
gl.agreeToTerms = gl.agreeToTerms || function (args, agreeCb) {
|
||||
agreeCb(new Error("'agreeToTerms' was not supplied to Greenlock and 'agreeTos' was not supplied to Greenlock.register"));
|
||||
gl.agreeToTerms =
|
||||
gl.agreeToTerms ||
|
||||
function(args, agreeCb) {
|
||||
agreeCb(
|
||||
new Error(
|
||||
"'agreeToTerms' was not supplied to Greenlock and 'agreeTos' was not supplied to Greenlock.register"
|
||||
)
|
||||
);
|
||||
};
|
||||
|
||||
if (!gl.renewWithin) { gl.renewWithin = 14 * DAY; }
|
||||
if (!gl.renewWithin) {
|
||||
gl.renewWithin = 14 * DAY;
|
||||
}
|
||||
// renewBy has a default in le-sni-auto
|
||||
|
||||
|
||||
|
||||
///////////////////////////
|
||||
// BEGIN VERSION MADNESS //
|
||||
///////////////////////////
|
||||
|
||||
gl.version = gl.version || 'draft-11';
|
||||
gl.server = gl.server || 'https://acme-v02.api.letsencrypt.org/directory';
|
||||
gl.version = gl.version || "draft-11";
|
||||
gl.server = gl.server || "https://acme-v02.api.letsencrypt.org/directory";
|
||||
if (!gl.version) {
|
||||
//console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-12' (Let's Encrypt v2 / ACME draft 12)");
|
||||
console.warn("");
|
||||
|
@ -189,45 +205,52 @@ Greenlock.create = function (gl) {
|
|||
console.warn("or");
|
||||
console.warn("");
|
||||
console.warn(" 'v01' for Let's Encrypt v1 (deprecated)");
|
||||
console.warn(" (also 'npm install --save le-acme-core' as this legacy dependency will soon be removed)");
|
||||
console.warn(
|
||||
" (also 'npm install --save le-acme-core' as this legacy dependency will soon be removed)"
|
||||
);
|
||||
console.warn("");
|
||||
console.warn("This will be required in versions v2.3+");
|
||||
console.warn("");
|
||||
console.warn("");
|
||||
} else if ('v02' === gl.version) {
|
||||
gl.version = 'draft-11';
|
||||
} else if ('draft-12' === gl.version) {
|
||||
gl.version = 'draft-11';
|
||||
} else if ('draft-11' === gl.version) {
|
||||
} else if ("v02" === gl.version) {
|
||||
gl.version = "draft-11";
|
||||
} else if ("draft-12" === gl.version) {
|
||||
gl.version = "draft-11";
|
||||
} else if ("draft-11" === gl.version) {
|
||||
// no-op
|
||||
} else if ('v01' !== gl.version) {
|
||||
} else if ("v01" !== gl.version) {
|
||||
throw new Error("Unrecognized version '" + gl.version + "'");
|
||||
}
|
||||
|
||||
if (!gl.server) {
|
||||
throw new Error("opts.server must specify an ACME directory URL, such as 'https://acme-staging-v02.api.letsencrypt.org/directory'");
|
||||
throw new Error(
|
||||
"opts.server must specify an ACME directory URL, such as 'https://acme-staging-v02.api.letsencrypt.org/directory'"
|
||||
);
|
||||
}
|
||||
if ('staging' === gl.server || 'production' === gl.server) {
|
||||
if ('staging' === gl.server) {
|
||||
gl.server = 'https://acme-staging.api.letsencrypt.org/directory';
|
||||
gl.version = 'v01';
|
||||
gl._deprecatedServerName = 'staging';
|
||||
}
|
||||
else if ('production' === gl.server) {
|
||||
gl.server = 'https://acme-v01.api.letsencrypt.org/directory';
|
||||
gl.version = 'v01';
|
||||
gl._deprecatedServerName = 'production';
|
||||
if ("staging" === gl.server || "production" === gl.server) {
|
||||
if ("staging" === gl.server) {
|
||||
gl.server = "https://acme-staging.api.letsencrypt.org/directory";
|
||||
gl.version = "v01";
|
||||
gl._deprecatedServerName = "staging";
|
||||
} else if ("production" === gl.server) {
|
||||
gl.server = "https://acme-v01.api.letsencrypt.org/directory";
|
||||
gl.version = "v01";
|
||||
gl._deprecatedServerName = "production";
|
||||
}
|
||||
console.warn("");
|
||||
console.warn("");
|
||||
console.warn("=== WARNING ===");
|
||||
console.warn("");
|
||||
console.warn("Due to versioning issues the '" + gl._deprecatedServerName + "' option is deprecated.");
|
||||
console.warn(
|
||||
"Due to versioning issues the '" +
|
||||
gl._deprecatedServerName +
|
||||
"' option is deprecated."
|
||||
);
|
||||
console.warn("Please specify the full url and version.");
|
||||
console.warn("");
|
||||
console.warn("For APIs add:");
|
||||
console.warn("\t, \"version\": \"" + gl.version + "\"");
|
||||
console.warn("\t, \"server\": \"" + gl.server + "\"");
|
||||
console.warn('\t, "version": "' + gl.version + '"');
|
||||
console.warn('\t, "server": "' + gl.server + '"');
|
||||
console.warn("");
|
||||
console.warn("For the CLI add:");
|
||||
console.warn("\t--acme-url '" + gl.server + "' \\");
|
||||
|
@ -244,119 +267,161 @@ Greenlock.create = function (gl) {
|
|||
console.warn("Please update to Let's Encrypt v2 (ACME draft 12)");
|
||||
console.warn("");
|
||||
try {
|
||||
return require('le-acme-core').ACME;
|
||||
} catch(e) {
|
||||
return require("le-acme-core").ACME;
|
||||
} catch (e) {
|
||||
console.error("");
|
||||
console.error("=== Error (easy-to-fix) ===");
|
||||
console.error("");
|
||||
console.error("Hey, this isn't a big deal, but you need to manually add v1 support:");
|
||||
console.error(
|
||||
"Hey, this isn't a big deal, but you need to manually add v1 support:"
|
||||
);
|
||||
console.error("");
|
||||
console.error(" npm install --save le-acme-core");
|
||||
console.error("");
|
||||
console.error("Just run that real quick, restart, and everything will work great.");
|
||||
console.error(
|
||||
"Just run that real quick, restart, and everything will work great."
|
||||
);
|
||||
console.error("");
|
||||
console.error("");
|
||||
process.exit(e.code || 13);
|
||||
}
|
||||
}
|
||||
|
||||
if (-1 !== [
|
||||
'https://acme-v02.api.letsencrypt.org/directory'
|
||||
, 'https://acme-staging-v02.api.letsencrypt.org/directory' ].indexOf(gl.server)
|
||||
if (
|
||||
-1 !==
|
||||
[
|
||||
"https://acme-v02.api.letsencrypt.org/directory",
|
||||
"https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
].indexOf(gl.server)
|
||||
) {
|
||||
if ('draft-11' !== gl.version) {
|
||||
console.warn("Detected Let's Encrypt v02 URL. Changing version to draft-12.");
|
||||
gl.version = 'draft-11';
|
||||
if ("draft-11" !== gl.version) {
|
||||
console.warn(
|
||||
"Detected Let's Encrypt v02 URL. Changing version to draft-12."
|
||||
);
|
||||
gl.version = "draft-11";
|
||||
}
|
||||
} else if (-1 !== [
|
||||
'https://acme-v01.api.letsencrypt.org/directory'
|
||||
, 'https://acme-staging.api.letsencrypt.org/directory' ].indexOf(gl.server)
|
||||
|| 'v01' === gl.version
|
||||
} else if (
|
||||
-1 !==
|
||||
[
|
||||
"https://acme-v01.api.letsencrypt.org/directory",
|
||||
"https://acme-staging.api.letsencrypt.org/directory"
|
||||
].indexOf(gl.server) ||
|
||||
"v01" === gl.version
|
||||
) {
|
||||
if ('v01' !== gl.version) {
|
||||
console.warn("Detected Let's Encrypt v01 URL (deprecated). Changing version to v01.");
|
||||
gl.version = 'v01';
|
||||
if ("v01" !== gl.version) {
|
||||
console.warn(
|
||||
"Detected Let's Encrypt v01 URL (deprecated). Changing version to v01."
|
||||
);
|
||||
gl.version = "v01";
|
||||
}
|
||||
}
|
||||
if ('v01' === gl.version) {
|
||||
if ("v01" === gl.version) {
|
||||
ACME = loadLeV01();
|
||||
}
|
||||
/////////////////////////
|
||||
// END VERSION MADNESS //
|
||||
/////////////////////////
|
||||
|
||||
|
||||
|
||||
gl.acme = gl.acme || ACME.create({ debug: gl.debug });
|
||||
gl.acme =
|
||||
gl.acme ||
|
||||
ACME.create({
|
||||
debug: gl.debug,
|
||||
skipChallengeTest: gl.skipChallengeTest,
|
||||
skipDryRun: gl.skipDryRun
|
||||
});
|
||||
if (gl.acme.create) {
|
||||
gl.acme = gl.acme.create(gl);
|
||||
}
|
||||
gl.acme = promisifyAllSelf(gl.acme);
|
||||
gl._acmeOpts = gl.acme.getOptions && gl.acme.getOptions() || gl.acme.options || {};
|
||||
Object.keys(gl._acmeOpts).forEach(function (key) {
|
||||
gl._acmeOpts =
|
||||
(gl.acme.getOptions && gl.acme.getOptions()) || gl.acme.options || {};
|
||||
Object.keys(gl._acmeOpts).forEach(function(key) {
|
||||
if (!(key in gl)) {
|
||||
gl[key] = gl._acmeOpts[key];
|
||||
}
|
||||
});
|
||||
|
||||
try {
|
||||
if (gl.store.create) { gl.store = gl.store.create(gl); }
|
||||
if (gl.store.create) {
|
||||
gl.store = gl.store.create(gl);
|
||||
}
|
||||
gl.store = promisifyAllSelf(gl.store);
|
||||
gl.store.accounts = promisifyAllStore(gl.store.accounts);
|
||||
gl.store.certificates = promisifyAllStore(gl.store.certificates);
|
||||
gl._storeOpts = gl.store.getOptions && gl.store.getOptions() || gl.store.options || {};
|
||||
} catch(e) {
|
||||
gl._storeOpts =
|
||||
(gl.store.getOptions && gl.store.getOptions()) || gl.store.options || {};
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
console.error("\nPROBABLE CAUSE:\n"
|
||||
+ "\tYour greenlock-store module should have a create function and return { options, accounts, certificates }\n");
|
||||
console.error(
|
||||
"\nPROBABLE CAUSE:\n" +
|
||||
"\tYour greenlock-store module should have a create function and return { options, accounts, certificates }\n"
|
||||
);
|
||||
process.exit(18);
|
||||
return;
|
||||
}
|
||||
Object.keys(gl._storeOpts).forEach(function (key) {
|
||||
Object.keys(gl._storeOpts).forEach(function(key) {
|
||||
if (!(key in gl)) {
|
||||
gl[key] = gl._storeOpts[key];
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
//
|
||||
// Backwards compat for <= v2.1.7
|
||||
//
|
||||
if (gl.challenge) {
|
||||
console.warn("Deprecated use of gl.challenge. Use gl.challenges['" + Greenlock.challengeType + "'] instead.");
|
||||
console.warn(
|
||||
"Deprecated use of gl.challenge. Use gl.challenges['" +
|
||||
Greenlock.challengeType +
|
||||
"'] instead."
|
||||
);
|
||||
gl.challenges[gl.challengeType] = gl.challenge;
|
||||
gl.challenge = undefined;
|
||||
}
|
||||
|
||||
Object.keys(gl.challenges||{}).forEach(function (challengeType) {
|
||||
Object.keys(gl.challenges || {}).forEach(function(challengeType) {
|
||||
var challenger = gl.challenges[challengeType];
|
||||
|
||||
if (challenger.create) {
|
||||
challenger = gl.challenges[challengeType] = challenger.create(gl);
|
||||
}
|
||||
challenger = gl.challenges[challengeType] = promisifyAllSelf(challenger);
|
||||
gl['_challengeOpts_' + challengeType] = challenger.getOptions && challenger.getOptions() || challenger.options || {};
|
||||
Object.keys(gl['_challengeOpts_' + challengeType]).forEach(function (key) {
|
||||
gl["_challengeOpts_" + challengeType] =
|
||||
(challenger.getOptions && challenger.getOptions()) ||
|
||||
challenger.options ||
|
||||
{};
|
||||
Object.keys(gl["_challengeOpts_" + challengeType]).forEach(function(key) {
|
||||
if (!(key in gl)) {
|
||||
gl[key] = gl['_challengeOpts_' + challengeType][key];
|
||||
gl[key] = gl["_challengeOpts_" + challengeType][key];
|
||||
}
|
||||
});
|
||||
|
||||
// TODO wrap these here and now with tplCopy?
|
||||
if (!challenger.set || ![5,2,1].includes(challenger.set.length)) {
|
||||
throw new Error("gl.challenges[" + challengeType + "].set receives the wrong number of arguments."
|
||||
+ " You must define setChallenge as function (opts) { return Promise.resolve(); }");
|
||||
if (!challenger.set || ![5, 2, 1].includes(challenger.set.length)) {
|
||||
throw new Error(
|
||||
"gl.challenges[" +
|
||||
challengeType +
|
||||
"].set receives the wrong number of arguments." +
|
||||
" You must define setChallenge as function (opts) { return Promise.resolve(); }"
|
||||
);
|
||||
}
|
||||
if (challenger.get && ![4,2,1].includes(challenger.get.length)) {
|
||||
throw new Error("gl.challenges[" + challengeType + "].get receives the wrong number of arguments."
|
||||
+ " You must define getChallenge as function (opts) { return Promise.resolve(); }");
|
||||
if (challenger.get && ![4, 2, 1].includes(challenger.get.length)) {
|
||||
throw new Error(
|
||||
"gl.challenges[" +
|
||||
challengeType +
|
||||
"].get receives the wrong number of arguments." +
|
||||
" You must define getChallenge as function (opts) { return Promise.resolve(); }"
|
||||
);
|
||||
}
|
||||
if (!challenger.remove || ![4,2,1].includes(challenger.remove.length)) {
|
||||
throw new Error("gl.challenges[" + challengeType + "].remove receives the wrong number of arguments."
|
||||
+ " You must define removeChallenge as function (opts) { return Promise.resolve(); }");
|
||||
if (!challenger.remove || ![4, 2, 1].includes(challenger.remove.length)) {
|
||||
throw new Error(
|
||||
"gl.challenges[" +
|
||||
challengeType +
|
||||
"].remove receives the wrong number of arguments." +
|
||||
" You must define removeChallenge as function (opts) { return Promise.resolve(); }"
|
||||
);
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
if (!gl._challengeWarn && (!challenger.loopback || 4 !== challenger.loopback.length)) {
|
||||
gl._challengeWarn = true;
|
||||
console.warn("gl.challenges[" + challengeType + "].loopback should be defined as function (opts, domain, token, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
|
||||
|
@ -372,29 +437,35 @@ Greenlock.create = function (gl) {
|
|||
gl.tlsOptions = gl.tlsOptions || gl.httpsOptions || {};
|
||||
|
||||
// Workaround for https://github.com/nodejs/node/issues/22389
|
||||
gl._updateServernames = function (cert) {
|
||||
if (!gl._certnames) { gl._certnames = {}; }
|
||||
gl._updateServernames = function(cert) {
|
||||
if (!gl._certnames) {
|
||||
gl._certnames = {};
|
||||
}
|
||||
|
||||
// Note: Any given domain could exist on multiple certs
|
||||
// (especially during renewal where some may be added)
|
||||
// hence we use a separate object for each domain and list each domain on it
|
||||
// to get the minimal full set associated with each cert and domain
|
||||
var allDomains = [cert.subject].concat(cert.altnames.slice(0));
|
||||
allDomains.forEach(function (name) {
|
||||
allDomains.forEach(function(name) {
|
||||
name = name.toLowerCase();
|
||||
if (!gl._certnames[name]) {
|
||||
gl._certnames[name] = {};
|
||||
}
|
||||
allDomains.forEach(function (name2) {
|
||||
allDomains.forEach(function(name2) {
|
||||
name2 = name2.toLowerCase();
|
||||
gl._certnames[name][name2] = true;
|
||||
});
|
||||
});
|
||||
};
|
||||
gl._checkServername = function (safeHost, servername) {
|
||||
gl._checkServername = function(safeHost, servername) {
|
||||
// odd, but acceptable
|
||||
if (!safeHost || !servername) { return true; }
|
||||
if (safeHost === servername) { return true; }
|
||||
if (!safeHost || !servername) {
|
||||
return true;
|
||||
}
|
||||
if (safeHost === servername) {
|
||||
return true;
|
||||
}
|
||||
// connection established with servername and session is re-used for allowed name
|
||||
if (gl._certnames[servername] && gl._certnames[servername][safeHost]) {
|
||||
return true;
|
||||
|
@ -409,15 +480,19 @@ Greenlock.create = function (gl) {
|
|||
gl.approveDomains = null;
|
||||
}
|
||||
if (!gl.approveDomains) {
|
||||
gl.approveDomains = function (lexOpts, cb) {
|
||||
gl.approveDomains = function(lexOpts, cb) {
|
||||
var err;
|
||||
var emsg;
|
||||
|
||||
if (!gl.email) {
|
||||
throw new Error("le-sni-auto is not properly configured. Missing email");
|
||||
throw new Error(
|
||||
"le-sni-auto is not properly configured. Missing email"
|
||||
);
|
||||
}
|
||||
if (!gl.agreeTos) {
|
||||
throw new Error("le-sni-auto is not properly configured. Missing agreeTos");
|
||||
throw new Error(
|
||||
"le-sni-auto is not properly configured. Missing agreeTos"
|
||||
);
|
||||
}
|
||||
if (!/[a-z]/i.test(lexOpts.domain)) {
|
||||
cb(new Error("le-sni-auto does not allow IP addresses in SNI"));
|
||||
|
@ -431,9 +506,11 @@ Greenlock.create = function (gl) {
|
|||
return cb(null, lexOpts);
|
||||
}
|
||||
|
||||
if (lexOpts.domains.every(function (domain) {
|
||||
if (
|
||||
lexOpts.domains.every(function(domain) {
|
||||
return -1 !== gl.approvedDomains.indexOf(domain);
|
||||
})) {
|
||||
})
|
||||
) {
|
||||
// commented this out because people expect to be able to edit the list of domains
|
||||
// lexOpts.domains = gl.approvedDomains.slice(0);
|
||||
lexOpts.email = gl.email;
|
||||
|
@ -443,38 +520,62 @@ Greenlock.create = function (gl) {
|
|||
return cb(null, lexOpts);
|
||||
}
|
||||
|
||||
emsg = "tls SNI for '" + lexOpts.domains.join(',') + "' rejected: not in list '" + gl.approvedDomains + "'";
|
||||
emsg =
|
||||
"tls SNI for '" +
|
||||
lexOpts.domains.join(",") +
|
||||
"' rejected: not in list '" +
|
||||
gl.approvedDomains +
|
||||
"'";
|
||||
log(gl.debug, emsg, lexOpts.domains, gl.approvedDomains);
|
||||
err = new Error(emsg);
|
||||
err.code = 'E_REJECT_SNI';
|
||||
err.code = "E_REJECT_SNI";
|
||||
cb(err);
|
||||
};
|
||||
}
|
||||
|
||||
gl.getCertificates = function (domain, certs, cb) {
|
||||
gl.getCertificates = function(domain, certs, cb) {
|
||||
// certs come from current in-memory cache, not lookup
|
||||
log(gl.debug, 'gl.getCertificates called for', domain, 'with certs for', certs && certs.altnames || 'NONE');
|
||||
log(
|
||||
gl.debug,
|
||||
"gl.getCertificates called for",
|
||||
domain,
|
||||
"with certs for",
|
||||
(certs && certs.altnames) || "NONE"
|
||||
);
|
||||
var opts = {
|
||||
domain: domain, domains: certs && certs.altnames || [ domain ]
|
||||
, certs: certs, certificate: {}, account: {}
|
||||
domain: domain,
|
||||
domains: (certs && certs.altnames) || [domain],
|
||||
certs: certs,
|
||||
certificate: {},
|
||||
account: {}
|
||||
};
|
||||
opts.wildname = '*.' + (domain||'').split('.').slice(1).join('.');
|
||||
opts.wildname =
|
||||
"*." +
|
||||
(domain || "")
|
||||
.split(".")
|
||||
.slice(1)
|
||||
.join(".");
|
||||
|
||||
function cb2(results) {
|
||||
log(gl.debug, 'gl.approveDomains called with certs for', results.certs && results.certs.altnames || 'NONE', 'and options:');
|
||||
log(gl.debug, results.options);
|
||||
log(
|
||||
gl.debug,
|
||||
"gl.approveDomains called with certs for",
|
||||
(results.certs && results.certs.altnames) || "NONE",
|
||||
"and options:"
|
||||
);
|
||||
log(gl.debug, results.options || results);
|
||||
var err;
|
||||
if (!results) {
|
||||
err = new Error('E_REJECT_SNI');
|
||||
err.code = 'E_REJECT_SNI';
|
||||
err = new Error("E_REJECT_SNI");
|
||||
err.code = "E_REJECT_SNI";
|
||||
eb2(err);
|
||||
return;
|
||||
}
|
||||
|
||||
var options = results.options || results;
|
||||
if (opts !== options) {
|
||||
Object.keys(options).forEach(function (key) {
|
||||
if ('undefined' !== typeof options[key] && 'domain' !== key) {
|
||||
Object.keys(options).forEach(function(key) {
|
||||
if ("undefined" !== typeof options[key] && "domain" !== key) {
|
||||
opts[key] = options[key];
|
||||
}
|
||||
});
|
||||
|
@ -485,33 +586,41 @@ Greenlock.create = function (gl) {
|
|||
}
|
||||
options.altnames = options.domains;
|
||||
// just in case we get a completely different object from the one we originally created
|
||||
if (!options.account) { options.account = {}; }
|
||||
if (!options.certificate) { options.certificate = {}; }
|
||||
if (!options.account) {
|
||||
options.account = {};
|
||||
}
|
||||
if (!options.certificate) {
|
||||
options.certificate = {};
|
||||
}
|
||||
if (results.certs) {
|
||||
log(gl.debug, 'gl renewing');
|
||||
log(gl.debug, "gl renewing");
|
||||
return gl.core.certificates.renewAsync(options, results.certs).then(
|
||||
function (certs) {
|
||||
function(certs) {
|
||||
// Workaround for https://github.com/nodejs/node/issues/22389
|
||||
gl._updateServernames(certs);
|
||||
cb(null, certs);
|
||||
}
|
||||
, function (e) {
|
||||
console.debug("Error renewing certificate for '" + domain + "':");
|
||||
},
|
||||
function(e) {
|
||||
console.debug(
|
||||
"Error renewing certificate for '" + domain + "':"
|
||||
);
|
||||
console.debug(e);
|
||||
console.error("");
|
||||
cb(e);
|
||||
}
|
||||
);
|
||||
} else {
|
||||
log(gl.debug, 'gl getting from disk or registering new');
|
||||
log(gl.debug, "gl getting from disk or registering new");
|
||||
return gl.core.certificates.getAsync(options).then(
|
||||
function (certs) {
|
||||
function(certs) {
|
||||
// Workaround for https://github.com/nodejs/node/issues/22389
|
||||
gl._updateServernames(certs);
|
||||
cb(null, certs);
|
||||
}
|
||||
, function (e) {
|
||||
console.debug("Error loading/registering certificate for '" + domain + "':");
|
||||
},
|
||||
function(e) {
|
||||
console.debug(
|
||||
"Error loading/registering certificate for '" + domain + "':"
|
||||
);
|
||||
console.debug(e);
|
||||
console.error("");
|
||||
cb(e);
|
||||
|
@ -521,9 +630,13 @@ Greenlock.create = function (gl) {
|
|||
}
|
||||
function eb2(_err) {
|
||||
if (false !== gl.logRejectedDomains) {
|
||||
console.error("[Error] approveDomains rejected tls sni '" + domain + "'");
|
||||
console.error("[Error] (see https://git.coolaj86.com/coolaj86/greenlock.js/issues/11)");
|
||||
if ('E_REJECT_SNI' !== _err.code) {
|
||||
console.error(
|
||||
"[Error] approveDomains rejected tls sni '" + domain + "'"
|
||||
);
|
||||
console.error(
|
||||
"[Error] (see https://git.coolaj86.com/coolaj86/greenlock.js/issues/11)"
|
||||
);
|
||||
if ("E_REJECT_SNI" !== _err.code) {
|
||||
console.error("[Error] This is the rejection message:");
|
||||
console.error(_err.message);
|
||||
}
|
||||
|
@ -533,45 +646,55 @@ Greenlock.create = function (gl) {
|
|||
return;
|
||||
}
|
||||
function mb2(_err, results) {
|
||||
if (_err) { eb2(_err); return; }
|
||||
if (_err) {
|
||||
eb2(_err);
|
||||
return;
|
||||
}
|
||||
cb2(results);
|
||||
}
|
||||
|
||||
try {
|
||||
if (1 === gl.approveDomains.length) {
|
||||
PromiseA.resolve(gl.approveDomains(opts)).then(cb2).catch(eb2);
|
||||
Promise.resolve(gl.approveDomains(opts))
|
||||
.then(cb2)
|
||||
.catch(eb2);
|
||||
} else if (2 === gl.approveDomains.length) {
|
||||
gl.approveDomains(opts, mb2);
|
||||
} else {
|
||||
gl.approveDomains(opts, certs, mb2);
|
||||
}
|
||||
} catch(e) {
|
||||
} catch (e) {
|
||||
console.error("[ERROR] Something went wrong in approveDomains:");
|
||||
console.error(e);
|
||||
console.error("BUT WAIT! Good news: It's probably your fault, so you can probably fix it.");
|
||||
console.error(
|
||||
"BUT WAIT! Good news: It's probably your fault, so you can probably fix it."
|
||||
);
|
||||
}
|
||||
};
|
||||
}
|
||||
gl.sni = gl.sni || require('le-sni-auto');
|
||||
gl.sni = gl.sni || require("le-sni-auto");
|
||||
if (gl.sni.create) {
|
||||
gl.sni = gl.sni.create(gl);
|
||||
}
|
||||
gl.tlsOptions.SNICallback = function (_domain, cb) {
|
||||
gl.tlsOptions.SNICallback = function(_domain, cb) {
|
||||
// format and (lightly) sanitize sni so that users can be naive
|
||||
// and not have to worry about SQL injection or fs discovery
|
||||
var domain = (_domain||'').toLowerCase();
|
||||
var domain = (_domain || "").toLowerCase();
|
||||
// hostname labels allow a-z, 0-9, -, and are separated by dots
|
||||
// _ is sometimes allowed
|
||||
// REGEX // https://www.codeproject.com/Questions/1063023/alphanumeric-validation-javascript-without-regex
|
||||
if (!gl.__sni_allow_dangerous_names && (!/^[a-z0-9_\.\-]+$/i.test(domain) || -1 !== domain.indexOf('..'))) {
|
||||
if (
|
||||
!gl.__sni_allow_dangerous_names &&
|
||||
(!/^[a-z0-9_\.\-]+$/i.test(domain) || -1 !== domain.indexOf(".."))
|
||||
) {
|
||||
log(gl.debug, "invalid sni '" + domain + "'");
|
||||
cb(new Error("invalid SNI"));
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
gl.sni.sniCallback(gl.__sni_preserve_case && _domain || domain, cb);
|
||||
} catch(e) {
|
||||
gl.sni.sniCallback((gl.__sni_preserve_case && _domain) || domain, cb);
|
||||
} catch (e) {
|
||||
console.error("[ERROR] Something went wrong in the SNICallback:");
|
||||
console.error(e);
|
||||
cb(e);
|
||||
|
@ -587,32 +710,32 @@ Greenlock.create = function (gl) {
|
|||
gl.core = gl.core.create(gl);
|
||||
}
|
||||
|
||||
gl.renew = function (args, certs) {
|
||||
gl.renew = function(args, certs) {
|
||||
return gl.core.certificates.renewAsync(args, certs);
|
||||
};
|
||||
|
||||
gl.register = function (args) {
|
||||
gl.register = function(args) {
|
||||
return gl.core.certificates.getAsync(args);
|
||||
};
|
||||
|
||||
gl.check = function (args) {
|
||||
gl.check = function(args) {
|
||||
// TODO must return email, domains, tos, pems
|
||||
return gl.core.certificates.checkAsync(args);
|
||||
};
|
||||
|
||||
gl.middleware = gl.middleware || require('./lib/middleware');
|
||||
gl.middleware = gl.middleware || require("./lib/middleware");
|
||||
if (gl.middleware.create) {
|
||||
gl.middleware = gl.middleware.create(gl);
|
||||
}
|
||||
|
||||
//var SERVERNAME_RE = /^[a-z0-9\.\-_]+$/;
|
||||
var SERVERNAME_G = /[^a-z0-9\.\-_]/;
|
||||
gl.middleware.sanitizeHost = function (app) {
|
||||
return function (req, res, next) {
|
||||
gl.middleware.sanitizeHost = function(app) {
|
||||
return function(req, res, next) {
|
||||
function realNext() {
|
||||
if ('function' === typeof app) {
|
||||
if ("function" === typeof app) {
|
||||
app(req, res);
|
||||
} else if ('function' === typeof next) {
|
||||
} else if ("function" === typeof next) {
|
||||
next();
|
||||
} else {
|
||||
res.statusCode = 500;
|
||||
|
@ -620,16 +743,22 @@ Greenlock.create = function (gl) {
|
|||
}
|
||||
}
|
||||
// Get the host:port combo, if it exists
|
||||
var host = (req.headers.host||'').split(':');
|
||||
var host = (req.headers.host || "").split(":");
|
||||
|
||||
// if not, move along
|
||||
if (!host[0]) { realNext(); return; }
|
||||
if (!host[0]) {
|
||||
realNext();
|
||||
return;
|
||||
}
|
||||
|
||||
// if so, remove non-allowed characters
|
||||
var safehost = host[0].toLowerCase().replace(SERVERNAME_G, '');
|
||||
var safehost = host[0].toLowerCase().replace(SERVERNAME_G, "");
|
||||
|
||||
// if there were unallowed characters, complain
|
||||
if (!gl.__sni_allow_dangerous_names && safehost.length !== host[0].length) {
|
||||
if (
|
||||
!gl.__sni_allow_dangerous_names &&
|
||||
safehost.length !== host[0].length
|
||||
) {
|
||||
res.statusCode = 400;
|
||||
res.end("Malformed HTTP Header: 'Host: " + host[0] + "'");
|
||||
return;
|
||||
|
@ -638,28 +767,41 @@ Greenlock.create = function (gl) {
|
|||
// make lowercase
|
||||
if (!gl.__sni_preserve_case) {
|
||||
host[0] = safehost;
|
||||
req.headers.host = host.join(':');
|
||||
req.headers.host = host.join(":");
|
||||
}
|
||||
|
||||
// Note: This sanitize function is also called on plain sockets, which don't need Domain Fronting checks
|
||||
if (req.socket.encrypted && !gl.__sni_allow_domain_fronting) {
|
||||
if (req.socket && 'string' === typeof req.socket.servername) {
|
||||
if (req.socket && "string" === typeof req.socket.servername) {
|
||||
// Workaround for https://github.com/nodejs/node/issues/22389
|
||||
if (!gl._checkServername(safehost, req.socket.servername.toLowerCase())) {
|
||||
if (
|
||||
!gl._checkServername(safehost, req.socket.servername.toLowerCase())
|
||||
) {
|
||||
res.statusCode = 400;
|
||||
res.setHeader('Content-Type', 'text/html; charset=utf-8');
|
||||
res.setHeader("Content-Type", "text/html; charset=utf-8");
|
||||
res.end(
|
||||
"<h1>Domain Fronting Error</h1>"
|
||||
+ "<p>This connection was secured using TLS/SSL for '" + req.socket.servername.toLowerCase() + "'</p>"
|
||||
+ "<p>The HTTP request specified 'Host: " + safehost + "', which is (obviously) different.</p>"
|
||||
+ "<p>Because this looks like a domain fronting attack, the connection has been terminated.</p>"
|
||||
"<h1>Domain Fronting Error</h1>" +
|
||||
"<p>This connection was secured using TLS/SSL for '" +
|
||||
req.socket.servername.toLowerCase() +
|
||||
"'</p>" +
|
||||
"<p>The HTTP request specified 'Host: " +
|
||||
safehost +
|
||||
"', which is (obviously) different.</p>" +
|
||||
"<p>Because this looks like a domain fronting attack, the connection has been terminated.</p>"
|
||||
);
|
||||
return;
|
||||
}
|
||||
} else if (safehost && !gl.middleware.sanitizeHost._skip_fronting_check) {
|
||||
} else if (
|
||||
safehost &&
|
||||
!gl.middleware.sanitizeHost._skip_fronting_check
|
||||
) {
|
||||
// TODO how to handle wrapped sockets, as with telebit?
|
||||
console.warn("\n\n\n[greenlock] WARN: no string for req.socket.servername,"
|
||||
+ " skipping fronting check for '" + safehost + "'\n\n\n");
|
||||
console.warn(
|
||||
"\n\n\n[greenlock] WARN: no string for req.socket.servername," +
|
||||
" skipping fronting check for '" +
|
||||
safehost +
|
||||
"'\n\n\n"
|
||||
);
|
||||
gl.middleware.sanitizeHost._skip_fronting_check = true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
'use strict';
|
||||
|
||||
function requireBluebird() {
|
||||
try {
|
||||
return require('bluebird');
|
||||
} catch(e) {
|
||||
console.error("");
|
||||
console.error("DON'T PANIC. You're running an old version of node with incomplete Promise support.");
|
||||
console.error("EASY FIX: `npm install --save bluebird`");
|
||||
console.error("");
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
if ('undefined' === typeof Promise) {
|
||||
global.Promise = requireBluebird();
|
||||
}
|
||||
|
||||
if ('function' !== typeof require('util').promisify) {
|
||||
require('util').promisify = requireBluebird().promisify;
|
||||
}
|
35
lib/core.js
35
lib/core.js
|
@ -1,11 +1,7 @@
|
|||
'use strict';
|
||||
/*global Promise*/
|
||||
require('./compat.js');
|
||||
|
||||
var PromiseA;
|
||||
try {
|
||||
PromiseA = require('bluebird');
|
||||
} catch(e) {
|
||||
PromiseA = global.Promise;
|
||||
}
|
||||
var util = require('util');
|
||||
function promisifyAll(obj) {
|
||||
var aobj = {};
|
||||
|
@ -42,7 +38,7 @@ module.exports.create = function (gl) {
|
|||
|
||||
// TODO check response header on request for cache time
|
||||
if ((now - gl._ipc.acmeUrlsUpdatedAt) < 10 * 60 * 1000) {
|
||||
return PromiseA.resolve(gl._ipc.acmeUrls);
|
||||
return Promise.resolve(gl._ipc.acmeUrls);
|
||||
}
|
||||
|
||||
// TODO acme-v2/nocompat
|
||||
|
@ -79,7 +75,7 @@ module.exports.create = function (gl) {
|
|||
+ " and 'rsaKeySize' must be 2048 or greater."
|
||||
);
|
||||
err.code = 'E_ARGS';
|
||||
return PromiseA.reject(err);
|
||||
return Promise.reject(err);
|
||||
}
|
||||
|
||||
return utils.testEmail(args.email).then(function () {
|
||||
|
@ -156,9 +152,9 @@ module.exports.create = function (gl) {
|
|||
if (newAccountKeypair) {
|
||||
accountKeypairPromise = gl.store.accounts.setKeypairAsync(args, keypair);
|
||||
}
|
||||
return PromiseA.resolve(accountKeypairPromise).then(function () {
|
||||
return Promise.resolve(accountKeypairPromise).then(function () {
|
||||
// TODO move templating of arguments to right here?
|
||||
if (!gl.store.accounts.setAsync) { return PromiseA.resolve({ keypair: keypair }); }
|
||||
if (!gl.store.accounts.setAsync) { return Promise.resolve({ keypair: keypair }); }
|
||||
return gl.store.accounts.setAsync(args, reg).then(function (account) {
|
||||
if (account && 'object' !== typeof account) {
|
||||
throw new Error("store.accounts.setAsync should either return 'null' or an object with at least a string 'id'");
|
||||
|
@ -181,7 +177,7 @@ module.exports.create = function (gl) {
|
|||
if (gl.store.accounts.checkAsync) {
|
||||
accountPromise = core.accounts.checkAsync(args);
|
||||
}
|
||||
return PromiseA.resolve(accountPromise).then(function (account) {
|
||||
return Promise.resolve(accountPromise).then(function (account) {
|
||||
if (!account) { return core.accounts.registerAsync(args); }
|
||||
if (account.keypair) { return account; }
|
||||
|
||||
|
@ -201,7 +197,7 @@ module.exports.create = function (gl) {
|
|||
var requiredArgs = ['accountId', 'email', 'domains', 'domain'];
|
||||
if (!(args.account && (args.account.id || args.account.kid))
|
||||
&& !requiredArgs.some(function (key) { return -1 !== Object.keys(args).indexOf(key); })) {
|
||||
return PromiseA.reject(new Error(
|
||||
return Promise.reject(new Error(
|
||||
"In order to register or retrieve an account one of '" + requiredArgs.join("', '") + "' must be present"
|
||||
));
|
||||
}
|
||||
|
@ -213,7 +209,7 @@ module.exports.create = function (gl) {
|
|||
|
||||
// we can re-register the same account until we're blue in the face and it's all the same
|
||||
// of course, we can also skip the lookup if we do store the account, but whatever
|
||||
if (!gl.store.accounts.checkAsync) { return PromiseA.resolve(null); }
|
||||
if (!gl.store.accounts.checkAsync) { return Promise.resolve(null); }
|
||||
return gl.store.accounts.checkAsync(args).then(function (account) {
|
||||
|
||||
if (!account) {
|
||||
|
@ -240,7 +236,7 @@ module.exports.create = function (gl) {
|
|||
args = utils.tplCopy(copy);
|
||||
|
||||
if (!Array.isArray(args.domains)) {
|
||||
return PromiseA.reject(new Error('args.domains should be an array of domains'));
|
||||
return Promise.reject(new Error('args.domains should be an array of domains'));
|
||||
}
|
||||
//if (-1 === args.domains.indexOf(args.subject)) // TODO relax the constraint once acme-v2 handles subject?
|
||||
if (args.subject !== args.domains[0]) {
|
||||
|
@ -250,7 +246,7 @@ module.exports.create = function (gl) {
|
|||
console.warn('\topts.domains: (set by you in approveDomains()) ' + args.domains.join(','));
|
||||
console.warn("Updating your code will prevent weird, random, hard-to-repro bugs during renewals");
|
||||
console.warn("(also this will be required in the next major version of greenlock)");
|
||||
//return PromiseA.reject(new Error('certificate subject (primary domain) must be the first in opts.domains'));
|
||||
//return Promise.reject(new Error('certificate subject (primary domain) must be the first in opts.domains'));
|
||||
}
|
||||
if (!(args.domains.length && args.domains.every(utils.isValidDomain))) {
|
||||
// NOTE: this library can't assume to handle the http loopback
|
||||
|
@ -258,7 +254,7 @@ module.exports.create = function (gl) {
|
|||
// so we do not check dns records or attempt a loopback here
|
||||
err = new Error("invalid domain name(s): '(" + args.subject + ') ' + args.domains.join(',') + "'");
|
||||
err.code = "INVALID_DOMAIN";
|
||||
return PromiseA.reject(err);
|
||||
return Promise.reject(err);
|
||||
}
|
||||
|
||||
// If a previous request to (re)register a certificate is already underway we need
|
||||
|
@ -384,6 +380,9 @@ module.exports.create = function (gl) {
|
|||
Object.keys(challenge).forEach(function (key) {
|
||||
done[key] = challenge[key];
|
||||
});
|
||||
// regression bugfix for le-challenge-cloudflare
|
||||
// (_acme-challege => _greenlock-dryrun-XXXX)
|
||||
copy.acmePrefix = (challenge.dnsHost||'').replace(/\.*/, '') || copy.acmePrefix;
|
||||
gl.challenges[challenge.type].set(copy, challenge.altname, challenge.token, challenge.keyAuthorization, done);
|
||||
}
|
||||
};
|
||||
|
@ -429,7 +428,7 @@ module.exports.create = function (gl) {
|
|||
args.keypair = domainKeypair;
|
||||
promise = gl.store.certificates.setKeypairAsync(args, domainKeypair);
|
||||
}
|
||||
return PromiseA.resolve(promise).then(function () {
|
||||
return Promise.resolve(promise).then(function () {
|
||||
return gl.store.certificates.setAsync(args).then(function () {
|
||||
return results;
|
||||
});
|
||||
|
@ -455,7 +454,7 @@ module.exports.create = function (gl) {
|
|||
+ new Date(renewableAt).toISOString() + "'. Set { duplicate: true } to force."
|
||||
);
|
||||
err.code = 'E_NOT_RENEWABLE';
|
||||
return PromiseA.reject(err);
|
||||
return Promise.reject(err);
|
||||
}
|
||||
|
||||
// Either the cert has entered its renewal period
|
||||
|
|
16
lib/utils.js
16
lib/utils.js
|
@ -1,12 +1,12 @@
|
|||
'use strict';
|
||||
require('./compat.js');
|
||||
|
||||
var path = require('path');
|
||||
var homeRe = new RegExp("^~(\\/|\\\\|\\" + path.sep + ")");
|
||||
// very basic check. Allows *.example.com.
|
||||
var re = /^(\*\.)?[a-zA-Z0-9\.\-]+$/;
|
||||
var punycode = require('punycode');
|
||||
var promisify = (require('util').promisify || require('bluebird').promisify);
|
||||
var dnsResolveMxAsync = promisify(require('dns').resolveMx);
|
||||
var dnsResolveMxAsync = require('util').promisify(require('dns').resolveMx);
|
||||
|
||||
module.exports.attachCertInfo = function (results) {
|
||||
var certInfo = require('cert-info').info(results.cert);
|
||||
|
@ -54,12 +54,24 @@ module.exports.merge = function (/*defaults, args*/) {
|
|||
|
||||
allDefaults.forEach(function (defaults) {
|
||||
Object.keys(defaults).forEach(function (key) {
|
||||
if ('challenges' === key && copy[key] && defaults[key]) {
|
||||
Object.keys(defaults[key]).forEach(function (k) {
|
||||
copy[key][k] = defaults[key][k];
|
||||
});
|
||||
} else {
|
||||
copy[key] = defaults[key];
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
Object.keys(args).forEach(function (key) {
|
||||
if ('challenges' === key && copy[key] && args[key]) {
|
||||
Object.keys(args[key]).forEach(function (k) {
|
||||
copy[key][k] = args[key][k];
|
||||
});
|
||||
} else {
|
||||
copy[key] = args[key];
|
||||
}
|
||||
});
|
||||
|
||||
return copy;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "greenlock",
|
||||
"version": "2.7.22",
|
||||
"version": "2.7.23",
|
||||
"description": "Greenlock is Let's Encrypt (ACME) client for node.js",
|
||||
"homepage": "https://greenlock.domains/",
|
||||
"main": "index.js",
|
||||
|
|
|
@ -1,106 +0,0 @@
|
|||
'use strict';
|
||||
|
||||
var PromiseA = require('bluebird');
|
||||
var path = require('path');
|
||||
var requestAsync = PromiseA.promisify(require('@coolaj86/request'));
|
||||
var LE = require('../').LE;
|
||||
var le = LE.create({
|
||||
server: 'staging'
|
||||
, acme: require('le-acme-core').ACME.create()
|
||||
, store: require('le-store-certbot').create({
|
||||
configDir: '~/letsencrypt.test/etc'.split('/').join(path.sep)
|
||||
, webrootPath: '~/letsencrypt.test/var/:hostname'.split('/').join(path.sep)
|
||||
})
|
||||
, challenge: require('le-challenge-fs').create({
|
||||
webrootPath: '~/letsencrypt.test/var/:hostname'.split('/').join(path.sep)
|
||||
})
|
||||
, debug: true
|
||||
});
|
||||
var utils = require('../lib/utils');
|
||||
|
||||
if ('/.well-known/acme-challenge/' !== LE.acmeChallengePrefix) {
|
||||
throw new Error("Bad constant 'acmeChallengePrefix'");
|
||||
}
|
||||
|
||||
var baseUrl;
|
||||
// could use localhost as well, but for the sake of an FQDN for testing, we use this
|
||||
// also, example.com is just a junk domain to make sure that it is ignored
|
||||
// (even though it should always be an array of only one element in lib/core.js)
|
||||
var domains = [ 'localhost.daplie.com', 'example.com' ]; // or just localhost
|
||||
var token = 'token-id';
|
||||
var secret = 'key-secret';
|
||||
|
||||
var tests = [
|
||||
function () {
|
||||
console.log('Test Url:', baseUrl + token);
|
||||
return requestAsync({ url: baseUrl + token }).then(function (req) {
|
||||
if (404 !== req.statusCode) {
|
||||
console.log(req.statusCode);
|
||||
throw new Error("Should be status 404");
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
, function () {
|
||||
var copy = utils.merge({ domains: domains }, le);
|
||||
copy = utils.tplCopy(copy);
|
||||
return PromiseA.promisify(le.challenge.set)(copy, domains[0], token, secret);
|
||||
}
|
||||
|
||||
, function () {
|
||||
return requestAsync(baseUrl + token).then(function (req) {
|
||||
if (200 !== req.statusCode) {
|
||||
console.log(req.statusCode, req.body);
|
||||
throw new Error("Should be status 200");
|
||||
}
|
||||
|
||||
if (req.body !== secret) {
|
||||
console.error(token, secret, req.body);
|
||||
throw new Error("req.body should be secret");
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
, function () {
|
||||
var copy = utils.merge({ domains: domains }, le);
|
||||
copy = utils.tplCopy(copy);
|
||||
return PromiseA.promisify(le.challenge.remove)(copy, domains[0], token);
|
||||
}
|
||||
|
||||
, function () {
|
||||
return requestAsync(baseUrl + token).then(function (req) {
|
||||
if (404 !== req.statusCode) {
|
||||
console.log(req.statusCode);
|
||||
throw new Error("Should be status 404");
|
||||
}
|
||||
});
|
||||
}
|
||||
];
|
||||
|
||||
function run() {
|
||||
//var express = require(express);
|
||||
var server = require('http').createServer(le.middleware());
|
||||
server.listen(0, function () {
|
||||
console.log('Server running, proceeding to test.');
|
||||
baseUrl = 'http://' + domains[0] + ':' + server.address().port + LE.acmeChallengePrefix;
|
||||
|
||||
function next() {
|
||||
var test = tests.shift();
|
||||
if (!test) {
|
||||
console.info('All tests passed');
|
||||
server.close();
|
||||
return;
|
||||
}
|
||||
|
||||
test().then(next, function (err) {
|
||||
console.error('ERROR');
|
||||
console.error(err.stack);
|
||||
server.close();
|
||||
});
|
||||
}
|
||||
|
||||
next();
|
||||
});
|
||||
}
|
||||
|
||||
run();
|
Loading…
Reference in New Issue