424 lines
14 KiB
JavaScript
424 lines
14 KiB
JavaScript
'use strict';
|
|
|
|
var DAY = 24 * 60 * 60 * 1000;
|
|
//var MIN = 60 * 1000;
|
|
var ACME = require('acme-v2/compat').ACME;
|
|
|
|
var LE = module.exports;
|
|
LE.LE = LE;
|
|
// in-process cache, shared between all instances
|
|
var ipc = {};
|
|
|
|
function _log(debug) {
|
|
if (debug) {
|
|
var args = Array.prototype.slice.call(arguments);
|
|
args.shift();
|
|
args.unshift("[le/index.js]");
|
|
console.log.apply(console, args);
|
|
}
|
|
}
|
|
|
|
LE.defaults = {
|
|
productionServerUrl: 'https://acme-v01.api.letsencrypt.org/directory'
|
|
, stagingServerUrl: 'https://acme-staging.api.letsencrypt.org/directory'
|
|
|
|
, rsaKeySize: ACME.rsaKeySize || 2048
|
|
, challengeType: ACME.challengeType || 'http-01'
|
|
, challengeTypes: ACME.challengeTypes || [ 'http-01', 'dns-01' ]
|
|
|
|
, acmeChallengePrefix: ACME.acmeChallengePrefix
|
|
};
|
|
|
|
// backwards compat
|
|
Object.keys(LE.defaults).forEach(function (key) {
|
|
LE[key] = LE.defaults[key];
|
|
});
|
|
|
|
// show all possible options
|
|
var u; // undefined
|
|
LE._undefined = {
|
|
acme: u
|
|
, store: u
|
|
, challenge: u
|
|
, challenges: u
|
|
, sni: u
|
|
, tlsOptions: u
|
|
|
|
, register: u
|
|
, check: u
|
|
|
|
, renewWithin: u // le-auto-sni and core
|
|
//, renewBy: u // le-auto-sni
|
|
, acmeChallengePrefix: u
|
|
, rsaKeySize: u
|
|
, challengeType: u
|
|
, server: u
|
|
, version: u
|
|
, agreeToTerms: u
|
|
, _ipc: u
|
|
, duplicate: u
|
|
, _acmeUrls: u
|
|
};
|
|
LE._undefine = function (le) {
|
|
Object.keys(LE._undefined).forEach(function (key) {
|
|
if (!(key in le)) {
|
|
le[key] = u;
|
|
}
|
|
});
|
|
|
|
return le;
|
|
};
|
|
LE.create = function (le) {
|
|
var PromiseA = require('bluebird');
|
|
|
|
le.store = le.store || require('le-store-certbot').create({ debug: le.debug });
|
|
le.core = require('./lib/core');
|
|
var log = le.log || _log;
|
|
|
|
if (!le.challenges) {
|
|
le.challenges = {};
|
|
}
|
|
if (!le.challenges['http-01']) {
|
|
le.challenges['http-01'] = require('le-challenge-fs').create({ debug: le.debug });
|
|
}
|
|
/*
|
|
if (!le.challenges['tls-sni-01']) {
|
|
le.challenges['tls-sni-01'] = require('le-challenge-sni').create({ debug: le.debug });
|
|
}
|
|
*/
|
|
if (!le.challenges['dns-01']) {
|
|
try {
|
|
le.challenges['dns-01'] = require('le-challenge-ddns').create({ debug: le.debug });
|
|
} catch(e) {
|
|
try {
|
|
le.challenges['dns-01'] = require('le-challenge-dns').create({ debug: le.debug });
|
|
} catch(e) {
|
|
// not yet implemented
|
|
}
|
|
}
|
|
}
|
|
|
|
le = LE._undefine(le);
|
|
le.acmeChallengePrefix = LE.acmeChallengePrefix;
|
|
le.rsaKeySize = le.rsaKeySize || LE.rsaKeySize;
|
|
le.challengeType = le.challengeType || LE.challengeType;
|
|
le._ipc = ipc;
|
|
le._communityPackage = le._communityPackage || 'greenlock.js';
|
|
le.agreeToTerms = le.agreeToTerms || function (args, agreeCb) {
|
|
agreeCb(new Error("'agreeToTerms' was not supplied to LE and 'agreeTos' was not supplied to LE.register"));
|
|
};
|
|
|
|
if (!le.renewWithin) { le.renewWithin = 14 * DAY; }
|
|
// renewBy has a default in le-sni-auto
|
|
|
|
|
|
|
|
///////////////////////////
|
|
// BEGIN VERSION MADNESS //
|
|
///////////////////////////
|
|
|
|
if (!le.version) {
|
|
//console.warn("Please specify version: 'v01' (Let's Encrypt v1) or 'draft-11' (Let's Encrypt v2 / ACME draft 11)");
|
|
console.warn("");
|
|
console.warn("");
|
|
console.warn("");
|
|
console.warn("====================================================================");
|
|
console.warn("== greenlock.js (v2.2.0+) ==");
|
|
console.warn("====================================================================");
|
|
console.warn("");
|
|
console.warn("Please specify 'version' option:");
|
|
console.warn("");
|
|
console.warn(" 'draft-11' for Let's Encrypt v2 and ACME draft 11");
|
|
console.warn(" ('v02' is an alias of 'draft-11'");
|
|
console.warn("");
|
|
console.warn("or");
|
|
console.warn("");
|
|
console.warn(" 'v01' for Let's Encrypt v1 (deprecated)");
|
|
console.warn("");
|
|
console.warn("====================================================================");
|
|
console.warn("== this will be required from version v2.3 forward ==");
|
|
console.warn("====================================================================");
|
|
console.warn("");
|
|
console.warn("");
|
|
console.warn("");
|
|
} else if ('v02' === le.version) {
|
|
le.version = 'draft-11';
|
|
} else if ('v01' !== le.version && 'draft-11' !== le.version) {
|
|
throw new Error("Unrecognized version '" + le.version + "'");
|
|
}
|
|
|
|
if (!le.server) {
|
|
throw new Error("opts.server must specify an ACME directory URL, such as 'https://acme-staging-v02.api.letsencrypt.org/directory'");
|
|
}
|
|
if ('staging' === le.server) {
|
|
le.server = 'https://acme-staging.api.letsencrypt.org/directory';
|
|
le.version = 'v01';
|
|
console.warn("");
|
|
console.warn("");
|
|
console.warn("=== WARNING ===");
|
|
console.warn("");
|
|
console.warn("Due to versioning issues the 'staging' option is deprecated. Please specify the full url and version.");
|
|
console.warn("");
|
|
console.warn("\t--acme-url '" + le.server + "' \\");
|
|
console.warn("\t--acme-version '" + le.version + "' \\");
|
|
console.warn("");
|
|
console.warn("");
|
|
}
|
|
else if ('production' === le.server) {
|
|
le.server = 'https://acme-v01.api.letsencrypt.org/directory';
|
|
le.version = 'v01';
|
|
console.warn("");
|
|
console.warn("");
|
|
console.warn("=== WARNING ===");
|
|
console.warn("");
|
|
console.warn("Due to versioning issues the 'production' option is deprecated. Please specify the full url and version.");
|
|
console.warn("");
|
|
console.warn("\t--acme-url '" + le.server + "' \\");
|
|
console.warn("\t--acme-version '" + le.version + "' \\");
|
|
console.warn("");
|
|
console.warn("");
|
|
}
|
|
|
|
function loadLeV01() {
|
|
console.warn("");
|
|
console.warn("=== WARNING ===");
|
|
console.warn("");
|
|
console.warn("Let's Encrypt v1 is deprecated. Please update to Let's Encrypt v2 (ACME draft 11)");
|
|
console.warn("");
|
|
try {
|
|
return require('le-acme-core').ACME;
|
|
} catch(e) {
|
|
console.error(e);
|
|
console.info("");
|
|
console.info("");
|
|
console.info("If you require v01 API support (which is deprecated), you must install it:");
|
|
console.info("");
|
|
console.info("\tnpm install le-acme-core");
|
|
console.info("");
|
|
console.info("");
|
|
process.exit(e.code || 13);
|
|
}
|
|
}
|
|
|
|
if (-1 !== [
|
|
'https://acme-v02.api.letsencrypt.org/directory'
|
|
, 'https://acme-staging-v02.api.letsencrypt.org/directory' ].indexOf(le.server)
|
|
) {
|
|
if ('draft-11' !== le.version) {
|
|
console.warn("Detected Let's Encrypt v02 URL. Changing version to draft-11.");
|
|
le.version = 'draft-11';
|
|
}
|
|
} else if (-1 !== [
|
|
'https://acme-v01.api.letsencrypt.org/directory'
|
|
, 'https://acme-staging.api.letsencrypt.org/directory' ].indexOf(le.server)
|
|
|| 'v01' === le.version
|
|
) {
|
|
if ('v01' !== le.version) {
|
|
console.warn("Detected Let's Encrypt v01 URL (deprecated). Changing version to v01.");
|
|
le.version = 'v01';
|
|
}
|
|
}
|
|
if ('v01' === le.version) {
|
|
ACME = loadLeV01();
|
|
}
|
|
/////////////////////////
|
|
// END VERSION MADNESS //
|
|
/////////////////////////
|
|
|
|
|
|
|
|
le.acme = le.acme || ACME.create({ debug: le.debug });
|
|
if (le.acme.create) {
|
|
le.acme = le.acme.create(le);
|
|
}
|
|
le.acme = PromiseA.promisifyAll(le.acme);
|
|
le._acmeOpts = le.acme.getOptions();
|
|
Object.keys(le._acmeOpts).forEach(function (key) {
|
|
if (!(key in le)) {
|
|
le[key] = le._acmeOpts[key];
|
|
}
|
|
});
|
|
|
|
if (le.store.create) {
|
|
le.store = le.store.create(le);
|
|
}
|
|
le.store = PromiseA.promisifyAll(le.store);
|
|
le.store.accounts = PromiseA.promisifyAll(le.store.accounts);
|
|
le.store.certificates = PromiseA.promisifyAll(le.store.certificates);
|
|
le._storeOpts = le.store.getOptions();
|
|
Object.keys(le._storeOpts).forEach(function (key) {
|
|
if (!(key in le)) {
|
|
le[key] = le._storeOpts[key];
|
|
}
|
|
});
|
|
|
|
|
|
//
|
|
// Backwards compat for <= v2.1.7
|
|
//
|
|
if (le.challenge) {
|
|
console.warn("Deprecated use of le.challenge. Use le.challenges['" + LE.challengeType + "'] instead.");
|
|
le.challenges[le.challengeType] = le.challenge;
|
|
}
|
|
|
|
LE.challengeTypes.forEach(function (challengeType) {
|
|
var challenger = le.challenges[challengeType];
|
|
|
|
if (!challenger) {
|
|
return;
|
|
}
|
|
|
|
if (challenger.create) {
|
|
challenger = le.challenges[challengeType] = challenger.create(le);
|
|
}
|
|
challenger = le.challenges[challengeType] = PromiseA.promisifyAll(challenger);
|
|
le['_challengeOpts_' + challengeType] = challenger.getOptions();
|
|
Object.keys(le['_challengeOpts_' + challengeType]).forEach(function (key) {
|
|
if (!(key in le)) {
|
|
le[key] = le['_challengeOpts_' + challengeType][key];
|
|
}
|
|
});
|
|
|
|
// TODO wrap these here and now with tplCopy?
|
|
if (!challenger.set || 5 !== challenger.set.length) {
|
|
throw new Error("le.challenges[" + challengeType + "].set receives the wrong number of arguments."
|
|
+ " You must define setChallenge as function (opts, domain, token, keyAuthorization, cb) { }");
|
|
}
|
|
if (challenger.get && 4 !== challenger.get.length) {
|
|
throw new Error("le.challenges[" + challengeType + "].get receives the wrong number of arguments."
|
|
+ " You must define getChallenge as function (opts, domain, token, cb) { }");
|
|
}
|
|
if (!challenger.remove || 4 !== challenger.remove.length) {
|
|
throw new Error("le.challenges[" + challengeType + "].remove receives the wrong number of arguments."
|
|
+ " You must define removeChallenge as function (opts, domain, token, cb) { }");
|
|
}
|
|
|
|
/*
|
|
if (!le._challengeWarn && (!challenger.loopback || 4 !== challenger.loopback.length)) {
|
|
le._challengeWarn = true;
|
|
console.warn("le.challenges[" + challengeType + "].loopback should be defined as function (opts, domain, token, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
|
|
}
|
|
else if (!le._challengeWarn && (!challenger.test || 5 !== challenger.test.length)) {
|
|
le._challengeWarn = true;
|
|
console.warn("le.challenges[" + challengeType + "].test should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
|
|
}
|
|
*/
|
|
});
|
|
|
|
le.sni = le.sni || null;
|
|
le.tlsOptions = le.tlsOptions || le.httpsOptions || {};
|
|
if (!le.tlsOptions.SNICallback) {
|
|
if (!le.getCertificatesAsync && !le.getCertificates) {
|
|
if (Array.isArray(le.approveDomains)) {
|
|
le.approvedDomains = le.approveDomains;
|
|
le.approveDomains = null;
|
|
}
|
|
if (!le.approveDomains) {
|
|
le.approvedDomains = le.approvedDomains || [];
|
|
le.approveDomains = function (lexOpts, certs, cb) {
|
|
if (!le.email) {
|
|
throw new Error("le-sni-auto is not properly configured. Missing email");
|
|
}
|
|
if (!le.agreeTos) {
|
|
throw new Error("le-sni-auto is not properly configured. Missing agreeTos");
|
|
}
|
|
if (!le.approvedDomains.length) {
|
|
throw new Error("le-sni-auto is not properly configured. Missing approveDomains(domain, certs, callback)");
|
|
}
|
|
if (lexOpts.domains.every(function (domain) {
|
|
return -1 !== le.approvedDomains.indexOf(domain);
|
|
})) {
|
|
lexOpts.domains = le.approvedDomains.slice(0);
|
|
lexOpts.email = le.email;
|
|
lexOpts.agreeTos = le.agreeTos;
|
|
lexOpts.communityMember = lexOpts.communityMember;
|
|
return cb(null, { options: lexOpts, certs: certs });
|
|
}
|
|
log(le.debug, 'unapproved domain', lexOpts.domains, le.approvedDomains);
|
|
cb(new Error("unapproved domain"));
|
|
};
|
|
}
|
|
|
|
le.getCertificates = function (domain, certs, cb) {
|
|
// certs come from current in-memory cache, not lookup
|
|
log(le.debug, 'le.getCertificates called for', domain, 'with certs for', certs && certs.altnames || 'NONE');
|
|
var opts = { domain: domain, domains: certs && certs.altnames || [ domain ] };
|
|
|
|
try {
|
|
le.approveDomains(opts, certs, function (_err, results) {
|
|
if (_err) {
|
|
log(le.debug, 'le.approveDomains called with error', _err);
|
|
cb(_err);
|
|
return;
|
|
}
|
|
|
|
log(le.debug, 'le.approveDomains called with certs for', results.certs && results.certs.altnames || 'NONE', 'and options:');
|
|
log(le.debug, results.options);
|
|
|
|
var promise;
|
|
|
|
if (results.certs) {
|
|
log(le.debug, 'le renewing');
|
|
promise = le.core.certificates.renewAsync(results.options, results.certs);
|
|
}
|
|
else {
|
|
log(le.debug, 'le getting from disk or registering new');
|
|
promise = le.core.certificates.getAsync(results.options);
|
|
}
|
|
|
|
return promise.then(function (certs) { cb(null, certs); }, function (e) {
|
|
if (le.debug) { console.debug("Error"); console.debug(e); }
|
|
cb(e);
|
|
});
|
|
});
|
|
} catch(e) {
|
|
console.error("[ERROR] Something went wrong in approveDomains:");
|
|
console.error(e);
|
|
console.error("BUT WAIT! Good news: It's probably your fault, so you can probably fix it.");
|
|
}
|
|
};
|
|
}
|
|
le.sni = le.sni || require('le-sni-auto');
|
|
if (le.sni.create) {
|
|
le.sni = le.sni.create(le);
|
|
}
|
|
le.tlsOptions.SNICallback = function (domain, cb) {
|
|
try {
|
|
le.sni.sniCallback(domain, cb);
|
|
} catch(e) {
|
|
console.error("[ERROR] Something went wrong in the SNICallback:");
|
|
console.error(e);
|
|
cb(e);
|
|
}
|
|
};
|
|
}
|
|
|
|
// We want to move to using tlsOptions instead of httpsOptions, but we also need to make
|
|
// sure anything that uses this object will still work if looking for httpsOptions.
|
|
le.httpsOptions = le.tlsOptions;
|
|
|
|
if (le.core.create) {
|
|
le.core = le.core.create(le);
|
|
}
|
|
|
|
le.renew = function (args, certs) {
|
|
return le.core.certificates.renewAsync(args, certs);
|
|
};
|
|
|
|
le.register = function (args) {
|
|
return le.core.certificates.getAsync(args);
|
|
};
|
|
|
|
le.check = function (args) {
|
|
// TODO must return email, domains, tos, pems
|
|
return le.core.certificates.checkAsync(args);
|
|
};
|
|
|
|
le.middleware = le.middleware || require('./lib/middleware');
|
|
if (le.middleware.create) {
|
|
le.middleware = le.middleware.create(le);
|
|
}
|
|
|
|
return le;
|
|
};
|