greenlock.js/index.js

290 lines
9.4 KiB
JavaScript
Raw Normal View History

2015-12-11 14:22:46 +00:00
'use strict';
var DAY = 24 * 60 * 60 * 1000;
//var MIN = 60 * 1000;
2016-08-08 19:17:09 +00:00
var ACME = require('le-acme-core').ACME;
2015-12-12 15:05:45 +00:00
2015-12-13 01:04:12 +00:00
var LE = module.exports;
2016-08-08 19:17:09 +00:00
LE.LE = LE;
2016-08-05 22:50:42 +00:00
// in-process cache, shared between all instances
var ipc = {};
2016-08-04 22:49:35 +00:00
function _log(debug) {
if (debug) {
var args = Array.prototype.slice.call(arguments);
args.shift();
args.unshift("[le/index.js]");
console.log.apply(console, args);
}
}
2016-02-13 02:33:50 +00:00
LE.defaults = {
2016-08-08 19:17:09 +00:00
productionServerUrl: ACME.productionServerUrl
, stagingServerUrl: ACME.stagingServerUrl
2016-08-04 22:49:35 +00:00
2016-08-08 19:17:09 +00:00
, rsaKeySize: ACME.rsaKeySize || 2048
, challengeType: ACME.challengeType || 'http-01'
2016-08-15 21:33:26 +00:00
, challengeTypes: ACME.challengeTypes || [ 'http-01', 'tls-sni-01', 'dns-01' ]
2016-08-05 22:21:10 +00:00
2016-08-08 19:17:09 +00:00
, acmeChallengePrefix: ACME.acmeChallengePrefix
2016-02-13 02:33:50 +00:00
};
2015-12-20 10:41:17 +00:00
2015-12-16 09:11:31 +00:00
// backwards compat
2016-08-04 22:49:35 +00:00
Object.keys(LE.defaults).forEach(function (key) {
LE[key] = LE.defaults[key];
});
2015-12-13 01:04:12 +00:00
2016-08-05 22:21:10 +00:00
// show all possible options
2016-08-05 22:16:29 +00:00
var u; // undefined
LE._undefined = {
2016-08-08 15:21:33 +00:00
acme: u
, store: u
2016-08-09 18:05:47 +00:00
, challenge: u
2016-08-15 21:33:26 +00:00
, challenges: u
, sni: u
, tlsOptions: u
2016-08-08 23:14:53 +00:00
2016-08-05 22:16:29 +00:00
, register: u
, check: u
2016-08-08 23:14:53 +00:00
, renewWithin: u // le-auto-sni and core
//, renewBy: u // le-auto-sni
2016-08-05 22:16:29 +00:00
, acmeChallengePrefix: u
2016-08-05 22:21:10 +00:00
, rsaKeySize: u
, challengeType: u
, server: u
2016-08-06 05:33:19 +00:00
, agreeToTerms: u
2016-08-05 22:50:42 +00:00
, _ipc: u
2016-08-09 18:05:47 +00:00
, duplicate: u
, _acmeUrls: u
2016-08-05 22:16:29 +00:00
};
LE._undefine = function (le) {
Object.keys(LE._undefined).forEach(function (key) {
if (!(key in le)) {
le[key] = u;
}
});
return le;
};
LE.create = function (le) {
2016-08-05 22:50:42 +00:00
var PromiseA = require('bluebird');
2016-08-08 19:17:09 +00:00
le.acme = le.acme || ACME.create({ debug: le.debug });
2016-08-05 22:50:42 +00:00
le.store = le.store || require('le-store-certbot').create({ debug: le.debug });
le.core = require('./lib/core');
var log = le.log || _log;
2016-08-05 22:16:29 +00:00
2016-08-15 21:33:26 +00:00
if (!le.challenges) {
le.challenges = {};
}
if (!le.challenges['http-01']) {
le.challenges['http-01'] = require('le-challenge-fs').create({ debug: le.debug });
}
if (!le.challenges['tls-sni-01']) {
le.challenges['tls-sni-01'] = require('le-challenge-sni').create({ debug: le.debug });
2016-08-15 21:33:26 +00:00
}
if (!le.challenges['dns-01']) {
try {
le.challenges['dns-01'] = require('le-challenge-ddns').create({ debug: le.debug });
} catch(e) {
try {
le.challenges['dns-01'] = require('le-challenge-dns').create({ debug: le.debug });
} catch(e) {
// not yet implemented
}
}
}
2016-08-05 22:50:42 +00:00
le = LE._undefine(le);
2016-08-05 22:16:29 +00:00
le.acmeChallengePrefix = LE.acmeChallengePrefix;
2016-08-05 22:21:10 +00:00
le.rsaKeySize = le.rsaKeySize || LE.rsaKeySize;
le.challengeType = le.challengeType || LE.challengeType;
2016-08-05 22:50:42 +00:00
le._ipc = ipc;
2016-08-08 23:14:53 +00:00
le.agreeToTerms = le.agreeToTerms || function (args, agreeCb) {
agreeCb(new Error("'agreeToTerms' was not supplied to LE and 'agreeTos' was not supplied to LE.register"));
};
2016-08-05 22:16:29 +00:00
if (!le.renewWithin) { le.renewWithin = 7 * DAY; }
// renewBy has a default in le-sni-auto
2016-08-05 22:16:29 +00:00
if (!le.server) {
throw new Error("opts.server must be set to 'staging' or a production url, such as LE.productionServerUrl'");
}
if ('staging' === le.server) {
le.server = LE.stagingServerUrl;
}
else if ('production' === le.server) {
le.server = LE.productionServerUrl;
2015-12-13 05:03:48 +00:00
}
2015-12-17 08:46:40 +00:00
2016-08-08 15:21:33 +00:00
if (le.acme.create) {
le.acme = le.acme.create(le);
}
le.acme = PromiseA.promisifyAll(le.acme);
le._acmeOpts = le.acme.getOptions();
Object.keys(le._acmeOpts).forEach(function (key) {
if (!(key in le)) {
le[key] = le._acmeOpts[key];
}
});
2016-08-05 22:50:42 +00:00
if (le.store.create) {
le.store = le.store.create(le);
}
2016-08-05 22:50:42 +00:00
le.store = PromiseA.promisifyAll(le.store);
2016-08-13 19:54:07 +00:00
le.store.accounts = PromiseA.promisifyAll(le.store.accounts);
le.store.certificates = PromiseA.promisifyAll(le.store.certificates);
2016-08-05 22:50:42 +00:00
le._storeOpts = le.store.getOptions();
2016-08-05 22:16:29 +00:00
Object.keys(le._storeOpts).forEach(function (key) {
2016-08-08 15:21:33 +00:00
if (!(key in le)) {
2016-08-05 22:16:29 +00:00
le[key] = le._storeOpts[key];
2015-12-12 14:20:12 +00:00
}
2016-08-05 22:16:29 +00:00
});
//
// Backwards compat for <= v2.1.7
//
if (le.challenge) {
console.warn("Deprecated use of le.challenge. Use le.challenges['" + LE.challengeType + "'] instead.");
le.challenges[le.challengeType] = le.challenge;
}
2016-08-15 21:33:26 +00:00
LE.challengeTypes.forEach(function (challengeType) {
var challenger = le.challenges[challengeType];
if (!challenger) {
2016-08-16 16:35:18 +00:00
return;
}
if (challenger.create) {
challenger = le.challenges[challengeType] = challenger.create(le);
2015-12-20 10:41:17 +00:00
}
challenger = le.challenges[challengeType] = PromiseA.promisifyAll(challenger);
le['_challengeOpts_' + challengeType] = challenger.getOptions();
2016-08-16 16:35:18 +00:00
Object.keys(le['_challengeOpts_' + challengeType]).forEach(function (key) {
2016-08-15 21:33:26 +00:00
if (!(key in le)) {
2016-08-16 16:35:18 +00:00
le[key] = le['_challengeOpts_' + challengeType][key];
2016-08-15 21:33:26 +00:00
}
});
2016-08-12 21:24:28 +00:00
// TODO wrap these here and now with tplCopy?
if (!challenger.set || 5 !== challenger.set.length) {
throw new Error("le.challenges[" + challengeType + "].set receives the wrong number of arguments."
+ " You must define setChallenge as function (opts, domain, token, keyAuthorization, cb) { }");
2016-08-15 21:33:26 +00:00
}
if (challenger.get && 4 !== challenger.get.length) {
throw new Error("le.challenges[" + challengeType + "].get receives the wrong number of arguments."
+ " You must define getChallenge as function (opts, domain, token, cb) { }");
}
if (!challenger.remove || 4 !== challenger.remove.length) {
throw new Error("le.challenges[" + challengeType + "].remove receives the wrong number of arguments."
+ " You must define removeChallenge as function (opts, domain, token, cb) { }");
}
if (!le._challengeWarn && (!challenger.loopback || 4 !== challenger.loopback.length)) {
le._challengeWarn = true;
console.warn("le.challenges[" + challengeType + "].loopback should be defined as function (opts, domain, token, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
}
else if (!le._challengeWarn && (!challenger.test || 5 !== challenger.test.length)) {
le._challengeWarn = true;
console.warn("le.challenges[" + challengeType + "].test should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and should prove (by external means) that the ACME server challenge '" + challengeType + "' will succeed");
}
});
2016-08-15 21:33:26 +00:00
le.sni = le.sni || null;
le.tlsOptions = le.tlsOptions || le.httpsOptions || {};
if (!le.tlsOptions.SNICallback) {
2016-08-16 00:42:11 +00:00
if (!le.getCertificatesAsync && !le.getCertificates) {
if (Array.isArray(le.approveDomains)) {
le.approvedDomains = le.approveDomains;
le.approveDomains = null;
}
2016-08-16 00:42:11 +00:00
if (!le.approveDomains) {
le.approvedDomains = le.approvedDomains || [];
2016-08-16 00:42:11 +00:00
le.approveDomains = function (lexOpts, certs, cb) {
if (!(le.approvedDomains.length && le.email && le.agreeTos)) {
throw new Error("le-sni-auto is not properly configured. Missing one or more of approveDomains(domain, certs, callback) or approvedDomains (array), email, or agreeTos");
}
2016-08-16 00:42:11 +00:00
if (lexOpts.domains.every(function (domain) {
2016-08-16 16:35:18 +00:00
return -1 !== le.approvedDomains.indexOf(domain);
2016-08-16 00:42:11 +00:00
})) {
lexOpts.domains = le.approvedDomains.slice(0);
lexOpts.email = le.email;
lexOpts.agreeTos = le.agreeTos;
2016-08-16 16:35:18 +00:00
return cb(null, { options: lexOpts, certs: certs });
}
log(le.debug, 'unapproved domain', lexOpts.domains, le.approvedDomains);
2016-08-16 00:42:11 +00:00
cb(new Error("unapproved domain"));
};
}
le.getCertificates = function (domain, certs, cb) {
// certs come from current in-memory cache, not lookup
log(le.debug, 'le.getCertificates called for', domain, 'with certs for', certs && certs.altnames || 'NONE');
2016-08-16 00:42:11 +00:00
var opts = { domain: domain, domains: certs && certs.altnames || [ domain ] };
le.approveDomains(opts, certs, function (_err, results) {
if (_err) {
log(le.debug, 'le.approveDomains called with error', _err);
2016-08-16 00:42:11 +00:00
cb(_err);
return;
}
log(le.debug, 'le.approveDomains called with certs for', results.certs && results.certs.altnames || 'NONE', 'and options:');
log(le.debug, results.options);
2016-08-16 00:42:11 +00:00
var promise;
if (results.certs) {
log(le.debug, 'le renewing');
2016-08-16 00:42:11 +00:00
promise = le.core.certificates.renewAsync(results.options, results.certs);
}
else {
log(le.debug, 'le getting from disk or registering new');
promise = le.core.certificates.getAsync(results.options);
2016-08-16 00:42:11 +00:00
}
return promise.then(function (certs) { cb(null, certs); }, cb);
});
};
}
le.sni = le.sni || require('le-sni-auto');
if (le.sni.create) {
le.sni = le.sni.create(le);
}
le.tlsOptions.SNICallback = le.sni.sniCallback;
}
if (!le.tlsOptions.key || !le.tlsOptions.cert) {
le.tlsOptions = require('localhost.daplie.me-certificates').merge(le.tlsOptions);
2016-08-12 21:24:28 +00:00
}
// We want to move to using tlsOptions instead of httpsOptions, but we also need to make
// sure anything that uses this object will still work if looking for httpsOptions.
le.httpsOptions = le.tlsOptions;
2016-08-12 21:24:28 +00:00
2016-08-05 22:50:42 +00:00
if (le.core.create) {
le.core = le.core.create(le);
}
2016-08-05 22:16:29 +00:00
2016-08-16 16:35:18 +00:00
le.renew = function (args, certs) {
return le.core.certificates.renewAsync(args, certs);
};
2016-08-05 22:16:29 +00:00
le.register = function (args) {
2016-08-07 06:02:02 +00:00
return le.core.certificates.getAsync(args);
2015-12-12 14:20:12 +00:00
};
2015-12-11 14:22:46 +00:00
2016-08-05 22:16:29 +00:00
le.check = function (args) {
// TODO must return email, domains, tos, pems
2016-08-07 06:02:02 +00:00
return le.core.certificates.checkAsync(args);
2016-08-05 22:16:29 +00:00
};
2016-08-09 18:05:47 +00:00
le.middleware = le.middleware || require('./lib/middleware');
if (le.middleware.create) {
le.middleware = le.middleware.create(le);
}
2016-08-05 08:14:40 +00:00
2015-12-12 14:20:12 +00:00
return le;
2015-12-11 14:22:46 +00:00
};