19 changed files with 2356 additions and 16 deletions
@ -1,3 +1,24 @@ |
|||
# root-greenlock.js |
|||
|
|||
๐ Free SSL, Free Wildcard SSL, and Fully Automated HTTPS for Node.js and Browsers, issued by Let's Encrypt v2 via ACME |
|||
๐ Free SSL, Free Wildcard SSL, and Fully Automated HTTPS for Node.js and Browsers, issued by Let's Encrypt v2 via ACME |
|||
|
|||
Typically file propagation is faster and more reliably than DNS propagation. |
|||
Therefore, http-01 will be preferred to dns-01 except when wildcards or **private domains** are in use. |
|||
|
|||
http-01 will only be supplied as a defaut if no other challenge is provided. |
|||
|
|||
``` |
|||
Greenlock.create |
|||
Greenlock#add |
|||
Greenlock#order... or Greenlock#issue? |
|||
Greenlock#renew... or Greenlock#issue? |
|||
Greenlock#remove |
|||
Greenlock#get |
|||
Greenlock#all |
|||
``` |
|||
|
|||
Better scaling |
|||
|
|||
cluster lazy-load, remote management |
|||
|
|||
`server identifier (for sharding, for manager)` |
|||
|
@ -0,0 +1,184 @@ |
|||
'use strict'; |
|||
|
|||
var A = module.exports; |
|||
var U = require('./utils.js'); |
|||
var E = require('./errors.js'); |
|||
|
|||
var pending = {}; |
|||
|
|||
A._getOrCreate = function(greenlock, db, acme, args) { |
|||
console.log('[debug] A get or create', args); |
|||
var email = args.subscriberEmail || greenlock._defaults.subscriberEmail; |
|||
|
|||
if (!email) { |
|||
console.log('[debug] throw no sub'); |
|||
throw E.NO_SUBSCRIBER('get account', args.subject); |
|||
} |
|||
|
|||
// TODO send welcome message with benefit info
|
|||
return U._validMx(email) |
|||
.catch(function() { |
|||
throw E.NO_SUBSCRIBER('get account', args.subcriberEmail); |
|||
}) |
|||
.then(function() { |
|||
console.log('[debug] valid email'); |
|||
if (pending[email]) { |
|||
console.log('[debug] return pending'); |
|||
return pending[email]; |
|||
} |
|||
|
|||
pending[email] = A._rawGetOrCreate(greenlock, db, acme, args, email) |
|||
.catch(function(e) { |
|||
delete pending[email]; |
|||
throw e; |
|||
}) |
|||
.then(function(result) { |
|||
delete pending[email]; |
|||
return result; |
|||
}); |
|||
|
|||
console.log('[debug] return new'); |
|||
return pending[email]; |
|||
}); |
|||
}; |
|||
|
|||
// What we really need out of this is the private key and the ACME "key" id
|
|||
A._rawGetOrCreate = function(greenlock, db, acme, args, email) { |
|||
var p; |
|||
if (db.check) { |
|||
p = A._checkStore(greenlock, db, acme, args, email); |
|||
} else { |
|||
p = Promise.resolve(null); |
|||
} |
|||
|
|||
return p.then(function(fullAccount) { |
|||
console.log('[debug] full account', fullAccount); |
|||
if (!fullAccount) { |
|||
return A._newAccount(greenlock, db, acme, args, email, null); |
|||
} |
|||
|
|||
if (fullAccount.keypair && fullAccount.key && fullAccount.key.kid) { |
|||
return fullAccount; |
|||
} |
|||
|
|||
return A._newAccount(greenlock, db, acme, args, email, fullAccount); |
|||
}); |
|||
}; |
|||
|
|||
A._newAccount = function(greenlock, db, acme, args, email, fullAccount) { |
|||
var keyType = args.accountKeyType || greenlock._defaults.accountKeyType; |
|||
var query = { |
|||
subject: args.subject, |
|||
email: email, |
|||
account: fullAccount || {} |
|||
}; |
|||
|
|||
return U._getOrCreateKeypair(db, args.subject, query, keyType).then( |
|||
function(kresult) { |
|||
var keypair = kresult.keypair; |
|||
var accReg = { |
|||
subscriberEmail: email, |
|||
agreeToTerms: |
|||
args.agreeToTerms || greenlock._defaults.agreeToTerms, |
|||
accountKeypair: keypair, |
|||
debug: args.debug |
|||
}; |
|||
console.log('[debug] create account', accReg); |
|||
return acme.accounts.create(accReg).then(function(receipt) { |
|||
var reg = { |
|||
keypair: keypair, |
|||
receipt: receipt, |
|||
// shudder... not actually a KeyID... but so it is called anyway...
|
|||
kid: |
|||
receipt && |
|||
receipt.key && |
|||
(receipt.key.kid || receipt.kid), |
|||
email: args.email |
|||
}; |
|||
|
|||
var keyP; |
|||
if (kresult.exists) { |
|||
keyP = Promise.resolve(); |
|||
} else { |
|||
query.keypair = keypair; |
|||
query.receipt = receipt; |
|||
keyP = db.setKeypair(query, keypair); |
|||
} |
|||
|
|||
return keyP |
|||
.then(function() { |
|||
if (!db.set) { |
|||
return Promise.resolve({ |
|||
keypair: keypair |
|||
}); |
|||
} |
|||
return db.set( |
|||
{ |
|||
// id to be set by Store
|
|||
email: email, |
|||
agreeTos: true |
|||
}, |
|||
reg |
|||
); |
|||
}) |
|||
.then(function(fullAccount) { |
|||
if (fullAccount && 'object' !== typeof fullAccount) { |
|||
throw new Error( |
|||
"accounts.set should either return 'null' or an object with an 'id' string" |
|||
); |
|||
} |
|||
|
|||
if (!fullAccount) { |
|||
fullAccount = {}; |
|||
} |
|||
fullAccount.keypair = keypair; |
|||
if (!fullAccount.key) { |
|||
fullAccount.key = {}; |
|||
} |
|||
fullAccount.key.kid = reg.kid; |
|||
|
|||
return fullAccount; |
|||
}); |
|||
}); |
|||
} |
|||
); |
|||
}; |
|||
|
|||
A._checkStore = function(greenlock, db, acme, args, email) { |
|||
if ((args.domain || args.domains) && !args.subject) { |
|||
console.warn("use 'subject' instead of 'domain'"); |
|||
args.subject = args.domain; |
|||
} |
|||
|
|||
var account = args.account; |
|||
if (!account) { |
|||
account = {}; |
|||
} |
|||
|
|||
if (args.accountKeypair) { |
|||
console.warn( |
|||
'rather than passing accountKeypair, put it directly into your account key store' |
|||
); |
|||
// TODO we probably don't need this
|
|||
return U._importKeypair(args.accountKeypair); |
|||
} |
|||
|
|||
if (!db.check) { |
|||
return Promise.resolve(null); |
|||
} |
|||
|
|||
return db |
|||
.check({ |
|||
//keypair: undefined,
|
|||
//receipt: undefined,
|
|||
email: email, |
|||
account: account |
|||
}) |
|||
.then(function(fullAccount) { |
|||
if (!fullAccount) { |
|||
return null; |
|||
} |
|||
|
|||
return fullAccount; |
|||
}); |
|||
}; |
@ -0,0 +1,279 @@ |
|||
'use strict'; |
|||
|
|||
var C = module.exports; |
|||
var U = require('./utils.js'); |
|||
var CSR = require('@root/csr'); |
|||
var Enc = require('@root/encoding'); |
|||
|
|||
var pending = {}; |
|||
var rawPending = {}; |
|||
|
|||
// Certificates
|
|||
C._getOrOrder = function(greenlock, db, acme, challenges, account, args) { |
|||
var email = args.subscriberEmail || greenlock._defaults.subscriberEmail; |
|||
|
|||
var id = args.altnames.join(' '); |
|||
if (pending[id]) { |
|||
return pending[id]; |
|||
} |
|||
|
|||
pending[id] = C._rawGetOrOrder( |
|||
greenlock, |
|||
db, |
|||
acme, |
|||
challenges, |
|||
account, |
|||
email, |
|||
args |
|||
) |
|||
.then(function(pems) { |
|||
delete pending[id]; |
|||
return pems; |
|||
}) |
|||
.catch(function(err) { |
|||
delete pending[id]; |
|||
throw err; |
|||
}); |
|||
|
|||
return pending[id]; |
|||
}; |
|||
|
|||
// Certificates
|
|||
C._rawGetOrOrder = function( |
|||
greenlock, |
|||
db, |
|||
acme, |
|||
challenges, |
|||
account, |
|||
email, |
|||
args |
|||
) { |
|||
return C._check(db, args).then(function(pems) { |
|||
// No pems? get some!
|
|||
if (!pems) { |
|||
return C._rawOrder( |
|||
greenlock, |
|||
db, |
|||
acme, |
|||
challenges, |
|||
account, |
|||
email, |
|||
args |
|||
).then(function(newPems) { |
|||
// do not wait on notify
|
|||
greenlock.notify('cert_issue', { |
|||
options: args, |
|||
subject: args.subject, |
|||
altnames: args.altnames, |
|||
account: account, |
|||
email: email, |
|||
pems: newPems |
|||
}); |
|||
return newPems; |
|||
}); |
|||
} |
|||
|
|||
// Nice and fresh? We're done!
|
|||
if (!C._isStale(greenlock, args, pems)) { |
|||
// return existing unexpired (although potentially stale) certificates when available
|
|||
// there will be an additional .renewing property if the certs are being asynchronously renewed
|
|||
//pems._type = 'current';
|
|||
return pems; |
|||
} |
|||
|
|||
// Getting stale? Let's renew to freshen up!
|
|||
var p = C._rawOrder( |
|||
greenlock, |
|||
db, |
|||
acme, |
|||
challenges, |
|||
account, |
|||
email, |
|||
args |
|||
).then(function(renewedPems) { |
|||
// do not wait on notify
|
|||
greenlock.notify('cert_renewal', { |
|||
options: args, |
|||
subject: args.subject, |
|||
altnames: args.altnames, |
|||
account: account, |
|||
email: email, |
|||
pems: renewedPems |
|||
}); |
|||
return renewedPems; |
|||
}); |
|||
|
|||
// TODO what should this be?
|
|||
if (args.waitForRenewal) { |
|||
return p; |
|||
} |
|||
|
|||
return pems; |
|||
}); |
|||
}; |
|||
|
|||
// we have another promise here because it the optional renewal
|
|||
// may resolve in a different stack than the returned pems
|
|||
C._rawOrder = function(greenlock, db, acme, challenges, account, email, args) { |
|||
var id = args.altnames |
|||
.slice(0) |
|||
.sort() |
|||
.join(' '); |
|||
if (rawPending[id]) { |
|||
return rawPending[id]; |
|||
} |
|||
|
|||
var keyType = args.serverKeyType || greenlock._defaults.serverKeyType; |
|||
var query = { |
|||
subject: args.subject, |
|||
certificate: args.certificate || {} |
|||
}; |
|||
rawPending[id] = U._getOrCreateKeypair(db, args.subject, query, keyType) |
|||
.then(function(kresult) { |
|||
var serverKeypair = kresult.keypair; |
|||
var domains = args.altnames.slice(0); |
|||
|
|||
return CSR.csr({ |
|||
jwk: serverKeypair.privateKeyJwk, |
|||
domains: domains, |
|||
encoding: 'der' |
|||
}) |
|||
.then(function(csrDer) { |
|||
// TODO let CSR support 'urlBase64' ?
|
|||
return Enc.bufToUrlBase64(csrDer); |
|||
}) |
|||
.then(function(csr) { |
|||
function notify() { |
|||
greenlock.notify('challenge_status', { |
|||
options: args, |
|||
subject: args.subject, |
|||
altnames: args.altnames, |
|||
account: account, |
|||
email: email |
|||
}); |
|||
} |
|||
var certReq = { |
|||
debug: args.debug || greenlock._defaults.debug, |
|||
|
|||
challenges: challenges, |
|||
account: account, // only used if accounts.key.kid exists
|
|||
accountKeypair: account.keypair, |
|||
keypair: account.keypair, // TODO
|
|||
csr: csr, |
|||
domains: domains, // because ACME.js v3 uses `domains` still, actually
|
|||
onChallengeStatus: notify, |
|||
notify: notify // TODO
|
|||
|
|||
// TODO handle this in acme-v2
|
|||
//subject: args.subject,
|
|||
//altnames: args.altnames.slice(0),
|
|||
}; |
|||
return acme.certificates |
|||
.create(certReq) |
|||
.then(U._attachCertInfo); |
|||
}) |
|||
.then(function(pems) { |
|||
if (kresult.exists) { |
|||
return pems; |
|||
} |
|||
return db.setKeypair(query, serverKeypair).then(function() { |
|||
return pems; |
|||
}); |
|||
}); |
|||
}) |
|||
.then(function(pems) { |
|||
// TODO put this in the docs
|
|||
// { cert, chain, privkey, subject, altnames, issuedAt, expiresAt }
|
|||
// Note: the query has been updated
|
|||
query.pems = pems; |
|||
return db.set(query); |
|||
}) |
|||
.then(function() { |
|||
return C._check(db, args); |
|||
}) |
|||
.then(function(bundle) { |
|||
// TODO notify Manager
|
|||
delete rawPending[id]; |
|||
return bundle; |
|||
}) |
|||
.catch(function(err) { |
|||
// Todo notify manager
|
|||
delete rawPending[id]; |
|||
throw err; |
|||
}); |
|||
|
|||
return rawPending[id]; |
|||
}; |
|||
|
|||
// returns pems, if they exist
|
|||
C._check = function(db, args) { |
|||
var query = { |
|||
subject: args.subject, |
|||
// may contain certificate.id
|
|||
certificate: args.certificate |
|||
}; |
|||
return db.check(query).then(function(pems) { |
|||
if (!pems) { |
|||
return null; |
|||
} |
|||
|
|||
pems = U._attachCertInfo(pems); |
|||
|
|||
// For eager management
|
|||
if (args.subject && !U._certHasDomain(pems, args.subject)) { |
|||
// TODO report error, but continue the process as with no cert
|
|||
return null; |
|||
} |
|||
|
|||
// For lazy SNI requests
|
|||
if (args.domain && !U._certHasDomain(pems, args.domain)) { |
|||
// TODO report error, but continue the process as with no cert
|
|||
return null; |
|||
} |
|||
|
|||
return U._getKeypair(db, args.subject, query) |
|||
.then(function(keypair) { |
|||
pems.privkey = keypair.privateKeyPem; |
|||
return pems; |
|||
}) |
|||
.catch(function() { |
|||
// TODO report error, but continue the process as with no cert
|
|||
return null; |
|||
}); |
|||
}); |
|||
}; |
|||
|
|||
// Certificates
|
|||
C._isStale = function(greenlock, args, pems) { |
|||
if (args.duplicate) { |
|||
return true; |
|||
} |
|||
|
|||
var renewAt = C._renewableAt(greenlock, args, pems); |
|||
|
|||
if (Date.now() >= renewAt) { |
|||
return true; |
|||
} |
|||
|
|||
return false; |
|||
}; |
|||
|
|||
C._renewableAt = function(greenlock, args, pems) { |
|||
if (args.renewAt) { |
|||
return args.renewAt; |
|||
} |
|||
|
|||
var renewOffset = args.renewOffset || greenlock._defaults.renewOffset || 0; |
|||
var week = 1000 * 60 * 60 * 24 * 6; |
|||
if (!args.force && Math.abs(renewOffset) < week) { |
|||
throw new Error( |
|||
'developer error: `renewOffset` should always be at least a week, use `force` to not safety-check renewOffset' |
|||
); |
|||
} |
|||
|
|||
if (renewOffset > 0) { |
|||
return pems.issuedAt + renewOffset; |
|||
} |
|||
|
|||
return pems.expiresAt + renewOffset; |
|||
}; |
@ -0,0 +1,58 @@ |
|||
'use strict'; |
|||
|
|||
var E = module.exports; |
|||
|
|||
function create(code, msg) { |
|||
E[code] = function(ctx, msg2) { |
|||
var err = new Error(msg); |
|||
err.code = code; |
|||
err.context = ctx; |
|||
if (msg2) { |
|||
err.message += ': ' + msg2; |
|||
} |
|||
/* |
|||
Object.keys(extras).forEach(function(k) { |
|||
if ('message' === k) { |
|||
err.message += ': ' + extras[k]; |
|||
} else { |
|||
err[k] = extras[k]; |
|||
} |
|||
}); |
|||
*/ |
|||
return err; |
|||
}; |
|||
} |
|||
|
|||
// TODO open issues and link to them as the error url
|
|||
create( |
|||
'NO_MAINTAINER', |
|||
'please supply `maintainerEmail` as a contact for security and critical bug notices' |
|||
); |
|||
create( |
|||
'BAD_ORDER', |
|||
'altnames should be in deterministic order, with subject as the first altname' |
|||
); |
|||
create('NO_SUBJECT', 'no certificate subject given'); |
|||
create( |
|||
'NO_SUBSCRIBER', |
|||
'please supply `subscriberEmail` as a contact for failed renewal and certificate revocation' |
|||
); |
|||
create( |
|||
'INVALID_SUBSCRIBER', |
|||
'`subscriberEmail` is not a valid address, please check for typos' |
|||
); |
|||
create( |
|||
'INVALID_HOSTNAME', |
|||
'valid hostnames must be restricted to a-z0-9_.- and contain at least one "."' |
|||
); |
|||
create( |
|||
'INVALID_DOMAIN', |
|||
'one or more domains do not exist on public DNS SOA record' |
|||
); |
|||
create( |
|||
'NOT_UNIQUE', |
|||
'found duplicate domains, or a subdomain that overlaps a wildcard' |
|||
); |
|||
|
|||
// exported for testing only
|
|||
E._create = create; |
@ -0,0 +1,60 @@ |
|||
'use strict'; |
|||
|
|||
// tradeoff - lazy load certs vs DOS invalid sni
|
|||
|
|||
var Manager = module.exports; |
|||
|
|||
var Cache = {}; |
|||
|
|||
Manager.create = function(conf) { |
|||
var domains = conf.domains; |
|||
var manager = {}; |
|||
|
|||
// { servername, wildname }
|
|||
manager.getSubject = function(opts) { |
|||
if ( |
|||
!opts.domains.includes(opts.domain) && |
|||
!opts.domains.includes(opts.wildname) |
|||
) { |
|||
throw new Error('not a registered domain'); |
|||
} |
|||
return opts.domains[0]; |
|||
}; |
|||
|
|||
manager.add = function() {}; |
|||
|
|||
// { servername, wildname }
|
|||
manager.configure = function(opts) {}; |
|||
|
|||
// { servername }
|
|||
manager._contexts = {}; |
|||
}; |
|||
|
|||
var manager = Manager.create({ |
|||
domains: ['example.com', '*.example.com'] |
|||
}); |
|||
|
|||
Cache.getTlsContext = function(servername) { |
|||
// TODO exponential fallback certificate renewal
|
|||
if (Cache._contexts[servername]) { |
|||
// may be a context, or a promise for a context
|
|||
return Cache._contexts[servername]; |
|||
} |
|||
|
|||
var wildname = |
|||
'*.' + |
|||
(servername || '') |
|||
.split('.') |
|||
.slice(1) |
|||
.join('.'); |
|||
|
|||
var opts = { |
|||
servername: servername, |
|||
domain: servername, |
|||
wildname: wildname |
|||
}; |
|||
manager._contexts[servername] = manager |
|||
.orderCertificate(opts) |
|||
.then(function() {}) |
|||
.catch(function(e) {}); |
|||
}; |
@ -0,0 +1,16 @@ |
|||
'use strict'; |
|||
|
|||
var http = require('http'); |
|||
var https = require('http2'); |
|||
var greenlock = require('../greenlock.js').create({ |
|||
maintainerEmail: 'jon@example.com' |
|||
}); |
|||
|
|||
function app(req, res) { |
|||
res.end('Hello, Encrypted World!'); |
|||
} |
|||
|
|||
http.createServer(greenlock.plainMiddleware()).listen(8080); |
|||
https |
|||
.createServer(greenlock.tlsOptions, greenlock.secureMiddleware(app)) |
|||
.listen(8443); |
@ -0,0 +1,42 @@ |
|||
'use strict'; |
|||
|
|||
var Greenlock = module.exports; |
|||
|
|||
Greenlock.server = function (opts) { |
|||
var opts = Greenlock.create(opts); |
|||
|
|||
opts.plainMiddleware = function(req, res) { |
|||
return Greenlock._plainMiddleware(opts, req, res); |
|||
}; |
|||
|
|||
opts.secureMiddleware = function(req, res) { |
|||
return Greenlock._secureMiddleware(opts, req, res); |
|||
}; |
|||
|
|||
opts.tlsOptions = { |
|||
SNICallback: function(servername, cb) { |
|||
return Greenlock._sniCallback(opts, servername) |
|||
.then(function() { |
|||
cb(null); |
|||
}) |
|||
.catch(function(err) { |
|||
cb(err); |
|||
}); |
|||
} |
|||
}; |
|||
|
|||
return opts; |
|||
}; |
|||
|
|||
// must handle http-01 challenges
|
|||
Greenlock._plainMiddleware = function(opts, req, res) {}; |
|||
|
|||
// should check for domain fronting
|
|||
Greenlock._secureMiddleware = function(opts, req, res) {}; |
|||
|
|||
// should check to see if domain is allowed, and if domain should be renewed
|
|||
// manage should be able to clear the internal cache
|
|||
Greenlock._sniCallback = function(opts, servername) {}; |
|||
|
|||
Greenlock._onSniRejection(function () { |
|||
}); |
@ -0,0 +1,541 @@ |
|||
'use strict'; |
|||
|
|||
var pkg = require('./package.json'); |
|||
|
|||
var ACME = require('@root/acme'); |
|||
var Greenlock = module.exports; |
|||
|
|||
var G = Greenlock; |
|||
var U = require('./utils.js'); |
|||
var E = require('./errors.js'); |
|||
var P = require('./plugins.js'); |
|||
var A = require('./accounts.js'); |
|||
var C = require('./certificates.js'); |
|||
var UserEvents = require('./user-events.js'); |
|||
|
|||
var promisify = require('util').promisify; |
|||
|
|||
var caches = {}; |
|||
|
|||
// { maintainerEmail, directoryUrl, subscriberEmail, store, challenges }
|
|||
G.create = function(gconf) { |
|||
var greenlock = {}; |
|||
if (!gconf) { |
|||
gconf = {}; |
|||
} |
|||
|
|||
if (!gconf.maintainerEmail) { |
|||
throw E.NO_MAINTAINER('create'); |
|||
} |
|||
|
|||
// TODO send welcome message with benefit info
|
|||
U._validMx(gconf.maintainerEmail).catch(function() { |
|||
console.error( |
|||
'invalid maintainer contact info:', |
|||
gconf.maintainer.Email |
|||
); |
|||
// maybe a little harsh?
|
|||
process.exit(1); |
|||
}); |
|||
|
|||
// TODO default servername is GLE only
|
|||
|
|||
if (!gconf.manager) { |
|||
gconf.manager = 'greenlock-manager-fs'; |
|||
} |
|||
|
|||
var Manager; |
|||
if ('string' === typeof gconf.manager) { |
|||
try { |
|||
Manager = require(gconf.manager); |
|||
} catch (e) { |
|||
if ('MODULE_NOT_FOUND' !== e.code) { |
|||
throw e; |
|||
} |
|||
console.error(e.code); |
|||
console.error(e.message); |
|||
console.error(gconf.manager); |
|||
P._installSync(gconf.manager); |
|||
Manager = require(gconf.manager); |
|||
} |
|||
} |
|||
|
|||
// minimal modification to the original object
|
|||
var defaults = G._defaults(gconf); |
|||
|
|||
greenlock.manager = Manager.create(defaults); |
|||
|
|||
// The goal here is to reduce boilerplate, such as error checking
|
|||
// and duration parsing, that a manager must implement
|
|||
greenlock.add = function(args) { |
|||
return Promise.resolve().then(function() { |
|||
// durations
|
|||
if (args.renewOffset) { |
|||
args.renewOffset = U._parseDuration(args.renewOffset); |
|||
} |
|||
if (args.renewStagger) { |
|||
args.renewStagger = U._parseDuration(args.renewStagger); |
|||
} |
|||
|
|||
if (!args.subject) { |
|||
throw E.NO_SUBJECT('add'); |
|||
} |
|||
|
|||
if (!args.altnames) { |
|||
args.altnames = [args.subject]; |
|||
} |
|||
if ('string' === typeof args.altnames) { |
|||
args.altnames = args.altnames.split(/[,\s]+/); |
|||
} |
|||
if (args.subject !== args.altnames[0]) { |
|||
throw E.BAD_ORDER( |
|||
'add', |
|||
'(' + args.subject + ") '" + args.altnames.join("' '") + "'" |
|||
); |
|||
} |
|||
args.altnames = args.altnames.map(U._encodeName); |
|||
|
|||
if ( |
|||
!args.altnames.every(function(d) { |
|||
return U._validName(d); |
|||
}) |
|||
) { |
|||
throw E.INVALID_HOSTNAME( |
|||
'add', |
|||
"'" + args.altnames.join("' '") + "'" |
|||
); |
|||
} |
|||
|
|||
// at this point we know that subject is the first of altnames
|
|||
return Promise.all( |
|||
args.altnames.map(function(d) { |
|||
d = d.replace('*.', ''); |
|||
return U._validDomain(d); |
|||
}) |
|||
).then(function() { |
|||
if (!U._uniqueNames(args.altnames)) { |
|||
throw E.NOT_UNIQUE( |
|||
'add', |
|||
"'" + args.altnames.join("' '") + "'" |
|||
); |
|||
} |
|||
|
|||
return greenlock.manager.add(args); |
|||
}); |
|||
}); |
|||
}; |
|||
|
|||
greenlock._notify = function(ev, params) { |
|||
var mng = greenlock.manager; |
|||
if (mng.notify) { |
|||
try { |
|||
var p = mng.notify(ev, params); |
|||
if (p && p.catch) { |
|||
p.catch(function(e) { |
|||
console.error("Error on event '" + ev + "':"); |
|||
console.error(e); |
|||
}); |
|||
} |
|||
} catch (e) { |
|||
console.error("Error on event '" + ev + "':"); |
|||
console.error(e); |
|||
} |
|||
} else { |
|||
if (/error/i.test(ev)) { |
|||
console.error("Error event '" + ev + "':"); |
|||
console.error(params); |
|||
} |
|||
} |
|||
/* |
|||
*'cert_issue', { |
|||
options: args, |
|||
subject: args.subject, |
|||
altnames: args.altnames, |
|||
account: account, |
|||
email: email, |
|||
pems: newPems |
|||
} |
|||
*/ |
|||
|
|||
if (-1 !== ['cert_issue', 'cert_renewal'].indexOf(ev)) { |
|||
// We will notify all greenlock users of mandatory and security updates
|
|||
// We'll keep track of versions and os so we can make sure things work well
|
|||
// { name, version, email, domains, action, communityMember, telemetry }
|
|||
// TODO look at the other one
|
|||
UserEvents.notify({ |
|||
// maintainer should be only on pre-publish, or maybe install, I think
|
|||
maintainerEmail: greenlock._defaults._maintainerEmail, |
|||
name: greenlock._defaults._maintainerPackage, |
|||
version: greenlock._defaults._maintainerPackageVersion, |
|||
action: params.pems._type, |
|||
domains: params.altnames, |
|||
subscriberEmail: greenlock._defaults._subscriberEmail, |
|||
// TODO enable for Greenlock Pro
|
|||
//customerEmail: args.customerEmail
|
|||
telemetry: greenlock._defaults.telemetry |
|||
}); |
|||
} |
|||
}; |
|||
|
|||
// needs to get info about the renewal, such as which store and challenge(s) to use
|
|||
greenlock.renew = function(args) { |
|||
if (!args) { |
|||
args = {}; |
|||
} |
|||
|
|||
// durations
|
|||
if (args.renewOffset) { |
|||
args.renewOffset = U._parseDuration(args.renewOffset); |
|||
} |
|||
if (args.renewStagger) { |
|||
args.renewStagger = U._parseDuration(args.renewStagger); |
|||
} |
|||
|
|||
if (args.domain) { |
|||
// this doesn't have to be the subject, it can be anything
|
|||
// however, not sure how useful this really is...
|
|||
args.domain = args.toLowerCase(); |
|||
} |
|||
|
|||
args.defaults = greenlock.defaults; |
|||
return greenlock.manager.find(args).then(function(sites) { |
|||
// Note: the manager must guaranteed that these are mutable copies
|
|||
|
|||
console.log('[debug] found what?', sites); |
|||
var renewedOrFailed = []; |
|||
|
|||
function next() { |
|||
var site = sites.shift(); |
|||
if (!site) { |
|||
return null; |
|||
} |
|||
|
|||
var order = { |
|||
site: site |
|||
}; |
|||
renewedOrFailed.push(order); |
|||
// TODO merge args + result?
|
|||
return greenlock |
|||
.order(site) |
|||
.then(function(pems) { |
|||
order.pems = pems; |
|||
}) |
|||
.catch(function(err) { |
|||
order.error = err; |
|||
greenlock._notify('order_error', order); |
|||
}) |
|||
.then(function() { |
|||
return next(); |
|||
}); |
|||
} |
|||
|
|||
return next().then(function() { |
|||
return renewedOrFailed; |
|||
}); |
|||
}); |
|||
}; |
|||
|
|||
greenlock._acme = function(args) { |
|||
var acme = ACME.create({ |
|||
debug: args.debug |
|||
}); |
|||
var dirUrl = args.directoryUrl || greenlock._defaults.directoryUrl; |
|||
|
|||
var dir = caches[dirUrl]; |
|||
|
|||
// don't cache more than an hour
|
|||
if (dir && Date.now() - dir.ts < 1 * 60 * 60 * 1000) { |
|||
return dir.promise; |
|||
} |
|||
|
|||
return acme |
|||
.init(dirUrl) |
|||
.then(function(/*meta*/) { |
|||
caches[dirUrl] = { |
|||
promise: Promise.resolve(acme), |
|||
ts: Date.now() |
|||
}; |
|||
return acme; |
|||
}) |
|||
.catch(function(err) { |
|||
// TODO
|
|||
// let's encrypt is possibly down for maintenaince...
|
|||
// this is a special kind of failure mode
|
|||
throw err; |
|||
}); |
|||
}; |
|||
|
|||
greenlock.order = function(args) { |
|||
return greenlock._acme(args).then(function(acme) { |
|||
console.log('[debug] acme meta', acme); |
|||
var storeConf = args.store || greenlock._defaults.store; |
|||
return P._load(storeConf.module).then(function(plugin) { |
|||
var store = Greenlock._normalizeStore( |
|||
storeConf.module, |
|||
plugin.create(storeConf) |
|||
); |
|||
|
|||
console.log('[debug] store', storeConf); |
|||
return A._getOrCreate( |
|||
greenlock, |
|||
store.accounts, |
|||
acme, |
|||
args |
|||
).then(function(account) { |
|||
console.log('[debug] account', account); |
|||
var challengeConfs = |
|||
args.challenges || greenlock._defaults.challenges; |
|||
console.log('[debug] challenge confs', challengeConfs); |
|||
return Promise.all( |
|||
Object.keys(challengeConfs).map(function(typ01) { |
|||
var chConf = challengeConfs[typ01]; |
|||
return P._load(chConf.module).then(function( |
|||
plugin |
|||
) { |
|||
var ch = Greenlock._normalizeChallenge( |
|||
chConf.module, |
|||
plugin.create(chConf) |
|||
); |
|||
ch._type = typ01; |
|||
return ch; |
|||
}); |
|||
}) |
|||
).then(function(arr) { |
|||
var challenges = {}; |
|||
arr.forEach(function(el) { |
|||
challenges[el._type] = el; |
|||
}); |
|||
return C._getOrOrder( |
|||
greenlock, |
|||
store.certificates, |
|||
acme, |
|||
challenges, |
|||
account, |
|||
args |
|||
); |
|||
}); |
|||
}); |
|||
}); |
|||
}); |
|||
}; |
|||
|
|||
greenlock._options = gconf; |
|||
greenlock._defaults = defaults; |
|||
|
|||
if (!gconf.onOrderFailure) { |
|||
gconf.onOrderFailure = function(err) { |
|||
G._onOrderFailure(gconf, err); |
|||
}; |
|||
} |
|||
|
|||
return greenlock; |
|||
}; |
|||
|
|||
G._defaults = function(opts) { |
|||
var defaults = {}; |
|||
|
|||
// [ 'store', 'challenges' ]
|
|||
Object.keys(opts).forEach(function(k) { |
|||
// manage is the only thing that is, potentially, not plain-old JSON
|
|||
if ('manage' === k && 'string' !== typeof opts[k]) { |
|||
return; |
|||
} |
|||
defaults[k] = opts[k]; |
|||
}); |
|||
|
|||
if (!defaults._maintainerPackage) { |
|||
defaults._maintainerPackage = pkg.name; |
|||
defaults._maintainerPackageVersion = pkg.version; |
|||
} |
|||
|
|||
if (!defaults.directoryUrl) { |
|||
if (defaults.staging) { |
|||
defaults.directoryUrl = |
|||
'https://acme-staging-v02.api.letsencrypt.org/directory'; |
|||
} else { |
|||
defaults.directoryUrl = |
|||
'https://acme-v02.api.letsencrypt.org/directory'; |
|||
} |
|||
} else { |
|||
if (defaults.staging) { |
|||
throw new Error('supply `directoryUrl` or `staging`, but not both'); |
|||
} |
|||
} |
|||
console.info('ACME Directory URL:', defaults.directoryUrl); |
|||
|
|||
// Load the default store module
|
|||
if (!defaults.store) { |
|||
defaults.store = { |
|||
module: 'greenlock-store-fs', |
|||
basePath: '~/.config/greenlock/' |
|||
}; |
|||
} |
|||
P._loadSync(defaults.store.module); |
|||
//defaults.store = store;
|
|||
|
|||
// Load the default challenge modules
|
|||
var challenges; |
|||
if (!defaults.challenges) { |
|||
defaults.challenges = {}; |
|||
} |
|||
challenges = defaults.challenges; |
|||
|
|||
// TODO provide http-01 when http-01 and/or(?) dns-01 don't exist
|
|||
if (!challenges['http-01'] && !challenges['dns-01']) { |
|||
challenges['http-01'] = { |
|||
module: 'acme-http-01-standalone' |
|||
}; |
|||
} |
|||
|
|||
if (challenges['http-01']) { |
|||
if ('string' === typeof challenges['http-01'].module) { |
|||
P._loadSync(challenges['http-01'].module); |
|||
} |
|||
} |
|||
|
|||
if (challenges['dns-01']) { |
|||
if ('string' === typeof challenges['dns-01'].module) { |
|||
P._loadSync(challenges['dns-01'].module); |
|||
} |
|||
} |
|||
|
|||
if (defaults.agreeToTerms === true || defaults.agreeTos === true) { |
|||
defaults.agreeToTerms = function(tos) { |
|||
return Promise.resolve(tos); |
|||
}; |
|||
} |
|||
|
|||
if (!defaults.accountKeyType) { |
|||
defaults.accountKeyType = 'EC-P256'; |
|||
} |
|||
if (!defaults.serverKeyType) { |
|||
if (defaults.domainKeyType) { |
|||
console.warn('use serverKeyType instead of domainKeyType'); |
|||
defaults.serverKeyType = defaults.domainKeyType; |
|||
} |
|||
defaults.serverKeyType = 'RSA-2048'; |
|||
} |
|||
if (defaults.domainKeypair) { |
|||
console.warn('use serverKeypair instead of domainKeypair'); |
|||
defaults.serverKeypair = |
|||
defaults.serverKeypair || defaults.domainKeypair; |
|||
} |
|||
|
|||
Object.defineProperty(defaults, 'domainKeypair', { |
|||
write: false, |
|||
get: function() { |
|||
console.warn('use serverKeypair instead of domainKeypair'); |
|||
return defaults.serverKeypair; |
|||
} |
|||
}); |
|||
|
|||
return defaults; |
|||
}; |
|||
|
|||
Greenlock._normalizeStore = function(name, store) { |
|||
var acc = store.accounts; |
|||
var crt = store.certificates; |
|||
|
|||
var warned = false; |
|||
function warn() { |
|||
if (warned) { |
|||
return; |
|||
} |
|||
warned = true; |
|||
console.warn( |
|||
"'" + |
|||
name + |
|||
"' may have incorrect function signatures, or contains deprecated use of callbacks" |
|||
); |
|||
} |
|||
|
|||
// accs
|
|||
if (acc.check && 2 === acc.check.length) { |
|||
warn(); |
|||
acc._thunk_check = acc.check; |
|||
acc.check = promisify(acc._thunk_check); |
|||
} |
|||
if (acc.set && 3 === acc.set.length) { |
|||
warn(); |
|||
acc._thunk_set = acc.set; |
|||
acc.set = promisify(acc._thunk_set); |
|||
} |
|||
if (2 === acc.checkKeypair.length) { |
|||
warn(); |
|||
acc._thunk_checkKeypair = acc.checkKeypair; |
|||
acc.checkKeypair = promisify(acc._thunk_checkKeypair); |
|||
} |
|||
if (3 === acc.setKeypair.length) { |
|||
warn(); |
|||
acc._thunk_setKeypair = acc.setKeypair; |
|||
acc.setKeypair = promisify(acc._thunk_setKeypair); |
|||
} |
|||
|
|||
// certs
|
|||
if (2 === crt.check.length) { |
|||
warn(); |
|||
crt._thunk_check = crt.check; |
|||
crt.check = promisify(crt._thunk_check); |
|||
} |
|||
if (3 === crt.set.length) { |
|||
warn(); |
|||
crt._thunk_set = crt.set; |
|||
crt.set = promisify(crt._thunk_set); |
|||
} |
|||
if (2 === crt.checkKeypair.length) { |
|||
warn(); |
|||
crt._thunk_checkKeypair = crt.checkKeypair; |
|||
crt.checkKeypair = promisify(crt._thunk_checkKeypair); |
|||
} |
|||
if (2 === crt.setKeypair.length) { |
|||
warn(); |
|||
crt._thunk_setKeypair = crt.setKeypair; |
|||
crt.setKeypair = promisify(crt._thunk_setKeypair); |
|||
} |
|||
|
|||
return store; |
|||
}; |
|||
|
|||
Greenlock._normalizeChallenge = function(name, ch) { |
|||
var warned = false; |
|||
function warn() { |
|||
if (warned) { |
|||
return; |
|||
} |
|||
warned = true; |
|||
console.warn( |
|||
"'" + |
|||
name + |
|||
"' may have incorrect function signatures, or contains deprecated use of callbacks" |
|||
); |
|||
} |
|||
|
|||
// init, zones, set, get, remove
|
|||
if (ch.init && 2 === ch.init.length) { |
|||
warn(); |
|||
ch._thunk_init = ch.init; |
|||
ch.init = promisify(ch._thunk_init); |
|||
} |
|||
if (ch.zones && 2 === ch.zones.length) { |
|||
warn(); |
|||
ch._thunk_zones = ch.zones; |
|||
ch.zones = promisify(ch._thunk_zones); |
|||
} |
|||
if (2 === ch.set.length) { |
|||
warn(); |
|||
ch._thunk_set = ch.set; |
|||
ch.set = promisify(ch._thunk_set); |
|||
} |
|||
if (2 === ch.remove.length) { |
|||
warn(); |
|||
ch._thunk_remove = ch.remove; |
|||
ch.remove = promisify(ch._thunk_remove); |
|||
} |
|||
if (ch.get && 2 === ch.get.length) { |
|||
warn(); |
|||
ch._thunk_get = ch.get; |
|||
ch.get = promisify(ch._thunk_get); |
|||
} |
|||
|
|||
return ch; |
|||
}; |
@ -0,0 +1,97 @@ |
|||
var accountKeypair = await Keypairs.generate({ kty: accKty }); |
|||
if (config.debug) { |
|||
console.info('Account Key Created'); |
|||
console.info(JSON.stringify(accountKeypair, null, 2)); |
|||
console.info(); |
|||
console.info(); |
|||
} |
|||
|
|||
var account = await acme.accounts.create({ |
|||
agreeToTerms: agree, |
|||
// TODO detect jwk/pem/der?
|
|||
accountKeypair: { privateKeyJwk: accountKeypair.private }, |
|||
subscriberEmail: config.email |
|||
}); |
|||
|
|||
// TODO top-level agree
|
|||
function agree(tos) { |
|||
if (config.debug) { |
|||
console.info('Agreeing to Terms of Service:'); |
|||
console.info(tos); |
|||
console.info(); |
|||
console.info(); |
|||
} |
|||
agreed = true; |
|||
return Promise.resolve(tos); |
|||
} |
|||
if (config.debug) { |
|||
console.info('New Subscriber Account'); |
|||
console.info(JSON.stringify(account, null, 2)); |
|||
console.info(); |
|||
console.info(); |
|||
} |
|||
if (!agreed) { |
|||
throw new Error('Failed to ask the user to agree to terms'); |
|||
} |
|||
|
|||
var certKeypair = await Keypairs.generate({ kty: srvKty }); |
|||
var pem = await Keypairs.export({ |
|||
jwk: certKeypair.private, |
|||
encoding: 'pem' |
|||
}); |
|||
if (config.debug) { |
|||
console.info('Server Key Created'); |
|||
console.info('privkey.jwk.json'); |
|||
console.info(JSON.stringify(certKeypair, null, 2)); |
|||
// This should be saved as `privkey.pem`
|
|||
console.info(); |
|||
console.info('privkey.' + srvKty.toLowerCase() + '.pem:'); |
|||
console.info(pem); |
|||
console.info(); |
|||
} |
|||
|
|||
// 'subject' should be first in list
|
|||
var domains = randomDomains(rnd); |
|||
if (config.debug) { |
|||
console.info('Get certificates for random domains:'); |
|||
console.info( |
|||
domains |
|||
.map(function(puny) { |
|||
var uni = punycode.toUnicode(puny); |
|||
if (puny !== uni) { |
|||
return puny + ' (' + uni + ')'; |
|||
} |
|||
return puny; |
|||
}) |
|||
.join('\n') |
|||
); |
|||
console.info(); |
|||
} |
|||
|
|||
// Create CSR
|
|||
var csrDer = await CSR.csr({ |
|||
jwk: certKeypair.private, |
|||
domains: domains, |
|||
encoding: 'der' |
|||
}); |
|||
var csr = Enc.bufToUrlBase64(csrDer); |
|||
var csrPem = PEM.packBlock({ |
|||
type: 'CERTIFICATE REQUEST', |
|||
bytes: csrDer /* { jwk: jwk, domains: opts.domains } */ |
|||
}); |
|||
if (config.debug) { |
|||
console.info('Certificate Signing Request'); |
|||
console.info(csrPem); |
|||
console.info(); |
|||
} |
|||
|
|||
var results = await acme.certificates.create({ |
|||
account: account, |
|||
accountKeypair: { privateKeyJwk: accountKeypair.private }, |
|||
csr: csr, |
|||
domains: domains, |
|||
challenges: challenges, // must be implemented
|
|||
customerEmail: null |
|||
}); |
|||
|
|||
|
@ -0,0 +1,141 @@ |
|||
{ |
|||
"name": "@root/greenlock", |
|||
"version": "3.0.0-wip.0", |
|||
"lockfileVersion": 1, |
|||
"requires": true, |
|||
"dependencies": { |
|||
"@root/acme": { |
|||
"version": "3.0.0-wip.3", |
|||
"resolved": "https://registry.npmjs.org/@root/acme/-/acme-3.0.0-wip.3.tgz", |
|||
"integrity": "sha512-7Fq9FuO0WQgKPgyYmKHst71EbIqH764A3j6vF1aKemgWXXq2Wqy8G+2SJwt3/MSXhQ7X+qLmWRLLJ7U4Zlygsg==", |
|||
"requires": { |
|||
"@root/csr": "^0.8.1", |
|||
"@root/encoding": "^1.0.1", |
|||
"@root/keypairs": "^0.9.0", |
|||
"@root/pem": "^1.0.4", |
|||
"@root/request": "^1.3.11", |
|||
"@root/x509": "^0.7.2" |
|||
}, |
|||
"dependencies": { |
|||
"@root/csr": { |
|||
"version": "0.8.1", |
|||
"resolved": "https://registry.npmjs.org/@root/csr/-/csr-0.8.1.tgz", |
|||
"integrity": "sha512-hKl0VuE549TK6SnS2Yn9nRvKbFZXn/oAg+dZJU/tlKl/f/0yRXeuUzf8akg3JjtJq+9E592zDqeXZ7yyrg8fSQ==", |
|||
"requires": { |
|||
"@root/asn1": "^1.0.0", |
|||
"@root/pem": "^1.0.4", |
|||
"@root/x509": "^0.7.2" |
|||
} |
|||
}, |
|||
"@root/keypairs": { |
|||
"version": "0.9.0", |
|||
"resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.9.0.tgz", |
|||
"integrity": "sha512-NXE2L9Gv7r3iC4kB/gTPZE1vO9Ox/p14zDzAJ5cGpTpytbWOlWF7QoHSJbtVX4H7mRG/Hp7HR3jWdWdb2xaaXg==", |
|||
"requires": { |
|||
"@root/encoding": "^1.0.1", |
|||
"@root/pem": "^1.0.4", |
|||
"@root/x509": "^0.7.2" |
|||
} |
|||
} |
|||
} |
|||
}, |
|||
"@root/asn1": { |
|||
"version": "1.0.0", |
|||
"resolved": "https://registry.npmjs.org/@root/asn1/-/asn1-1.0.0.tgz", |
|||
"integrity": "sha512-0lfZNuOULKJDJmdIkP8V9RnbV3XaK6PAHD3swnFy4tZwtlMDzLKoM/dfNad7ut8Hu3r91wy9uK0WA/9zym5mig==", |
|||
"requires": { |
|||
"@root/encoding": "^1.0.1" |
|||
} |
|||
}, |
|||
"@root/csr": { |
|||
"version": "0.8.1", |
|||
"resolved": "https://registry.npmjs.org/@root/csr/-/csr-0.8.1.tgz", |
|||
"integrity": "sha512-hKl0VuE549TK6SnS2Yn9nRvKbFZXn/oAg+dZJU/tlKl/f/0yRXeuUzf8akg3JjtJq+9E592zDqeXZ7yyrg8fSQ==", |
|||
"requires": { |
|||
"@root/asn1": "^1.0.0", |
|||
"@root/pem": "^1.0.4", |
|||
"@root/x509": "^0.7.2" |
|||
} |
|||
}, |
|||
"@root/encoding": { |
|||
"version": "1.0.1", |
|||
"resolved": "https://registry.npmjs.org/@root/encoding/-/encoding-1.0.1.tgz", |
|||
"integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ==" |
|||
}, |
|||
"@root/keypairs": { |
|||
"version": "0.9.0", |
|||
"resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.9.0.tgz", |
|||
"integrity": "sha512-NXE2L9Gv7r3iC4kB/gTPZE1vO9Ox/p14zDzAJ5cGpTpytbWOlWF7QoHSJbtVX4H7mRG/Hp7HR3jWdWdb2xaaXg==", |
|||
"requires": { |
|||
"@root/encoding": "^1.0.1", |
|||
"@root/pem": "^1.0.4", |
|||
"@root/x509": "^0.7.2" |
|||
} |
|||
}, |
|||
"@root/mkdirp": { |
|||
"version": "1.0.0", |
|||
"resolved": "https://registry.npmjs.org/@root/mkdirp/-/mkdirp-1.0.0.tgz", |
|||
"integrity": "sha512-hxGAYUx5029VggfG+U9naAhQkoMSXtOeXtbql97m3Hi6/sQSRL/4khKZPyOF6w11glyCOU38WCNLu9nUcSjOfA==" |
|||
}, |
|||
"@root/pem": { |
|||
"version": "1.0.4", |
|||
"resolved": "https://registry.npmjs.org/@root/pem/-/pem-1.0.4.tgz", |
|||
"integrity": "sha512-rEUDiUsHtild8GfIjFE9wXtcVxeS+ehCJQBwbQQ3IVfORKHK93CFnRtkr69R75lZFjcmKYVc+AXDB+AeRFOULA==" |
|||
}, |
|||
"@root/request": { |
|||
"version": "1.3.11", |
|||
"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz", |
|||
"integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw==" |
|||
}, |
|||
"@root/x509": { |
|||
"version": "0.7.2", |
|||
"resolved": "https://registry.npmjs.org/@root/x509/-/x509-0.7.2.tgz", |
|||
"integrity": "sha512-ENq3LGYORK5NiMFHEVeNMt+fTXaC7DTS6sQXoqV+dFdfT0vmiL5cDLjaXQhaklJQq0NiwicZegzJRl1ZOTp3WQ==", |
|||
"requires": { |
|||
"@root/asn1": "^1.0.0", |
|||
"@root/encoding": "^1.0.1" |
|||