partial updates

This commit is contained in:
AJ ONeal 2016-08-05 04:14:40 -04:00
parent 0ab67f733d
commit 9ae3c7d6f6
3 changed files with 110 additions and 257 deletions

203
index.js
View File

@ -4,14 +4,9 @@
var PromiseA = require('bluebird'); var PromiseA = require('bluebird');
var leCore = require('letiny-core'); var leCore = require('letiny-core');
var utils = require('./lib/common');
var merge = require('./lib/common').merge;
var tplCopy = require('./lib/common').tplCopy;
var LE = module.exports; var LE = module.exports;
LE.merge = require('./lib/common').merge;
LE.defaults = { LE.defaults = {
server: leCore.productionServerUrl server: leCore.productionServerUrl
, stagingServer: leCore.stagingServerUrl , stagingServer: leCore.stagingServerUrl
@ -28,12 +23,11 @@ Object.keys(LE.defaults).forEach(function (key) {
LE[key] = LE.defaults[key]; LE[key] = LE.defaults[key];
}); });
// backend, defaults, handlers
LE.create = function (defaults, handlers, backend) { LE.create = function (defaults, handlers, backend) {
var Backend = require('./lib/core'); var Core = require('./lib/core');
if (!backend) { backend = require('./lib/pycompat').create(defaults); } var core;
if (!backend) { backend = require('./lib/pycompat'); }
if (!handlers) { handlers = {}; } if (!handlers) { handlers = {}; }
if (!handlers.lifetime) { handlers.lifetime = 90 * 24 * 60 * 60 * 1000; }
if (!handlers.renewWithin) { handlers.renewWithin = 3 * 24 * 60 * 60 * 1000; } if (!handlers.renewWithin) { handlers.renewWithin = 3 * 24 * 60 * 60 * 1000; }
if (!handlers.memorizeFor) { handlers.memorizeFor = 1 * 24 * 60 * 60 * 1000; } if (!handlers.memorizeFor) { handlers.memorizeFor = 1 * 24 * 60 * 60 * 1000; }
if (!handlers.sniRegisterCallback) { if (!handlers.sniRegisterCallback) {
@ -42,188 +36,45 @@ LE.create = function (defaults, handlers, backend) {
cb(null, null); cb(null, null);
}; };
} }
if (!handlers.getChallenge) {
if (!defaults.manual && !defaults.webrootPath) {
// GET /.well-known/acme-challenge/{{challengeKey}} should return {{tokenValue}}
throw new Error("handlers.getChallenge or defaults.webrootPath must be set");
}
handlers.getChallenge = function (hostname, key, done) {
// TODO associate by hostname?
// hmm... I don't think there's a direct way to associate this with
// the request it came from... it's kinda stateless in that way
// but realistically there only needs to be one handler and one
// "directory" for this. It's not that big of a deal.
var defaultos = LE.merge({}, defaults);
var getChallenge = require('./lib/default-handlers').getChallenge;
var copy = merge({ domains: [hostname] }, defaults);
tplCopy(copy); if (backend.create) {
defaultos.domains = [hostname]; backend = backend.create(defaults);
if (3 === getChallenge.length) {
console.warn('[WARNING] Deprecated use. Define getChallenge as function (opts, domain, key, cb) { }');
getChallenge(defaultos, key, done);
} }
else if (4 === getChallenge.length) {
getChallenge(defaultos, hostname, key, done);
}
else {
done(new Error("handlers.getChallenge [1] receives the wrong number of arguments"));
}
};
}
if (!handlers.setChallenge) {
if (!defaults.webrootPath) {
// GET /.well-known/acme-challenge/{{challengeKey}} should return {{tokenValue}}
throw new Error("handlers.setChallenge or defaults.webrootPath must be set");
}
handlers.setChallenge = require('./lib/default-handlers').setChallenge;
}
if (!handlers.removeChallenge) {
if (!defaults.webrootPath) {
// GET /.well-known/acme-challenge/{{challengeKey}} should return {{tokenValue}}
throw new Error("handlers.removeChallenge or defaults.webrootPath must be set");
}
handlers.removeChallenge = require('./lib/default-handlers').removeChallenge;
}
if (!handlers.agreeToTerms) {
if (defaults.agreeTos) {
console.warn("[WARN] Agreeing to terms by default is risky business...");
}
handlers.agreeToTerms = require('./lib/default-handlers').agreeToTerms;
}
backend = Backend.create(defaults, handlers);
backend = PromiseA.promisifyAll(backend); backend = PromiseA.promisifyAll(backend);
core = Core.create(defaults, handlers, backend);
//var attempts = {}; // should exist in master process only var le = {
var le;
// TODO check certs on initial load
// TODO expect that certs expire every 90 days
// TODO check certs with setInterval?
//options.cacheContextsFor = options.cacheContextsFor || (1 * 60 * 60 * 1000);
le = {
backend: backend backend: backend
, pyToJson: function (pyobj) { , core: core
if (!pyobj) { // register
return null; , create: function (args, cb) {
} return core.registerAsync(args).then(function (pems) {
var jsobj = {};
Object.keys(pyobj).forEach(function (key) {
jsobj[key] = pyobj[key];
});
jsobj.__lines = undefined;
jsobj.__keys = undefined;
return jsobj;
}
, register: function (args, cb) {
if (defaults.debug || args.debug) {
console.log('[LE] register');
}
if (!Array.isArray(args.domains)) {
cb(new Error('args.domains should be an array of domains'));
return;
}
var copy = LE.merge(args, defaults);
var err;
if (!utils.isValidDomain(args.domains[0])) {
err = new Error("invalid domain name: '" + args.domains + "'");
err.code = "INVALID_DOMAIN";
cb(err);
return;
}
if ((!args.domains.length && args.domains.every(le.isValidDomain))) {
// NOTE: this library can't assume to handle the http loopback
// (or dns-01 validation may be used)
// so we do not check dns records or attempt a loopback here
cb(new Error("node-letsencrypt: invalid hostnames: " + args.domains.join(',')));
return;
}
if (defaults.debug || args.debug) {
console.log("[NLE]: begin registration");
}
return backend.registerAsync(copy).then(function (pems) {
if (defaults.debug || args.debug) {
console.log("[NLE]: end registration");
}
cb(null, pems); cb(null, pems);
//return le.fetch(args, cb);
}, cb); }, cb);
} }
, fetch: function (args, cb) { // fetch
if (defaults.debug || args.debug) { , domain: function (args, cb) {
console.log('[LE] fetch'); // TODO must return email, domains, tos, pems
} return core.fetchAsync(args).then(function (certInfo) {
// TODO figure out what TPLs are needed
var copy = merge(args, defaults);
tplCopy(copy);
return backend.fetchAsync(args).then(function (certInfo) {
if (args.debug) {
console.log('[LE] raw fetch certs', certInfo && Object.keys(certInfo));
}
if (!certInfo) { cb(null, null); return; }
// key, cert, issuedAt, lifetime, expiresAt
if (!certInfo.expiresAt) {
certInfo.expiresAt = certInfo.issuedAt + (certInfo.lifetime || handlers.lifetime);
}
if (!certInfo.lifetime) {
certInfo.lifetime = (certInfo.lifetime || handlers.lifetime);
}
// a pretty good hard buffer
certInfo.expiresAt -= (1 * 24 * 60 * 60 * 100);
cb(null, certInfo); cb(null, certInfo);
}, cb); }, cb);
} }
, getConfig: function (args, cb) { , domains: function (args, cb) {
if (defaults.debug || args.debug) { // TODO show all domains or limit by account
console.log('[LE] getConfig'); throw new Error('not implemented');
} }
backend.getConfigAsync(args).then(function (pyobj) { , accounts: function (args, cb) {
cb(null, le.pyToJson(pyobj)); // TODO show all accounts or limit by domain
}, function (err) { throw new Error('not implemented');
console.error("[letsencrypt/index.js] getConfig");
console.error(err.stack);
return cb(null, []);
});
} }
, getConfigs: function (args, cb) { , account: function (args, cb) {
if (defaults.debug || args.debug) { // TODO return one account
console.log('[LE] getConfigs'); throw new Error('not implemented');
}
backend.getConfigsAsync(args).then(function (configs) {
cb(null, configs.map(le.pyToJson));
}, function (err) {
if ('ENOENT' === err.code) {
cb(null, []);
} else {
console.error("[letsencrypt/index.js] getConfigs");
console.error(err.stack);
cb(err);
}
});
}
, setConfig: function (args, cb) {
if (defaults.debug || args.debug) {
console.log('[LE] setConfig');
}
backend.configureAsync(args).then(function (pyobj) {
cb(null, le.pyToJson(pyobj));
});
} }
}; };
// exists
// get
return le; return le;
}; };

View File

@ -1,9 +1,6 @@
'use strict'; 'use strict';
var fs = require('fs');
var path = require('path'); var path = require('path');
var PromiseA = require('bluebird');
var homeRe = new RegExp("^~(\\/|\\\|\\" + path.sep + ")"); var homeRe = new RegExp("^~(\\/|\\\|\\" + path.sep + ")");
var re = /^[a-zA-Z0-9\.\-]+$/; var re = /^[a-zA-Z0-9\.\-]+$/;
var punycode = require('punycode'); var punycode = require('punycode');
@ -22,16 +19,6 @@ module.exports.isValidDomain = function (domain) {
return ''; return '';
}; };
module.exports.tplConfigDir = function (configDir, defaults) {
var homedir = require('homedir')();
Object.keys(defaults).forEach(function (key) {
if ('string' === typeof defaults[key]) {
defaults[key] = defaults[key].replace(':config', configDir).replace(':conf', configDir);
defaults[key] = defaults[key].replace(homeRe, homedir + path.sep);
}
});
};
module.exports.merge = function (/*defaults, args*/) { module.exports.merge = function (/*defaults, args*/) {
var allDefaults = Array.prototype.slice.apply(arguments); var allDefaults = Array.prototype.slice.apply(arguments);
var args = args.shift(); var args = args.shift();
@ -51,18 +38,6 @@ module.exports.merge = function (/*defaults, args*/) {
}; };
module.exports.tplCopy = function (copy) { module.exports.tplCopy = function (copy) {
var url = require('url');
var acmeLocation = url.parse(copy.server);
var acmeHostpath = path.join(acmeLocation.hostname, acmeLocation.pathname);
copy.accountsDir = copy.accountsDir || path.join(copy.configDir, 'accounts', acmeHostpath);
// TODO move these defaults elsewhere?
//args.renewalDir = args.renewalDir || ':config/renewal/';
args.renewalPath = args.renewalPath || ':config/renewal/:hostname.conf';
// Note: the /directory is part of the server url and, as such, bleeds into the pathname
// So :config/accounts/:server/directory is *incorrect*, but the following *is* correct:
args.accountsDir = args.accountsDir || ':config/accounts/:server';
hargs.renewalDir = hargs.renewalDir || ':config/renewal/';
copy.renewalPath = copy.renewalPath || path.join(copy.configDir, 'renewal', copy.domains[0] + '.conf');
var homedir = require('homedir')(); var homedir = require('homedir')();
var tpls = { var tpls = {
hostname: (copy.domains || [])[0] hostname: (copy.domains || [])[0]
@ -72,7 +47,12 @@ module.exports.tplCopy = function (copy) {
}; };
Object.keys(copy).forEach(function (key) { Object.keys(copy).forEach(function (key) {
if ('string' === typeof copy[key]) { if ('string' !== typeof copy[key]) {
return;
}
copy[key] = copy[key].replace(homeRe, homedir + path.sep);
Object.keys(tpls).sort(function (a, b) { Object.keys(tpls).sort(function (a, b) {
return b.length - a.length; return b.length - a.length;
}).forEach(function (tplname) { }).forEach(function (tplname) {
@ -81,10 +61,6 @@ module.exports.tplCopy = function (copy) {
return; return;
} }
copy[key] = copy[key].replace(':' + tplname, tpls[tplname]); copy[key] = copy[key].replace(':' + tplname, tpls[tplname]);
copy[key] = copy[key].replace(homeRe, homedir + path.sep);
}); });
}
}); });
//return copy;
}; };

View File

@ -4,6 +4,8 @@ var LE = require('../');
var ipc = {}; // in-process cache var ipc = {}; // in-process cache
module.exports.create = function (defaults, handlers, backend) { module.exports.create = function (defaults, handlers, backend) {
var backendDefaults = backend.getDefaults && backend.getDefaults || backend.defaults || {};
defaults.server = defaults.server || LE.liveServer; defaults.server = defaults.server || LE.liveServer;
handlers.merge = require('./common').merge; handlers.merge = require('./common').merge;
handlers.tplCopy = require('./common').tplCopy; handlers.tplCopy = require('./common').tplCopy;
@ -13,9 +15,22 @@ module.exports.create = function (defaults, handlers, backend) {
var LeCore = PromiseA.promisifyAll(require('letiny-core')); var LeCore = PromiseA.promisifyAll(require('letiny-core'));
var crypto = require('crypto'); var crypto = require('crypto');
function attachCertInfo(results) {
var getCertInfo = require('./cert-info').getCertInfo;
// XXX Note: Parsing the certificate info comes at a great cost (~500kb)
var certInfo = getCertInfo(results.cert);
//results.issuedAt = arr[3].mtime.valueOf()
results.issuedAt = Date(certInfo.notBefore.value).valueOf(); // Date.now()
results.expiresAt = Date(certInfo.notAfter.value).valueOf();
return results;
}
function createAccount(args, handlers) { function createAccount(args, handlers) {
// arg.rsaBitLength args.rsaExponent args.rsaKeySize = args.rsaKeySize || 2048;
return RSA.generateKeypairAsync(args.rsaKeySize || 2048, 65537, { public: true, pem: true }).then(function (keypair) {
return RSA.generateKeypairAsync(args.rsaKeySize, 65537, { public: true, pem: true }).then(function (keypair) {
return LeCore.registerNewAccountAsync({ return LeCore.registerNewAccountAsync({
email: args.email email: args.email
@ -71,6 +86,9 @@ module.exports.create = function (defaults, handlers, backend) {
} }
function getCertificateAsync(args, defaults, handlers) { function getCertificateAsync(args, defaults, handlers) {
args.rsaKeySize = args.rsaKeySize || 2048;
args.challengeType = args.challengeType || 'http-01';
function log() { function log() {
if (args.debug || defaults.debug) { if (args.debug || defaults.debug) {
console.log.apply(console, arguments); console.log.apply(console, arguments);
@ -106,6 +124,7 @@ module.exports.create = function (defaults, handlers, backend) {
, accountKeypair: RSA.import(account.keypair) , accountKeypair: RSA.import(account.keypair)
, domainKeypair: domainKeypair , domainKeypair: domainKeypair
, domains: args.domains , domains: args.domains
, challengeType: args.challengeType
// //
// IMPORTANT // IMPORTANT
@ -116,39 +135,36 @@ module.exports.create = function (defaults, handlers, backend) {
// (args is per-request, defaults is per instance) // (args is per-request, defaults is per instance)
// //
, setChallenge: function (domain, key, value, done) { , setChallenge: function (domain, key, value, done) {
var copy = handlers.merge({ domains: [domain] }, defaults); var copy = handlers.merge({ domains: [domain] }, defaults, backendDefaults);
handlers.tplCopy(copy); handlers.tplCopy(copy);
args.domains = [domain]; //args.domains = [domain];
//args.domains = args.domains || [domain]; args.domains = args.domains || [domain];
if (4 === handlers.setChallenge.length) {
console.warn('[WARNING] deprecated use. Define setChallenge as function (opts, domain, key, val, cb) { }'); if (5 !== handlers.setChallenge.length) {
handlers.setChallenge(copy, key, value, done); done(new Error("handlers.setChallenge receives the wrong number of arguments."
+ " You must define setChallenge as function (opts, domain, key, val, cb) { }"));
return;
} }
else if (5 === handlers.setChallenge.length) {
handlers.setChallenge(copy, domain, key, value, done); handlers.setChallenge(copy, domain, key, value, done);
} }
else {
done(new Error("handlers.setChallenge receives the wrong number of arguments"));
}
}
, removeChallenge: function (domain, key, done) { , removeChallenge: function (domain, key, done) {
var copy = handlers.merge({ domains: [domain] }, defaults); var copy = handlers.merge({ domains: [domain] }, defaults, backendDefaults);
handlers.tplCopy(copy); handlers.tplCopy(copy);
if (3 === handlers.removeChallenge.length) { if (4 !== handlers.removeChallenge.length) {
handlers.removeChallenge(copy, key, done); done(new Error("handlers.removeChallenge receives the wrong number of arguments."
+ " You must define removeChallenge as function (opts, domain, key, cb) { }"));
return;
} }
else if (4 === handlers.removeChallenge.length) {
handlers.removeChallenge(copy, domain, key, done); handlers.removeChallenge(copy, domain, key, done);
} }
else { }).then(attachCertInfo);
done(new Error("handlers.removeChallenge receives the wrong number of arguments"));
}
}
});
}).then(function (results) { }).then(function (results) {
// { cert, chain, fullchain, privkey } // { cert, chain, fullchain, privkey }
args.pems = results; args.pems = results;
return backend.setRegistration(args, defaults, handlers); return backend.setRegistration(args, defaults, handlers);
}); });
@ -160,7 +176,7 @@ module.exports.create = function (defaults, handlers, backend) {
return getCertificateAsync(args, defaults, handlers); return getCertificateAsync(args, defaults, handlers);
} }
return backend.getRegistration(args).then(function (certs) { return wrapped.fetchAsync(args).then(function (certs) {
var halfLife = (certs.expiresAt - certs.issuedAt) / 2; var halfLife = (certs.expiresAt - certs.issuedAt) / 2;
if (!certs || (Date.now() - certs.issuedAt) > halfLife) { if (!certs || (Date.now() - certs.issuedAt) > halfLife) {
@ -196,27 +212,34 @@ module.exports.create = function (defaults, handlers, backend) {
log('[le/core.js] use account'); log('[le/core.js] use account');
args.accountId = accountId; args.accountId = accountId;
return Accounts.getAccount(args, handlers); return backend.getAccount(args, handlers);
} else { } else {
log('[le/core.js] create account'); log('[le/core.js] create account');
return Accounts.createAccount(args, handlers); return createAccount(args, handlers);
} }
}); });
}).then(function (account) {
/*
if (renewal.account !== account) {
// the account has become corrupt, re-register
return;
}
*/
log('[le/core.js] created account');
return account;
}); });
} }
var wrapped = { var wrapped = {
registerAsync: function (args) { registerAsync: function (args) {
var copy = handlers.merge(args, defaults); var utils = require('./lib/common');
var err;
if (!Array.isArray(args.domains)) {
return PromiseA.reject(new Error('args.domains should be an array of domains'));
}
if (!(args.domains.length && args.domains.every(utils.isValidDomain))) {
// NOTE: this library can't assume to handle the http loopback
// (or dns-01 validation may be used)
// so we do not check dns records or attempt a loopback here
err = new Error("invalid domain name(s): '" + args.domains + "'");
err.code = "INVALID_DOMAIN";
return PromiseA.reject(err);
}
var copy = handlers.merge(args, defaults, backendDefaults);
handlers.tplCopy(copy); handlers.tplCopy(copy);
return getOrCreateAcmeAccount(copy, defaults, handlers).then(function (account) { return getOrCreateAcmeAccount(copy, defaults, handlers).then(function (account) {
@ -234,20 +257,23 @@ module.exports.create = function (defaults, handlers, backend) {
}); });
} }
, getOrCreateAccount: function (args) { , getOrCreateAccount: function (args) {
// TODO
keypair.privateKeyPem = RSA.exportPrivatePem(keypair);
keypair.publicKeyPem = RSA.exportPublicPem(keypair);
return createAccount(args, handlers); return createAccount(args, handlers);
} }
, configureAsync: function (hargs) { , configureAsync: function (hargs) {
var copy = merge(hargs, defaults); var copy = handlers.merge(hargs, defaults, backendDefaults);
tplCopy(copy); handlers.tplCopy(copy);
return getOrCreateAcmeAccount(copy, defaults, handlers).then(function (account) { return getOrCreateAcmeAccount(copy, defaults, handlers).then(function (account) {
copy.account = account; copy.account = account;
return backend.getOrCreateRenewal(copy); return backend.getOrCreateRenewal(copy);
}); });
} }
, fetchAsync: function (args) {
var copy = handlers.merge(args, defaults);
handlers.tplCopy(copy);
return backend.fetchAsync(copy).then(attachCertInfo);
}
}; };
return wrapped; return wrapped;