tabs -> spaces

This commit is contained in:
AJ ONeal 2019-10-31 16:26:18 -06:00
parent 8c8d9251cd
commit fd1723782b
15 changed files with 2371 additions and 2371 deletions

View File

@ -50,12 +50,12 @@ TODO
// Creates an instance of greenlock with certain default values // Creates an instance of greenlock with certain default values
var gl = Greenlock.create({ var gl = Greenlock.create({
// Staging for testing environments // Staging for testing environments
staging: true, staging: true,
// This should be the contact who receives critical bug and security notifications // This should be the contact who receives critical bug and security notifications
// Optionally, you may receive other (very few) updates, such as important new features // Optionally, you may receive other (very few) updates, such as important new features
maintainerEmail: 'jon@example.com' maintainerEmail: 'jon@example.com'
}); });
``` ```
@ -73,10 +73,10 @@ var gl = Greenlock.create({
```js ```js
greenlock.manager.defaults({ greenlock.manager.defaults({
// The "Let's Encrypt Subscriber" (often the same as the maintainer) // The "Let's Encrypt Subscriber" (often the same as the maintainer)
// NOT the end customer (except where that is also the maintainer) // NOT the end customer (except where that is also the maintainer)
subscriberEmail: 'jon@example.com', subscriberEmail: 'jon@example.com',
agreeToTerms: true agreeToTerms: true
}); });
``` ```
@ -102,8 +102,8 @@ greenlock.manager.defaults({
```js ```js
gl.add({ gl.add({
subject: 'example.com', subject: 'example.com',
altnames: ['example.com', 'www.example.com', 'exampleapi.com'] altnames: ['example.com', 'www.example.com', 'exampleapi.com']
}); });
``` ```
@ -119,15 +119,15 @@ gl.add({
```js ```js
return greenlock.get({ servername }).then(function(site) { return greenlock.get({ servername }).then(function(site) {
if (!site) { if (!site) {
console.log(servername + ' was not found in any site config'); console.log(servername + ' was not found in any site config');
return; return;
} }
var privkey = site.pems.privkey; var privkey = site.pems.privkey;
var fullchain = site.pems.cert + '\n' + site.pems.chain + '\n'; var fullchain = site.pems.cert + '\n' + site.pems.chain + '\n';
console.log(privkey); console.log(privkey);
console.log(fullchain); console.log(fullchain);
}); });
``` ```
@ -141,13 +141,13 @@ This will renew only domains that have reached their `renewAt` or are within the
```js ```js
return greenlock.renew({}).then(function(results) { return greenlock.renew({}).then(function(results) {
results.forEach(function(site) { results.forEach(function(site) {
if (site.error) { if (site.error) {
console.error(site.subject, site.error); console.error(site.subject, site.error);
return; return;
} }
console.log('Renewed certificate for', site.subject, site.altnames); console.log('Renewed certificate for', site.subject, site.altnames);
}); });
}); });
``` ```
@ -163,7 +163,7 @@ return greenlock.renew({}).then(function(results) {
```js ```js
greenlock.update({ subject, renewAt: 0 }).then(function() { greenlock.update({ subject, renewAt: 0 }).then(function() {
return greenlock.renew({}); return greenlock.renew({});
}); });
``` ```

View File

@ -7,213 +7,213 @@ var E = require('./errors.js');
var pending = {}; var pending = {};
A._getOrCreate = function(gnlck, mconf, db, acme, args) { A._getOrCreate = function(gnlck, mconf, db, acme, args) {
var email = args.subscriberEmail || mconf.subscriberEmail; var email = args.subscriberEmail || mconf.subscriberEmail;
if (!email) { if (!email) {
throw E.NO_SUBSCRIBER('get account', args.subject); throw E.NO_SUBSCRIBER('get account', args.subject);
} }
// TODO send welcome message with benefit info // TODO send welcome message with benefit info
return U._validMx(email) return U._validMx(email)
.catch(function() { .catch(function() {
throw E.NO_SUBSCRIBER('get account', args.subcriberEmail); throw E.NO_SUBSCRIBER('get account', args.subcriberEmail);
}) })
.then(function() { .then(function() {
if (pending[email]) { if (pending[email]) {
return pending[email]; return pending[email];
} }
pending[email] = A._rawGetOrCreate( pending[email] = A._rawGetOrCreate(
gnlck, gnlck,
mconf, mconf,
db, db,
acme, acme,
args, args,
email email
) )
.catch(function(e) { .catch(function(e) {
delete pending[email]; delete pending[email];
throw e; throw e;
}) })
.then(function(result) { .then(function(result) {
delete pending[email]; delete pending[email];
return result; return result;
}); });
return pending[email]; return pending[email];
}); });
}; };
// What we really need out of this is the private key and the ACME "key" id // What we really need out of this is the private key and the ACME "key" id
A._rawGetOrCreate = function(gnlck, mconf, db, acme, args, email) { A._rawGetOrCreate = function(gnlck, mconf, db, acme, args, email) {
var p; var p;
if (db.check) { if (db.check) {
p = A._checkStore(gnlck, mconf, db, acme, args, email); p = A._checkStore(gnlck, mconf, db, acme, args, email);
} else { } else {
p = Promise.resolve(null); p = Promise.resolve(null);
} }
return p.then(function(fullAccount) { return p.then(function(fullAccount) {
if (!fullAccount) { if (!fullAccount) {
return A._newAccount(gnlck, mconf, db, acme, args, email, null); return A._newAccount(gnlck, mconf, db, acme, args, email, null);
} }
if (fullAccount.keypair && fullAccount.key && fullAccount.key.kid) { if (fullAccount.keypair && fullAccount.key && fullAccount.key.kid) {
return fullAccount; return fullAccount;
} }
return A._newAccount(gnlck, mconf, db, acme, args, email, fullAccount); return A._newAccount(gnlck, mconf, db, acme, args, email, fullAccount);
}); });
}; };
A._newAccount = function(gnlck, mconf, db, acme, args, email, fullAccount) { A._newAccount = function(gnlck, mconf, db, acme, args, email, fullAccount) {
var keyType = args.accountKeyType || mconf.accountKeyType; var keyType = args.accountKeyType || mconf.accountKeyType;
var query = { var query = {
subject: args.subject, subject: args.subject,
email: email, email: email,
subscriberEmail: email, subscriberEmail: email,
customerEmail: args.customerEmail, customerEmail: args.customerEmail,
account: fullAccount || {}, account: fullAccount || {},
directoryUrl: directoryUrl:
args.directoryUrl || args.directoryUrl ||
mconf.directoryUrl || mconf.directoryUrl ||
gnlck._defaults.directoryUrl gnlck._defaults.directoryUrl
}; };
return U._getOrCreateKeypair(db, args.subject, query, keyType).then( return U._getOrCreateKeypair(db, args.subject, query, keyType).then(
function(kresult) { function(kresult) {
var keypair = kresult.keypair; var keypair = kresult.keypair;
var accReg = { var accReg = {
subscriberEmail: email, subscriberEmail: email,
agreeToTerms: agreeToTerms:
args.agreeToTerms || args.agreeToTerms ||
mconf.agreeToTerms || mconf.agreeToTerms ||
gnlck._defaults.agreeToTerms, gnlck._defaults.agreeToTerms,
accountKey: keypair.privateKeyJwk || keypair.private, accountKey: keypair.privateKeyJwk || keypair.private,
debug: args.debug debug: args.debug
}; };
return acme.accounts.create(accReg).then(function(receipt) { return acme.accounts.create(accReg).then(function(receipt) {
var reg = { var reg = {
keypair: keypair, keypair: keypair,
receipt: receipt, receipt: receipt,
// shudder... not actually a KeyID... but so it is called anyway... // shudder... not actually a KeyID... but so it is called anyway...
kid: kid:
receipt && receipt &&
receipt.key && receipt.key &&
(receipt.key.kid || receipt.kid), (receipt.key.kid || receipt.kid),
email: args.email, email: args.email,
subscriberEmail: email, subscriberEmail: email,
customerEmail: args.customerEmail customerEmail: args.customerEmail
}; };
var keyP; var keyP;
if (kresult.exists) { if (kresult.exists) {
keyP = Promise.resolve(); keyP = Promise.resolve();
} else { } else {
query.keypair = keypair; query.keypair = keypair;
query.receipt = receipt; query.receipt = receipt;
/* /*
query.server = gnlck._defaults.directoryUrl.replace( query.server = gnlck._defaults.directoryUrl.replace(
/^https?:\/\//i, /^https?:\/\//i,
'' ''
); );
*/ */
keyP = db.setKeypair(query, keypair); keyP = db.setKeypair(query, keypair);
} }
return keyP return keyP
.then(function() { .then(function() {
if (!db.set) { if (!db.set) {
return Promise.resolve({ return Promise.resolve({
keypair: keypair keypair: keypair
}); });
} }
return db.set( return db.set(
{ {
// id to be set by Store // id to be set by Store
email: email, email: email,
subscriberEmail: email, subscriberEmail: email,
customerEmail: args.customerEmail, customerEmail: args.customerEmail,
agreeTos: true, agreeTos: true,
agreeToTerms: true, agreeToTerms: true,
directoryUrl: directoryUrl:
args.directoryUrl || args.directoryUrl ||
mconf.directoryUrl || mconf.directoryUrl ||
gnlck._defaults.directoryUrl gnlck._defaults.directoryUrl
/* /*
server: gnlck._defaults.directoryUrl.replace( server: gnlck._defaults.directoryUrl.replace(
/^https?:\/\//i, /^https?:\/\//i,
'' ''
) )
*/ */
}, },
reg reg
); );
}) })
.then(function(fullAccount) { .then(function(fullAccount) {
if (fullAccount && 'object' !== typeof fullAccount) { if (fullAccount && 'object' !== typeof fullAccount) {
throw new Error( throw new Error(
"accounts.set should either return 'null' or an object with an 'id' string" "accounts.set should either return 'null' or an object with an 'id' string"
); );
} }
if (!fullAccount) { if (!fullAccount) {
fullAccount = {}; fullAccount = {};
} }
fullAccount.keypair = keypair; fullAccount.keypair = keypair;
if (!fullAccount.key) { if (!fullAccount.key) {
fullAccount.key = {}; fullAccount.key = {};
} }
fullAccount.key.kid = reg.kid; fullAccount.key.kid = reg.kid;
return fullAccount; return fullAccount;
}); });
}); });
} }
); );
}; };
A._checkStore = function(gnlck, mconf, db, acme, args, email) { A._checkStore = function(gnlck, mconf, db, acme, args, email) {
if ((args.domain || args.domains) && !args.subject) { if ((args.domain || args.domains) && !args.subject) {
console.warn("use 'subject' instead of 'domain'"); console.warn("use 'subject' instead of 'domain'");
args.subject = args.domain; args.subject = args.domain;
} }
var account = args.account; var account = args.account;
if (!account) { if (!account) {
account = {}; account = {};
} }
if (args.accountKey) { if (args.accountKey) {
console.warn( console.warn(
'rather than passing accountKey, put it directly into your account key store' 'rather than passing accountKey, put it directly into your account key store'
); );
// TODO we probably don't need this // TODO we probably don't need this
return U._importKeypair(args.accountKey); return U._importKeypair(args.accountKey);
} }
if (!db.check) { if (!db.check) {
return Promise.resolve(null); return Promise.resolve(null);
} }
return db return db
.check({ .check({
//keypair: undefined, //keypair: undefined,
//receipt: undefined, //receipt: undefined,
email: email, email: email,
subscriberEmail: email, subscriberEmail: email,
customerEmail: args.customerEmail || mconf.customerEmail, customerEmail: args.customerEmail || mconf.customerEmail,
account: account, account: account,
directoryUrl: directoryUrl:
args.directoryUrl || args.directoryUrl ||
mconf.directoryUrl || mconf.directoryUrl ||
gnlck._defaults.directoryUrl gnlck._defaults.directoryUrl
}) })
.then(function(fullAccount) { .then(function(fullAccount) {
if (!fullAccount) { if (!fullAccount) {
return null; return null;
} }
return fullAccount; return fullAccount;
}); });
}; };

View File

@ -4,375 +4,375 @@ var mkdirp = require('@root/mkdirp');
var cli = require('./cli.js'); var cli = require('./cli.js');
cli.parse({ cli.parse({
'directory-url': [ 'directory-url': [
false, false,
' ACME Directory Resource URL', ' ACME Directory Resource URL',
'string', 'string',
'https://acme-v02.api.letsencrypt.org/directory', 'https://acme-v02.api.letsencrypt.org/directory',
'server,acme-url' 'server,acme-url'
], ],
email: [ email: [
false, false,
' Email used for registration and recovery contact. (default: null)', ' Email used for registration and recovery contact. (default: null)',
'email' 'email'
], ],
'agree-tos': [ 'agree-tos': [
false, false,
" Agree to the Greenlock and Let's Encrypt Subscriber Agreements", " Agree to the Greenlock and Let's Encrypt Subscriber Agreements",
'boolean', 'boolean',
false false
], ],
'community-member': [ 'community-member': [
false, false,
' Submit stats to and get updates from Greenlock', ' Submit stats to and get updates from Greenlock',
'boolean', 'boolean',
false false
], ],
domains: [ domains: [
false, false,
' Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])', ' Domain names to apply. For multiple domains you can enter a comma separated list of domains as a parameter. (default: [])',
'string' 'string'
], ],
'renew-offset': [ 'renew-offset': [
false, false,
' Positive (time after issue) or negative (time before expiry) offset, such as 30d or -45d', ' Positive (time after issue) or negative (time before expiry) offset, such as 30d or -45d',
'string', 'string',
'45d' '45d'
], ],
'renew-within': [ 'renew-within': [
false, false,
' (ignored) use renew-offset instead', ' (ignored) use renew-offset instead',
'ignore', 'ignore',
undefined undefined
], ],
'cert-path': [ 'cert-path': [
false, false,
' Path to where new cert.pem is saved', ' Path to where new cert.pem is saved',
'string', 'string',
':configDir/live/:hostname/cert.pem' ':configDir/live/:hostname/cert.pem'
], ],
'fullchain-path': [ 'fullchain-path': [
false, false,
' Path to where new fullchain.pem (cert + chain) is saved', ' Path to where new fullchain.pem (cert + chain) is saved',
'string', 'string',
':configDir/live/:hostname/fullchain.pem' ':configDir/live/:hostname/fullchain.pem'
], ],
'bundle-path': [ 'bundle-path': [
false, false,
' Path to where new bundle.pem (fullchain + privkey) is saved', ' Path to where new bundle.pem (fullchain + privkey) is saved',
'string', 'string',
':configDir/live/:hostname/bundle.pem' ':configDir/live/:hostname/bundle.pem'
], ],
'chain-path': [ 'chain-path': [
false, false,
' Path to where new chain.pem is saved', ' Path to where new chain.pem is saved',
'string', 'string',
':configDir/live/:hostname/chain.pem' ':configDir/live/:hostname/chain.pem'
], ],
'privkey-path': [ 'privkey-path': [
false, false,
' Path to where privkey.pem is saved', ' Path to where privkey.pem is saved',
'string', 'string',
':configDir/live/:hostname/privkey.pem' ':configDir/live/:hostname/privkey.pem'
], ],
'config-dir': [ 'config-dir': [
false, false,
' Configuration directory.', ' Configuration directory.',
'string', 'string',
'~/letsencrypt/etc/' '~/letsencrypt/etc/'
], ],
store: [ store: [
false, false,
' The name of the storage module to use', ' The name of the storage module to use',
'string', 'string',
'greenlock-store-fs' 'greenlock-store-fs'
], ],
'store-xxxx': [ 'store-xxxx': [
false, false,
' An option for the chosen storage module, such as --store-apikey or --store-bucket', ' An option for the chosen storage module, such as --store-apikey or --store-bucket',
'bag' 'bag'
], ],
'store-json': [ 'store-json': [
false, false,
' A JSON string containing all option for the chosen store module (instead of --store-xxxx)', ' A JSON string containing all option for the chosen store module (instead of --store-xxxx)',
'json', 'json',
'{}' '{}'
], ],
challenge: [ challenge: [
false, false,
' The name of the HTTP-01, DNS-01, or TLS-ALPN-01 challenge module to use', ' The name of the HTTP-01, DNS-01, or TLS-ALPN-01 challenge module to use',
'string', 'string',
'@greenlock/acme-http-01-fs' '@greenlock/acme-http-01-fs'
], ],
'challenge-xxxx': [ 'challenge-xxxx': [
false, false,
' An option for the chosen challenge module, such as --challenge-apikey or --challenge-bucket', ' An option for the chosen challenge module, such as --challenge-apikey or --challenge-bucket',
'bag' 'bag'
], ],
'challenge-json': [ 'challenge-json': [
false, false,
' A JSON string containing all option for the chosen challenge module (instead of --challenge-xxxx)', ' A JSON string containing all option for the chosen challenge module (instead of --challenge-xxxx)',
'json', 'json',
'{}' '{}'
], ],
'skip-dry-run': [ 'skip-dry-run': [
false, false,
' Use with caution (and test with the staging url first). Creates an Order on the ACME server without a self-test.', ' Use with caution (and test with the staging url first). Creates an Order on the ACME server without a self-test.',
'boolean' 'boolean'
], ],
'skip-challenge-tests': [ 'skip-challenge-tests': [
false, false,
' Use with caution (and with the staging url first). Presents challenges to the ACME server without first testing locally.', ' Use with caution (and with the staging url first). Presents challenges to the ACME server without first testing locally.',
'boolean' 'boolean'
], ],
'http-01-port': [ 'http-01-port': [
false, false,
' Required to be 80 for live servers. Do not use. For special test environments only.', ' Required to be 80 for live servers. Do not use. For special test environments only.',
'int' 'int'
], ],
'dns-01': [false, ' Use DNS-01 challange type', 'boolean', false], 'dns-01': [false, ' Use DNS-01 challange type', 'boolean', false],
standalone: [ standalone: [
false, false,
' Obtain certs using a "standalone" webserver.', ' Obtain certs using a "standalone" webserver.',
'boolean', 'boolean',
false false
], ],
manual: [ manual: [
false, false,
' Print the token and key to the screen and wait for you to hit enter, giving you time to copy it somewhere before continuing (uses acme-http-01-cli or acme-dns-01-cli)', ' Print the token and key to the screen and wait for you to hit enter, giving you time to copy it somewhere before continuing (uses acme-http-01-cli or acme-dns-01-cli)',
'boolean', 'boolean',
false false
], ],
debug: [false, ' show traces and logs', 'boolean', false], debug: [false, ' show traces and logs', 'boolean', false],
root: [ root: [
false, false,
' public_html / webroot path (may use the :hostname template such as /srv/www/:hostname)', ' public_html / webroot path (may use the :hostname template such as /srv/www/:hostname)',
'string', 'string',
undefined, undefined,
'webroot-path' 'webroot-path'
], ],
// //
// backwards compat // backwards compat
// //
duplicate: [ duplicate: [
false, false,
' Allow getting a certificate that duplicates an existing one/is an early renewal', ' Allow getting a certificate that duplicates an existing one/is an early renewal',
'boolean', 'boolean',
false false
], ],
'rsa-key-size': [ 'rsa-key-size': [
false, false,
' (ignored) use server-key-type or account-key-type instead', ' (ignored) use server-key-type or account-key-type instead',
'ignore', 'ignore',
2048 2048
], ],
'server-key-path': [ 'server-key-path': [
false, false,
' Path to privkey.pem to use for certificate (default: generate new)', ' Path to privkey.pem to use for certificate (default: generate new)',
'string', 'string',
undefined, undefined,
'domain-key-path' 'domain-key-path'
], ],
'server-key-type': [ 'server-key-type': [
false, false,
" One of 'RSA' (2048), 'RSA-3084', 'RSA-4096', 'ECDSA' (P-256), or 'P-384'. For best compatibility, security, and efficiency use the default (More bits != More security)", " One of 'RSA' (2048), 'RSA-3084', 'RSA-4096', 'ECDSA' (P-256), or 'P-384'. For best compatibility, security, and efficiency use the default (More bits != More security)",
'string', 'string',
'RSA' 'RSA'
], ],
'account-key-path': [ 'account-key-path': [
false, false,
' Path to privkey.pem to use for account (default: generate new)', ' Path to privkey.pem to use for account (default: generate new)',
'string' 'string'
], ],
'account-key-type': [ 'account-key-type': [
false, false,
" One of 'ECDSA' (P-256), 'P-384', 'RSA', 'RSA-3084', or 'RSA-4096'. Stick with 'ECDSA' (P-256) unless you need 'RSA' (2048) for legacy compatibility. (More bits != More security)", " One of 'ECDSA' (P-256), 'P-384', 'RSA', 'RSA-3084', or 'RSA-4096'. Stick with 'ECDSA' (P-256) unless you need 'RSA' (2048) for legacy compatibility. (More bits != More security)",
'string', 'string',
'P-256' 'P-256'
], ],
webroot: [false, ' (ignored) for certbot compatibility', 'ignore', false], webroot: [false, ' (ignored) for certbot compatibility', 'ignore', false],
//, 'standalone-supported-challenges': [ false, " Supported challenges, order preferences are randomly chosen. (default: http-01,tls-alpn-01)", 'string', 'http-01'] //, 'standalone-supported-challenges': [ false, " Supported challenges, order preferences are randomly chosen. (default: http-01,tls-alpn-01)", 'string', 'http-01']
'work-dir': [ 'work-dir': [
false, false,
' for certbot compatibility (ignored)', ' for certbot compatibility (ignored)',
'string', 'string',
'~/letsencrypt/var/lib/' '~/letsencrypt/var/lib/'
], ],
'logs-dir': [ 'logs-dir': [
false, false,
' for certbot compatibility (ignored)', ' for certbot compatibility (ignored)',
'string', 'string',
'~/letsencrypt/var/log/' '~/letsencrypt/var/log/'
], ],
'acme-version': [ 'acme-version': [
false, false,
' (ignored) ACME is now RFC 8555 and prior drafts are no longer supported', ' (ignored) ACME is now RFC 8555 and prior drafts are no longer supported',
'ignore', 'ignore',
'rfc8555' 'rfc8555'
] ]
}); });
// ignore certonly and extraneous arguments // ignore certonly and extraneous arguments
cli.main(function(_, options) { cli.main(function(_, options) {
console.info(''); console.info('');
[ [
'configDir', 'configDir',
'privkeyPath', 'privkeyPath',
'certPath', 'certPath',
'chainPath', 'chainPath',
'fullchainPath', 'fullchainPath',
'bundlePath' 'bundlePath'
].forEach(function(k) { ].forEach(function(k) {
if (options[k]) { if (options[k]) {
options.storeOpts[k] = options[k]; options.storeOpts[k] = options[k];
} }
delete options[k]; delete options[k];
}); });
if (options.workDir) { if (options.workDir) {
options.challengeOpts.workDir = options.workDir; options.challengeOpts.workDir = options.workDir;
delete options.workDir; delete options.workDir;
} }
if (options.debug) { if (options.debug) {
console.debug(options); console.debug(options);
} }
var args = {}; var args = {};
var homedir = require('os').homedir(); var homedir = require('os').homedir();
Object.keys(options).forEach(function(key) { Object.keys(options).forEach(function(key) {
var val = options[key]; var val = options[key];
if ('string' === typeof val) { if ('string' === typeof val) {
val = val.replace(/^~/, homedir); val = val.replace(/^~/, homedir);
} }
key = key.replace(/\-([a-z0-9A-Z])/g, function(c) { key = key.replace(/\-([a-z0-9A-Z])/g, function(c) {
return c[1].toUpperCase(); return c[1].toUpperCase();
}); });
args[key] = val; args[key] = val;
}); });
Object.keys(args).forEach(function(key) { Object.keys(args).forEach(function(key) {
var val = args[key]; var val = args[key];
if ('string' === typeof val) { if ('string' === typeof val) {
val = val.replace(/(\:configDir)|(\:config)/, args.configDir); val = val.replace(/(\:configDir)|(\:config)/, args.configDir);
} }
args[key] = val; args[key] = val;
}); });
if (args.domains) { if (args.domains) {
args.domains = args.domains.split(','); args.domains = args.domains.split(',');
} }
if ( if (
!(Array.isArray(args.domains) && args.domains.length) || !(Array.isArray(args.domains) && args.domains.length) ||
!args.email || !args.email ||
!args.agreeTos || !args.agreeTos ||
(!args.server && !args.directoryUrl) (!args.server && !args.directoryUrl)
) { ) {
console.error('\nUsage:\n\ngreenlock certonly --standalone \\'); console.error('\nUsage:\n\ngreenlock certonly --standalone \\');
console.error( console.error(
'\t--agree-tos --email user@example.com --domains example.com \\' '\t--agree-tos --email user@example.com --domains example.com \\'
); );
console.error('\t--config-dir ~/acme/etc \\'); console.error('\t--config-dir ~/acme/etc \\');
console.error('\nSee greenlock --help for more details\n'); console.error('\nSee greenlock --help for more details\n');
return; return;
} }
if (args.http01Port) { if (args.http01Port) {
// [@agnat]: Coerce to string. cli returns a number although we request a string. // [@agnat]: Coerce to string. cli returns a number although we request a string.
args.http01Port = '' + args.http01Port; args.http01Port = '' + args.http01Port;
args.http01Port = args.http01Port.split(',').map(function(port) { args.http01Port = args.http01Port.split(',').map(function(port) {
return parseInt(port, 10); return parseInt(port, 10);
}); });
} }
function run() { function run() {
var challenges = {}; var challenges = {};
if (/http.?01/i.test(args.challenge)) { if (/http.?01/i.test(args.challenge)) {
challenges['http-01'] = args.challengeOpts; challenges['http-01'] = args.challengeOpts;
} }
if (/dns.?01/i.test(args.challenge)) { if (/dns.?01/i.test(args.challenge)) {
challenges['dns-01'] = args.challengeOpts; challenges['dns-01'] = args.challengeOpts;
} }
if (/alpn.?01/i.test(args.challenge)) { if (/alpn.?01/i.test(args.challenge)) {
challenges['tls-alpn-01'] = args.challengeOpts; challenges['tls-alpn-01'] = args.challengeOpts;
} }
if (!Object.keys(challenges).length) { if (!Object.keys(challenges).length) {
throw new Error( throw new Error(
"Could not determine the challenge type for '" + "Could not determine the challenge type for '" +
args.challengeOpts.module + args.challengeOpts.module +
"'. Expected a name like @you/acme-xxxx-01-foo. Please name the module with http-01, dns-01, or tls-alpn-01." "'. Expected a name like @you/acme-xxxx-01-foo. Please name the module with http-01, dns-01, or tls-alpn-01."
); );
} }
args.challengeOpts.module = args.challenge; args.challengeOpts.module = args.challenge;
args.storeOpts.module = args.store; args.storeOpts.module = args.store;
console.log('\ngot to the run step'); console.log('\ngot to the run step');
require(args.challenge); require(args.challenge);
require(args.store); require(args.store);
var greenlock = require('../').create({ var greenlock = require('../').create({
maintainerEmail: args.maintainerEmail || 'coolaj86@gmail.com', maintainerEmail: args.maintainerEmail || 'coolaj86@gmail.com',
manager: './manager.js', manager: './manager.js',
configFile: '~/.config/greenlock/certs.json', configFile: '~/.config/greenlock/certs.json',
challenges: challenges, challenges: challenges,
store: args.storeOpts, store: args.storeOpts,
renewOffset: args.renewOffset || '30d', renewOffset: args.renewOffset || '30d',
renewStagger: '1d' renewStagger: '1d'
}); });
// for long-running processes // for long-running processes
if (args.renewEvery) { if (args.renewEvery) {
setInterval(function() { setInterval(function() {
greenlock.renew({ greenlock.renew({
period: args.renewEvery period: args.renewEvery
}); });
}, args.renewEvery); }, args.renewEvery);
} }
// TODO should greenlock.add simply always include greenlock.renew? // TODO should greenlock.add simply always include greenlock.renew?
// the concern is conflating error events // the concern is conflating error events
return greenlock return greenlock
.add({ .add({
subject: args.subject, subject: args.subject,
altnames: args.altnames, altnames: args.altnames,
subscriberEmail: args.subscriberEmail || args.email subscriberEmail: args.subscriberEmail || args.email
}) })
.then(function(changes) { .then(function(changes) {
console.info(changes); console.info(changes);
// renew should always // renew should always
return greenlock return greenlock
.renew({ .renew({
subject: args.subject, subject: args.subject,
force: false force: false
}) })
.then(function() {}); .then(function() {});
}); });
} }
if ('greenlock-store-fs' !== args.store) { if ('greenlock-store-fs' !== args.store) {
run(); run();
return; return;
} }
// TODO remove mkdirp and let greenlock-store-fs do this? // TODO remove mkdirp and let greenlock-store-fs do this?
mkdirp(args.storeOpts.configDir, function(err) { mkdirp(args.storeOpts.configDir, function(err) {
if (!err) { if (!err) {
run(); run();
} }
console.error( console.error(
"Could not create --config-dir '" + args.configDir + "':", "Could not create --config-dir '" + args.configDir + "':",
err.code err.code
); );
console.error("Try setting --config-dir '/tmp'"); console.error("Try setting --config-dir '/tmp'");
return; return;
}); });
}, process.argv.slice(3)); }, process.argv.slice(3));

View File

@ -7,228 +7,228 @@ var defaultOpts;
var bags = []; var bags = [];
CLI.parse = function(conf) { CLI.parse = function(conf) {
var opts = (defaultOpts = {}); var opts = (defaultOpts = {});
defaultConf = conf; defaultConf = conf;
Object.keys(conf).forEach(function(k) { Object.keys(conf).forEach(function(k) {
var v = conf[k]; var v = conf[k];
var aliases = v[5]; var aliases = v[5];
var bag; var bag;
var bagName; var bagName;
// the name of the argument set is now the 0th argument // the name of the argument set is now the 0th argument
v.unshift(k); v.unshift(k);
// v[0] flagname // v[0] flagname
// v[1] short flagname // v[1] short flagname
// v[2] description // v[2] description
// v[3] type // v[3] type
// v[4] default value // v[4] default value
// v[5] aliases // v[5] aliases
if ('bag' === v[3]) { if ('bag' === v[3]) {
bag = v[0]; // 'bag-option-xxxx' => '--bag-option-' bag = v[0]; // 'bag-option-xxxx' => '--bag-option-'
bag = '--' + bag.replace(/xxx.*/, ''); bag = '--' + bag.replace(/xxx.*/, '');
bags.push(bag); bags.push(bag);
bagName = toBagName(bag.replace(/^--/, '')); bagName = toBagName(bag.replace(/^--/, ''));
opts[bagName] = {}; opts[bagName] = {};
} }
if ('json' === v[3]) { if ('json' === v[3]) {
bagName = toBagName(v[0].replace(/-json$/, '')); // 'bag-option-json' => 'bagOptionOpts' bagName = toBagName(v[0].replace(/-json$/, '')); // 'bag-option-json' => 'bagOptionOpts'
opts[bagName] = {}; opts[bagName] = {};
} else if ('ignore' !== v[3] && 'undefined' !== typeof v[4]) { } else if ('ignore' !== v[3] && 'undefined' !== typeof v[4]) {
// set the default values (where 'undefined' is not an allowed value) // set the default values (where 'undefined' is not an allowed value)
opts[toCamel(k)] = v[4]; opts[toCamel(k)] = v[4];
} }
if (!aliases) { if (!aliases) {
aliases = []; aliases = [];
} else if ('string' === typeof aliases) { } else if ('string' === typeof aliases) {
aliases = aliases.split(','); aliases = aliases.split(',');
} }
aliases.forEach(function(alias) { aliases.forEach(function(alias) {
if (alias in conf) { if (alias in conf) {
throw new Error( throw new Error(
"Cannot alias '" + "Cannot alias '" +
alias + alias +
"' from '" + "' from '" +
k + k +
"': option already exists" "': option already exists"
); );
} }
conf[alias] = v; conf[alias] = v;
}); });
}); });
}; };
CLI.main = function(cb, args) { CLI.main = function(cb, args) {
var leftovers = []; var leftovers = [];
var conf = defaultConf; var conf = defaultConf;
var opts = defaultOpts; var opts = defaultOpts;
if (!opts) { if (!opts) {
throw new Error("you didn't call `CLI.parse(configuration)`"); throw new Error("you didn't call `CLI.parse(configuration)`");
} }
// TODO what's the existing API for this? // TODO what's the existing API for this?
if (!args) { if (!args) {
args = process.argv.slice(2); args = process.argv.slice(2);
} }
var flag; var flag;
var cnf; var cnf;
var typ; var typ;
function grab(bag) { function grab(bag) {
var bagName = toBagName(bag); var bagName = toBagName(bag);
if (bag !== flag.slice(0, bag.length)) { if (bag !== flag.slice(0, bag.length)) {
return false; return false;
} }
console.log(bagName, toCamel(flag.slice(bag.length))); console.log(bagName, toCamel(flag.slice(bag.length)));
opts[bagName][toCamel(flag.slice(bag.length))] = args.shift(); opts[bagName][toCamel(flag.slice(bag.length))] = args.shift();
return true; return true;
} }
while (args.length) { while (args.length) {
// take one off the top // take one off the top
flag = args.shift(); flag = args.shift();
// mind the gap // mind the gap
if ('--' === flag) { if ('--' === flag) {
leftovers = leftovers.concat(args); leftovers = leftovers.concat(args);
break; break;
} }
// help! // help!
if ( if (
'--help' === flag || '--help' === flag ||
'-h' === flag || '-h' === flag ||
'/?' === flag || '/?' === flag ||
'help' === flag 'help' === flag
) { ) {
printHelp(conf); printHelp(conf);
process.exit(1); process.exit(1);
} }
// only long names are actually used // only long names are actually used
if ('--' !== flag.slice(0, 2)) { if ('--' !== flag.slice(0, 2)) {
console.error("Unrecognized argument '" + flag + "'"); console.error("Unrecognized argument '" + flag + "'");
process.exit(1); process.exit(1);
} }
cnf = conf[flag.slice(2)]; cnf = conf[flag.slice(2)];
if (!cnf) { if (!cnf) {
// look for arbitrary flags // look for arbitrary flags
if (bags.some(grab)) { if (bags.some(grab)) {
continue; continue;
} }
// other arbitrary args are not used // other arbitrary args are not used
console.error("Unrecognized flag '" + flag + "'"); console.error("Unrecognized flag '" + flag + "'");
process.exit(1); process.exit(1);
} }
// encourage switching to non-aliased version // encourage switching to non-aliased version
if (flag !== '--' + cnf[0]) { if (flag !== '--' + cnf[0]) {
console.warn( console.warn(
"use of '" + "use of '" +
flag + flag +
"' is deprecated, use '--" + "' is deprecated, use '--" +
cnf[0] + cnf[0] +
"' instead" "' instead"
); );
} }
// look for xxx-json flags // look for xxx-json flags
if ('json' === cnf[3]) { if ('json' === cnf[3]) {
try { try {
var json = JSON.parse(args.shift()); var json = JSON.parse(args.shift());
var bagName = toBagName(cnf[0].replace(/-json$/, '')); var bagName = toBagName(cnf[0].replace(/-json$/, ''));
Object.keys(json).forEach(function(k) { Object.keys(json).forEach(function(k) {
opts[bagName][k] = json[k]; opts[bagName][k] = json[k];
}); });
} catch (e) { } catch (e) {
console.error("Could not parse option '" + flag + "' as JSON:"); console.error("Could not parse option '" + flag + "' as JSON:");
console.error(e.message); console.error(e.message);
process.exit(1); process.exit(1);
} }
continue; continue;
} }
// set booleans, otherwise grab the next arg in line // set booleans, otherwise grab the next arg in line
typ = cnf[3]; typ = cnf[3];
// TODO --no-<whatever> to negate // TODO --no-<whatever> to negate
if (Boolean === typ || 'boolean' === typ) { if (Boolean === typ || 'boolean' === typ) {
opts[toCamel(cnf[0])] = true; opts[toCamel(cnf[0])] = true;
continue; continue;
} }
opts[toCamel(cnf[0])] = args.shift(); opts[toCamel(cnf[0])] = args.shift();
continue; continue;
} }
cb(leftovers, opts); cb(leftovers, opts);
}; };
function toCamel(str) { function toCamel(str) {
return str.replace(/-([a-z0-9])/g, function(m) { return str.replace(/-([a-z0-9])/g, function(m) {
return m[1].toUpperCase(); return m[1].toUpperCase();
}); });
} }
function toBagName(bag) { function toBagName(bag) {
// trim leading and trailing '-' // trim leading and trailing '-'
bag = bag.replace(/^-+/g, '').replace(/-+$/g, ''); bag = bag.replace(/^-+/g, '').replace(/-+$/g, '');
return toCamel(bag) + 'Opts'; // '--bag-option-' => bagOptionOpts return toCamel(bag) + 'Opts'; // '--bag-option-' => bagOptionOpts
} }
function printHelp(conf) { function printHelp(conf) {
var flagLen = 0; var flagLen = 0;
var typeLen = 0; var typeLen = 0;
var defLen = 0; var defLen = 0;
Object.keys(conf).forEach(function(k) { Object.keys(conf).forEach(function(k) {
flagLen = Math.max(flagLen, conf[k][0].length); flagLen = Math.max(flagLen, conf[k][0].length);
typeLen = Math.max(typeLen, conf[k][3].length); typeLen = Math.max(typeLen, conf[k][3].length);
if ('undefined' !== typeof conf[k][4]) { if ('undefined' !== typeof conf[k][4]) {
defLen = Math.max( defLen = Math.max(
defLen, defLen,
'(Default: )'.length + String(conf[k][4]).length '(Default: )'.length + String(conf[k][4]).length
); );
} }
}); });
Object.keys(conf).forEach(function(k) { Object.keys(conf).forEach(function(k) {
var v = conf[k]; var v = conf[k];
// skip aliases // skip aliases
if (v[0] !== k) { if (v[0] !== k) {
return; return;
} }
var def = v[4]; var def = v[4];
if ('undefined' === typeof def) { if ('undefined' === typeof def) {
def = ''; def = '';
} else { } else {
def = '(default: ' + JSON.stringify(def) + ')'; def = '(default: ' + JSON.stringify(def) + ')';
} }
var msg = var msg =
' --' + ' --' +
v[0].padEnd(flagLen) + v[0].padEnd(flagLen) +
' ' + ' ' +
v[3].padStart(typeLen + 1) + v[3].padStart(typeLen + 1) +
' ' + ' ' +
(v[2] || '') + (v[2] || '') +
' ' + ' ' +
def; /*.padStart(defLen)*/ def; /*.padStart(defLen)*/
// v[0] flagname // v[0] flagname
// v[1] short flagname // v[1] short flagname
// v[2] description // v[2] description
// v[3] type // v[3] type
// v[4] default value // v[4] default value
// v[5] aliases // v[5] aliases
console.info(msg); console.info(msg);
}); });
} }

View File

@ -4,6 +4,6 @@
var args = process.argv.slice(2); var args = process.argv.slice(2);
console.log(args); console.log(args);
if ('certonly' === args[0]) { if ('certonly' === args[0]) {
require('./certonly.js'); require('./certonly.js');
return; return;
} }

View File

@ -21,298 +21,298 @@ var rawPending = {};
// Certificates // Certificates
C._getOrOrder = function(gnlck, mconf, db, acme, chs, acc, args) { C._getOrOrder = function(gnlck, mconf, db, acme, chs, acc, args) {
var email = args.subscriberEmail || mconf.subscriberEmail; var email = args.subscriberEmail || mconf.subscriberEmail;
var id = args.altnames var id = args.altnames
.slice(0) .slice(0)
.sort() .sort()
.join(' '); .join(' ');
if (pending[id]) { if (pending[id]) {
return pending[id]; return pending[id];
} }
pending[id] = C._rawGetOrOrder( pending[id] = C._rawGetOrOrder(
gnlck, gnlck,
mconf, mconf,
db, db,
acme, acme,
chs, chs,
acc, acc,
email, email,
args args
) )
.then(function(pems) { .then(function(pems) {
delete pending[id]; delete pending[id];
return pems; return pems;
}) })
.catch(function(err) { .catch(function(err) {
delete pending[id]; delete pending[id];
throw err; throw err;
}); });
return pending[id]; return pending[id];
}; };
// Certificates // Certificates
C._rawGetOrOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) { C._rawGetOrOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) {
return C._check(gnlck, mconf, db, args).then(function(pems) { return C._check(gnlck, mconf, db, args).then(function(pems) {
// Nice and fresh? We're done! // Nice and fresh? We're done!
if (pems) { if (pems) {
if (!C._isStale(gnlck, mconf, args, pems)) { if (!C._isStale(gnlck, mconf, args, pems)) {
// return existing unexpired (although potentially stale) certificates when available // return existing unexpired (although potentially stale) certificates when available
// there will be an additional .renewing property if the certs are being asynchronously renewed // there will be an additional .renewing property if the certs are being asynchronously renewed
//pems._type = 'current'; //pems._type = 'current';
return pems; return pems;
} }
} }
// We're either starting fresh or freshening up... // We're either starting fresh or freshening up...
var p = C._rawOrder(gnlck, mconf, db, acme, chs, acc, email, args); var p = C._rawOrder(gnlck, mconf, db, acme, chs, acc, email, args);
var evname = pems ? 'cert_renewal' : 'cert_issue'; var evname = pems ? 'cert_renewal' : 'cert_issue';
p.then(function(newPems) { p.then(function(newPems) {
// notify in the background // notify in the background
var renewAt = C._renewWithStagger(gnlck, mconf, args, newPems); var renewAt = C._renewWithStagger(gnlck, mconf, args, newPems);
gnlck._notify(evname, { gnlck._notify(evname, {
renewAt: renewAt, renewAt: renewAt,
subject: args.subject, subject: args.subject,
altnames: args.altnames altnames: args.altnames
}); });
gnlck._notify('_cert_issue', { gnlck._notify('_cert_issue', {
renewAt: renewAt, renewAt: renewAt,
subject: args.subject, subject: args.subject,
altnames: args.altnames, altnames: args.altnames,
pems: newPems pems: newPems
}); });
}).catch(function(err) { }).catch(function(err) {
if (!err.context) { if (!err.context) {
err.context = evname; err.context = evname;
} }
err.subject = args.subject; err.subject = args.subject;
err.altnames = args.altnames; err.altnames = args.altnames;
gnlck._notify('error', err); gnlck._notify('error', err);
}); });
// No choice but to hang tight and wait for it // No choice but to hang tight and wait for it
if ( if (
!pems || !pems ||
pems.renewAt < Date.now() - 24 * 60 * 60 * 1000 || pems.renewAt < Date.now() - 24 * 60 * 60 * 1000 ||
pems.expiresAt <= Date.now() + 24 * 60 * 60 * 1000 pems.expiresAt <= Date.now() + 24 * 60 * 60 * 1000
) { ) {
return p; return p;
} }
// Wait it out // Wait it out
// TODO should we call this waitForRenewal? // TODO should we call this waitForRenewal?
if (args.waitForRenewal) { if (args.waitForRenewal) {
return p; return p;
} }
// Let the certs renew in the background // Let the certs renew in the background
return pems; return pems;
}); });
}; };
// we have another promise here because it the optional renewal // we have another promise here because it the optional renewal
// may resolve in a different stack than the returned pems // may resolve in a different stack than the returned pems
C._rawOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) { C._rawOrder = function(gnlck, mconf, db, acme, chs, acc, email, args) {
var id = args.altnames var id = args.altnames
.slice(0) .slice(0)
.sort() .sort()
.join(' '); .join(' ');
if (rawPending[id]) { if (rawPending[id]) {
return rawPending[id]; return rawPending[id];
} }
var keyType = args.serverKeyType || mconf.serverKeyType; var keyType = args.serverKeyType || mconf.serverKeyType;
var query = { var query = {
subject: args.subject, subject: args.subject,
certificate: args.certificate || {}, certificate: args.certificate || {},
directoryUrl: args.directoryUrl || gnlck._defaults.directoryUrl directoryUrl: args.directoryUrl || gnlck._defaults.directoryUrl
}; };
rawPending[id] = U._getOrCreateKeypair(db, args.subject, query, keyType) rawPending[id] = U._getOrCreateKeypair(db, args.subject, query, keyType)
.then(function(kresult) { .then(function(kresult) {
var serverKeypair = kresult.keypair; var serverKeypair = kresult.keypair;
var domains = args.altnames.slice(0); var domains = args.altnames.slice(0);
return CSR.csr({ return CSR.csr({
jwk: serverKeypair.privateKeyJwk || serverKeypair.private, jwk: serverKeypair.privateKeyJwk || serverKeypair.private,
domains: domains, domains: domains,
encoding: 'der' encoding: 'der'
}) })
.then(function(csrDer) { .then(function(csrDer) {
// TODO let CSR support 'urlBase64' ? // TODO let CSR support 'urlBase64' ?
return Enc.bufToUrlBase64(csrDer); return Enc.bufToUrlBase64(csrDer);
}) })
.then(function(csr) { .then(function(csr) {
function notify(ev, opts) { function notify(ev, opts) {
gnlck._notify(ev, opts); gnlck._notify(ev, opts);
} }
var certReq = { var certReq = {
debug: args.debug || gnlck._defaults.debug, debug: args.debug || gnlck._defaults.debug,
challenges: chs, challenges: chs,
account: acc, // only used if accounts.key.kid exists account: acc, // only used if accounts.key.kid exists
accountKey: accountKey:
acc.keypair.privateKeyJwk || acc.keypair.private, acc.keypair.privateKeyJwk || acc.keypair.private,
keypair: acc.keypair, // TODO keypair: acc.keypair, // TODO
csr: csr, csr: csr,
domains: domains, // because ACME.js v3 uses `domains` still, actually domains: domains, // because ACME.js v3 uses `domains` still, actually
onChallengeStatus: notify, onChallengeStatus: notify,
notify: notify // TODO notify: notify // TODO
// TODO handle this in acme-v2 // TODO handle this in acme-v2
//subject: args.subject, //subject: args.subject,
//altnames: args.altnames.slice(0), //altnames: args.altnames.slice(0),
}; };
return acme.certificates return acme.certificates
.create(certReq) .create(certReq)
.then(U._attachCertInfo); .then(U._attachCertInfo);
}) })
.then(function(pems) { .then(function(pems) {
if (kresult.exists) { if (kresult.exists) {
return pems; return pems;
} }
query.keypair = serverKeypair; query.keypair = serverKeypair;
return db.setKeypair(query, serverKeypair).then(function() { return db.setKeypair(query, serverKeypair).then(function() {
return pems; return pems;
}); });
}); });
}) })
.then(function(pems) { .then(function(pems) {
// TODO put this in the docs // TODO put this in the docs
// { cert, chain, privkey, subject, altnames, issuedAt, expiresAt } // { cert, chain, privkey, subject, altnames, issuedAt, expiresAt }
// Note: the query has been updated // Note: the query has been updated
query.pems = pems; query.pems = pems;
return db.set(query); return db.set(query);
}) })
.then(function() { .then(function() {
return C._check(gnlck, mconf, db, args); return C._check(gnlck, mconf, db, args);
}) })
.then(function(bundle) { .then(function(bundle) {
// TODO notify Manager // TODO notify Manager
delete rawPending[id]; delete rawPending[id];
return bundle; return bundle;
}) })
.catch(function(err) { .catch(function(err) {
// Todo notify manager // Todo notify manager
delete rawPending[id]; delete rawPending[id];
throw err; throw err;
}); });
return rawPending[id]; return rawPending[id];
}; };
// returns pems, if they exist // returns pems, if they exist
C._check = function(gnlck, mconf, db, args) { C._check = function(gnlck, mconf, db, args) {
var query = { var query = {
subject: args.subject, subject: args.subject,
// may contain certificate.id // may contain certificate.id
certificate: args.certificate, certificate: args.certificate,
directoryUrl: args.directoryUrl || gnlck._defaults.directoryUrl directoryUrl: args.directoryUrl || gnlck._defaults.directoryUrl
}; };
return db.check(query).then(function(pems) { return db.check(query).then(function(pems) {
if (!pems) { if (!pems) {
return null; return null;
} }
pems = U._attachCertInfo(pems); pems = U._attachCertInfo(pems);
// For eager management // For eager management
if (args.subject && !U._certHasDomain(pems, args.subject)) { if (args.subject && !U._certHasDomain(pems, args.subject)) {
// TODO report error, but continue the process as with no cert // TODO report error, but continue the process as with no cert
return null; return null;
} }
// For lazy SNI requests // For lazy SNI requests
if (args.domain && !U._certHasDomain(pems, args.domain)) { if (args.domain && !U._certHasDomain(pems, args.domain)) {
// TODO report error, but continue the process as with no cert // TODO report error, but continue the process as with no cert
return null; return null;
} }
return U._getKeypair(db, args.subject, query) return U._getKeypair(db, args.subject, query)
.then(function(keypair) { .then(function(keypair) {
return Keypairs.export({ return Keypairs.export({
jwk: keypair.privateKeyJwk || keypair.private, jwk: keypair.privateKeyJwk || keypair.private,
encoding: 'pem' encoding: 'pem'
}).then(function(pem) { }).then(function(pem) {
pems.privkey = pem; pems.privkey = pem;
return pems; return pems;
}); });
}) })
.catch(function() { .catch(function() {
// TODO report error, but continue the process as with no cert // TODO report error, but continue the process as with no cert
return null; return null;
}); });
}); });
}; };
// Certificates // Certificates
C._isStale = function(gnlck, mconf, args, pems) { C._isStale = function(gnlck, mconf, args, pems) {
if (args.duplicate) { if (args.duplicate) {
return true; return true;
} }
var renewAt = C._renewableAt(gnlck, mconf, args, pems); var renewAt = C._renewableAt(gnlck, mconf, args, pems);
if (Date.now() >= renewAt) { if (Date.now() >= renewAt) {
return true; return true;
} }
return false; return false;
}; };
C._renewWithStagger = function(gnlck, mconf, args, pems) { C._renewWithStagger = function(gnlck, mconf, args, pems) {
var renewOffset = C._renewOffset(gnlck, mconf, args, pems); var renewOffset = C._renewOffset(gnlck, mconf, args, pems);
var renewStagger; var renewStagger;
try { try {
renewStagger = U._parseDuration( renewStagger = U._parseDuration(
args.renewStagger || mconf.renewStagger || 0 args.renewStagger || mconf.renewStagger || 0
); );
} catch (e) { } catch (e) {
renewStagger = U._parseDuration( renewStagger = U._parseDuration(
args.renewStagger || mconf.renewStagger args.renewStagger || mconf.renewStagger
); );
} }
// TODO check this beforehand // TODO check this beforehand
if (!args.force && renewStagger / renewOffset >= 0.5) { if (!args.force && renewStagger / renewOffset >= 0.5) {
renewStagger = renewOffset * 0.1; renewStagger = renewOffset * 0.1;
} }
if (renewOffset > 0) { if (renewOffset > 0) {
// stagger forward, away from issued at // stagger forward, away from issued at
return Math.round( return Math.round(
pems.issuedAt + renewOffset + Math.random() * renewStagger pems.issuedAt + renewOffset + Math.random() * renewStagger
); );
} }
// stagger backward, toward issued at // stagger backward, toward issued at
return Math.round( return Math.round(
pems.expiresAt + renewOffset - Math.random() * renewStagger pems.expiresAt + renewOffset - Math.random() * renewStagger
); );
}; };
C._renewOffset = function(gnlck, mconf, args /*, pems*/) { C._renewOffset = function(gnlck, mconf, args /*, pems*/) {
var renewOffset = U._parseDuration( var renewOffset = U._parseDuration(
args.renewOffset || mconf.renewOffset || 0 args.renewOffset || mconf.renewOffset || 0
); );
var week = 1000 * 60 * 60 * 24 * 6; var week = 1000 * 60 * 60 * 24 * 6;
if (!args.force && Math.abs(renewOffset) < week) { if (!args.force && Math.abs(renewOffset) < week) {
throw new Error( throw new Error(
'developer error: `renewOffset` should always be at least a week, use `force` to not safety-check renewOffset' 'developer error: `renewOffset` should always be at least a week, use `force` to not safety-check renewOffset'
); );
} }
return renewOffset; return renewOffset;
}; };
C._renewableAt = function(gnlck, mconf, args, pems) { C._renewableAt = function(gnlck, mconf, args, pems) {
if (args.renewAt) { if (args.renewAt) {
return args.renewAt; return args.renewAt;
} }
var renewOffset = C._renewOffset(gnlck, mconf, args, pems); var renewOffset = C._renewOffset(gnlck, mconf, args, pems);
if (renewOffset > 0) { if (renewOffset > 0) {
return pems.issuedAt + renewOffset; return pems.issuedAt + renewOffset;
} }
return pems.expiresAt + renewOffset; return pems.expiresAt + renewOffset;
}; };

View File

@ -3,14 +3,14 @@
var E = module.exports; var E = module.exports;
function create(code, msg) { function create(code, msg) {
E[code] = function(ctx, msg2) { E[code] = function(ctx, msg2) {
var err = new Error(msg); var err = new Error(msg);
err.code = code; err.code = code;
err.context = ctx; err.context = ctx;
if (msg2) { if (msg2) {
err.message += ': ' + msg2; err.message += ': ' + msg2;
} }
/* /*
Object.keys(extras).forEach(function(k) { Object.keys(extras).forEach(function(k) {
if ('message' === k) { if ('message' === k) {
err.message += ': ' + extras[k]; err.message += ': ' + extras[k];
@ -19,39 +19,39 @@ function create(code, msg) {
} }
}); });
*/ */
return err; return err;
}; };
} }
// TODO open issues and link to them as the error url // TODO open issues and link to them as the error url
create( create(
'NO_MAINTAINER', 'NO_MAINTAINER',
'please supply `maintainerEmail` as a contact for security and critical bug notices' 'please supply `maintainerEmail` as a contact for security and critical bug notices'
); );
create( create(
'BAD_ORDER', 'BAD_ORDER',
'altnames should be in deterministic order, with subject as the first altname' 'altnames should be in deterministic order, with subject as the first altname'
); );
create('NO_SUBJECT', 'no certificate subject given'); create('NO_SUBJECT', 'no certificate subject given');
create( create(
'NO_SUBSCRIBER', 'NO_SUBSCRIBER',
'please supply `subscriberEmail` as a contact for failed renewal and certificate revocation' 'please supply `subscriberEmail` as a contact for failed renewal and certificate revocation'
); );
create( create(
'INVALID_SUBSCRIBER', 'INVALID_SUBSCRIBER',
'`subscriberEmail` is not a valid address, please check for typos' '`subscriberEmail` is not a valid address, please check for typos'
); );
create( create(
'INVALID_HOSTNAME', 'INVALID_HOSTNAME',
'valid hostnames must be restricted to a-z0-9_.- and contain at least one "."' 'valid hostnames must be restricted to a-z0-9_.- and contain at least one "."'
); );
create( create(
'INVALID_DOMAIN', 'INVALID_DOMAIN',
'one or more domains do not exist on public DNS SOA record' 'one or more domains do not exist on public DNS SOA record'
); );
create( create(
'NOT_UNIQUE', 'NOT_UNIQUE',
'found duplicate domains, or a subdomain that overlaps a wildcard' 'found duplicate domains, or a subdomain that overlaps a wildcard'
); );
// exported for testing only // exported for testing only

File diff suppressed because it is too large Load Diff

View File

@ -6,162 +6,162 @@ var E = require('./errors.js');
var warned = {}; var warned = {};
module.exports.wrap = function(greenlock, manager) { module.exports.wrap = function(greenlock, manager) {
greenlock.manager = {}; greenlock.manager = {};
greenlock.sites = {}; greenlock.sites = {};
//greenlock.accounts = {}; //greenlock.accounts = {};
//greenlock.certs = {}; //greenlock.certs = {};
var allowed = [ var allowed = [
'accountKeyType', //: ["P-256", "RSA-2048"], 'accountKeyType', //: ["P-256", "RSA-2048"],
'serverKeyType', //: ["RSA-2048", "P-256"], 'serverKeyType', //: ["RSA-2048", "P-256"],
'store', // : { module, specific opts }, 'store', // : { module, specific opts },
'challenges', // : { "http-01", "dns-01", "tls-alpn-01" }, 'challenges', // : { "http-01", "dns-01", "tls-alpn-01" },
'subscriberEmail', 'subscriberEmail',
'agreeToTerms', 'agreeToTerms',
'agreeTos', 'agreeTos',
'customerEmail', 'customerEmail',
'renewOffset', 'renewOffset',
'renewStagger', 'renewStagger',
'module', // not allowed, just ignored 'module', // not allowed, just ignored
'manager' 'manager'
]; ];
// get / set default site settings such as // get / set default site settings such as
// subscriberEmail, store, challenges, renewOffset, renewStagger // subscriberEmail, store, challenges, renewOffset, renewStagger
greenlock.manager.defaults = function(conf) { greenlock.manager.defaults = function(conf) {
return greenlock._init().then(function() { return greenlock._init().then(function() {
if (!conf) { if (!conf) {
return manager.defaults(); return manager.defaults();
} }
if (conf.sites) { if (conf.sites) {
throw new Error('cannot set sites as global config'); throw new Error('cannot set sites as global config');
} }
if (conf.routes) { if (conf.routes) {
throw new Error('cannot set routes as global config'); throw new Error('cannot set routes as global config');
} }
// disallow keys we know to be bad // disallow keys we know to be bad
[ [
'subject', 'subject',
'deletedAt', 'deletedAt',
'altnames', 'altnames',
'lastAttemptAt', 'lastAttemptAt',
'expiresAt', 'expiresAt',
'issuedAt', 'issuedAt',
'renewAt', 'renewAt',
'sites', 'sites',
'routes' 'routes'
].some(function(k) { ].some(function(k) {
if (k in conf) { if (k in conf) {
throw new Error( throw new Error(
'`' + k + '` not allowed as a default setting' '`' + k + '` not allowed as a default setting'
); );
} }
}); });
Object.keys(conf).forEach(function(k) { Object.keys(conf).forEach(function(k) {
if (!allowed.includes(k) && !warned[k]) { if (!allowed.includes(k) && !warned[k]) {
warned[k] = true; warned[k] = true;
console.warn( console.warn(
k + k +
" isn't a known key. Please open an issue and let us know the use case." " isn't a known key. Please open an issue and let us know the use case."
); );
} }
}); });
Object.keys(conf).forEach(function(k) { Object.keys(conf).forEach(function(k) {
if (-1 !== ['module', 'manager'].indexOf(k)) { if (-1 !== ['module', 'manager'].indexOf(k)) {
return; return;
} }
if ('undefined' === typeof k) { if ('undefined' === typeof k) {
throw new Error( throw new Error(
"'" + "'" +
k + k +
"' should be set to a value, or `null`, but not left `undefined`" "' should be set to a value, or `null`, but not left `undefined`"
); );
} }
}); });
return manager.defaults(conf); return manager.defaults(conf);
}); });
}; };
greenlock.add = greenlock.manager.add = function(args) { greenlock.add = greenlock.manager.add = function(args) {
if (!args || !Array.isArray(args.altnames) || !args.altnames.length) { if (!args || !Array.isArray(args.altnames) || !args.altnames.length) {
throw new Error( throw new Error(
'you must specify `altnames` when adding a new site' 'you must specify `altnames` when adding a new site'
); );
} }
if (args.renewAt) { if (args.renewAt) {
throw new Error( throw new Error(
'you cannot specify `renewAt` when adding a new site' 'you cannot specify `renewAt` when adding a new site'
); );
} }
return greenlock.manager.set(args); return greenlock.manager.set(args);
}; };
// TODO agreeToTerms should be handled somewhere... maybe? // TODO agreeToTerms should be handled somewhere... maybe?
// Add and update remains because I said I had locked the API // Add and update remains because I said I had locked the API
greenlock.manager.set = greenlock.manager.update = function(args) { greenlock.manager.set = greenlock.manager.update = function(args) {
return greenlock._init().then(function() { return greenlock._init().then(function() {
// The goal is to make this decently easy to manage by hand without mistakes // The goal is to make this decently easy to manage by hand without mistakes
// but also reasonably easy to error check and correct // but also reasonably easy to error check and correct
// and to make deterministic auto-corrections // and to make deterministic auto-corrections
args.subject = checkSubject(args); args.subject = checkSubject(args);
//var subscriberEmail = args.subscriberEmail; //var subscriberEmail = args.subscriberEmail;
// TODO shortcut the other array checks when not necessary // TODO shortcut the other array checks when not necessary
if (Array.isArray(args.altnames)) { if (Array.isArray(args.altnames)) {
args.altnames = checkAltnames(args.subject, args); args.altnames = checkAltnames(args.subject, args);
} }
// at this point we know that subject is the first of altnames // at this point we know that subject is the first of altnames
return Promise.all( return Promise.all(
(args.altnames || []).map(function(d) { (args.altnames || []).map(function(d) {
d = d.replace('*.', ''); d = d.replace('*.', '');
return U._validDomain(d); return U._validDomain(d);
}) })
).then(function() { ).then(function() {
if (!U._uniqueNames(args.altnames || [])) { if (!U._uniqueNames(args.altnames || [])) {
throw E.NOT_UNIQUE( throw E.NOT_UNIQUE(
'add', 'add',
"'" + args.altnames.join("' '") + "'" "'" + args.altnames.join("' '") + "'"
); );
} }
// durations // durations
if (args.renewOffset) { if (args.renewOffset) {
args.renewOffset = U._parseDuration(args.renewOffset); args.renewOffset = U._parseDuration(args.renewOffset);
} }
if (args.renewStagger) { if (args.renewStagger) {
args.renewStagger = U._parseDuration(args.renewStagger); args.renewStagger = U._parseDuration(args.renewStagger);
} }
return manager.set(args).then(function(result) { return manager.set(args).then(function(result) {
greenlock.renew({}).catch(function(err) { greenlock.renew({}).catch(function(err) {
if (!err.context) { if (!err.context) {
err.contxt = 'renew'; err.contxt = 'renew';
} }
greenlock._notify('error', err); greenlock._notify('error', err);
}); });
return result; return result;
}); });
}); });
}); });
}; };
greenlock.manager.remove = function(args) { greenlock.manager.remove = function(args) {
args.subject = checkSubject(args); args.subject = checkSubject(args);
// TODO check no altnames // TODO check no altnames
return manager.remove(args); return manager.remove(args);
}; };
/* /*
{ {
subject: site.subject, subject: site.subject,
altnames: site.altnames, altnames: site.altnames,
@ -177,60 +177,60 @@ module.exports.wrap = function(greenlock, manager) {
}; };
*/ */
greenlock._find = function(args) { greenlock._find = function(args) {
var altnames = args.altnames || []; var altnames = args.altnames || [];
// servername, wildname, and altnames are all the same // servername, wildname, and altnames are all the same
['wildname', 'servername'].forEach(function(k) { ['wildname', 'servername'].forEach(function(k) {
var altname = args[k] || ''; var altname = args[k] || '';
if (altname && !altnames.includes(altname)) { if (altname && !altnames.includes(altname)) {
altnames.push(altname); altnames.push(altname);
} }
}); });
if (altnames.length) { if (altnames.length) {
args.altnames = altnames; args.altnames = altnames;
args.altnames = args.altnames.map(U._encodeName); args.altnames = args.altnames.map(U._encodeName);
args.altnames = checkAltnames(false, args); args.altnames = checkAltnames(false, args);
} }
return manager.find(args); return manager.find(args);
}; };
}; };
function checkSubject(args) { function checkSubject(args) {
if (!args || !args.subject) { if (!args || !args.subject) {
throw new Error('you must specify `subject` when configuring a site'); throw new Error('you must specify `subject` when configuring a site');
} }
/* /*
if (!args.subject) { if (!args.subject) {
throw E.NO_SUBJECT('add'); throw E.NO_SUBJECT('add');
} }
*/ */
var subject = (args.subject || '').toLowerCase(); var subject = (args.subject || '').toLowerCase();
if (subject !== args.subject) { if (subject !== args.subject) {
console.warn('`subject` must be lowercase', args.subject); console.warn('`subject` must be lowercase', args.subject);
} }
return U._encodeName(subject); return U._encodeName(subject);
} }
function checkAltnames(subject, args) { function checkAltnames(subject, args) {
// the things we have to check and get right // the things we have to check and get right
var altnames = (args.altnames || []).map(function(name) { var altnames = (args.altnames || []).map(function(name) {
return String(name || '').toLowerCase(); return String(name || '').toLowerCase();
}); });
if (subject && subject !== altnames[0]) { if (subject && subject !== altnames[0]) {
throw new Error( throw new Error(
'`subject` must be the first domain in `altnames`', '`subject` must be the first domain in `altnames`',
args.subject, args.subject,
altnames.join(' ') altnames.join(' ')
); );
} }
/* /*
if (args.subject !== args.altnames[0]) { if (args.subject !== args.altnames[0]) {
throw E.BAD_ORDER( throw E.BAD_ORDER(
'add', 'add',
@ -239,20 +239,20 @@ function checkAltnames(subject, args) {
} }
*/ */
// punycode BEFORE validation // punycode BEFORE validation
// (set, find, remove) // (set, find, remove)
args.altnames = args.altnames.map(U._encodeName); args.altnames = args.altnames.map(U._encodeName);
if ( if (
!args.altnames.every(function(d) { !args.altnames.every(function(d) {
return U._validName(d); return U._validName(d);
}) })
) { ) {
throw E.INVALID_HOSTNAME('add', "'" + args.altnames.join("' '") + "'"); throw E.INVALID_HOSTNAME('add', "'" + args.altnames.join("' '") + "'");
} }
if (altnames.join() !== args.altnames.join()) { if (altnames.join() !== args.altnames.join()) {
console.warn('all domains in `altnames` must be lowercase', altnames); console.warn('all domains in `altnames` must be lowercase', altnames);
} }
return altnames; return altnames;
} }

116
order.js
View File

@ -1,95 +1,95 @@
var accountKeypair = await Keypairs.generate({ kty: accKty }); var accountKeypair = await Keypairs.generate({ kty: accKty });
if (config.debug) { if (config.debug) {
console.info('Account Key Created'); console.info('Account Key Created');
console.info(JSON.stringify(accountKeypair, null, 2)); console.info(JSON.stringify(accountKeypair, null, 2));
console.info(); console.info();
console.info(); console.info();
} }
var account = await acme.accounts.create({ var account = await acme.accounts.create({
agreeToTerms: agree, agreeToTerms: agree,
// TODO detect jwk/pem/der? // TODO detect jwk/pem/der?
accountKeypair: { privateKeyJwk: accountKeypair.private }, accountKeypair: { privateKeyJwk: accountKeypair.private },
subscriberEmail: config.email subscriberEmail: config.email
}); });
// TODO top-level agree // TODO top-level agree
function agree(tos) { function agree(tos) {
if (config.debug) { if (config.debug) {
console.info('Agreeing to Terms of Service:'); console.info('Agreeing to Terms of Service:');
console.info(tos); console.info(tos);
console.info(); console.info();
console.info(); console.info();
} }
agreed = true; agreed = true;
return Promise.resolve(tos); return Promise.resolve(tos);
} }
if (config.debug) { if (config.debug) {
console.info('New Subscriber Account'); console.info('New Subscriber Account');
console.info(JSON.stringify(account, null, 2)); console.info(JSON.stringify(account, null, 2));
console.info(); console.info();
console.info(); console.info();
} }
if (!agreed) { if (!agreed) {
throw new Error('Failed to ask the user to agree to terms'); throw new Error('Failed to ask the user to agree to terms');
} }
var certKeypair = await Keypairs.generate({ kty: srvKty }); var certKeypair = await Keypairs.generate({ kty: srvKty });
var pem = await Keypairs.export({ var pem = await Keypairs.export({
jwk: certKeypair.private, jwk: certKeypair.private,
encoding: 'pem' encoding: 'pem'
}); });
if (config.debug) { if (config.debug) {
console.info('Server Key Created'); console.info('Server Key Created');
console.info('privkey.jwk.json'); console.info('privkey.jwk.json');
console.info(JSON.stringify(certKeypair, null, 2)); console.info(JSON.stringify(certKeypair, null, 2));
// This should be saved as `privkey.pem` // This should be saved as `privkey.pem`
console.info(); console.info();
console.info('privkey.' + srvKty.toLowerCase() + '.pem:'); console.info('privkey.' + srvKty.toLowerCase() + '.pem:');
console.info(pem); console.info(pem);
console.info(); console.info();
} }
// 'subject' should be first in list // 'subject' should be first in list
var domains = randomDomains(rnd); var domains = randomDomains(rnd);
if (config.debug) { if (config.debug) {
console.info('Get certificates for random domains:'); console.info('Get certificates for random domains:');
console.info( console.info(
domains domains
.map(function(puny) { .map(function(puny) {
var uni = punycode.toUnicode(puny); var uni = punycode.toUnicode(puny);
if (puny !== uni) { if (puny !== uni) {
return puny + ' (' + uni + ')'; return puny + ' (' + uni + ')';
} }
return puny; return puny;
}) })
.join('\n') .join('\n')
); );
console.info(); console.info();
} }
// Create CSR // Create CSR
var csrDer = await CSR.csr({ var csrDer = await CSR.csr({
jwk: certKeypair.private, jwk: certKeypair.private,
domains: domains, domains: domains,
encoding: 'der' encoding: 'der'
}); });
var csr = Enc.bufToUrlBase64(csrDer); var csr = Enc.bufToUrlBase64(csrDer);
var csrPem = PEM.packBlock({ var csrPem = PEM.packBlock({
type: 'CERTIFICATE REQUEST', type: 'CERTIFICATE REQUEST',
bytes: csrDer /* { jwk: jwk, domains: opts.domains } */ bytes: csrDer /* { jwk: jwk, domains: opts.domains } */
}); });
if (config.debug) { if (config.debug) {
console.info('Certificate Signing Request'); console.info('Certificate Signing Request');
console.info(csrPem); console.info(csrPem);
console.info(); console.info();
} }
var results = await acme.certificates.create({ var results = await acme.certificates.create({
account: account, account: account,
accountKeypair: { privateKeyJwk: accountKeypair.private }, accountKeypair: { privateKeyJwk: accountKeypair.private },
csr: csr, csr: csr,
domains: domains, domains: domains,
challenges: challenges, // must be implemented challenges: challenges, // must be implemented
customerEmail: null customerEmail: null
}); });

View File

@ -1,53 +1,53 @@
{ {
"name": "@root/greenlock", "name": "@root/greenlock",
"version": "3.0.17", "version": "3.0.17",
"description": "The easiest Let's Encrypt client for Node.js and Browsers", "description": "The easiest Let's Encrypt client for Node.js and Browsers",
"homepage": "https://rootprojects.org/greenlock/", "homepage": "https://rootprojects.org/greenlock/",
"main": "greenlock.js", "main": "greenlock.js",
"browser": {}, "browser": {},
"files": [ "files": [
"*.js", "*.js",
"lib", "lib",
"bin", "bin",
"dist" "dist"
], ],
"scripts": { "scripts": {
"build": "nodex bin/bundle.js", "build": "nodex bin/bundle.js",
"lint": "jshint lib bin", "lint": "jshint lib bin",
"test": "node server.js", "test": "node server.js",
"start": "node server.js" "start": "node server.js"
}, },
"repository": { "repository": {
"type": "git", "type": "git",
"url": "https://git.rootprojects.org/root/greenlock.js.git" "url": "https://git.rootprojects.org/root/greenlock.js.git"
}, },
"keywords": [ "keywords": [
"Let's Encrypt", "Let's Encrypt",
"ACME", "ACME",
"browser", "browser",
"EC", "EC",
"RSA", "RSA",
"CSR", "CSR",
"greenlock", "greenlock",
"VanillaJS", "VanillaJS",
"ZeroSSL" "ZeroSSL"
], ],
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "MPL-2.0", "license": "MPL-2.0",
"dependencies": { "dependencies": {
"@root/acme": "^3.0.8", "@root/acme": "^3.0.8",
"@root/csr": "^0.8.1", "@root/csr": "^0.8.1",
"@root/keypairs": "^0.9.0", "@root/keypairs": "^0.9.0",
"@root/mkdirp": "^1.0.0", "@root/mkdirp": "^1.0.0",
"@root/request": "^1.3.10", "@root/request": "^1.3.10",
"acme-http-01-standalone": "^3.0.5", "acme-http-01-standalone": "^3.0.5",
"cert-info": "^1.5.1", "cert-info": "^1.5.1",
"greenlock-manager-fs": "^3.0.1", "greenlock-manager-fs": "^3.0.1",
"greenlock-store-fs": "^3.2.0", "greenlock-store-fs": "^3.2.0",
"safe-replace": "^1.1.0" "safe-replace": "^1.1.0"
}, },
"devDependencies": { "devDependencies": {
"dotenv": "^8.2.0", "dotenv": "^8.2.0",
"punycode": "^1.4.1" "punycode": "^1.4.1"
} }
} }

View File

@ -10,192 +10,192 @@ var promisify = require('util').promisify;
P.PKG_DIR = __dirname; P.PKG_DIR = __dirname;
P._loadStore = function(storeConf) { P._loadStore = function(storeConf) {
return P._loadHelper(storeConf.module).then(function(plugin) { return P._loadHelper(storeConf.module).then(function(plugin) {
return P._normalizeStore(storeConf.module, plugin.create(storeConf)); return P._normalizeStore(storeConf.module, plugin.create(storeConf));
}); });
}; };
P._loadChallenge = function(chConfs, typ01) { P._loadChallenge = function(chConfs, typ01) {
return P._loadHelper(chConfs[typ01].module).then(function(plugin) { return P._loadHelper(chConfs[typ01].module).then(function(plugin) {
var ch = P._normalizeChallenge( var ch = P._normalizeChallenge(
chConfs[typ01].module, chConfs[typ01].module,
plugin.create(chConfs[typ01]) plugin.create(chConfs[typ01])
); );
ch._type = typ01; ch._type = typ01;
return ch; return ch;
}); });
}; };
P._loadHelper = function(modname) { P._loadHelper = function(modname) {
try { try {
return Promise.resolve(require(modname)); return Promise.resolve(require(modname));
} catch (e) { } catch (e) {
console.error("Could not load '%s'", modname); console.error("Could not load '%s'", modname);
console.error('Did you install it?'); console.error('Did you install it?');
console.error('\tnpm install --save %s', modname); console.error('\tnpm install --save %s', modname);
throw e; throw e;
// Fun experiment, bad idea // Fun experiment, bad idea
/* /*
return P._install(modname).then(function() { return P._install(modname).then(function() {
return require(modname); return require(modname);
}); });
*/ */
} }
}; };
P._normalizeStore = function(name, store) { P._normalizeStore = function(name, store) {
var acc = store.accounts; var acc = store.accounts;
var crt = store.certificates; var crt = store.certificates;
var warned = false; var warned = false;
function warn() { function warn() {
if (warned) { if (warned) {
return; return;
} }
warned = true; warned = true;
console.warn( console.warn(
"'" + "'" +
name + name +
"' may have incorrect function signatures, or contains deprecated use of callbacks" "' may have incorrect function signatures, or contains deprecated use of callbacks"
); );
} }
// accs // accs
if (acc.check && 2 === acc.check.length) { if (acc.check && 2 === acc.check.length) {
warn(); warn();
acc._thunk_check = acc.check; acc._thunk_check = acc.check;
acc.check = promisify(acc._thunk_check); acc.check = promisify(acc._thunk_check);
} }
if (acc.set && 3 === acc.set.length) { if (acc.set && 3 === acc.set.length) {
warn(); warn();
acc._thunk_set = acc.set; acc._thunk_set = acc.set;
acc.set = promisify(acc._thunk_set); acc.set = promisify(acc._thunk_set);
} }
if (2 === acc.checkKeypair.length) { if (2 === acc.checkKeypair.length) {
warn(); warn();
acc._thunk_checkKeypair = acc.checkKeypair; acc._thunk_checkKeypair = acc.checkKeypair;
acc.checkKeypair = promisify(acc._thunk_checkKeypair); acc.checkKeypair = promisify(acc._thunk_checkKeypair);
} }
if (3 === acc.setKeypair.length) { if (3 === acc.setKeypair.length) {
warn(); warn();
acc._thunk_setKeypair = acc.setKeypair; acc._thunk_setKeypair = acc.setKeypair;
acc.setKeypair = promisify(acc._thunk_setKeypair); acc.setKeypair = promisify(acc._thunk_setKeypair);
} }
// certs // certs
if (2 === crt.check.length) { if (2 === crt.check.length) {
warn(); warn();
crt._thunk_check = crt.check; crt._thunk_check = crt.check;
crt.check = promisify(crt._thunk_check); crt.check = promisify(crt._thunk_check);
} }
if (3 === crt.set.length) { if (3 === crt.set.length) {
warn(); warn();
crt._thunk_set = crt.set; crt._thunk_set = crt.set;
crt.set = promisify(crt._thunk_set); crt.set = promisify(crt._thunk_set);
} }
if (2 === crt.checkKeypair.length) { if (2 === crt.checkKeypair.length) {
warn(); warn();
crt._thunk_checkKeypair = crt.checkKeypair; crt._thunk_checkKeypair = crt.checkKeypair;
crt.checkKeypair = promisify(crt._thunk_checkKeypair); crt.checkKeypair = promisify(crt._thunk_checkKeypair);
} }
if (2 === crt.setKeypair.length) { if (2 === crt.setKeypair.length) {
warn(); warn();
crt._thunk_setKeypair = crt.setKeypair; crt._thunk_setKeypair = crt.setKeypair;
crt.setKeypair = promisify(crt._thunk_setKeypair); crt.setKeypair = promisify(crt._thunk_setKeypair);
} }
return store; return store;
}; };
P._normalizeChallenge = function(name, ch) { P._normalizeChallenge = function(name, ch) {
var gch = {}; var gch = {};
var warned = false; var warned = false;
function warn() { function warn() {
if (warned) { if (warned) {
return; return;
} }
warned = true; warned = true;
console.warn( console.warn(
"'" + "'" +
name + name +
"' may have incorrect function signatures, or contains deprecated use of callbacks" "' may have incorrect function signatures, or contains deprecated use of callbacks"
); );
} }
var warned2 = false; var warned2 = false;
function warn2() { function warn2() {
if (warned2) { if (warned2) {
return; return;
} }
warned2 = true; warned2 = true;
console.warn( console.warn(
"'" + "'" +
name + name +
"' did not return a Promise when called. This should be fixed by the maintainer." "' did not return a Promise when called. This should be fixed by the maintainer."
); );
} }
function wrappy(fn) { function wrappy(fn) {
return function(_params) { return function(_params) {
return Promise.resolve().then(function() { return Promise.resolve().then(function() {
var result = fn.call(ch, _params); var result = fn.call(ch, _params);
if (!result || !result.then) { if (!result || !result.then) {
warn2(); warn2();
} }
return result; return result;
}); });
}; };
} }
// init, zones, set, get, remove // init, zones, set, get, remove
if (ch.init) { if (ch.init) {
if (2 === ch.init.length) { if (2 === ch.init.length) {
warn(); warn();
ch._thunk_init = ch.init; ch._thunk_init = ch.init;
ch.init = promisify(ch._thunk_init); ch.init = promisify(ch._thunk_init);
} }
gch.init = wrappy(ch.init); gch.init = wrappy(ch.init);
} }
if (ch.zones) { if (ch.zones) {
if (2 === ch.zones.length) { if (2 === ch.zones.length) {
warn(); warn();
ch._thunk_zones = ch.zones; ch._thunk_zones = ch.zones;
ch.zones = promisify(ch._thunk_zones); ch.zones = promisify(ch._thunk_zones);
} }
gch.zones = wrappy(ch.zones); gch.zones = wrappy(ch.zones);
} }
if (2 === ch.set.length) { if (2 === ch.set.length) {
warn(); warn();
ch._thunk_set = ch.set; ch._thunk_set = ch.set;
ch.set = promisify(ch._thunk_set); ch.set = promisify(ch._thunk_set);
} }
gch.set = wrappy(ch.set); gch.set = wrappy(ch.set);
if (2 === ch.remove.length) { if (2 === ch.remove.length) {
warn(); warn();
ch._thunk_remove = ch.remove; ch._thunk_remove = ch.remove;
ch.remove = promisify(ch._thunk_remove); ch.remove = promisify(ch._thunk_remove);
} }
gch.remove = wrappy(ch.remove); gch.remove = wrappy(ch.remove);
if (ch.get) { if (ch.get) {
if (2 === ch.get.length) { if (2 === ch.get.length) {
warn(); warn();
ch._thunk_get = ch.get; ch._thunk_get = ch.get;
ch.get = promisify(ch._thunk_get); ch.get = promisify(ch._thunk_get);
} }
gch.get = wrappy(ch.get); gch.get = wrappy(ch.get);
} }
return gch; return gch;
}; };
P._loadSync = function(modname) { P._loadSync = function(modname) {
try { try {
return require(modname); return require(modname);
} catch (e) { } catch (e) {
console.error("Could not load '%s'", modname); console.error("Could not load '%s'", modname);
console.error('Did you install it?'); console.error('Did you install it?');
console.error('\tnpm install --save %s', modname); console.error('\tnpm install --save %s', modname);
throw e; throw e;
} }
/* /*
try { try {
mod = require(modname); mod = require(modname);
} catch (e) { } catch (e) {
@ -206,126 +206,126 @@ P._loadSync = function(modname) {
}; };
P._installSync = function(moduleName) { P._installSync = function(moduleName) {
var npm = 'npm'; var npm = 'npm';
var args = ['install', '--save', moduleName]; var args = ['install', '--save', moduleName];
var out = ''; var out = '';
var cmd; var cmd;
try { try {
cmd = spawnSync(npm, args, { cmd = spawnSync(npm, args, {
cwd: P.PKG_DIR, cwd: P.PKG_DIR,
windowsHide: true windowsHide: true
}); });
} catch (e) { } catch (e) {
console.error( console.error(
"Failed to start: '" + "Failed to start: '" +
npm + npm +
' ' + ' ' +
args.join(' ') + args.join(' ') +
"' in '" + "' in '" +
P.PKG_DIR + P.PKG_DIR +
"'" "'"
); );
console.error(e.message); console.error(e.message);
process.exit(1); process.exit(1);
} }
if (!cmd.status) { if (!cmd.status) {
return; return;
} }
out += cmd.stdout.toString('utf8'); out += cmd.stdout.toString('utf8');
out += cmd.stderr.toString('utf8'); out += cmd.stderr.toString('utf8');
if (out) { if (out) {
console.error(out); console.error(out);
console.error(); console.error();
console.error(); console.error();
} }
console.error( console.error(
"Failed to run: '" + "Failed to run: '" +
npm + npm +
' ' + ' ' +
args.join(' ') + args.join(' ') +
"' in '" + "' in '" +
P.PKG_DIR + P.PKG_DIR +
"'" "'"
); );
console.error( console.error(
'Try for yourself:\n\tcd ' + P.PKG_DIR + '\n\tnpm ' + args.join(' ') 'Try for yourself:\n\tcd ' + P.PKG_DIR + '\n\tnpm ' + args.join(' ')
); );
process.exit(1); process.exit(1);
}; };
P._install = function(moduleName) { P._install = function(moduleName) {
return new Promise(function(resolve) { return new Promise(function(resolve) {
if (!moduleName) { if (!moduleName) {
throw new Error('no module name given'); throw new Error('no module name given');
} }
var npm = 'npm'; var npm = 'npm';
var args = ['install', '--save', moduleName]; var args = ['install', '--save', moduleName];
var out = ''; var out = '';
var cmd = spawn(npm, args, { var cmd = spawn(npm, args, {
cwd: P.PKG_DIR, cwd: P.PKG_DIR,
windowsHide: true windowsHide: true
}); });
cmd.stdout.on('data', function(chunk) { cmd.stdout.on('data', function(chunk) {
out += chunk.toString('utf8'); out += chunk.toString('utf8');
}); });
cmd.stdout.on('data', function(chunk) { cmd.stdout.on('data', function(chunk) {
out += chunk.toString('utf8'); out += chunk.toString('utf8');
}); });
cmd.on('error', function(e) { cmd.on('error', function(e) {
console.error( console.error(
"Failed to start: '" + "Failed to start: '" +
npm + npm +
' ' + ' ' +
args.join(' ') + args.join(' ') +
"' in '" + "' in '" +
P.PKG_DIR + P.PKG_DIR +
"'" "'"
); );
console.error(e.message); console.error(e.message);
process.exit(1); process.exit(1);
}); });
cmd.on('exit', function(code) { cmd.on('exit', function(code) {
if (!code) { if (!code) {
resolve(); resolve();
return; return;
} }
if (out) { if (out) {
console.error(out); console.error(out);
console.error(); console.error();
console.error(); console.error();
} }
console.error( console.error(
"Failed to run: '" + "Failed to run: '" +
npm + npm +
' ' + ' ' +
args.join(' ') + args.join(' ') +
"' in '" + "' in '" +
P.PKG_DIR + P.PKG_DIR +
"'" "'"
); );
console.error( console.error(
'Try for yourself:\n\tcd ' + 'Try for yourself:\n\tcd ' +
P.PKG_DIR + P.PKG_DIR +
'\n\tnpm ' + '\n\tnpm ' +
args.join(' ') args.join(' ')
); );
process.exit(1); process.exit(1);
}); });
}); });
}; };
if (require.main === module) { if (require.main === module) {
P._installSync(process.argv[2]); P._installSync(process.argv[2]);
} }

View File

@ -11,44 +11,44 @@ var challenge = JSON.parse(process.env.CHALLENGE_OPTIONS);
challenge.module = process.env.CHALLENGE_PLUGIN; challenge.module = process.env.CHALLENGE_PLUGIN;
var greenlock = Greenlock.create({ var greenlock = Greenlock.create({
packageAgent: 'Greenlock_Test/v0', packageAgent: 'Greenlock_Test/v0',
maintainerEmail: email, maintainerEmail: email,
staging: true, staging: true,
manager: require('greenlock-manager-fs').create({ manager: require('greenlock-manager-fs').create({
//configFile: '~/.config/greenlock/certs.json', //configFile: '~/.config/greenlock/certs.json',
}) })
}); });
greenlock.manager greenlock.manager
.defaults({ .defaults({
agreeToTerms: true, agreeToTerms: true,
subscriberEmail: email, subscriberEmail: email,
challenges: { challenges: {
'dns-01': challenge 'dns-01': challenge
} }
//store: args.storeOpts, //store: args.storeOpts,
//renewOffset: args.renewOffset || '30d', //renewOffset: args.renewOffset || '30d',
//renewStagger: '1d' //renewStagger: '1d'
}) })
.then(function() { .then(function() {
return greenlock return greenlock
.add({ .add({
subject: subject, subject: subject,
altnames: altnames, altnames: altnames,
subscriberEmail: email subscriberEmail: email
}) })
.then(function() { .then(function() {
return greenlock return greenlock
.get({ servername: subject }) .get({ servername: subject })
.then(function(pems) { .then(function(pems) {
if (pems && pems.privkey && pems.cert && pems.chain) { if (pems && pems.privkey && pems.cert && pems.chain) {
console.info('Success'); console.info('Success');
} }
//console.log(pems); //console.log(pems);
}); });
}); });
}) })
.catch(function(e) { .catch(function(e) {
console.error('Big bad error:', e.code); console.error('Big bad error:', e.code);
console.error(e); console.error(e);
}); });

View File

@ -3,5 +3,5 @@
var UserEvents = module.exports; var UserEvents = module.exports;
UserEvents.notify = function() { UserEvents.notify = function() {
// TODO not implemented yet // TODO not implemented yet
}; };

402
utils.js
View File

@ -11,79 +11,79 @@ var Keypairs = require('@root/keypairs');
var certParser = require('cert-info'); var certParser = require('cert-info');
U._parseDuration = function(str) { U._parseDuration = function(str) {
if ('number' === typeof str) { if ('number' === typeof str) {
return str; return str;
} }
var pattern = /^(\-?\d+(\.\d+)?)([wdhms]|ms)$/; var pattern = /^(\-?\d+(\.\d+)?)([wdhms]|ms)$/;
var matches = str.match(pattern); var matches = str.match(pattern);
if (!matches || !matches[0]) { if (!matches || !matches[0]) {
throw new Error('invalid duration string: ' + str); throw new Error('invalid duration string: ' + str);
} }
var n = parseInt(matches[1], 10); var n = parseInt(matches[1], 10);
var unit = matches[3]; var unit = matches[3];
switch (unit) { switch (unit) {
case 'w': case 'w':
n *= 7; n *= 7;
/*falls through*/ /*falls through*/
case 'd': case 'd':
n *= 24; n *= 24;
/*falls through*/ /*falls through*/
case 'h': case 'h':
n *= 60; n *= 60;
/*falls through*/ /*falls through*/
case 'm': case 'm':
n *= 60; n *= 60;
/*falls through*/ /*falls through*/
case 's': case 's':
n *= 1000; n *= 1000;
/*falls through*/ /*falls through*/
case 'ms': case 'ms':
n *= 1; // for completeness n *= 1; // for completeness
} }
return n; return n;
}; };
U._encodeName = function(str) { U._encodeName = function(str) {
return punycode.toASCII(str.toLowerCase(str)); return punycode.toASCII(str.toLowerCase(str));
}; };
U._validName = function(str) { U._validName = function(str) {
// A quick check of the 38 and two ½ valid characters // A quick check of the 38 and two ½ valid characters
// 253 char max full domain, including dots // 253 char max full domain, including dots
// 63 char max each label segment // 63 char max each label segment
// Note: * is not allowed, but it's allowable here // Note: * is not allowed, but it's allowable here
// Note: _ (underscore) is only allowed for "domain names", not "hostnames" // Note: _ (underscore) is only allowed for "domain names", not "hostnames"
// Note: - (hyphen) is not allowed as a first character (but a number is) // Note: - (hyphen) is not allowed as a first character (but a number is)
return ( return (
/^(\*\.)?[a-z0-9_\.\-]+$/.test(str) && /^(\*\.)?[a-z0-9_\.\-]+$/.test(str) &&
str.length < 254 && str.length < 254 &&
str.split('.').every(function(label) { str.split('.').every(function(label) {
return label.length > 0 && label.length < 64; return label.length > 0 && label.length < 64;
}) })
); );
}; };
U._validMx = function(email) { U._validMx = function(email) {
var host = email.split('@').slice(1)[0]; var host = email.split('@').slice(1)[0];
// try twice, just because DNS hiccups sometimes // try twice, just because DNS hiccups sometimes
// Note: we don't care if the domain exists, just that it *can* exist // Note: we don't care if the domain exists, just that it *can* exist
return resolveMx(host).catch(function() { return resolveMx(host).catch(function() {
return U._timeout(1000).then(function() { return U._timeout(1000).then(function() {
return resolveMx(host); return resolveMx(host);
}); });
}); });
}; };
// should be called after _validName // should be called after _validName
U._validDomain = function(str) { U._validDomain = function(str) {
// TODO use @root/dns (currently dns-suite) // TODO use @root/dns (currently dns-suite)
// because node's dns can't read Authority records // because node's dns can't read Authority records
return Promise.resolve(str); return Promise.resolve(str);
/* /*
// try twice, just because DNS hiccups sometimes // try twice, just because DNS hiccups sometimes
// Note: we don't care if the domain exists, just that it *can* exist // Note: we don't care if the domain exists, just that it *can* exist
return resolveSoa(str).catch(function() { return resolveSoa(str).catch(function() {
@ -98,184 +98,184 @@ U._validDomain = function(str) {
// should be called after _validName // should be called after _validName
// (which enforces *. or no *) // (which enforces *. or no *)
U._uniqueNames = function(altnames) { U._uniqueNames = function(altnames) {
var dups = {}; var dups = {};
var wilds = {}; var wilds = {};
if ( if (
altnames.some(function(w) { altnames.some(function(w) {
if ('*.' !== w.slice(0, 2)) { if ('*.' !== w.slice(0, 2)) {
return; return;
} }
if (wilds[w]) { if (wilds[w]) {
return true; return true;
} }
wilds[w] = true; wilds[w] = true;
}) })
) { ) {
return false; return false;
} }
return altnames.every(function(name) { return altnames.every(function(name) {
var w; var w;
if ('*.' !== name.slice(0, 2)) { if ('*.' !== name.slice(0, 2)) {
w = w =
'*.' + '*.' +
name name
.split('.') .split('.')
.slice(1) .slice(1)
.join('.'); .join('.');
} else { } else {
return true; return true;
} }
if (!dups[name] && !dups[w]) { if (!dups[name] && !dups[w]) {
dups[name] = true; dups[name] = true;
return true; return true;
} }
}); });
}; };
U._timeout = function(d) { U._timeout = function(d) {
return new Promise(function(resolve) { return new Promise(function(resolve) {
setTimeout(resolve, d); setTimeout(resolve, d);
}); });
}; };
U._genKeypair = function(keyType) { U._genKeypair = function(keyType) {
var keyopts; var keyopts;
var len = parseInt(keyType.replace(/.*?(\d)/, '$1') || 0, 10); var len = parseInt(keyType.replace(/.*?(\d)/, '$1') || 0, 10);
if (/RSA/.test(keyType)) { if (/RSA/.test(keyType)) {
keyopts = { keyopts = {
kty: 'RSA', kty: 'RSA',
modulusLength: len || 2048 modulusLength: len || 2048
}; };
} else if (/^(EC|P\-?\d)/i.test(keyType)) { } else if (/^(EC|P\-?\d)/i.test(keyType)) {
keyopts = { keyopts = {
kty: 'EC', kty: 'EC',
namedCurve: 'P-' + (len || 256) namedCurve: 'P-' + (len || 256)
}; };
} else { } else {
// TODO put in ./errors.js // TODO put in ./errors.js
throw new Error('invalid key type: ' + keyType); throw new Error('invalid key type: ' + keyType);
} }
return Keypairs.generate(keyopts).then(function(pair) { return Keypairs.generate(keyopts).then(function(pair) {
return U._jwkToSet(pair.private); return U._jwkToSet(pair.private);
}); });
}; };
// TODO use ACME._importKeypair ?? // TODO use ACME._importKeypair ??
U._importKeypair = function(keypair) { U._importKeypair = function(keypair) {
// this should import all formats equally well: // this should import all formats equally well:
// 'object' (JWK), 'string' (private key pem), kp.privateKeyPem, kp.privateKeyJwk // 'object' (JWK), 'string' (private key pem), kp.privateKeyPem, kp.privateKeyJwk
if (keypair.private || keypair.d) { if (keypair.private || keypair.d) {
return U._jwkToSet(keypair.private || keypair); return U._jwkToSet(keypair.private || keypair);
} }
if (keypair.privateKeyJwk) { if (keypair.privateKeyJwk) {
return U._jwkToSet(keypair.privateKeyJwk); return U._jwkToSet(keypair.privateKeyJwk);
} }
if ('string' !== typeof keypair && !keypair.privateKeyPem) { if ('string' !== typeof keypair && !keypair.privateKeyPem) {
// TODO put in errors // TODO put in errors
throw new Error('missing private key'); throw new Error('missing private key');
} }
return Keypairs.import({ pem: keypair.privateKeyPem || keypair }).then( return Keypairs.import({ pem: keypair.privateKeyPem || keypair }).then(
function(priv) { function(priv) {
if (!priv.d) { if (!priv.d) {
throw new Error('missing private key'); throw new Error('missing private key');
} }
return U._jwkToSet(priv); return U._jwkToSet(priv);
} }
); );
}; };
U._jwkToSet = function(jwk) { U._jwkToSet = function(jwk) {
var keypair = { var keypair = {
privateKeyJwk: jwk privateKeyJwk: jwk
}; };
return Promise.all([ return Promise.all([
Keypairs.export({ Keypairs.export({
jwk: jwk, jwk: jwk,
encoding: 'pem' encoding: 'pem'
}).then(function(pem) { }).then(function(pem) {
keypair.privateKeyPem = pem; keypair.privateKeyPem = pem;
}), }),
Keypairs.export({ Keypairs.export({
jwk: jwk, jwk: jwk,
encoding: 'pem', encoding: 'pem',
public: true public: true
}).then(function(pem) { }).then(function(pem) {
keypair.publicKeyPem = pem; keypair.publicKeyPem = pem;
}), }),
Keypairs.publish({ Keypairs.publish({
jwk: jwk jwk: jwk
}).then(function(pub) { }).then(function(pub) {
keypair.publicKeyJwk = pub; keypair.publicKeyJwk = pub;
}) })
]).then(function() { ]).then(function() {
return keypair; return keypair;
}); });
}; };
U._attachCertInfo = function(results) { U._attachCertInfo = function(results) {
var certInfo = certParser.info(results.cert); var certInfo = certParser.info(results.cert);
// subject, altnames, issuedAt, expiresAt // subject, altnames, issuedAt, expiresAt
Object.keys(certInfo).forEach(function(key) { Object.keys(certInfo).forEach(function(key) {
results[key] = certInfo[key]; results[key] = certInfo[key];
}); });
return results; return results;
}; };
U._certHasDomain = function(certInfo, _domain) { U._certHasDomain = function(certInfo, _domain) {
var names = (certInfo.altnames || []).slice(0); var names = (certInfo.altnames || []).slice(0);
return names.some(function(name) { return names.some(function(name) {
var domain = _domain.toLowerCase(); var domain = _domain.toLowerCase();
name = name.toLowerCase(); name = name.toLowerCase();
if ('*.' === name.substr(0, 2)) { if ('*.' === name.substr(0, 2)) {
name = name.substr(2); name = name.substr(2);
domain = domain domain = domain
.split('.') .split('.')
.slice(1) .slice(1)
.join('.'); .join('.');
} }
return name === domain; return name === domain;
}); });
}; };
// a bit heavy to be labeled 'utils'... perhaps 'common' would be better? // a bit heavy to be labeled 'utils'... perhaps 'common' would be better?
U._getOrCreateKeypair = function(db, subject, query, keyType, mustExist) { U._getOrCreateKeypair = function(db, subject, query, keyType, mustExist) {
var exists = false; var exists = false;
return db return db
.checkKeypair(query) .checkKeypair(query)
.then(function(kp) { .then(function(kp) {
if (kp) { if (kp) {
exists = true; exists = true;
return U._importKeypair(kp); return U._importKeypair(kp);
} }
if (mustExist) { if (mustExist) {
// TODO put in errors // TODO put in errors
throw new Error( throw new Error(
'required keypair not found: ' + 'required keypair not found: ' +
(subject || '') + (subject || '') +
' ' + ' ' +
JSON.stringify(query) JSON.stringify(query)
); );
} }
return U._genKeypair(keyType); return U._genKeypair(keyType);
}) })
.then(function(keypair) { .then(function(keypair) {
return { exists: exists, keypair: keypair }; return { exists: exists, keypair: keypair };
}); });
}; };
U._getKeypair = function(db, subject, query) { U._getKeypair = function(db, subject, query) {
return U._getOrCreateKeypair(db, subject, query, '', true).then(function( return U._getOrCreateKeypair(db, subject, query, '', true).then(function(
result result
) { ) {
return result.keypair; return result.keypair;
}); });
}; };