coolaj86/greenlock.js
1
0
Fork 0
mirror of https://github.com/therootcompany/greenlock.js.git synced 2024-11-16 17:29:00 +00:00
Code Projects Releases Wiki Activity

Compare commits

base: coolaj86:496060444051581f4da09ddf858ced4471c51c62
Branches Tags
coolaj86:master
coolaj86:fix-v2-bump-deps
coolaj86:v2
coolaj86:github
coolaj86:next
coolaj86:v4
coolaj86:npm
coolaj86:v3
coolaj86:wip
coolaj86:dns-challenge-regression-fix
coolaj86:v2.4
coolaj86:v2.5
coolaj86:v2.3
coolaj86:v2.2
coolaj86:acmev2
coolaj86:v2.1
coolaj86:greenlock
coolaj86:v1
coolaj86:node-letsencrypt-python
coolaj86:v2.8.9
coolaj86:v4.0.5
coolaj86:v4.0.4
coolaj86:v4.0.3
coolaj86:v4.0.2
coolaj86:v4.0.1
coolaj86:v4.0.0
coolaj86:v3.1.5
coolaj86:v3.1.4
coolaj86:v3.1.3
coolaj86:v3.0.25
coolaj86:v3.0.24
coolaj86:v3.0.23
coolaj86:v3.0.21
coolaj86:v3.0.20
coolaj86:v3.0.19
coolaj86:v3.0.18
coolaj86:v3.0.17
coolaj86:v3.0.16
coolaj86:v3.0.15
coolaj86:v3.0.12
coolaj86:v3.0.11
coolaj86:v3.0.10
coolaj86:v3.0.9
coolaj86:v3.0.7
coolaj86:v3.0.6
coolaj86:v3.0.5
coolaj86:v3.0.4
coolaj86:v3.0.3
coolaj86:v3.0.2
coolaj86:v3.0.1
coolaj86:v2.8.8
coolaj86:v2.8.7
coolaj86:v2.8.6
coolaj86:v2.8.5
coolaj86:v2.8.4
coolaj86:v2.8.3
coolaj86:v2.8.2
coolaj86:v2.8.1
coolaj86:v2.8.0
coolaj86:v2.7.23
coolaj86:v2.7.22
coolaj86:v2.7.21
coolaj86:v2.7.20
coolaj86:v2.7.19
coolaj86:v2.7.18
coolaj86:v2.7.17
coolaj86:v2.7.16
coolaj86:v2.7.15
coolaj86:v2.7.14
coolaj86:v2.7.13
coolaj86:v2.7.12
coolaj86:v2.7.11
coolaj86:v2.7.10
coolaj86:v2.7.9
coolaj86:v2.7.8
coolaj86:v2.7.7
coolaj86:v2.7.6
coolaj86:v2.7.5
coolaj86:v2.7.4
coolaj86:v2.7.3
coolaj86:v2.7.2
coolaj86:v2.7.1
coolaj86:v2.7.0
coolaj86:v2.6.10
coolaj86:v2.6.9
coolaj86:v2.6.8
coolaj86:v2.6.7
coolaj86:v2.6.6
coolaj86:v2.6.5
coolaj86:v2.6.4
coolaj86:v2.6.3
coolaj86:v2.6.2
coolaj86:v2.6.1
coolaj86:v2.6.0
coolaj86:v2.5.0
coolaj86:v2.4.10
coolaj86:v2.4.9
coolaj86:v2.4.8
coolaj86:v2.4.7
coolaj86:v2.4.2
coolaj86:v2.4.1
coolaj86:v2.4.0
coolaj86:v2.3.13
coolaj86:v2.3.12
coolaj86:v2.3.11
coolaj86:v2.3.10
coolaj86:v2.3.9
coolaj86:v2.3.8
coolaj86:v2.3.7
coolaj86:v2.3.6
coolaj86:v2.3.5
coolaj86:v2.3.4
coolaj86:v2.3.3
coolaj86:v2.3.2
coolaj86:v2.3.1
coolaj86:v2.3.0
coolaj86:v2.2.20
coolaj86:v2.2.19
coolaj86:v2.2.17
coolaj86:v2.2.18
coolaj86:v2.2.16
coolaj86:v2.2.15
coolaj86:v2.2.14
coolaj86:v2.2.13
coolaj86:v2.2.12
coolaj86:v2.2.11
coolaj86:v2.2.10
coolaj86:v2.2.8
coolaj86:v2.2.7
coolaj86:v2.2.6
coolaj86:v2.2.5
coolaj86:v2.2.4
coolaj86:v2.2.3
coolaj86:v2.2.2
coolaj86:v2.2.0
coolaj86:v2.1.19
coolaj86:v2.1.18
coolaj86:v2.1.17
coolaj86:v2.1.16
coolaj86:v2.1.15
coolaj86:v2.1.14
coolaj86:v2.1.13
coolaj86:v2.1.12
coolaj86:v2.1.11
coolaj86:v2.1.10
coolaj86:v2.1.9
coolaj86:v2.1.7
coolaj86:v2.1.6
coolaj86:v2.1.5
coolaj86:v2.1.4
coolaj86:v2.1.3
coolaj86:v2.1.2
coolaj86:v2.1.1
coolaj86:v2.1.0
coolaj86:v1.5.8
coolaj86:v2.0.5
coolaj86:v2.0.4
coolaj86:v1.5.7
coolaj86:v1.5.6
coolaj86:v1.5.5
coolaj86:v2.0.3
coolaj86:v2.0.2
coolaj86:v2.0.1
coolaj86:v2.0.0
coolaj86:v1.5.4
coolaj86:v1.5.3
coolaj86:v1.5.2
coolaj86:v1.5.1
coolaj86:v1.5.0
coolaj86:v1.4.4
coolaj86:v1.4.3
coolaj86:v1.4.2
coolaj86:v1.4.1
coolaj86:v1.4.0
coolaj86:v1.3.0
coolaj86:v1.2.0
coolaj86:v1.1.0
coolaj86:v1.0.2
coolaj86:v1.0.0
coolaj86:v1.0.1
..
compare: coolaj86:ff000c40f115192407f6927590fb5229a6754680
Branches Tags
coolaj86:fix-v2-bump-deps
coolaj86:v2
coolaj86:master
coolaj86:github
coolaj86:next
coolaj86:v4
coolaj86:npm
coolaj86:v3
coolaj86:wip
coolaj86:dns-challenge-regression-fix
coolaj86:v2.4
coolaj86:v2.5
coolaj86:v2.3
coolaj86:v2.2
coolaj86:acmev2
coolaj86:v2.1
coolaj86:greenlock
coolaj86:v1
coolaj86:node-letsencrypt-python
coolaj86:v2.8.9
coolaj86:v4.0.5
coolaj86:v4.0.4
coolaj86:v4.0.3
coolaj86:v4.0.2
coolaj86:v4.0.1
coolaj86:v4.0.0
coolaj86:v3.1.5
coolaj86:v3.1.4
coolaj86:v3.1.3
coolaj86:v3.0.25
coolaj86:v3.0.24
coolaj86:v3.0.23
coolaj86:v3.0.21
coolaj86:v3.0.20
coolaj86:v3.0.19
coolaj86:v3.0.18
coolaj86:v3.0.17
coolaj86:v3.0.16
coolaj86:v3.0.15
coolaj86:v3.0.12
coolaj86:v3.0.11
coolaj86:v3.0.10
coolaj86:v3.0.9
coolaj86:v3.0.7
coolaj86:v3.0.6
coolaj86:v3.0.5
coolaj86:v3.0.4
coolaj86:v3.0.3
coolaj86:v3.0.2
coolaj86:v3.0.1
coolaj86:v2.8.8
coolaj86:v2.8.7
coolaj86:v2.8.6
coolaj86:v2.8.5
coolaj86:v2.8.4
coolaj86:v2.8.3
coolaj86:v2.8.2
coolaj86:v2.8.1
coolaj86:v2.8.0
coolaj86:v2.7.23
coolaj86:v2.7.22
coolaj86:v2.7.21
coolaj86:v2.7.20
coolaj86:v2.7.19
coolaj86:v2.7.18
coolaj86:v2.7.17
coolaj86:v2.7.16
coolaj86:v2.7.15
coolaj86:v2.7.14
coolaj86:v2.7.13
coolaj86:v2.7.12
coolaj86:v2.7.11
coolaj86:v2.7.10
coolaj86:v2.7.9
coolaj86:v2.7.8
coolaj86:v2.7.7
coolaj86:v2.7.6
coolaj86:v2.7.5
coolaj86:v2.7.4
coolaj86:v2.7.3
coolaj86:v2.7.2
coolaj86:v2.7.1
coolaj86:v2.7.0
coolaj86:v2.6.10
coolaj86:v2.6.9
coolaj86:v2.6.8
coolaj86:v2.6.7
coolaj86:v2.6.6
coolaj86:v2.6.5
coolaj86:v2.6.4
coolaj86:v2.6.3
coolaj86:v2.6.2
coolaj86:v2.6.1
coolaj86:v2.6.0
coolaj86:v2.5.0
coolaj86:v2.4.10
coolaj86:v2.4.9
coolaj86:v2.4.8
coolaj86:v2.4.7
coolaj86:v2.4.2
coolaj86:v2.4.1
coolaj86:v2.4.0
coolaj86:v2.3.13
coolaj86:v2.3.12
coolaj86:v2.3.11
coolaj86:v2.3.10
coolaj86:v2.3.9
coolaj86:v2.3.8
coolaj86:v2.3.7
coolaj86:v2.3.6
coolaj86:v2.3.5
coolaj86:v2.3.4
coolaj86:v2.3.3
coolaj86:v2.3.2
coolaj86:v2.3.1
coolaj86:v2.3.0
coolaj86:v2.2.20
coolaj86:v2.2.19
coolaj86:v2.2.17
coolaj86:v2.2.18
coolaj86:v2.2.16
coolaj86:v2.2.15
coolaj86:v2.2.14
coolaj86:v2.2.13
coolaj86:v2.2.12
coolaj86:v2.2.11
coolaj86:v2.2.10
coolaj86:v2.2.8
coolaj86:v2.2.7
coolaj86:v2.2.6
coolaj86:v2.2.5
coolaj86:v2.2.4
coolaj86:v2.2.3
coolaj86:v2.2.2
coolaj86:v2.2.0
coolaj86:v2.1.19
coolaj86:v2.1.18
coolaj86:v2.1.17
coolaj86:v2.1.16
coolaj86:v2.1.15
coolaj86:v2.1.14
coolaj86:v2.1.13
coolaj86:v2.1.12
coolaj86:v2.1.11
coolaj86:v2.1.10
coolaj86:v2.1.9
coolaj86:v2.1.7
coolaj86:v2.1.6
coolaj86:v2.1.5
coolaj86:v2.1.4
coolaj86:v2.1.3
coolaj86:v2.1.2
coolaj86:v2.1.1
coolaj86:v2.1.0
coolaj86:v1.5.8
coolaj86:v2.0.5
coolaj86:v2.0.4
coolaj86:v1.5.7
coolaj86:v1.5.6
coolaj86:v1.5.5
coolaj86:v2.0.3
coolaj86:v2.0.2
coolaj86:v2.0.1
coolaj86:v2.0.0
coolaj86:v1.5.4
coolaj86:v1.5.3
coolaj86:v1.5.2
coolaj86:v1.5.1
coolaj86:v1.5.0
coolaj86:v1.4.4
coolaj86:v1.4.3
coolaj86:v1.4.2
coolaj86:v1.4.1
coolaj86:v1.4.0
coolaj86:v1.3.0
coolaj86:v1.2.0
coolaj86:v1.1.0
coolaj86:v1.0.2
coolaj86:v1.0.0
coolaj86:v1.0.1

No commits in common. "496060444051581f4da09ddf858ced4471c51c62" and "ff000c40f115192407f6927590fb5229a6754680" have entirely different histories.
4960604440 ... ff000c40f1

6 changed files with 178 additions and 199 deletions
Show Stats Expand all files Collapse all files

20
index.js
View File

@ -14,7 +14,7 @@ var util = require('util');
function promisifyAllSelf(obj) { function promisifyAllSelf(obj) {
if (obj.__promisified) { return obj; } if (obj.__promisified) { return obj; }
Object.keys(obj).forEach(function (key) { Object.keys(obj).forEach(function (key) {
if ('function' === typeof obj[key] && !/Async$/.test(key)) { if ('function' === typeof obj[key]) {
obj[key + 'Async'] = util.promisify(obj[key]); obj[key + 'Async'] = util.promisify(obj[key]);
} }
}); });
@ -271,19 +271,13 @@ Greenlock.create = function (gl) {
} }
}); });
try { if (gl.store.create) {
if (gl.store.create) { gl.store = gl.store.create(gl); } gl.store = gl.store.create(gl);
gl.store = promisifyAllSelf(gl.store);
gl.store.accounts = promisifyAllSelf(gl.store.accounts);
gl.store.certificates = promisifyAllSelf(gl.store.certificates);
gl._storeOpts = gl.store.options || gl.store.getOptions();
} catch(e) {
console.error(e);
console.error("\nPROBABLE CAUSE:\n"
+ "\tYour le-store module should have a create function and return { options, accounts, certificates }\n");
process.exit(18);
return;
} }
gl.store = promisifyAllSelf(gl.store);
gl.store.accounts = promisifyAllSelf(gl.store.accounts);
gl.store.certificates = promisifyAllSelf(gl.store.certificates);
gl._storeOpts = gl.store.getOptions();
Object.keys(gl._storeOpts).forEach(function (key) { Object.keys(gl._storeOpts).forEach(function (key) {
if (!(key in gl)) { if (!(key in gl)) {
gl[key] = gl._storeOpts[key]; gl[key] = gl._storeOpts[key];

123
lib/core.js
View File

@ -45,7 +45,6 @@ module.exports.create = function (gl) {
return PromiseA.resolve(gl._ipc.acmeUrls); return PromiseA.resolve(gl._ipc.acmeUrls);
} }
// TODO acme-v2/nocompat
return gl.acme.getAcmeUrlsAsync(args.server).then(function (data) { return gl.acme.getAcmeUrlsAsync(args.server).then(function (data) {
gl._ipc.acmeUrlsUpdatedAt = Date.now(); gl._ipc.acmeUrlsUpdatedAt = Date.now();
gl._ipc.acmeUrls = data; gl._ipc.acmeUrls = data;
@ -69,8 +68,6 @@ module.exports.create = function (gl) {
var copy = utils.merge(args, gl); var copy = utils.merge(args, gl);
var disagreeTos; var disagreeTos;
args = utils.tplCopy(copy); args = utils.tplCopy(copy);
if (!args.account) { args.account = {}; }
if ('object' === typeof args.account && !args.account.id) { args.account.id = args.accountId || args.email || ''; }
disagreeTos = (!args.agreeTos && 'undefined' !== typeof args.agreeTos); disagreeTos = (!args.agreeTos && 'undefined' !== typeof args.agreeTos);
if (!args.email || disagreeTos || (parseInt(args.rsaKeySize, 10) < 2048)) { if (!args.email || disagreeTos || (parseInt(args.rsaKeySize, 10) < 2048)) {
@ -83,45 +80,30 @@ module.exports.create = function (gl) {
} }
return utils.testEmail(args.email).then(function () { return utils.testEmail(args.email).then(function () {
if (args.account && args.account.privkey && (args.account.privkey.jwk || args.account.privkey.pem)) {
// TODO import jwk or pem and return it here
console.warn("TODO: implement accounts.checkKeypairAsync skipping");
}
var newKeypair = true;
var accountKeypair;
var promise = gl.store.accounts.checkKeypairAsync(args).then(function (keypair) { var promise = gl.store.accounts.checkKeypairAsync(args).then(function (keypair) {
if (keypair) { if (keypair) {
// TODO keypairs return RSA.import(keypair);
newKeypair = false;
accountKeypair = RSA.import(keypair);
return;
} }
if (args.accountKeypair) { if (args.accountKeypair) {
// TODO keypairs return gl.store.accounts.setKeypairAsync(args, RSA.import(args.accountKeypair));
accountKeypair = RSA.import(args.accountKeypair);
return;
} }
var keypairOpts = { bitlen: args.rsaKeySize, exp: 65537, public: true, pem: true }; var keypairOpts = { bitlen: args.rsaKeySize, exp: 65537, public: true, pem: true };
// TODO keypairs return RSA.generateKeypairAsync(keypairOpts).then(function (keypair) {
return (args.generateKeypair||RSA.generateKeypairAsync)(keypairOpts).then(function (keypair) {
keypair.privateKeyPem = RSA.exportPrivatePem(keypair); keypair.privateKeyPem = RSA.exportPrivatePem(keypair);
keypair.publicKeyPem = RSA.exportPublicPem(keypair); keypair.publicKeyPem = RSA.exportPublicPem(keypair);
keypair.privateKeyJwk = RSA.exportPrivateJwk(keypair); keypair.privateKeyJwk = RSA.exportPrivateJwk(keypair);
accountKeypair = keypair; return gl.store.accounts.setKeypairAsync(args, keypair);
}); });
}).then(function () { });
return accountKeypair;
});
return promise.then(function (keypair) { return promise.then(function (keypair) {
// Note: the ACME urls are always fetched fresh on purpose // Note: the ACME urls are always fetched fresh on purpose
// TODO acme-v2/nocompat // TODO is this the right place for this?
return core.getAcmeUrlsAsync(args).then(function (urls) { return core.getAcmeUrlsAsync(args).then(function (urls) {
args._acmeUrls = urls; args._acmeUrls = urls;
// TODO acme-v2/nocompat
return gl.acme.registerNewAccountAsync({ return gl.acme.registerNewAccountAsync({
email: args.email email: args.email
, newRegUrl: args._acmeUrls.newReg , newRegUrl: args._acmeUrls.newReg
@ -149,18 +131,13 @@ module.exports.create = function (gl) {
, newAuthzUrl: args._acmeUrls.newAuthz , newAuthzUrl: args._acmeUrls.newAuthz
}; };
return gl.store.accounts.setKeypairAsync(args, keypair).then(function () {
// TODO move templating of arguments to right here? // TODO move templating of arguments to right here?
if (!gl.store.accounts.setAsync) { return PromiseA.resolve({ keypair: keypair }); } return gl.store.accounts.setAsync(args, reg).then(function (account) {
return gl.store.accounts.setAsync(args, reg).then(function (account) { // should now have account.id and account.accountId
if (account && 'object' !== typeof account) { args.account = account;
throw new Error("store.accounts.setAsync should either return 'null' or an object with at least a string 'id'"); args.accountId = account.id;
} return account;
if (!account) { account = {}; } });
account.keypair = keypair;
return account;
});
});
}); });
}); });
}); });
@ -168,20 +145,13 @@ module.exports.create = function (gl) {
} }
// Accounts // Accounts
// (only used for keypair)
, getAsync: function (args) { , getAsync: function (args) {
return core.accounts.checkAsync(args).then(function (account) { return core.accounts.checkAsync(args).then(function (account) {
if (!account) { return core.accounts.registerAsync(args); } if (account) {
if (account.keypair) { return account; } return account;
} else {
if (!args.account) { args.account = {}; }
if ('object' === typeof args.account && !args.account.id) { args.account.id = args.accountId || args.email || ''; }
var copy = utils.merge(args, gl);
args = utils.tplCopy(copy);
return gl.store.accounts.checkKeypairAsync(args).then(function (keypair) {
if (keypair) { return { keypair: keypair }; }
return core.accounts.registerAsync(args); return core.accounts.registerAsync(args);
}); }
}); });
} }
@ -196,12 +166,7 @@ module.exports.create = function (gl) {
var copy = utils.merge(args, gl); var copy = utils.merge(args, gl);
args = utils.tplCopy(copy); args = utils.tplCopy(copy);
if (!args.account) { args.account = {}; }
if ('object' === typeof args.account && !args.account.id) { args.account.id = args.accountId || args.email || ''; }
// we can re-register the same account until we're blue in the face and it's all the same
// of course, we can also skip the lookup if we do store the account, but whatever
if (!gl.store.accounts.checkAsync) { return null; }
return gl.store.accounts.checkAsync(args).then(function (account) { return gl.store.accounts.checkAsync(args).then(function (account) {
if (!account) { if (!account) {
@ -278,35 +243,22 @@ module.exports.create = function (gl) {
return core.accounts.getAsync(args).then(function (account) { return core.accounts.getAsync(args).then(function (account) {
args.account = account; args.account = account;
if (args.certificate && args.certificate.privkey && (args.certificate.privkey.jwk || args.certificate.privkey.pem)) {
// TODO import jwk or pem and return it here
console.warn("TODO: implement certificates.checkKeypairAsync skipping");
}
var domainKeypair;
// This has been done in the getAsync already, so we skip it here
// if approveDomains doesn't set subject, we set it here
//args.subject = args.subject || args.domains[0];
var promise = gl.store.certificates.checkKeypairAsync(args).then(function (keypair) { var promise = gl.store.certificates.checkKeypairAsync(args).then(function (keypair) {
if (keypair) { if (keypair) {
domainKeypair = RSA.import(keypair); return RSA.import(keypair);
return;
} }
if (args.domainKeypair) { if (args.domainKeypair) {
domainKeypair = RSA.import(args.domainKeypair); return gl.store.certificates.setKeypairAsync(args, RSA.import(args.domainKeypair));
return;
} }
var keypairOpts = { bitlen: args.rsaKeySize, exp: 65537, public: true, pem: true }; var keypairOpts = { bitlen: args.rsaKeySize, exp: 65537, public: true, pem: true };
return (args.generateKeypair||RSA.generateKeypairAsync)(keypairOpts).then(function (keypair) { return RSA.generateKeypairAsync(keypairOpts).then(function (keypair) {
keypair.privateKeyPem = RSA.exportPrivatePem(keypair); keypair.privateKeyPem = RSA.exportPrivatePem(keypair);
keypair.publicKeyPem = RSA.exportPublicPem(keypair); keypair.publicKeyPem = RSA.exportPublicPem(keypair);
keypair.privateKeyJwk = RSA.exportPrivateJwk(keypair); keypair.privateKeyJwk = RSA.exportPrivateJwk(keypair);
domainKeypair = keypair; return gl.store.certificates.setKeypairAsync(args, keypair);
}); });
}).then(function () {
return domainKeypair;
}); });
return promise.then(function (domainKeypair) { return promise.then(function (domainKeypair) {
@ -360,25 +312,17 @@ module.exports.create = function (gl) {
log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.domains); log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.domains);
// TODO acme-v2/nocompat
return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo); return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo);
}); });
}).then(function (results) { }).then(function (results) {
//var requested = {};
//var issued = {};
// { cert, chain, privkey /*TODO, subject, altnames, issuedAt, expiresAt */ } // { cert, chain, privkey /*TODO, subject, altnames, issuedAt, expiresAt */ }
// args.certs.privkey = RSA.exportPrivatePem(options.domainKeypair); // args.certs.privkey = RSA.exportPrivatePem(options.domainKeypair);
args.certs = results; args.certs = results;
// args.pems is deprecated // args.pems is deprecated
args.pems = results; args.pems = results;
// This has been done in the getAsync already, so we skip it here return gl.store.certificates.setAsync(args).then(function () {
// if approveDomains doesn't set subject, we set it here return results;
//args.subject = args.subject || args.domains[0];
return gl.store.certificates.setKeypairAsync(args, domainKeypair).then(function () {
return gl.store.certificates.setAsync(args).then(function () {
return results;
});
}); });
}); });
}); });
@ -433,19 +377,13 @@ module.exports.create = function (gl) {
} }
, checkAsync: function (args) { , checkAsync: function (args) {
var copy = utils.merge(args, gl); var copy = utils.merge(args, gl);
// if approveDomains doesn't set subject, we set it here utils.tplCopy(copy);
copy.subject = copy.subject || copy.domains[0];
args = utils.tplCopy(copy);
// returns pems // returns pems
return gl.store.certificates.checkAsync(args).then(function (cert) { return gl.store.certificates.checkAsync(copy).then(function (cert) {
if (cert) { if (cert) {
cert = utils.attachCertInfo(cert); log(args.debug, 'checkAsync found existing certificates');
if (utils.certHasDomain(cert, args.domain)) { return utils.attachCertInfo(cert);
log(args.debug, 'checkAsync found existing certificates');
return cert;
}
log(args.debug, 'checkAsync found mismatched / incomplete certificates');
} }
log(args.debug, 'checkAsync failed to find certificates'); log(args.debug, 'checkAsync failed to find certificates');
@ -455,17 +393,10 @@ module.exports.create = function (gl) {
// Certificates // Certificates
, getAsync: function (args) { , getAsync: function (args) {
var copy = utils.merge(args, gl); var copy = utils.merge(args, gl);
// if approveDomains doesn't set subject, we set it here
copy.subject = copy.subject || copy.domains[0];
args = utils.tplCopy(copy); args = utils.tplCopy(copy);
if (args.certificate && args.certificate.privkey && args.certificate.cert && args.certificate.chain) {
// TODO skip fetching a certificate if it's fetched during approveDomains
console.warn("TODO: implement certificates.checkAsync skipping");
}
return core.certificates.checkAsync(args).then(function (certs) { return core.certificates.checkAsync(args).then(function (certs) {
if (certs) { certs = utils.attachCertInfo(certs); } if (!certs) {
if (!certs || !utils.certHasDomain(certs, args.domain)) {
// There is no cert available // There is no cert available
if (false !== args.securityUpdates && !args._communityMemberAdded) { if (false !== args.securityUpdates && !args._communityMemberAdded) {
try { try {

24
lib/utils-test.js
View File

@ -1,24 +0,0 @@
'use strict';
var utils = require('./utils.js')
var cert = { subject: 'example.com', altnames: ['*.bar.com','foo.net'] };
if (utils.certHasDomain(cert, 'bad.com')) {
throw new Error("allowed bad domain");
}
if (!utils.certHasDomain(cert, 'example.com')) {
throw new Error("missed subject");
}
if (utils.certHasDomain(cert, 'bar.com')) {
throw new Error("allowed bad (missing) sub");
}
if (!utils.certHasDomain(cert, 'foo.bar.com')) {
throw new Error("didn't allow valid wildcarded-domain");
}
if (utils.certHasDomain(cert, 'dub.foo.bar.com')) {
throw new Error("allowed sub-sub domain");
}
if (!utils.certHasDomain(cert, 'foo.net')) {
throw new Error("missed altname");
}
console.info("PASSED");

20
lib/utils.js
View File

@ -9,7 +9,9 @@ var promisify = (require('util').promisify || require('bluebird').promisify);
var dnsResolveMxAsync = promisify(require('dns').resolveMx); var dnsResolveMxAsync = promisify(require('dns').resolveMx);
module.exports.attachCertInfo = function (results) { module.exports.attachCertInfo = function (results) {
var certInfo = require('cert-info').info(results.cert); // XXX Note: Parsing the certificate info comes at a great cost (~500kb)
var getCertInfo = require('cert-info').info;
var certInfo = getCertInfo(results.cert);
// subject, altnames, issuedAt, expiresAt // subject, altnames, issuedAt, expiresAt
Object.keys(certInfo).forEach(function (key) { Object.keys(certInfo).forEach(function (key) {
@ -19,20 +21,6 @@ module.exports.attachCertInfo = function (results) {
return results; return results;
}; };
module.exports.certHasDomain = function (certInfo, _domain) {
var names = (certInfo.altnames || []).slice(0);
names.push(certInfo.subject);
return names.some(function (name) {
var domain = _domain.toLowerCase();
name = name.toLowerCase();
if ('*.' === name.substr(0, 2)) {
name = name.substr(2);
domain = domain.split('.').slice(1).join('.');
}
return name === domain;
});
};
module.exports.isValidDomain = function (domain) { module.exports.isValidDomain = function (domain) {
if (re.test(domain)) { if (re.test(domain)) {
return domain; return domain;
@ -70,7 +58,7 @@ module.exports.tplCopy = function (copy) {
var tplKeys; var tplKeys;
copy.hostnameGet = function (copy) { copy.hostnameGet = function (copy) {
return copy.subject || (copy.domains || [])[0] || copy.domain; return (copy.domains || [])[0] || copy.domain;
}; };
Object.keys(copy).forEach(function (key) { Object.keys(copy).forEach(function (key) {

178
package-lock.json generated
View File

@ -1,6 +1,6 @@
{ {
"name": "greenlock", "name": "greenlock",
"version": "2.6.9", "version": "2.6.8",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {
@ -10,39 +10,71 @@
"integrity": "sha512-9rBXLFSb5D19opGeXdD/WuiFJsA4Pk2r8VUGEAeUZUxB1a2zB47K85BKAx3Gy9i4nZwg22ejlJA+q9DVrpQlbA==" "integrity": "sha512-9rBXLFSb5D19opGeXdD/WuiFJsA4Pk2r8VUGEAeUZUxB1a2zB47K85BKAx3Gy9i4nZwg22ejlJA+q9DVrpQlbA=="
}, },
"acme": { "acme": {
"version": "1.3.0", "version": "1.2.0",
"resolved": "https://registry.npmjs.org/acme/-/acme-1.3.0.tgz", "resolved": "https://registry.npmjs.org/acme/-/acme-1.2.0.tgz",
"integrity": "sha512-Ny8aXnGdtlEVBZLpzNyVp7gff/3zFYrbfbiY93lx5jdrG4BrraA6P8RkRFP7NbFwh1rBgQkdHEsMxTp3f2r8dA==", "integrity": "sha512-lG9Wq0Ol2OLpVrusq5OQ+KCT06rXaGjbHcDhKtNO6Hr3J3swISaCYi0slwLpEA9DGV+QhDkAnZ6qsXAo86SM5Q==",
"requires": { "requires": {
"acme-v2": "^1.6.0" "acme-v2": "^1.3.1"
} }
}, },
"acme-v2": { "acme-v2": {
"version": "1.6.0", "version": "1.5.2",
"resolved": "https://registry.npmjs.org/acme-v2/-/acme-v2-1.6.0.tgz", "resolved": "https://registry.npmjs.org/acme-v2/-/acme-v2-1.5.2.tgz",
"integrity": "sha512-+vCD+j87eEQhdiqSVA9KT97+EGYbkVTgSqxQ37y9aM/3uExi2U+UM4EQEAIRSV/DWZ6oqeRPe+dha8h+PtNdwQ==", "integrity": "sha512-Ux0cFCxHeaGGeGyPGMLHBLIGF05OYaxuh4TvaVzwkVVRib/gPpioa50CGj2pnQimH/MRkg0VtWCEdfE45MV/0g==",
"requires": { "requires": {
"@coolaj86/urequest": "^1.3.6", "@coolaj86/urequest": "^1.3.6",
"rsa-compat": "^2.0.6" "rsa-compat": "^1.9.2"
},
"dependencies": {
"rsa-compat": {
"version": "1.9.2",
"resolved": "https://registry.npmjs.org/rsa-compat/-/rsa-compat-1.9.2.tgz",
"integrity": "sha512-XY4I/74W+QENMd99zVsyHQcxYxWTXd0EihVXsI4oeb1bz7DYxEKasQrjyzYPnR1tZT7fTPu5HP/vTKfs9lzdGA==",
"requires": {
"node-forge": "^0.7.6",
"ursa-optional": "^0.9.10"
}
}
} }
}, },
"any-promise": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
"integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8="
},
"bindings": {
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",
"integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==",
"optional": true,
"requires": {
"file-uri-to-path": "1.0.0"
}
},
"bluebird": {
"version": "3.5.1",
"resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.1.tgz",
"integrity": "sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA=="
},
"cert-info": { "cert-info": {
"version": "1.5.1", "version": "1.5.1",
"resolved": "https://registry.npmjs.org/cert-info/-/cert-info-1.5.1.tgz", "resolved": "https://registry.npmjs.org/cert-info/-/cert-info-1.5.1.tgz",
"integrity": "sha512-eoQC/yAgW3gKTKxjzyClvi+UzuY97YCjcl+lSqbsGIy7HeGaWxCPOQFivhUYm27hgsBMhsJJFya3kGvK6PMIcQ==" "integrity": "sha512-eoQC/yAgW3gKTKxjzyClvi+UzuY97YCjcl+lSqbsGIy7HeGaWxCPOQFivhUYm27hgsBMhsJJFya3kGvK6PMIcQ=="
}, },
"eckles": { "file-uri-to-path": {
"version": "1.4.1", "version": "1.0.0",
"resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz", "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
"integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA==" "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
"optional": true
}, },
"keypairs": { "fs-symlink": {
"version": "1.2.14", "version": "1.2.1",
"resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz", "resolved": "https://registry.npmjs.org/fs-symlink/-/fs-symlink-1.2.1.tgz",
"integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==", "integrity": "sha1-G+uoPqncqBI2AOPwuaUbGGQLvEA=",
"requires": { "requires": {
"eckles": "^1.4.1", "mkdirp": "^0.5.0",
"rasha": "^1.2.4" "mkdirp-then": "1",
"mz": "^2.0.0"
} }
}, },
"le-challenge-fs": { "le-challenge-fs": {
@ -54,18 +86,22 @@
} }
}, },
"le-sni-auto": { "le-sni-auto": {
"version": "2.1.8", "version": "2.1.3",
"resolved": "https://registry.npmjs.org/le-sni-auto/-/le-sni-auto-2.1.8.tgz", "resolved": "https://registry.npmjs.org/le-sni-auto/-/le-sni-auto-2.1.3.tgz",
"integrity": "sha512-aEUP+DB5mfHi4kHY37nJdtVr+DIF5vxiXKdiZBPOLNgF7pK3iD0wJU6fiwDRtZRz2KOahX+VBxlgTN2r24nKhw==" "integrity": "sha512-ojGwizoh2o6OM2dQFzryd8YCS7wITaw5LBoSo1qi/Tzj3D54aB9M9QUqy26t2K4M78t+Ctlw0x+L5GhIJkRlVg==",
"requires": {
"bluebird": "^3.4.1"
}
}, },
"le-store-certbot": { "le-store-certbot": {
"version": "2.2.1", "version": "2.1.7",
"resolved": "https://registry.npmjs.org/le-store-certbot/-/le-store-certbot-2.2.1.tgz", "resolved": "https://registry.npmjs.org/le-store-certbot/-/le-store-certbot-2.1.7.tgz",
"integrity": "sha512-BhljZjTULhbNBAT6RBiv4TeZegFraMxURYEvh3WRUI048zmXf4ZfC8gwbdu5fnD2tTCsS9fbsCOAQyrFBl4jlA==", "integrity": "sha512-grw74qysH+MfpIEyF41vh0vxvirMBkpEEITB9Wv6QM0O/11Pwk3ZZ9C8p2tx4yXkdbLEQ+7viTgU8XmWl3t27Q==",
"requires": { "requires": {
"fs-symlink": "^1.2.1",
"mkdirp": "^0.5.1", "mkdirp": "^0.5.1",
"pyconf": "^1.1.5", "pyconf": "^1.1.2",
"safe-replace": "^1.0.3" "safe-replace": "^1.0.2"
} }
}, },
"minimist": { "minimist": {
@ -81,31 +117,85 @@
"minimist": "0.0.8" "minimist": "0.0.8"
} }
}, },
"mkdirp-then": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/mkdirp-then/-/mkdirp-then-1.2.0.tgz",
"integrity": "sha1-pJLIecpNhz9e5FAI+PVf0BUN48U=",
"requires": {
"any-promise": "^1.1.0",
"mkdirp": "^0.5.0"
}
},
"mz": {
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz",
"integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==",
"requires": {
"any-promise": "^1.0.0",
"object-assign": "^4.0.1",
"thenify-all": "^1.0.0"
}
},
"nan": {
"version": "2.12.1",
"resolved": "https://registry.npmjs.org/nan/-/nan-2.12.1.tgz",
"integrity": "sha512-JY7V6lRkStKcKTvHO5NVSQRv+RV+FIL5pvDoLiAtSL9pKlC5x9PKQcZDsq7m4FO4d57mkhC6Z+QhAh3Jdk5JFw==",
"optional": true
},
"node-forge": {
"version": "0.7.6",
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz",
"integrity": "sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==",
"optional": true
},
"object-assign": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
"integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
},
"pyconf": { "pyconf": {
"version": "1.1.6", "version": "1.1.5",
"resolved": "https://registry.npmjs.org/pyconf/-/pyconf-1.1.6.tgz", "resolved": "https://registry.npmjs.org/pyconf/-/pyconf-1.1.5.tgz",
"integrity": "sha512-4ujjwqch6nViWduSLc3/QFrDdJJAvAE7NRBarSGLANwh0tNW0MbXeJE8ZziJZvzRnUEN5scYwsS+ItYU1uj6dQ==", "integrity": "sha512-zXEg0oUJ4mY6azqVvRy6rePTIHZGhDQG3z9PVkE60uUabS9uILiIkHobU2Jzcs3tBltMBqyEATZZezRR/UFjkg==",
"requires": { "requires": {
"safe-replace": "^1.0.2" "safe-replace": "^1.0.2"
} }
}, },
"rasha": {
"version": "1.2.5",
"resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.5.tgz",
"integrity": "sha512-KxtX+/fBk+wM7O3CNgwjSh5elwFilLvqWajhr6wFr2Hd63JnKTTi43Tw+Jb1hxJQWOwoya+NZWR2xztn3hCrTw=="
},
"rsa-compat": { "rsa-compat": {
"version": "2.0.6", "version": "2.0.3",
"resolved": "https://registry.npmjs.org/rsa-compat/-/rsa-compat-2.0.6.tgz", "resolved": "https://registry.npmjs.org/rsa-compat/-/rsa-compat-2.0.3.tgz",
"integrity": "sha512-bQmpscAQec9442RaghDybrHMy1twQ3nUZOgTlqntio1yru+rMnDV64uGRzKp7dJ4VVhNv3mLh3X4MNON+YM0dA==", "integrity": "sha512-oMEiSfk8KTKleNO7OEahZtrZTcjV+fzBm8jpt2bXBgyhbgO3bJdwawm4BkJe+2LfdK8kaKqMIO8pHZ/UmybQ7w=="
"requires": {
"keypairs": "^1.2.14"
}
}, },
"safe-replace": { "safe-replace": {
"version": "1.1.0", "version": "1.0.2",
"resolved": "https://registry.npmjs.org/safe-replace/-/safe-replace-1.1.0.tgz", "resolved": "https://registry.npmjs.org/safe-replace/-/safe-replace-1.0.2.tgz",
"integrity": "sha512-9/V2E0CDsKs9DWOOwJH7jYpSl9S3N05uyevNjvsnDauBqRowBPOyot1fIvV5N2IuZAbYyvrTXrYFVG0RZInfFw==" "integrity": "sha1-sYGrQJWs32qwqPhAUXSRyoqZIro="
},
"thenify": {
"version": "3.3.0",
"resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.0.tgz",
"integrity": "sha1-5p44obq+lpsBCCB5eLn2K4hgSDk=",
"requires": {
"any-promise": "^1.0.0"
}
},
"thenify-all": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz",
"integrity": "sha1-GhkY1ALY/D+Y+/I02wvMjMEOlyY=",
"requires": {
"thenify": ">= 3.1.0 < 4"
}
},
"ursa-optional": {
"version": "0.9.10",
"resolved": "https://registry.npmjs.org/ursa-optional/-/ursa-optional-0.9.10.tgz",
"integrity": "sha512-RvEbhnxlggX4MXon7KQulTFiJQtLJZpSb9ZSa7ZTkOW0AzqiVTaLjI4vxaSzJBDH9dwZ3ltZadFiBaZslp6haA==",
"optional": true,
"requires": {
"bindings": "^1.3.0",
"nan": "^2.11.1"
}
} }
} }
} }

12
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "greenlock", "name": "greenlock",
"version": "2.6.10", "version": "2.6.8",
"description": "Let's Encrypt for node.js on npm", "description": "Let's Encrypt for node.js on npm",
"main": "index.js", "main": "index.js",
"files": [ "files": [
@ -38,13 +38,13 @@
"le-acme-core": "^2.1.3" "le-acme-core": "^2.1.3"
}, },
"dependencies": { "dependencies": {
"acme": "^1.3.0", "acme": "^1.2.0",
"acme-v2": "^1.5.0",
"cert-info": "^1.5.1", "cert-info": "^1.5.1",
"keypairs": "^1.2.14",
"le-challenge-fs": "^2.0.2", "le-challenge-fs": "^2.0.2",
"le-sni-auto": "^2.1.8", "le-sni-auto": "^2.1.3",
"le-store-certbot": "^2.2.1", "le-store-certbot": "^2.1.7",
"rsa-compat": "^2.0.6" "rsa-compat": "^2.0.3"
}, },
"engines": { "engines": {
"node": ">=4.5" "node": ">=4.5"