coolaj86
/
le-acme-core.js
1
0
Fork 0
Code Issues Pull Requests Releases Activity

minor bugfixes and lots of whitespace adjustment

This commit is contained in:
AJ ONeal 2016-08-03 22:10:26 -04:00
parent b5b516a131
commit e7a36123ca
2 changed files with 48 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/acme-client.js
View File

@ -8,13 +8,17 @@
module.exports.create = function (deps) { module.exports.create = function (deps) {
var NOOP=function () {}; var NOOP=function () {
};
var log=NOOP; var log=NOOP;
var request=require('request'); var request=require('request');
var RSA = deps.RSA; var RSA = deps.RSA;
var generateSignature = RSA.signJws; var generateSignature = RSA.signJws;
function Acme(keypair) { function Acme(keypair) {
if (!keypair) {
throw new Error("no keypair given. that's bad");
}
if ('string' === typeof keypair) { if ('string' === typeof keypair) {
// backwards compat // backwards compat
keypair = RSA.import({ privateKeyPem: keypair }); keypair = RSA.import({ privateKeyPem: keypair });
@ -59,14 +63,16 @@ module.exports.create = function (deps) {
log('Using nonce: '+this.nonces[0]); log('Using nonce: '+this.nonces[0]);
payload=JSON.stringify(body, null, 2); payload=JSON.stringify(body, null, 2);
jws=generateSignature( jws=generateSignature(
this.keypair, new Buffer(payload), this.nonces.shift() self.keypair, new Buffer(payload), this.nonces.shift()
); );
signed=JSON.stringify(jws, null, 2); signed=JSON.stringify(jws, null, 2);
log('Posting to '+url); log('Posting to '+url);
log(signed.green); log(signed);
log('Payload:'+payload.blue); log('Payload:'+payload);
//process.exit(1);
//return;
return request.post({ return request.post({
url:url, url:url,
body:signed, body:signed,
@ -80,22 +86,22 @@ module.exports.create = function (deps) {
return cb(err); return cb(err);
} }
if (res) { if (res) {
log(('HTTP/1.1 '+res.statusCode).yellow); log(('HTTP/1.1 '+res.statusCode));
} }
Object.keys(res.headers).forEach(function(key) { Object.keys(res.headers).forEach(function(key) {
var value, upcased; var value, upcased;
value=res.headers[key]; value=res.headers[key];
upcased=key.charAt(0).toUpperCase()+key.slice(1); upcased=key.charAt(0).toUpperCase()+key.slice(1);
log((upcased+': '+value).yellow); log((upcased+': '+value));
}); });
if (body && !body.toString().match(/[^\x00-\x7F]/)) { if (body && !body.toString().match(/[^\x00-\x7F]/)) {
try { try {
parsed=JSON.parse(body); parsed=JSON.parse(body);
log(JSON.stringify(parsed, null, 2).cyan); log(JSON.stringify(parsed, null, 2));
} catch(err) { } catch(err) {
log(body.toString().cyan); log(body.toString());
} }
} }

58
lib/get-certificate.js
View File

@ -79,13 +79,13 @@ module.exports.create = function (deps) {
} }
function getChallenges(domain) { function getChallenges(domain) {
state.domain=domain; state.domain = domain;
state.acme.post(state.newAuthzUrl, { state.acme.post(state.newAuthzUrl, {
resource:'new-authz', resource: 'new-authz',
identifier:{ identifier: {
type:'dns', type: 'dns',
value:state.domain, value: state.domain,
} }
}, function (err, res, body) { }, function (err, res, body) {
if (!err && res.body) { if (!err && res.body) {
@ -101,6 +101,12 @@ module.exports.create = function (deps) {
} }
function getReadyToValidate(err, res, body) { function getReadyToValidate(err, res, body) {
var links;
var authz;
var httpChallenges;
var challenge;
var thumbprint;
var keyAuthorization;
function challengeDone(err) { function challengeDone(err) {
if (err) { if (err) {
@ -115,8 +121,8 @@ module.exports.create = function (deps) {
} }
state.acme.post(state.responseUrl, { state.acme.post(state.responseUrl, {
resource:'challenge', resource: 'challenge',
keyAuthorization:keyAuthorization keyAuthorization: keyAuthorization
}, function(err, res, body) { }, function(err, res, body) {
if (!err && res.body) { if (!err && res.body) {
try { try {
@ -134,8 +140,6 @@ module.exports.create = function (deps) {
}); });
} }
var links, authz, httpChallenges, challenge, thumbprint, keyAuthorization;
if (err) { if (err) {
return handleErr(err); return handleErr(err);
} }
@ -144,30 +148,30 @@ module.exports.create = function (deps) {
return handleErr(null, 'Authorization request failed ('+res.statusCode+')'); return handleErr(null, 'Authorization request failed ('+res.statusCode+')');
} }
links=Acme.parseLink(res.headers.link); links = Acme.parseLink(res.headers.link);
if (!links || !('next' in links)) { if (!links || !('next' in links)) {
return handleErr(err, 'Server didn\'t provide information to proceed (2)'); return handleErr(err, 'Server didn\'t provide information to proceed (2)');
} }
state.authorizationUrl=res.headers.location; state.authorizationUrl = res.headers.location;
state.newCertUrl=links.next; state.newCertUrl = links.next;
authz=body; authz = body;
httpChallenges=authz.challenges.filter(function(x) { httpChallenges = authz.challenges.filter(function(x) {
return x.type==='http-01'; return x.type === options.challengeType;
}); });
if (httpChallenges.length===0) { if (httpChallenges.length === 0) {
return handleErr(null, 'Server didn\'t offer any challenge we can handle.'); return handleErr(null, 'Server didn\'t offer any challenge we can handle.');
} }
challenge=httpChallenges[0]; challenge = httpChallenges[0];
thumbprint=RSA.thumbprint(state.accountKeypair); thumbprint = RSA.thumbprint(state.accountKeypair);
keyAuthorization=challenge.token+'.'+thumbprint; keyAuthorization = challenge.token + '.' + thumbprint;
state.responseUrl=challenge.uri;
state.responseUrl = challenge.uri;
options.setChallenge(state.domain, challenge.token, keyAuthorization, challengeDone); options.setChallenge(state.domain, challenge.token, keyAuthorization, challengeDone);
} }
function ensureValidation(err, res, body, unlink) { function ensureValidation(err, res, body, unlink) {
@ -224,7 +228,7 @@ module.exports.create = function (deps) {
} }
function getCertificate() { function getCertificate() {
var csr=RSA.generateCsrWeb64(RSA.exportPrivateKeyPem(state.certKeypair), state.validatedDomains); var csr=RSA.generateCsrWeb64(state.certKeypair, state.validatedDomains);
log('Requesting certificate...'); log('Requesting certificate...');
state.acme.post(state.newCertUrl, { state.acme.post(state.newCertUrl, {
resource:'new-cert', resource:'new-cert',
@ -332,7 +336,7 @@ module.exports.create = function (deps) {
return; return;
} }
privkeyPem = RSA.exportPrivateKeyPem(state.certKeypair); privkeyPem = RSA.exportPrivatePem(state.certKeypair);
cb(null, { cb(null, {
cert: certPem cert: certPem
// TODO privkey isn't necessary // TODO privkey isn't necessary
@ -358,6 +362,12 @@ module.exports.create = function (deps) {
, newCertUrl: options.newCertUrl , newCertUrl: options.newCertUrl
}; };
if (!options.challengeType) {
options.challengeType = 'http-01';
}
if (-1 === [ 'http-01', 'tls-sni-01', 'dns-01' ].indexOf(options.challengeType)) {
return handleErr(new Error("options.challengeType '" + options.challengeType + "' is not yet supported"));
}
if (!options.newAuthzUrl) { if (!options.newAuthzUrl) {
return handleErr(new Error("options.newAuthzUrl must be the authorization url")); return handleErr(new Error("options.newAuthzUrl must be the authorization url"));
} }
@ -390,9 +400,9 @@ module.exports.create = function (deps) {
state.domains = options.domains.slice(0); // copy array state.domains = options.domains.slice(0); // copy array
try { try {
state.acme = new Acme(state.accountKeypair);
state.accountKeypair = options.accountKeypair; state.accountKeypair = options.accountKeypair;
state.certKeypair = options.domainKeypair; state.certKeypair = options.domainKeypair;
state.acme = new Acme(state.accountKeypair);
} catch(err) { } catch(err) {
return handleErr(err, 'Failed to parse privateKey'); return handleErr(err, 'Failed to parse privateKey');
} }