@root/acme
Advanced tools
Comparing version 3.0.10 to 3.1.0
@@ -10,7 +10,7 @@ 'use strict'; | ||
A._getAccountKid = function(me, options) { | ||
A._getAccountKid = function (me, options) { | ||
// It's just fine if there's no account, we'll go get the key id we need via the existing key | ||
var kid = | ||
options.kid || | ||
(options.account && (options.account.key && options.account.key.kid)); | ||
(options.account && options.account.key && options.account.key.kid); | ||
@@ -23,3 +23,3 @@ if (kid) { | ||
// This is an idempotent request. It'll return the same account for the same public key. | ||
return A._registerAccount(me, options).then(function(account) { | ||
return A._registerAccount(me, options).then(function (account) { | ||
return account.key.kid; | ||
@@ -49,3 +49,3 @@ }); | ||
*/ | ||
A._registerAccount = function(me, options) { | ||
A._registerAccount = function (me, options) { | ||
//#console.debug('[ACME.js] accounts.create'); | ||
@@ -64,3 +64,3 @@ | ||
function getAccount() { | ||
return U._importKeypair(options.accountKey).then(function(pair) { | ||
return U._importKeypair(options.accountKey).then(function (pair) { | ||
var contact; | ||
@@ -80,3 +80,3 @@ if (options.contact) { | ||
var pub = pair.public; | ||
return attachExtAcc(pub, accountRequest).then(function(accReq) { | ||
return attachExtAcc(pub, accountRequest).then(function (accReq) { | ||
var payload = JSON.stringify(accReq); | ||
@@ -88,3 +88,3 @@ return U._jwsRequest(me, { | ||
payload: Enc.strToBuf(payload) | ||
}).then(function(resp) { | ||
}).then(function (resp) { | ||
var account = resp.body; | ||
@@ -136,3 +136,3 @@ | ||
payload: Enc.strToBuf(JSON.stringify(pubkey)) | ||
}).then(function(jws) { | ||
}).then(function (jws) { | ||
accountRequest.externalAccountBinding = jws; | ||
@@ -144,7 +144,7 @@ return accountRequest; | ||
return Promise.resolve() | ||
.then(function() { | ||
.then(function () { | ||
//#console.debug('[ACME.js] agreeToTerms'); | ||
var agreeToTerms = options.agreeToTerms; | ||
if (!agreeToTerms) { | ||
agreeToTerms = function(terms) { | ||
agreeToTerms = function (terms) { | ||
if (agreers[options.subscriberEmail]) { | ||
@@ -172,3 +172,3 @@ return true; | ||
} else if (true === agreeToTerms) { | ||
agreeToTerms = function(terms) { | ||
agreeToTerms = function (terms) { | ||
return terms && true; | ||
@@ -175,0 +175,0 @@ }; |
225
acme.js
@@ -46,3 +46,3 @@ // Copyright 2018-present AJ ONeal. All rights reserved | ||
if (!me.dns01) { | ||
me.dns01 = function(ch) { | ||
me.dns01 = function (ch) { | ||
return native._dns01(me, ch); | ||
@@ -57,3 +57,3 @@ }; | ||
} | ||
me.http01 = function(ch) { | ||
me.http01 = function (ch) { | ||
return native._http01(me, ch); | ||
@@ -67,7 +67,7 @@ }; | ||
// passed to dependencies | ||
me.request = function(opts) { | ||
me.request = function (opts) { | ||
return U._request(me, opts); | ||
}; | ||
me.init = function(opts) { | ||
me.init = function (opts) { | ||
M.init(me); | ||
@@ -96,4 +96,4 @@ | ||
} | ||
return p.then(function() { | ||
return ACME._directory(me).then(function(resp) { | ||
return p.then(function () { | ||
return ACME._directory(me).then(function (resp) { | ||
return fin(resp.body); | ||
@@ -104,3 +104,3 @@ }); | ||
me.accounts = { | ||
create: function(options) { | ||
create: function (options) { | ||
try { | ||
@@ -134,4 +134,4 @@ return A._registerAccount(me, options); | ||
me.certificates = { | ||
create: function(options) { | ||
return A._getAccountKid(me, options).then(function(kid) { | ||
create: function (options) { | ||
return A._getAccountKid(me, options).then(function (kid) { | ||
ACME._normalizePresenters(me, options, options.challenges); | ||
@@ -152,5 +152,5 @@ return ACME._getCertificate(me, options, kid); | ||
ACME.challengeTests = { | ||
'http-01': function(me, auth) { | ||
'http-01': function (me, auth) { | ||
var ch = auth.challenge; | ||
return me.http01(ch).then(function(keyAuth) { | ||
return me.http01(ch).then(function (keyAuth) { | ||
var err; | ||
@@ -180,10 +180,10 @@ | ||
}, | ||
'dns-01': function(me, auth) { | ||
'dns-01': function (me, auth) { | ||
// remove leading *. on wildcard domains | ||
var ch = auth.challenge; | ||
return me.dns01(ch).then(function(ans) { | ||
return me.dns01(ch).then(function (ans) { | ||
var err; | ||
if ( | ||
ans.answer.some(function(txt) { | ||
ans.answer.some(function (txt) { | ||
return ch.dnsAuthorization === txt.data[0]; | ||
@@ -210,3 +210,3 @@ }) | ||
ACME._directory = function(me) { | ||
ACME._directory = function (me) { | ||
// TODO cache the directory URL | ||
@@ -222,9 +222,9 @@ | ||
// getCertificate | ||
ACME._getCertificate = function(me, options, kid) { | ||
ACME._getCertificate = function (me, options, kid) { | ||
//#console.debug('[ACME.js] certificates.create'); | ||
return ACME._orderCert(me, options, kid).then(function(order) { | ||
return ACME._orderCert(me, options, kid).then(function (order) { | ||
return ACME._finalizeOrder(me, options, kid, order); | ||
}); | ||
}; | ||
ACME._normalizePresenters = function(me, options, presenters) { | ||
ACME._normalizePresenters = function (me, options, presenters) { | ||
// Prefer this order for efficiency: | ||
@@ -237,3 +237,3 @@ // * http-01 is the fasest | ||
options._presenterTypes = ['http-01', 'tls-alpn-01', 'dns-01'].filter( | ||
function(typ) { | ||
function (typ) { | ||
return -1 !== presenterTypes.indexOf(typ); | ||
@@ -258,3 +258,3 @@ } | ||
} | ||
Object.keys(presenters || {}).forEach(function(k) { | ||
Object.keys(presenters || {}).forEach(function (k) { | ||
var ch = presenters[k]; | ||
@@ -295,5 +295,5 @@ var warned = false; | ||
function promisify(fn) { | ||
return function(opts) { | ||
new Promise(function(resolve, reject) { | ||
fn(opts, function(err, result) { | ||
return function (opts) { | ||
new Promise(function (resolve, reject) { | ||
fn(opts, function (err, result) { | ||
if (err) { | ||
@@ -360,3 +360,3 @@ reject(err); | ||
*/ | ||
ACME._getAuthorization = function(me, options, kid, zonenames, authUrl) { | ||
ACME._getAuthorization = function (me, options, kid, zonenames, authUrl) { | ||
//#console.debug('\n[DEBUG] getAuthorization\n'); | ||
@@ -369,3 +369,3 @@ | ||
payload: '' | ||
}).then(function(resp) { | ||
}).then(function (resp) { | ||
// Pre-emptive rather than lazy for interfaces that need to show the | ||
@@ -380,3 +380,3 @@ // challenges to the user first | ||
false | ||
).then(function(auths) { | ||
).then(function (auths) { | ||
resp.body._rawChallenges = resp.body.challenges; | ||
@@ -389,3 +389,3 @@ resp.body.challenges = auths; | ||
ACME._testChallengeOptions = function() { | ||
ACME._testChallengeOptions = function () { | ||
// we want this to be the same for the whole group | ||
@@ -416,5 +416,5 @@ var chToken = ACME._prnd(16); | ||
ACME._thumber = function(options, thumb) { | ||
ACME._thumber = function (options, thumb) { | ||
var thumbPromise; | ||
return function(key) { | ||
return function (key) { | ||
if (thumb) { | ||
@@ -429,3 +429,3 @@ return Promise.resolve(thumb); | ||
} | ||
thumbPromise = U._importKeypair(key).then(function(pair) { | ||
thumbPromise = U._importKeypair(key).then(function (pair) { | ||
return Keypairs.thumbprint({ | ||
@@ -439,5 +439,5 @@ jwk: pair.public | ||
ACME._dryRun = function(me, realOptions, zonenames) { | ||
ACME._dryRun = function (me, realOptions, zonenames) { | ||
var noopts = {}; | ||
Object.keys(realOptions).forEach(function(key) { | ||
Object.keys(realOptions).forEach(function (key) { | ||
noopts[key] = realOptions[key]; | ||
@@ -451,3 +451,3 @@ }); | ||
return Promise.all( | ||
noopts.domains.map(function(identifierValue) { | ||
noopts.domains.map(function (identifierValue) { | ||
// TODO we really only need one to pass, not all to pass | ||
@@ -457,11 +457,11 @@ var challenges = ACME._testChallengeOptions(); | ||
if (wild) { | ||
challenges = challenges.filter(function(ch) { | ||
challenges = challenges.filter(function (ch) { | ||
return ch._wildcard; | ||
}); | ||
} | ||
challenges = challenges.filter(function(auth) { | ||
challenges = challenges.filter(function (auth) { | ||
return me._canCheck[auth.type]; | ||
}); | ||
return getThumbprint().then(function(accountKeyThumb) { | ||
return getThumbprint().then(function (accountKeyThumb) { | ||
var resp = { | ||
@@ -489,3 +489,3 @@ body: { | ||
dryrun | ||
).then(function(auths) { | ||
).then(function (auths) { | ||
resp.body.challenges = auths; | ||
@@ -496,6 +496,6 @@ return resp.body; | ||
}) | ||
).then(function(claims) { | ||
).then(function (claims) { | ||
var selected = []; | ||
noopts.order._claims = claims.slice(0); | ||
noopts.notify = function(ev, params) { | ||
noopts.notify = function (ev, params) { | ||
if ('_challenge_select' === ev) { | ||
@@ -507,3 +507,3 @@ selected.push(params.challenge); | ||
function clear() { | ||
selected.forEach(function(ch) { | ||
selected.forEach(function (ch) { | ||
ACME._notify(me, noopts, 'challenge_remove', { | ||
@@ -517,3 +517,3 @@ altname: ch.altname, | ||
.remove({ challenge: ch }) | ||
.catch(function(err) { | ||
.catch(function (err) { | ||
err.action = 'challenge_remove'; | ||
@@ -528,3 +528,3 @@ err.altname = ch.altname; | ||
return ACME._setChallenges(me, noopts, noopts.order) | ||
.catch(function(err) { | ||
.catch(function (err) { | ||
clear(); | ||
@@ -540,8 +540,8 @@ throw err; | ||
// Select the first matching offered challenge type | ||
ACME._chooseChallenge = function(options, results) { | ||
ACME._chooseChallenge = function (options, results) { | ||
// For each of the challenge types that we support | ||
var challenge; | ||
options._presenterTypes.some(function(chType) { | ||
options._presenterTypes.some(function (chType) { | ||
// And for each of the challenge types that are allowed | ||
return results.challenges.some(function(ch) { | ||
return results.challenges.some(function (ch) { | ||
// Check to see if there are any matches | ||
@@ -558,3 +558,3 @@ if (ch.type === chType) { | ||
ACME._getZones = function(me, challenges, domains) { | ||
ACME._getZones = function (me, challenges, domains) { | ||
var presenter = challenges['dns-01']; | ||
@@ -570,3 +570,3 @@ if (!presenter) { | ||
// actually returns the zones and not the hosts as zones | ||
var dnsHosts = domains.map(function(d) { | ||
var dnsHosts = domains.map(function (d) { | ||
var rnd = ACME._prnd(2); | ||
@@ -585,3 +585,3 @@ return rnd + '.' + d; | ||
ACME._challengesMap = { 'http-01': 0, 'dns-01': 0, 'tls-alpn-01': 0 }; | ||
ACME._computeAuths = function(me, options, thumb, authz, zonenames, dryrun) { | ||
ACME._computeAuths = function (me, options, thumb, authz, zonenames, dryrun) { | ||
// we don't poison the dns cache with our dummy request | ||
@@ -599,3 +599,3 @@ var dnsPrefix = ACME.challengePrefixes['dns-01']; | ||
return Promise.all( | ||
authz.challenges.map(function(challenge) { | ||
authz.challenges.map(function (challenge) { | ||
// Don't do extra work for challenges that we can't satisfy | ||
@@ -611,3 +611,3 @@ var _types = options._presenterTypes; | ||
// { identifier, status, expires, challenges, wildcard } | ||
Object.keys(authz).forEach(function(key) { | ||
Object.keys(authz).forEach(function (key) { | ||
auth[key] = authz[key]; | ||
@@ -619,3 +619,3 @@ }); | ||
// (note the duplicate status overwrites the one above, but they should be the same) | ||
Object.keys(challenge).forEach(function(key) { | ||
Object.keys(challenge).forEach(function (key) { | ||
// don't confused devs with the id url | ||
@@ -639,4 +639,4 @@ auth[key] = challenge[key]; | ||
dnsPrefix: dnsPrefix | ||
}).then(function(resp) { | ||
Object.keys(resp).forEach(function(k) { | ||
}).then(function (resp) { | ||
Object.keys(resp).forEach(function (k) { | ||
auth[k] = resp[k]; | ||
@@ -647,3 +647,3 @@ }); | ||
}) | ||
).then(function(auths) { | ||
).then(function (auths) { | ||
return auths.filter(Boolean); | ||
@@ -653,3 +653,3 @@ }); | ||
ACME.computeChallenge = function(opts) { | ||
ACME.computeChallenge = function (opts) { | ||
var auth = opts.challenge; | ||
@@ -663,3 +663,3 @@ var hostname = auth.hostname || opts.hostname; | ||
return getThumbprint(accountKey).then(function(thumb) { | ||
return getThumbprint(accountKey).then(function (thumb) { | ||
var resp = {}; | ||
@@ -692,6 +692,6 @@ resp.thumbprint = thumb; | ||
.sum(256, resp.keyAuthorization) | ||
.then(function(hash) { | ||
.then(function (hash) { | ||
return Enc.bufToUrlBase64(Uint8Array.from(hash)); | ||
}) | ||
.then(function(hash64) { | ||
.then(function (hash64) { | ||
resp.dnsHost = dnsPrefix + '.' + hostname; // .replace('*.', ''); | ||
@@ -716,3 +716,3 @@ | ||
ACME._untame = function(name, wild) { | ||
ACME._untame = function (name, wild) { | ||
if (wild) { | ||
@@ -725,3 +725,3 @@ name = '*.' + name.replace('*.', ''); | ||
// https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1 | ||
ACME._postChallenge = function(me, options, kid, auth) { | ||
ACME._postChallenge = function (me, options, kid, auth) { | ||
var RETRY_INTERVAL = me.retryInterval || 1000; | ||
@@ -760,3 +760,3 @@ var DEAUTH_INTERVAL = me.deauthWait || 10 * 1000; | ||
payload: Enc.strToBuf(JSON.stringify({ status: 'deactivated' })) | ||
}).then(function(/*#resp*/) { | ||
}).then(function (/*#resp*/) { | ||
//#console.debug('deactivate challenge: resp.body:'); | ||
@@ -822,3 +822,3 @@ //#console.debug(resp.body); | ||
.remove({ challenge: auth }) | ||
.catch(function(err) { | ||
.catch(function (err) { | ||
err.action = 'challenge_remove'; | ||
@@ -904,3 +904,3 @@ err.altname = auth.altname; | ||
// options = { domains, claims, challenges } | ||
ACME._setChallenges = function(me, options, order) { | ||
ACME._setChallenges = function (me, options, order) { | ||
var claims = order._claims.slice(0); | ||
@@ -922,7 +922,7 @@ var valids = []; | ||
return Promise.resolve() | ||
.then(function() { | ||
.then(function () { | ||
// For any challenges that are already valid, | ||
// add to the list and skip any checks. | ||
if ( | ||
claim.challenges.some(function(ch) { | ||
claim.challenges.some(function (ch) { | ||
if ('valid' === ch.status) { | ||
@@ -1007,3 +1007,3 @@ valids.push(ch); | ||
return ACME.challengeTests[auth.type](me, { challenge: auth }) | ||
.then(function() { | ||
.then(function () { | ||
valids.push(auth); | ||
@@ -1017,3 +1017,3 @@ }) | ||
.remove({ challenge: ch }) | ||
.catch(function(err) { | ||
.catch(function (err) { | ||
err.action = 'challenge_remove'; | ||
@@ -1031,3 +1031,3 @@ err.altname = ch.altname; | ||
.then(checkNext) | ||
.catch(function(err) { | ||
.catch(function (err) { | ||
if (!options.debug) { | ||
@@ -1040,3 +1040,3 @@ placed.forEach(removeAll); | ||
ACME._presentChallenges = function(me, options, kid, readyToPresent) { | ||
ACME._presentChallenges = function (me, options, kid, readyToPresent) { | ||
// Actually sets the challenge via ACME | ||
@@ -1054,3 +1054,3 @@ function challengeNext() { | ||
// (rate limits, propagation delays, etc) | ||
return challengeNext().then(function() { | ||
return challengeNext().then(function () { | ||
return readyToPresent; | ||
@@ -1060,3 +1060,3 @@ }); | ||
ACME._pollOrderStatus = function(me, options, kid, order, verifieds) { | ||
ACME._pollOrderStatus = function (me, options, kid, order, verifieds) { | ||
var csr64 = ACME._csrToUrlBase64(options.csr); | ||
@@ -1073,3 +1073,3 @@ var body = { csr: csr64 }; | ||
payload: Enc.strToBuf(payload) | ||
}).then(function(resp) { | ||
}).then(function (resp) { | ||
ACME._notify(me, options, 'certificate_status', { | ||
@@ -1136,3 +1136,3 @@ subject: options.domains[0], | ||
ACME._redeemCert = function(me, options, kid, voucher) { | ||
ACME._redeemCert = function (me, options, kid, voucher) { | ||
//#console.debug('ACME.js: order was finalized'); | ||
@@ -1147,3 +1147,3 @@ | ||
json: true | ||
}).then(function(resp) { | ||
}).then(function (resp) { | ||
//#console.debug('ACME.js: csr submitted and cert received:'); | ||
@@ -1167,8 +1167,8 @@ | ||
ACME._finalizeOrder = function(me, options, kid, order) { | ||
ACME._finalizeOrder = function (me, options, kid, order) { | ||
//#console.debug('[ACME.js] finalizeOrder:'); | ||
var readyToPresent; | ||
return A._getAccountKid(me, options).then(function(kid) { | ||
return A._getAccountKid(me, options).then(function (kid) { | ||
return ACME._setChallenges(me, options, order) | ||
.then(function(_readyToPresent) { | ||
.then(function (_readyToPresent) { | ||
readyToPresent = _readyToPresent; | ||
@@ -1182,3 +1182,3 @@ return ACME._presentChallenges( | ||
}) | ||
.then(function() { | ||
.then(function () { | ||
return ACME._pollOrderStatus( | ||
@@ -1189,3 +1189,3 @@ me, | ||
order, | ||
readyToPresent.map(function(ch) { | ||
readyToPresent.map(function (ch) { | ||
return ACME._untame(ch.identifier.value, ch.wildcard); | ||
@@ -1195,3 +1195,3 @@ }) | ||
}) | ||
.then(function(voucher) { | ||
.then(function (voucher) { | ||
return ACME._redeemCert(me, options, kid, voucher); | ||
@@ -1203,6 +1203,6 @@ }); | ||
// Order a certificate request with all domains | ||
ACME._orderCert = function(me, options, kid) { | ||
ACME._orderCert = function (me, options, kid) { | ||
var certificateRequest = { | ||
// raw wildcard syntax MUST be used here | ||
identifiers: options.domains.map(function(hostname) { | ||
identifiers: options.domains.map(function (hostname) { | ||
return { type: 'dns', value: hostname }; | ||
@@ -1215,6 +1215,6 @@ }) | ||
return ACME._prepRequest(me, options) | ||
.then(function() { | ||
.then(function () { | ||
return ACME._getZones(me, options.challenges, options.domains); | ||
}) | ||
.then(function(zonenames) { | ||
.then(function (zonenames) { | ||
var p; | ||
@@ -1228,5 +1228,5 @@ // Do a little dry-run / self-test | ||
return p.then(function() { | ||
return p.then(function () { | ||
return A._getAccountKid(me, options) | ||
.then(function(kid) { | ||
.then(function (kid) { | ||
ACME._notify(me, options, 'certificate_order', { | ||
@@ -1249,3 +1249,3 @@ // API-locked | ||
}) | ||
.then(function(resp) { | ||
.then(function (resp) { | ||
var order = resp.body; | ||
@@ -1266,3 +1266,3 @@ order._orderUrl = resp.headers.location; | ||
}) | ||
.then(function(order) { | ||
.then(function (order) { | ||
return ACME._getAllChallenges( | ||
@@ -1274,3 +1274,3 @@ me, | ||
order | ||
).then(function(claims) { | ||
).then(function (claims) { | ||
order._claims = claims; | ||
@@ -1284,4 +1284,4 @@ return order; | ||
ACME._prepRequest = function(me, options) { | ||
return Promise.resolve().then(function() { | ||
ACME._prepRequest = function (me, options) { | ||
return Promise.resolve().then(function () { | ||
// TODO check that all presenterTypes are represented in challenges | ||
@@ -1304,10 +1304,4 @@ if (!options._presenterTypes.length) { | ||
if ( | ||
options.domains | ||
.slice(0) | ||
.sort() | ||
.join(' ') !== | ||
_csr.altnames | ||
.slice(0) | ||
.sort() | ||
.join(' ') | ||
options.domains.slice(0).sort().join(' ') !== | ||
_csr.altnames.slice(0).sort().join(' ') | ||
) { | ||
@@ -1335,3 +1329,3 @@ return Promise.reject( | ||
// a cheap check to see if there are non-ascii characters in any of the domains | ||
var nonAsciiDomains = options.domains.some(function(d) { | ||
var nonAsciiDomains = options.domains.some(function (d) { | ||
// IDN / unicode / utf-8 / punycode | ||
@@ -1347,3 +1341,3 @@ return Enc.strToBin(d) !== d; | ||
// TODO Promise.all()? | ||
(options._presenterTypes || []).forEach(function(key) { | ||
(options._presenterTypes || []).forEach(function (key) { | ||
var presenter = options.challenges[key]; | ||
@@ -1362,3 +1356,3 @@ if ( | ||
// Request a challenge for each authorization in the order | ||
ACME._getAllChallenges = function(me, options, kid, zonenames, order) { | ||
ACME._getAllChallenges = function (me, options, kid, zonenames, order) { | ||
var claims = []; | ||
@@ -1380,3 +1374,3 @@ //#console.debug("[acme-v2] POST newOrder has authorizations"); | ||
authUrl | ||
).then(function(claim) { | ||
).then(function (claim) { | ||
// var domain = options.domains[i]; // claim.identifier.value | ||
@@ -1388,3 +1382,3 @@ claims.push(claim); | ||
return getNext().then(function() { | ||
return getNext().then(function () { | ||
return claims; | ||
@@ -1407,3 +1401,3 @@ }); | ||
.split(/[\r\n]{2,}/g) | ||
.map(function(str) { | ||
.map(function (str) { | ||
return str + '\n'; | ||
@@ -1413,3 +1407,3 @@ }); | ||
ACME._csrToUrlBase64 = function(csr) { | ||
ACME._csrToUrlBase64 = function (csr) { | ||
// if der, convert to base64 | ||
@@ -1423,6 +1417,3 @@ if ('string' !== typeof csr) { | ||
if ('-' === csr[0]) { | ||
csr = csr | ||
.split(/\n+/) | ||
.slice(1, -1) | ||
.join(''); | ||
csr = csr.split(/\n+/).slice(1, -1).join(''); | ||
} | ||
@@ -1433,8 +1424,6 @@ return Enc.base64ToUrlBase64(csr.trim().replace(/\s+/g, '')); | ||
// In v8 this is crypto random, but we're just using it for pseudorandom | ||
ACME._prnd = function(n) { | ||
ACME._prnd = function (n) { | ||
var rnd = ''; | ||
while (rnd.length / 2 < n) { | ||
var i = Math.random() | ||
.toString() | ||
.substr(2); | ||
var i = Math.random().toString().substr(2); | ||
var h = parseInt(i, 10).toString(16); | ||
@@ -1449,3 +1438,3 @@ if (h.length % 2) { | ||
ACME._notify = function(me, options, ev, params) { | ||
ACME._notify = function (me, options, ev, params) { | ||
if (!options.notify && !me.notify) { | ||
@@ -1464,3 +1453,3 @@ //console.info(ev, params); | ||
ACME._wait = function wait(ms) { | ||
return new Promise(function(resolve) { | ||
return new Promise(function (resolve) { | ||
setTimeout(resolve, ms || 1100); | ||
@@ -1482,3 +1471,3 @@ }); | ||
return zonenames | ||
.filter(function(zonename) { | ||
.filter(function (zonename) { | ||
// the only character that needs to be escaped for regex | ||
@@ -1488,3 +1477,3 @@ // and is allowed in a domain name is '.' | ||
}) | ||
.sort(function(a, b) { | ||
.sort(function (a, b) { | ||
// longest match first | ||
@@ -1491,0 +1480,0 @@ return b.length - a.length; |
#!/usr/bin/env node | ||
(async function() { | ||
(async function () { | ||
'use strict'; | ||
@@ -25,3 +25,3 @@ | ||
'../lib/acme.js' | ||
].map(async function(file) { | ||
].map(async function (file) { | ||
return (await readFile(path.join(__dirname, file), 'utf8')).trim(); | ||
@@ -28,0 +28,0 @@ }) |
@@ -5,3 +5,3 @@ 'use strict'; | ||
E.NO_SUITABLE_CHALLENGE = function(domain, challenges, presenters) { | ||
E.NO_SUITABLE_CHALLENGE = function (domain, challenges, presenters) { | ||
// Bail with a descriptive message if no usable challenge could be selected | ||
@@ -12,3 +12,3 @@ // For example, wildcards require dns-01 and, if we don't have that, we have to bail | ||
challenges | ||
.map(function(r) { | ||
.map(function (r) { | ||
return r.type; | ||
@@ -29,3 +29,3 @@ }) | ||
}; | ||
E.UNHANDLED_ORDER_STATUS = function(options, domains, resp) { | ||
E.UNHANDLED_ORDER_STATUS = function (options, domains, resp) { | ||
return new Error( | ||
@@ -47,3 +47,3 @@ "Didn't finalize order: Unhandled status '" + | ||
}; | ||
E.DOUBLE_READY_ORDER = function(options, domains, resp) { | ||
E.DOUBLE_READY_ORDER = function (options, domains, resp) { | ||
return new Error( | ||
@@ -64,3 +64,3 @@ "Did not finalize order: status 'ready'." + | ||
}; | ||
E.ORDER_INVALID = function(options, domains, resp) { | ||
E.ORDER_INVALID = function (options, domains, resp) { | ||
return new Error( | ||
@@ -79,3 +79,3 @@ "Did not finalize order: status 'invalid'." + | ||
}; | ||
E.NO_AUTHORIZATIONS = function(options, resp) { | ||
E.NO_AUTHORIZATIONS = function (options, resp) { | ||
return new Error( | ||
@@ -82,0 +82,0 @@ "[acme-v2.js] authorizations were not fetched for '" + |
@@ -5,7 +5,7 @@ 'use strict'; | ||
native._canCheck = function(me) { | ||
native._canCheck = function (me) { | ||
me._canCheck = {}; | ||
return me | ||
.request({ url: me._baseUrl + '/api/_acme_api_/' }) | ||
.then(function(resp) { | ||
.then(function (resp) { | ||
if (resp.body.success) { | ||
@@ -16,3 +16,3 @@ me._canCheck['http-01'] = true; | ||
}) | ||
.catch(function() { | ||
.catch(function () { | ||
// ignore | ||
@@ -22,3 +22,3 @@ }); | ||
native._dns01 = function(me, ch) { | ||
native._dns01 = function (me, ch) { | ||
return me | ||
@@ -28,3 +28,3 @@ .request({ | ||
}) | ||
.then(function(resp) { | ||
.then(function (resp) { | ||
var err; | ||
@@ -42,3 +42,3 @@ if (!resp.body || !Array.isArray(resp.body.answer)) { | ||
return { | ||
answer: resp.body.answer.map(function(ans) { | ||
answer: resp.body.answer.map(function (ans) { | ||
return { data: ans.data, ttl: ans.ttl }; | ||
@@ -50,3 +50,3 @@ }) | ||
native._http01 = function(me, ch) { | ||
native._http01 = function (me, ch) { | ||
var url = encodeURIComponent(ch.challengeUrl); | ||
@@ -57,5 +57,5 @@ return me | ||
}) | ||
.then(function(resp) { | ||
.then(function (resp) { | ||
return resp.body; | ||
}); | ||
}; |
'use strict'; | ||
var UserAgent = module.exports; | ||
UserAgent.get = function() { | ||
UserAgent.get = function () { | ||
return false; | ||
}; |
@@ -5,5 +5,5 @@ 'use strict'; | ||
http.request = function(opts) { | ||
http.request = function (opts) { | ||
opts.cors = true; | ||
return window.fetch(opts.url, opts).then(function(resp) { | ||
return window.fetch(opts.url, opts).then(function (resp) { | ||
var headers = {}; | ||
@@ -13,7 +13,7 @@ var result = { | ||
headers: headers, | ||
toJSON: function() { | ||
toJSON: function () { | ||
return this; | ||
} | ||
}; | ||
Array.from(resp.headers.entries()).forEach(function(h) { | ||
Array.from(resp.headers.entries()).forEach(function (h) { | ||
headers[h[0]] = h[1]; | ||
@@ -25,3 +25,3 @@ }); | ||
if (/json/.test(headers['content-type'])) { | ||
return resp.json().then(function(json) { | ||
return resp.json().then(function (json) { | ||
result.body = json; | ||
@@ -31,3 +31,3 @@ return result; | ||
} | ||
return resp.text().then(function(txt) { | ||
return resp.text().then(function (txt) { | ||
result.body = txt; | ||
@@ -34,0 +34,0 @@ return result; |
@@ -6,3 +6,3 @@ 'use strict'; | ||
var encoder = new TextEncoder(); | ||
sha2.sum = function(alg, str) { | ||
sha2.sum = function (alg, str) { | ||
var data = str; | ||
@@ -9,0 +9,0 @@ if ('string' === typeof data) { |
@@ -8,3 +8,3 @@ 'use strict'; | ||
native._canCheck = function(me) { | ||
native._canCheck = function (me) { | ||
me._canCheck = {}; | ||
@@ -16,7 +16,7 @@ me._canCheck['http-01'] = true; | ||
native._dns01 = function(me, ch) { | ||
native._dns01 = function (me, ch) { | ||
// TODO use digd.js | ||
return resolveTxt(ch.dnsHost).then(function(records) { | ||
return resolveTxt(ch.dnsHost).then(function (records) { | ||
return { | ||
answer: records.map(function(rr) { | ||
answer: records.map(function (rr) { | ||
return { | ||
@@ -30,6 +30,6 @@ data: rr | ||
native._http01 = function(me, ch) { | ||
native._http01 = function (me, ch) { | ||
return new me.request({ | ||
url: ch.challengeUrl | ||
}).then(function(resp) { | ||
}).then(function (resp) { | ||
return resp.body; | ||
@@ -42,3 +42,3 @@ }); | ||
// (very similar to CloudFlare's api protection) | ||
native._hashcash = function(ch) { | ||
native._hashcash = function (ch) { | ||
if (!ch || !ch.nonce) { | ||
@@ -48,3 +48,3 @@ ch = { nonce: 'xxx' }; | ||
return Promise.resolve() | ||
.then(function() { | ||
.then(function () { | ||
// only get easy answers | ||
@@ -88,3 +88,3 @@ var len = ch.needle.length; | ||
}) | ||
.catch(function() { | ||
.catch(function () { | ||
//console.log('[debug]', err); | ||
@@ -91,0 +91,0 @@ // ignore any error |
@@ -7,3 +7,3 @@ 'use strict'; | ||
var UserAgent = module.exports; | ||
UserAgent.get = function(me) { | ||
UserAgent.get = function (me) { | ||
// ACME clients MUST have an RFC7231-compliant User-Agent | ||
@@ -10,0 +10,0 @@ // ex: Greenlock/v3 ACME.js/v3 node/v12.0.0 darwin/17.7.0 Darwin/x64 |
@@ -7,4 +7,4 @@ 'use strict'; | ||
http.request = function(opts) { | ||
http.request = function (opts) { | ||
return request(opts); | ||
}; |
@@ -7,12 +7,9 @@ /* global Promise */ | ||
sha2.sum = function(alg, str) { | ||
return Promise.resolve().then(function() { | ||
sha2.sum = function (alg, str) { | ||
return Promise.resolve().then(function () { | ||
var sha = 'sha' + String(alg).replace(/^sha-?/i, ''); | ||
// utf8 is the default for strings | ||
var buf = Buffer.from(str); | ||
return crypto | ||
.createHash(sha) | ||
.update(buf) | ||
.digest(); | ||
return crypto.createHash(sha).update(buf).digest(); | ||
}); | ||
}; |
@@ -10,3 +10,3 @@ 'use strict'; | ||
var oldCollegeTries = {}; | ||
M.init = function(me) { | ||
M.init = function (me) { | ||
if (oldCollegeTries[me.maintainerEmail]) { | ||
@@ -36,4 +36,4 @@ return; | ||
M._init = function(me, tz, locale) { | ||
setTimeout(function() { | ||
M._init = function (me, tz, locale) { | ||
setTimeout(function () { | ||
// prevent a stampede from misconfigured clients in an eternal loop | ||
@@ -46,3 +46,3 @@ me.request({ | ||
}) | ||
.then(function(resp) { | ||
.then(function (resp) { | ||
// in the browser this will work until solved, but in | ||
@@ -52,3 +52,3 @@ // node this will bail unless the challenge is trivial | ||
}) | ||
.then(function(hashcash) { | ||
.then(function (hashcash) { | ||
var req = { | ||
@@ -71,3 +71,3 @@ timeout: 3000, | ||
}) | ||
.catch(function(err) { | ||
.catch(function (err) { | ||
if (me.debug) { | ||
@@ -80,3 +80,3 @@ console.error( | ||
}) | ||
.then(function(/*resp*/) { | ||
.then(function (/*resp*/) { | ||
oldCollegeTries[me.maintainerEmail] = true; | ||
@@ -83,0 +83,0 @@ //console.log(resp); |
{ | ||
"name": "@root/acme", | ||
"version": "3.0.10", | ||
"version": "3.1.0", | ||
"description": "Free SSL certificates for Node.js and Browsers. Issued via Let's Encrypt", | ||
@@ -47,5 +47,5 @@ "homepage": "https://rootprojects.org/acme/", | ||
"@root/encoding": "^1.0.1", | ||
"@root/keypairs": "^0.9.0", | ||
"@root/keypairs": "^0.10.0", | ||
"@root/pem": "^1.0.4", | ||
"@root/request": "^1.3.11", | ||
"@root/request": "^1.6.1", | ||
"@root/x509": "^0.7.2" | ||
@@ -52,0 +52,0 @@ }, |
33
utils.js
@@ -9,12 +9,13 @@ 'use strict'; | ||
// Handle nonce, signing, and request altogether | ||
U._jwsRequest = function(me, bigopts) { | ||
return U._getNonce(me).then(function(nonce) { | ||
U._jwsRequest = function (me, bigopts) { | ||
return U._getNonce(me).then(function (nonce) { | ||
bigopts.protected.nonce = nonce; | ||
bigopts.protected.url = bigopts.url; | ||
// protected.alg: added by Keypairs.signJws | ||
if (!bigopts.protected.jwk) { | ||
// protected.kid must be overwritten due to ACME's interpretation of the spec | ||
if (!('kid' in bigopts.protected)) { | ||
bigopts.protected.kid = bigopts.kid; | ||
} | ||
if (bigopts.protected.jwk) { | ||
bigopts.protected.kid = false; | ||
} else if (!('kid' in bigopts.protected)) { | ||
// protected.kid must be provided according to ACME's interpretation of the spec | ||
// (using the provided URL rather than the Key's Thumbprint as Key ID) | ||
bigopts.protected.kid = bigopts.kid; | ||
} | ||
@@ -28,3 +29,3 @@ | ||
}) | ||
.then(function(jws) { | ||
.then(function (jws) { | ||
//#console.debug('[ACME.js] url: ' + bigopts.url + ':'); | ||
@@ -34,3 +35,3 @@ //#console.debug(jws); | ||
}) | ||
.catch(function(e) { | ||
.catch(function (e) { | ||
if (/badNonce$/.test(e.urn)) { | ||
@@ -49,3 +50,3 @@ // retry badNonces | ||
U._getNonce = function(me) { | ||
U._getNonce = function (me) { | ||
var nonce; | ||
@@ -71,3 +72,3 @@ while (true) { | ||
url: me._directoryUrls.newNonce | ||
}).then(function(resp) { | ||
}).then(function (resp) { | ||
return resp.headers['replay-nonce']; | ||
@@ -78,3 +79,3 @@ }); | ||
// Handle some ACME-specific defaults | ||
U._request = function(me, opts) { | ||
U._request = function (me, opts) { | ||
// no-op on browser | ||
@@ -109,3 +110,3 @@ var ua = UserAgent.get(me, opts); | ||
//console.log(opts); | ||
return me.__request(opts).then(function(resp) { | ||
return me.__request(opts).then(function (resp) { | ||
if (resp.toJSON) { | ||
@@ -149,7 +150,7 @@ resp = resp.toJSON(); | ||
U._setNonce = function(me, nonce) { | ||
U._setNonce = function (me, nonce) { | ||
me._nonces.unshift({ nonce: nonce, createdAt: Date.now() }); | ||
}; | ||
U._importKeypair = function(key) { | ||
U._importKeypair = function (key) { | ||
var p; | ||
@@ -173,3 +174,3 @@ var pub; | ||
return p.then(function(pair) { | ||
return p.then(function (pair) { | ||
if (pair.public.kid) { | ||
@@ -176,0 +177,0 @@ pair = JSON.parse(JSON.stringify(pair)); |
92460
2051
+ Added@root/keypairs@0.10.3(transitive)
- Removed@root/keypairs@0.9.0(transitive)
Updated@root/keypairs@^0.10.0
Updated@root/request@^1.6.1