Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
acme-v2 - npm Package Compare versions
Comparing version 0.0.2 to 0.6.0
561
node.js
@@ -5,4 +5,5 @@ /*! | ||
| * Apache-2.0 OR MIT (and hence also MPL 2.0) | ||
| */ | ||
| */ | ||
| 'use strict'; | ||
| /* globals Promise */ | ||
@@ -56,2 +57,3 @@ var defaults = { | ||
| var RSA = deps.RSA || require('rsa-compat').RSA; | ||
| deps.request = deps.request || require('request'); | ||
@@ -63,52 +65,7 @@ deps.promisify = deps.promisify || require('util').promisify; | ||
| var crypto = require('crypto'); | ||
| RSA.signJws = RSA.generateJws = RSA.generateSignatureJws = RSA.generateSignatureJwk = | ||
| function (keypair, payload, nonce) { | ||
| var prot = {}; | ||
| if (nonce) { | ||
| if ('string' === typeof nonce) { | ||
| prot.nonce = nonce; | ||
| } else { | ||
| prot = nonce; | ||
| } | ||
| } | ||
| keypair = RSA._internal.import(keypair); | ||
| keypair = RSA._internal.importForge(keypair); | ||
| keypair.publicKeyJwk = RSA.exportPublicJwk(keypair); | ||
| // Compute JWS signature | ||
| var protectedHeader = ""; | ||
| if (Object.keys(prot).length) { | ||
| protectedHeader = JSON.stringify(prot); // { alg: prot.alg, nonce: prot.nonce, url: prot.url }); | ||
| } | ||
| var protected64 = RSA.utils.toWebsafeBase64(new Buffer(protectedHeader).toString('base64')); | ||
| var payload64 = RSA.utils.toWebsafeBase64(payload.toString('base64')); | ||
| var raw = protected64 + "." + payload64; | ||
| var sha256Buf = crypto.createHash('sha256').update(raw).digest(); | ||
| var sig64; | ||
| if (RSA._URSA) { | ||
| sig64 = RSA._ursaGenerateSig(keypair, sha256Buf); | ||
| } else { | ||
| sig64 = RSA._forgeGenerateSig(keypair, sha256Buf); | ||
| } | ||
| return { | ||
| /* | ||
| header: { | ||
| alg: "RS256" | ||
| , jwk: keypair.publicKeyJwk | ||
| } | ||
| */ | ||
| protected: protected64 | ||
| , payload: payload64 | ||
| , signature: sig64 | ||
| }; | ||
| }; | ||
| var acme2 = { | ||
| getAcmeUrls: function () { | ||
| getAcmeUrls: function (_directoryUrl) { | ||
| var me = this; | ||
| return request({ url: directoryUrl }).then(function (resp) { | ||
| me._directoryUrls = JSON.parse(resp.body); | ||
| return request({ url: _directoryUrl || directoryUrl, json: true }).then(function (resp) { | ||
| me._directoryUrls = resp.body; | ||
| me._tos = me._directoryUrls.meta.termsOfService; | ||
@@ -120,2 +77,3 @@ return me._directoryUrls; | ||
| var me = this; | ||
| if (me._nonce) { return new Promise(function (resolve) { resolve(me._nonce); return; }); } | ||
| return request({ method: 'HEAD', url: me._directoryUrls.newNonce }).then(function (resp) { | ||
@@ -126,179 +84,240 @@ me._nonce = resp.toJSON().headers['replay-nonce']; | ||
| } | ||
| // ACME RFC Section 7.3 Account Creation | ||
| /* | ||
| { | ||
| "protected": base64url({ | ||
| "alg": "ES256", | ||
| "jwk": {...}, | ||
| "nonce": "6S8IqOGY7eL2lsGoTZYifg", | ||
| "url": "https://example.com/acme/new-account" | ||
| }), | ||
| "payload": base64url({ | ||
| "termsOfServiceAgreed": true, | ||
| "onlyReturnExisting": false, | ||
| "contact": [ | ||
| "mailto:cert-admin@example.com", | ||
| "mailto:admin@example.com" | ||
| ] | ||
| }), | ||
| "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I" | ||
| } | ||
| */ | ||
| // ACME RFC Section 7.3 Account Creation | ||
| /* | ||
| { | ||
| "protected": base64url({ | ||
| "alg": "ES256", | ||
| "jwk": {...}, | ||
| "nonce": "6S8IqOGY7eL2lsGoTZYifg", | ||
| "url": "https://example.com/acme/new-account" | ||
| }), | ||
| "payload": base64url({ | ||
| "termsOfServiceAgreed": true, | ||
| "onlyReturnExisting": false, | ||
| "contact": [ | ||
| "mailto:cert-admin@example.com", | ||
| "mailto:admin@example.com" | ||
| ] | ||
| }), | ||
| "signature": "RZPOnYoPs1PhjszF...-nh6X1qtOFPB519I" | ||
| } | ||
| */ | ||
| , registerNewAccount: function (options) { | ||
| var me = this; | ||
| var body = { | ||
| termsOfServiceAgreed: true | ||
| , onlyReturnExisting: false | ||
| , contact: [ 'mailto:' + options.email ] | ||
| /* | ||
| "externalAccountBinding": { | ||
| "protected": base64url({ | ||
| "alg": "HS256", | ||
| "kid": /* key identifier from CA *//*, | ||
| "url": "https://example.com/acme/new-account" | ||
| }), | ||
| "payload": base64url(/* same as in "jwk" above *//*), | ||
| "signature": /* MAC using MAC key from CA *//* | ||
| } | ||
| */ | ||
| }; | ||
| var payload = JSON.stringify(body, null, 2); | ||
| var jws = RSA.signJws( | ||
| options.keypair | ||
| , new Buffer(payload) | ||
| , { nonce: me._nonce, alg: 'RS256', url: me._directoryUrls.newAccount, jwk: RSA.exportPublicJwk(options.keypair) } | ||
| ); | ||
| console.log('[acme-v2] registerNewAccount'); | ||
| console.log('jws:'); | ||
| console.log(jws); | ||
| return request({ | ||
| method: 'POST' | ||
| , url: me._directoryUrls.newAccount | ||
| , headers: { 'Content-Type': 'application/jose+json' } | ||
| , json: jws | ||
| }).then(function (resp) { | ||
| me._nonce = resp.toJSON().headers['replay-nonce']; | ||
| var location = resp.toJSON().headers['location']; | ||
| console.log(location); // the account id url | ||
| console.log(resp.toJSON()); | ||
| me._kid = location; | ||
| return resp.body; | ||
| return me.getNonce().then(function () { | ||
| return new Promise(function (resolve, reject) { | ||
| function agree(err, tosUrl) { | ||
| if (err) { reject(err); return; } | ||
| if (me._tos !== tosUrl) { | ||
| err = new Error("You must agree to the ToS at '" + me._tos + "'"); | ||
| err.code = "E_AGREE_TOS"; | ||
| reject(err); | ||
| return; | ||
| } | ||
| var jwk = RSA.exportPublicJwk(options.accountKeypair); | ||
| var body = { | ||
| termsOfServiceAgreed: tosUrl === me._tos | ||
| , onlyReturnExisting: false | ||
| , contact: [ 'mailto:' + options.email ] | ||
| }; | ||
| if (options.externalAccount) { | ||
| body.externalAccountBinding = RSA.signJws( | ||
| options.externalAccount.secret | ||
| , undefined | ||
| , { alg: "HS256" | ||
| , kid: options.externalAccount.id | ||
| , url: me._directoryUrls.newAccount | ||
| } | ||
| , new Buffer(JSON.stringify(jwk)) | ||
| ); | ||
| } | ||
| var payload = JSON.stringify(body); | ||
| var jws = RSA.signJws( | ||
| options.accountKeypair | ||
| , undefined | ||
| , { nonce: me._nonce | ||
| , alg: 'RS256' | ||
| , url: me._directoryUrls.newAccount | ||
| , jwk: jwk | ||
| } | ||
| , new Buffer(payload) | ||
| ); | ||
| console.log('[acme-v2] registerNewAccount JSON body:'); | ||
| delete jws.header; | ||
| console.log(jws); | ||
| me._nonce = null; | ||
| return request({ | ||
| method: 'POST' | ||
| , url: me._directoryUrls.newAccount | ||
| , headers: { 'Content-Type': 'application/jose+json' } | ||
| , json: jws | ||
| }).then(function (resp) { | ||
| me._nonce = resp.toJSON().headers['replay-nonce']; | ||
| var location = resp.toJSON().headers.location; | ||
| console.log('[DEBUG] new account location:'); // the account id url | ||
| console.log(location); // the account id url | ||
| console.log(resp.toJSON()); | ||
| me._kid = location; | ||
| return resp.body; | ||
| }).then(resolve); | ||
| } | ||
| console.log('[acme-v2] agreeToTerms'); | ||
| options.agreeToTerms(me._tos, agree); | ||
| }); | ||
| }); | ||
| } | ||
| /* | ||
| POST /acme/new-order HTTP/1.1 | ||
| Host: example.com | ||
| Content-Type: application/jose+json | ||
| /* | ||
| POST /acme/new-order HTTP/1.1 | ||
| Host: example.com | ||
| Content-Type: application/jose+json | ||
| { | ||
| "protected": base64url({ | ||
| "alg": "ES256", | ||
| "kid": "https://example.com/acme/acct/1", | ||
| "nonce": "5XJ1L3lEkMG7tR6pA00clA", | ||
| "url": "https://example.com/acme/new-order" | ||
| }), | ||
| "payload": base64url({ | ||
| "identifiers": [{"type:"dns","value":"example.com"}], | ||
| "notBefore": "2016-01-01T00:00:00Z", | ||
| "notAfter": "2016-01-08T00:00:00Z" | ||
| }), | ||
| "signature": "H6ZXtGjTZyUnPeKn...wEA4TklBdh3e454g" | ||
| } | ||
| */ | ||
| { | ||
| "protected": base64url({ | ||
| "alg": "ES256", | ||
| "kid": "https://example.com/acme/acct/1", | ||
| "nonce": "5XJ1L3lEkMG7tR6pA00clA", | ||
| "url": "https://example.com/acme/new-order" | ||
| }), | ||
| "payload": base64url({ | ||
| "identifiers": [{"type:"dns","value":"example.com"}], | ||
| "notBefore": "2016-01-01T00:00:00Z", | ||
| "notAfter": "2016-01-08T00:00:00Z" | ||
| }), | ||
| "signature": "H6ZXtGjTZyUnPeKn...wEA4TklBdh3e454g" | ||
| } | ||
| */ | ||
| , _getChallenges: function (options, auth) { | ||
| console.log('\n[DEBUG] getChallenges\n'); | ||
| return request({ method: 'GET', url: auth, json: true }).then(function (resp) { | ||
| console.log('Authorization:'); | ||
| console.log(resp.body.challenges); | ||
| return resp.body.challenges; | ||
| return resp.body; | ||
| }); | ||
| } | ||
| // https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-7.5.1 | ||
| , _postChallenge: function (options, ch) { | ||
| var me = this; | ||
| , _postChallenge: function (options, identifier, ch) { | ||
| var me = this; | ||
| var body = { }; | ||
| var payload = JSON.stringify(body); | ||
| //var payload = JSON.stringify(body, null, 2); | ||
| var jws = RSA.signJws( | ||
| options.keypair | ||
| , new Buffer(payload) | ||
| , { nonce: me._nonce, alg: 'RS256', url: ch.url, kid: me._kid } | ||
| ); | ||
| var payload = JSON.stringify(body); | ||
| var thumbprint = RSA.thumbprint(options.keypair); | ||
| var thumbprint = RSA.thumbprint(options.accountKeypair); | ||
| var keyAuthorization = ch.token + '.' + thumbprint; | ||
| // keyAuthorization = token || '.' || base64url(JWK_Thumbprint(accountKey)) | ||
| // /.well-known/acme-challenge/:token | ||
| console.log('type:'); | ||
| console.log(ch.type); | ||
| console.log('ch.token:'); | ||
| console.log(ch.token); | ||
| console.log('thumbprint:'); | ||
| console.log(thumbprint); | ||
| console.log('keyAuthorization:'); | ||
| console.log(keyAuthorization); | ||
| /* | ||
| options.setChallenge(ch.token, thumbprint, keyAuthorization, function (err) { | ||
| }); | ||
| */ | ||
| function wait(ms) { | ||
| return new Promise(function (resolve) { | ||
| setTimeout(resolve, (ms || 1100)); | ||
| }); | ||
| } | ||
| function pollStatus() { | ||
| console.log('\n[DEBUG] statusChallenge\n'); | ||
| return request({ method: 'GET', url: ch.url, json: true }).then(function (resp) { | ||
| console.error('poll: resp.body:'); | ||
| console.error(resp.body); | ||
| if ('pending' === resp.body.status) { | ||
| console.log('poll: again'); | ||
| return wait().then(pollStatus); | ||
| } | ||
| return new Promise(function (resolve, reject) { | ||
| if (options.setupChallenge) { | ||
| options.setupChallenge( | ||
| { identifier: identifier | ||
| , hostname: identifier.value | ||
| , type: ch.type | ||
| , token: ch.token | ||
| , thumbprint: thumbprint | ||
| , keyAuthorization: keyAuthorization | ||
| , dnsAuthorization: RSA.utils.toWebsafeBase64( | ||
| require('crypto').createHash('sha256').update(keyAuthorization).digest('base64') | ||
| ) | ||
| } | ||
| , testChallenge | ||
| ); | ||
| } else { | ||
| options.setChallenge(identifier.value, ch.token, keyAuthorization, testChallenge); | ||
| } | ||
| if ('valid' === resp.body.status) { | ||
| console.log('poll: valid'); | ||
| return resp.body; | ||
| function testChallenge(err) { | ||
| if (err) { reject(err); return; } | ||
| // TODO put check dns / http checks here? | ||
| // http-01: GET https://example.org/.well-known/acme-challenge/{{token}} => {{keyAuth}} | ||
| // dns-01: TXT _acme-challenge.example.org. => "{{urlSafeBase64(sha256(keyAuth))}}" | ||
| function wait(ms) { | ||
| return new Promise(function (resolve) { | ||
| setTimeout(resolve, (ms || 1100)); | ||
| }); | ||
| } | ||
| if (!resp.body.status) { | ||
| console.error("[acme-v2] (y) bad challenge state:"); | ||
| function pollStatus() { | ||
| console.log('\n[DEBUG] statusChallenge\n'); | ||
| return request({ method: 'GET', url: ch.url, json: true }).then(function (resp) { | ||
| console.error('poll: resp.body:'); | ||
| console.error(resp.body); | ||
| if ('pending' === resp.body.status) { | ||
| console.log('poll: again'); | ||
| return wait().then(pollStatus); | ||
| } | ||
| if ('valid' === resp.body.status) { | ||
| console.log('poll: valid'); | ||
| try { | ||
| if (options.teardownChallenge) { | ||
| options.teardownChallenge( | ||
| { identifier: identifier | ||
| , type: ch.type | ||
| , token: ch.token | ||
| } | ||
| , function () {} | ||
| ); | ||
| } else { | ||
| options.removeChallenge(identifier.value, ch.token, function () {}); | ||
| } | ||
| } catch(e) {} | ||
| return resp.body; | ||
| } | ||
| if (!resp.body.status) { | ||
| console.error("[acme-v2] (y) bad challenge state:"); | ||
| } | ||
| else if ('invalid' === resp.body.status) { | ||
| console.error("[acme-v2] (x) invalid challenge state:"); | ||
| } | ||
| else { | ||
| console.error("[acme-v2] (z) bad challenge state:"); | ||
| } | ||
| return Promise.reject(new Error("[acme-v2] bad challenge state")); | ||
| }); | ||
| } | ||
| else if ('invalid' === resp.body.status) { | ||
| console.error("[acme-v2] (x) invalid challenge state:"); | ||
| } | ||
| else { | ||
| console.error("[acme-v2] (z) bad challenge state:"); | ||
| } | ||
| }); | ||
| } | ||
| console.log('\n[DEBUG] postChallenge\n'); | ||
| //console.log('\n[DEBUG] stop to fix things\n'); return; | ||
| console.log('\n[DEBUG] postChallenge\n'); | ||
| //console.log('\n[DEBUG] stop to fix things\n'); return; | ||
| function post() { | ||
| return request({ | ||
| method: 'POST' | ||
| , url: ch.url | ||
| , headers: { 'Content-Type': 'application/jose+json' } | ||
| , json: jws | ||
| }).then(function (resp) { | ||
| me._nonce = resp.toJSON().headers['replay-nonce']; | ||
| console.log('respond to challenge: resp.body:'); | ||
| console.log(resp.body); | ||
| return wait().then(pollStatus); | ||
| }); | ||
| } | ||
| function post() { | ||
| var jws = RSA.signJws( | ||
| options.accountKeypair | ||
| , undefined | ||
| , { nonce: me._nonce, alg: 'RS256', url: ch.url, kid: me._kid } | ||
| , new Buffer(payload) | ||
| ); | ||
| me._nonce = null; | ||
| return request({ | ||
| method: 'POST' | ||
| , url: ch.url | ||
| , headers: { 'Content-Type': 'application/jose+json' } | ||
| , json: jws | ||
| }).then(function (resp) { | ||
| me._nonce = resp.toJSON().headers['replay-nonce']; | ||
| console.log('respond to challenge: resp.body:'); | ||
| console.log(resp.body); | ||
| return wait().then(pollStatus).then(resolve, reject); | ||
| }); | ||
| } | ||
| return wait(20 * 1000).then(post); | ||
| return wait(20 * 1000).then(post); | ||
| } | ||
| }); | ||
| } | ||
| , _finalizeOrder: function (options, validatedDomains) { | ||
| console.log('finalizeOrder:'); | ||
| var me = this; | ||
| var me = this; | ||
| var csr = RSA.generateCsrWeb64(options.certificateKeypair, validatedDomains); | ||
| var csr = RSA.generateCsrWeb64(options.domainKeypair, validatedDomains); | ||
| var body = { csr: csr }; | ||
@@ -314,10 +333,11 @@ var payload = JSON.stringify(body); | ||
| function pollCert() { | ||
| //var payload = JSON.stringify(body, null, 2); | ||
| var jws = RSA.signJws( | ||
| options.keypair | ||
| options.accountKeypair | ||
| , undefined | ||
| , { nonce: me._nonce, alg: 'RS256', url: me._finalize, kid: me._kid } | ||
| , new Buffer(payload) | ||
| , { nonce: me._nonce, alg: 'RS256', url: me._finalize, kid: me._kid } | ||
| ); | ||
| console.log('finalize:', me._finalize); | ||
| me._nonce = null; | ||
| return request({ | ||
@@ -357,3 +377,3 @@ method: 'POST' | ||
| } | ||
| , _getCertificate: function (auth) { | ||
| , _getCertificate: function () { | ||
| var me = this; | ||
@@ -367,66 +387,81 @@ return request({ method: 'GET', url: me._certificate, json: true }).then(function (resp) { | ||
| , getCertificate: function (options, cb) { | ||
| var me = this; | ||
| console.log('[acme-v2] DEBUG get cert 1'); | ||
| var me = this; | ||
| var body = { | ||
| identifiers: [ | ||
| { type: "dns" , value: "test.ppl.family" } | ||
| /* | ||
| , { type: "dns" , value: "example.net" } | ||
| */ | ||
| ] | ||
| //, "notBefore": "2016-01-01T00:00:00Z" | ||
| //, "notAfter": "2016-01-08T00:00:00Z" | ||
| }; | ||
| if (!options.challengeTypes) { | ||
| if (!options.challengeType) { | ||
| cb(new Error("challenge type must be specified")); | ||
| return Promise.reject(new Error("challenge type must be specified")); | ||
| } | ||
| options.challengeTypes = [ options.challengeType ]; | ||
| } | ||
| var payload = JSON.stringify(body); | ||
| //var payload = JSON.stringify(body, null, 2); | ||
| var jws = RSA.signJws( | ||
| options.keypair | ||
| , new Buffer(payload) | ||
| , { nonce: me._nonce, alg: 'RS256', url: me._directoryUrls.newOrder, kid: me._kid } | ||
| ); | ||
| console.log('[acme-v2] getCertificate'); | ||
| return me.getNonce().then(function () { | ||
| var body = { | ||
| identifiers: options.domains.map(function (hostname) { | ||
| return { type: "dns" , value: hostname }; | ||
| }) | ||
| //, "notBefore": "2016-01-01T00:00:00Z" | ||
| //, "notAfter": "2016-01-08T00:00:00Z" | ||
| }; | ||
| console.log('\n[DEBUG] newOrder\n'); | ||
| return request({ | ||
| method: 'POST' | ||
| , url: me._directoryUrls.newOrder | ||
| , headers: { 'Content-Type': 'application/jose+json' } | ||
| , json: jws | ||
| }).then(function (resp) { | ||
| me._nonce = resp.toJSON().headers['replay-nonce']; | ||
| var location = resp.toJSON().headers['location']; | ||
| console.log(location); // the account id url | ||
| console.log(resp.toJSON()); | ||
| //var body = JSON.parse(resp.body); | ||
| me._authorizations = resp.body.authorizations; | ||
| me._order = location; | ||
| me._finalize = resp.body.finalize; | ||
| //console.log('[DEBUG] finalize:', me._finalize); return; | ||
| var payload = JSON.stringify(body); | ||
| var jws = RSA.signJws( | ||
| options.accountKeypair | ||
| , undefined | ||
| , { nonce: me._nonce, alg: 'RS256', url: me._directoryUrls.newOrder, kid: me._kid } | ||
| , new Buffer(payload) | ||
| ); | ||
| //return resp.body; | ||
| return Promise.all(me._authorizations.map(function (auth) { | ||
| console.log('authz', auth); | ||
| return me._getChallenges(options, auth).then(function (challenges) { | ||
| var chp; | ||
| console.log('\n[DEBUG] newOrder\n'); | ||
| me._nonce = null; | ||
| return request({ | ||
| method: 'POST' | ||
| , url: me._directoryUrls.newOrder | ||
| , headers: { 'Content-Type': 'application/jose+json' } | ||
| , json: jws | ||
| }).then(function (resp) { | ||
| me._nonce = resp.toJSON().headers['replay-nonce']; | ||
| var location = resp.toJSON().headers.location; | ||
| console.log(location); // the account id url | ||
| console.log(resp.toJSON()); | ||
| me._authorizations = resp.body.authorizations; | ||
| me._order = location; | ||
| me._finalize = resp.body.finalize; | ||
| //console.log('[DEBUG] finalize:', me._finalize); return; | ||
| challenges.forEach(function (ch) { | ||
| if ('http-01' !== ch.type) { | ||
| return; | ||
| //return resp.body; | ||
| return Promise.all(me._authorizations.map(function (authUrl) { | ||
| return me._getChallenges(options, authUrl).then(function (results) { | ||
| // var domain = options.domains[i]; // results.identifier.value | ||
| var chType = options.challengeTypes.filter(function (chType) { | ||
| return results.challenges.some(function (ch) { | ||
| return ch.type === chType; | ||
| }); | ||
| })[0]; | ||
| var challenge = results.challenges.filter(function (ch) { | ||
| if (chType === ch.type) { | ||
| return ch; | ||
| } | ||
| })[0]; | ||
| if (!challenge) { | ||
| return Promise.reject(new Error("Server didn't offer any challenge we can handle.")); | ||
| } | ||
| chp = me._postChallenge(options, ch); | ||
| return me._postChallenge(options, results.identifier, challenge); | ||
| }); | ||
| })).then(function () { | ||
| var validatedDomains = body.identifiers.map(function (ident) { | ||
| return ident.value; | ||
| }); | ||
| return chp; | ||
| return me._finalizeOrder(options, validatedDomains); | ||
| }).then(function () { | ||
| return me._getCertificate().then(function (result) { cb(null, result); return result; }, cb); | ||
| }); | ||
| })).then(function () { | ||
| var validatedDomains = body.identifiers.map(function (ident) { | ||
| return ident.value; | ||
| }); | ||
| return me._finalizeOrder(options, validatedDomains); | ||
| }).then(function () { | ||
| return me._getCertificate(); | ||
| }); | ||
| }); | ||
| } | ||
| } | ||
| }; | ||
@@ -436,21 +471,7 @@ return acme2; | ||
| var RSA = require('rsa-compat').RSA; | ||
| var acme2 = create(); | ||
| acme2.getAcmeUrls().then(function (body) { | ||
| console.log(body); | ||
| acme2.getNonce().then(function (nonce) { | ||
| console.log(nonce); | ||
| var options = { | ||
| email: 'coolaj86@gmail.com' | ||
| , keypair: RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/account.privkey.pem') }) | ||
| , certificateKeypair: RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/privkey.pem') }) | ||
| }; | ||
| acme2.registerNewAccount(options).then(function (account) { | ||
| console.log(account); | ||
| acme2.getCertificate(options, function () { | ||
| console.log('got cert'); | ||
| }); | ||
| }); | ||
| }); | ||
| module.exports.ACME = { | ||
| create: create | ||
| }; | ||
| Object.keys(defaults).forEach(function (key) { | ||
| module.exports.ACME[key] = defaults[key]; | ||
| }); |
| { | ||
| "name": "acme-v2", | ||
| "version": "0.0.2", | ||
| "version": "0.6.0", | ||
| "description": "A framework for building letsencrypt clients (and other ACME v2 clients), forked from le-acme-core.js.", | ||
@@ -26,4 +26,4 @@ "main": "node.js", | ||
| "request": "^2.85.0", | ||
| "rsa-compat": "^1.2.7" | ||
| "rsa-compat": "^1.3.0" | ||
| } | ||
| } |
@@ -21,8 +21,62 @@ acme-v2.js | ||
| * Mar 20, 2018 - download certificate | ||
| * Mar 20, 2018 - SUCCESS - got a test certificate (hard-coded) | ||
| * Mar 21, 2018 - can now accept values (not hard coded) | ||
| * Mar 21, 2018 - *mostly* matches le-acme-core.js API | ||
| Todo | ||
| * match api for acme v1 (le-acme-core.js) | ||
| * make not hard-coded | ||
| * completely match api for acme v1 (le-acme-core.js) | ||
| * test http and dns challenges | ||
| * export http and dns challenge tests | ||
| * support ECDSA keys | ||
| ## API | ||
| ``` | ||
| var ACME = require('acme-v2.js').ACME.create({ | ||
| RSA: require('rsa-compat').RSA | ||
| }); | ||
| ``` | ||
| ```javascript | ||
| // Accounts | ||
| ACME.registerNewAccount(options, cb) // returns "regr" registration data | ||
| { email: '<email>' // valid email (server checks MX records) | ||
| , accountKeypair: { // privateKeyPem or privateKeyJwt | ||
| privateKeyPem: '<ASCII PEM>' | ||
| } | ||
| , agreeToTerms: fn (tosUrl, cb) {} // must specify agree=tosUrl to continue (or falsey to end) | ||
| } | ||
| // Registration | ||
| ACME.getCertificate(options, cb) // returns (err, pems={ privkey (key), cert, chain (ca) }) | ||
| { newAuthzUrl: '<url>' // specify acmeUrls.newAuthz | ||
| , newCertUrl: '<url>' // specify acmeUrls.newCert | ||
| , domainKeypair: { | ||
| privateKeyPem: '<ASCII PEM>' | ||
| } | ||
| , accountKeypair: { | ||
| privateKeyPem: '<ASCII PEM>' | ||
| } | ||
| , domains: [ 'example.com' ] | ||
| , setChallenge: fn (hostname, key, val, cb) | ||
| , removeChallenge: fn (hostname, key, cb) | ||
| } | ||
| // Discovery URLs | ||
| ACME.getAcmeUrls(acmeDiscoveryUrl, cb) // returns (err, acmeUrls={newReg,newAuthz,newCert,revokeCert}) | ||
| ``` | ||
| Helpers & Stuff | ||
| ```javascript | ||
| // Constants | ||
| ACME.productionServerUrl // https://acme-v02.api.letsencrypt.org/directory | ||
| ACME.stagingServerUrl // https://acme-staging-v02.api.letsencrypt.org/directory | ||
| ACME.acmeChallengePrefix // /.well-known/acme-challenge/ | ||
| ``` | ||
55
test.js
| 'use strict'; | ||
| var acme2 = require('./'); | ||
| var RSA = require('rsa-compat').RSA; | ||
| var acme2 = require('./').ACME.create({ RSA: RSA }); | ||
| acme2. | ||
| acme2.getAcmeUrls(acme2.stagingServerUrl).then(function (body) { | ||
| console.log(body); | ||
| var options = { | ||
| agreeToTerms: function (tosUrl, agree) { | ||
| agree(null, tosUrl); | ||
| } | ||
| /* | ||
| , setupChallenge: function (opts) { | ||
| console.log('type:'); | ||
| console.log(ch.type); | ||
| console.log('ch.token:'); | ||
| console.log(ch.token); | ||
| console.log('thumbprint:'); | ||
| console.log(thumbprint); | ||
| console.log('keyAuthorization:'); | ||
| console.log(keyAuthorization); | ||
| console.log('dnsAuthorization:'); | ||
| console.log(dnsAuthorization); | ||
| } | ||
| */ | ||
| // teardownChallenge | ||
| , setChallenge: function (hostname, key, val, cb) { | ||
| console.log('[DEBUG] set challenge', hostname, key, val); | ||
| console.log("You have 20 seconds to put the string '" + val + "' into a file at '" + hostname + "/" + key + "'"); | ||
| setTimeout(cb, 20 * 1000); | ||
| } | ||
| , removeChallenge: function (hostname, key, cb) { | ||
| console.log('[DEBUG] remove challenge', hostname, key); | ||
| setTimeout(cb, 1 * 1000); | ||
| } | ||
| , challengeType: 'http-01' | ||
| , email: 'coolaj86@gmail.com' | ||
| , accountKeypair: RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/account.privkey.pem') }) | ||
| , domainKeypair: RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/privkey.pem') }) | ||
| , domains: [ 'test.ppl.family' ] | ||
| }; | ||
| acme2.registerNewAccount(options).then(function (account) { | ||
| console.log('account:'); | ||
| console.log(account); | ||
| acme2.getCertificate(options, function (fullchainPem) { | ||
| console.log('[acme-v2] A fullchain.pem:'); | ||
| console.log(fullchainPem); | ||
| }).then(function (fullchainPem) { | ||
| console.log('[acme-v2] B fullchain.pem:'); | ||
| console.log(fullchainPem); | ||
| }); | ||
| }); | ||
| }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by23.87%
35415
- Number of package files
- increased by9.09%
12
- Lines of code
- increased by15.11%
480
- Number of lines in readme file
- increased by192.86%
82
Dependency changes
Updatedrsa-compat@^1.3.0