npm - @certd/acme-client - Versions diffs - 0.1.6 → 0.2.0 - Mend

@certd/acme-client 0.1.6 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/src/util.js CHANGED Viewed

@@ -1,172 +1,173 @@
-/**
- * Utility methods
- */
-const Promise = require('bluebird');
-const Backoff = require('backo2');
-const logger = require('./util.log.js');
-const debug = logger.info;
-const forge = require('./crypto/forge');
-/**
- * Retry promise
- *
- * @param {function} fn Function returning promise that should be retried
- * @param {number} attempts Maximum number of attempts
- * @param {Backoff} backoff Backoff instance
- * @returns {Promise}
- */
-async function retryPromise(fn, attempts, backoff) {
-    let aborted = false;
-    try {
-        const data = await fn(() => { aborted = true; });
-        return data;
-    }
-    catch (e) {
-        if (aborted || ((backoff.attempts + 1) >= attempts)) {
-            throw e;
-        }
-        const duration = backoff.duration();
-        logger.info(`Promise rejected attempt #${backoff.attempts}, retrying in ${duration}ms: ${e.message}`);
-        await Promise.delay(duration);
-        return retryPromise(fn, attempts, backoff);
-    }
-}
-/**
- * Retry promise
- *
- * @param {function} fn Function returning promise that should be retried
- * @param {object} [backoffOpts] Backoff options
- * @param {number} [backoffOpts.attempts] Maximum number of attempts, default: `5`
- * @param {number} [backoffOpts.min] Minimum attempt delay in milliseconds, default: `5000`
- * @param {number} [backoffOpts.max] Maximum attempt delay in milliseconds, default: `30000`
- * @returns {Promise}
- */
-function retry(fn, { attempts = 5, min = 5000, max = 30000 } = {}) {
-    const backoff = new Backoff({ min, max });
-    return retryPromise(fn, attempts, backoff);
-}
-/**
- * Escape base64 encoded string
- *
- * @param {string} str Base64 encoded string
- * @returns {string} Escaped string
- */
-function b64escape(str) {
-    return str.replace(/\+/g, '-')
-        .replace(/\//g, '_')
-        .replace(/=/g, '');
-}
-/**
- * Base64 encode and escape buffer or string
- *
- * @param {buffer|string} str Buffer or string to be encoded
- * @returns {string} Escaped base64 encoded string
- */
-function b64encode(str) {
-    const buf = Buffer.isBuffer(str) ? str : Buffer.from(str);
-    return b64escape(buf.toString('base64'));
-}
-/**
- * Parse URLs from link header
- *
- * @param {string} header Link header contents
- * @param {string} rel Link relation, default: `alternate`
- * @returns {array} Array of URLs
- */
-function parseLinkHeader(header, rel = 'alternate') {
-    const relRe = new RegExp(`\\s*rel\\s*=\\s*"?${rel}"?`, 'i');
-    const results = (header || '').split(/,\s*</).map((link) => {
-        const [, linkUrl, linkParts] = link.match(/<?([^>]*)>;(.*)/) || [];
-        return (linkUrl && linkParts && linkParts.match(relRe)) ? linkUrl : null;
-    });
-    return results.filter((r) => r);
-}
-/**
- * Find certificate chain with preferred issuer
- * If issuer can not be located, the first certificate will be returned
- *
- * @param {array} certificates Array of PEM encoded certificate chains
- * @param {string} issuer Preferred certificate issuer
- * @returns {Promise<string>} PEM encoded certificate chain
- */
-async function findCertificateChainForIssuer(chains, issuer) {
-    try {
-        return await Promise.any(chains.map(async (chain) => {
-            /* Look up all issuers */
-            const certs = forge.splitPemChain(chain);
-            const infoCollection = await Promise.map(certs, forge.readCertificateInfo);
-            const issuerCollection = infoCollection.map((i) => i.issuer.commonName);
-            /* Found match, return it */
-            if (issuerCollection.includes(issuer)) {
-                logger.info(`Found matching certificate for preferred issuer="${issuer}", issuers=${JSON.stringify(issuerCollection)}`);
-                return chain;
-            }
-            /* No match, throw error */
-            logger.info(`Unable to match certificate for preferred issuer="${issuer}", issuers=${JSON.stringify(issuerCollection)}`);
-            throw new Error('Certificate issuer mismatch');
-        }));
-    }
-    catch (e) {
-        /* No certificates matched, return default */
-        logger.info(`Found no match in ${chains.length} certificate chains for preferred issuer="${issuer}", returning default certificate chain`);
-        return chains[0];
-    }
-}
-/**
- * Find and format error in response object
- *
- * @param {object} resp HTTP response
- * @returns {string} Error message
- */
-function formatResponseError(resp) {
-    let result;
-    if (resp.data.error) {
-        result = resp.data.error.detail || resp.data.error;
-    }
-    else {
-        result = resp.data.detail || JSON.stringify(resp.data);
-    }
-    return result.replace(/\n/g, '');
-}
-/* Export utils */
-module.exports = {
-    retry,
-    b64escape,
-    b64encode,
-    parseLinkHeader,
-    findCertificateChainForIssuer,
-    formatResponseError
-};
+/**
+ * Utility methods
+ */
+const Promise = require('bluebird');
+const Backoff = require('backo2');
+const logger = require('./util.log.js');
+const debug = logger.info;
+const forge = require('./crypto/forge');
+/**
+ * Retry promise
+ *
+ * @param {function} fn Function returning promise that should be retried
+ * @param {number} attempts Maximum number of attempts
+ * @param {Backoff} backoff Backoff instance
+ * @returns {Promise}
+ */
+async function retryPromise(fn, attempts, backoff) {
+    let aborted = false;
+    try {
+        const data = await fn(() => { aborted = true; });
+        return data;
+    }
+    catch (e) {
+        if (aborted || ((backoff.attempts + 1) >= attempts)) {
+            logger.error(e);
+            throw e;
+        }
+        const duration = backoff.duration();
+        logger.info(`Promise rejected attempt #${backoff.attempts}, retrying in ${duration}ms: ${e.message}`);
+        await Promise.delay(duration);
+        return retryPromise(fn, attempts, backoff);
+    }
+}
+/**
+ * Retry promise
+ *
+ * @param {function} fn Function returning promise that should be retried
+ * @param {object} [backoffOpts] Backoff options
+ * @param {number} [backoffOpts.attempts] Maximum number of attempts, default: `5`
+ * @param {number} [backoffOpts.min] Minimum attempt delay in milliseconds, default: `5000`
+ * @param {number} [backoffOpts.max] Maximum attempt delay in milliseconds, default: `30000`
+ * @returns {Promise}
+ */
+function retry(fn, { attempts = 5, min = 5000, max = 30000 } = {}) {
+    const backoff = new Backoff({ min, max });
+    return retryPromise(fn, attempts, backoff);
+}
+/**
+ * Escape base64 encoded string
+ *
+ * @param {string} str Base64 encoded string
+ * @returns {string} Escaped string
+ */
+function b64escape(str) {
+    return str.replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+}
+/**
+ * Base64 encode and escape buffer or string
+ *
+ * @param {buffer|string} str Buffer or string to be encoded
+ * @returns {string} Escaped base64 encoded string
+ */
+function b64encode(str) {
+    const buf = Buffer.isBuffer(str) ? str : Buffer.from(str);
+    return b64escape(buf.toString('base64'));
+}
+/**
+ * Parse URLs from link header
+ *
+ * @param {string} header Link header contents
+ * @param {string} rel Link relation, default: `alternate`
+ * @returns {array} Array of URLs
+ */
+function parseLinkHeader(header, rel = 'alternate') {
+    const relRe = new RegExp(`\\s*rel\\s*=\\s*"?${rel}"?`, 'i');
+    const results = (header || '').split(/,\s*</).map((link) => {
+        const [, linkUrl, linkParts] = link.match(/<?([^>]*)>;(.*)/) || [];
+        return (linkUrl && linkParts && linkParts.match(relRe)) ? linkUrl : null;
+    });
+    return results.filter((r) => r);
+}
+/**
+ * Find certificate chain with preferred issuer
+ * If issuer can not be located, the first certificate will be returned
+ *
+ * @param {array} certificates Array of PEM encoded certificate chains
+ * @param {string} issuer Preferred certificate issuer
+ * @returns {Promise<string>} PEM encoded certificate chain
+ */
+async function findCertificateChainForIssuer(chains, issuer) {
+    try {
+        return await Promise.any(chains.map(async (chain) => {
+            /* Look up all issuers */
+            const certs = forge.splitPemChain(chain);
+            const infoCollection = await Promise.map(certs, forge.readCertificateInfo);
+            const issuerCollection = infoCollection.map((i) => i.issuer.commonName);
+            /* Found match, return it */
+            if (issuerCollection.includes(issuer)) {
+                logger.info(`Found matching certificate for preferred issuer="${issuer}", issuers=${JSON.stringify(issuerCollection)}`);
+                return chain;
+            }
+            /* No match, throw error */
+            logger.info(`Unable to match certificate for preferred issuer="${issuer}", issuers=${JSON.stringify(issuerCollection)}`);
+            throw new Error('Certificate issuer mismatch');
+        }));
+    }
+    catch (e) {
+        /* No certificates matched, return default */
+        logger.info(`Found no match in ${chains.length} certificate chains for preferred issuer="${issuer}", returning default certificate chain`);
+        return chains[0];
+    }
+}
+/**
+ * Find and format error in response object
+ *
+ * @param {object} resp HTTP response
+ * @returns {string} Error message
+ */
+function formatResponseError(resp) {
+    let result;
+    if (resp.data.error) {
+        result = resp.data.error.detail || resp.data.error;
+    }
+    else {
+        result = resp.data.detail || JSON.stringify(resp.data);
+    }
+    return result.replace(/\n/g, '');
+}
+/* Export utils */
+module.exports = {
+    retry,
+    b64escape,
+    b64encode,
+    parseLinkHeader,
+    findCertificateChainForIssuer,
+    formatResponseError
+};

package/src/util.log.js CHANGED Viewed

@@ -1,8 +1,8 @@
-const log4js = require('log4js');
-log4js.configure({
-    appenders: { std: { type: 'stdout' } },
-    categories: { default: { appenders: ['std'], level: 'info' } }
-});
-const logger = log4js.getLogger('certd');
-module.exports = logger;
+const log4js = require('log4js');
+log4js.configure({
+    appenders: { std: { type: 'stdout' } },
+    categories: { default: { appenders: ['std'], level: 'info' } }
+});
+const logger = log4js.getLogger('certd');
+module.exports = logger;

package/src/verify.js CHANGED Viewed

@@ -1,96 +1,96 @@
-/**
- * ACME challenge verification
- */
-const Promise = require('bluebird');
-const dns = Promise.promisifyAll(require('dns'));
-const logger = require('./util.log.js');
-const debug = logger.info;
-const axios = require('./axios');
-/**
- * Verify ACME HTTP challenge
- *
- * https://tools.ietf.org/html/rfc8555#section-8.3
- *
- * @param {object} authz Identifier authorization
- * @param {object} challenge Authorization challenge
- * @param {string} keyAuthorization Challenge key authorization
- * @param {string} [suffix] URL suffix
- * @returns {Promise<boolean>}
- */
-async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix = `/.well-known/acme-challenge/${challenge.token}`) {
-    const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
-    const challengeUrl = `http://${authz.identifier.value}:${httpPort}${suffix}`;
-    logger.info(`Sending HTTP query to ${authz.identifier.value}, suffix: ${suffix}, port: ${httpPort}`);
-    const resp = await axios.get(challengeUrl);
-    const data = (resp.data || '').replace(/\s+$/, '');
-    logger.info(`Query successful, HTTP status code: ${resp.status}`);
-    if (!data || (data !== keyAuthorization)) {
-        throw new Error(`Authorization not found in HTTP response from ${authz.identifier.value}`);
-    }
-    logger.info(`Key authorization match for ${challenge.type}/${authz.identifier.value}, ACME challenge verified`);
-    return true;
-}
-/**
- * Verify ACME DNS challenge
- *
- * https://tools.ietf.org/html/rfc8555#section-8.4
- *
- * @param {object} authz Identifier authorization
- * @param {object} challenge Authorization challenge
- * @param {string} keyAuthorization Challenge key authorization
- * @param {string} [prefix] DNS prefix
- * @returns {Promise<boolean>}
- */
-async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
-    logger.info(`Resolving DNS TXT records for ${authz.identifier.value}, prefix: ${prefix}`);
-    let challengeRecord = `${prefix}${authz.identifier.value}`;
-    try {
-        /* Attempt CNAME record first */
-        logger.info(`Checking CNAME for record ${challengeRecord}`);
-        const cnameRecords = await dns.resolveCnameAsync(challengeRecord);
-        if (cnameRecords.length) {
-            logger.info(`CNAME found at ${challengeRecord}, new challenge record: ${cnameRecords[0]}`);
-            challengeRecord = cnameRecords[0];
-        }
-    }
-    catch (e) {
-        logger.info(`No CNAME found for record ${challengeRecord}`);
-    }
-    /* Read TXT record */
-    const result = await dns.resolveTxtAsync(challengeRecord);
-    const records = [].concat(...result);
-    logger.info(`Query successful, found ${records.length} DNS TXT records`);
-    if (records.indexOf(keyAuthorization) === -1) {
-        throw new Error(`Authorization not found in DNS TXT records for ${authz.identifier.value}`);
-    }
-    logger.info(`Key authorization match for ${challenge.type}/${authz.identifier.value}, ACME challenge verified`);
-    return true;
-}
-/**
- * Export API
- */
-module.exports = {
-    'http-01': verifyHttpChallenge,
-    'dns-01': verifyDnsChallenge
-};
+/**
+ * ACME challenge verification
+ */
+const Promise = require('bluebird');
+const dns = Promise.promisifyAll(require('dns'));
+const logger = require('./util.log.js');
+const debug = logger.info;
+const axios = require('./axios');
+/**
+ * Verify ACME HTTP challenge
+ *
+ * https://tools.ietf.org/html/rfc8555#section-8.3
+ *
+ * @param {object} authz Identifier authorization
+ * @param {object} challenge Authorization challenge
+ * @param {string} keyAuthorization Challenge key authorization
+ * @param {string} [suffix] URL suffix
+ * @returns {Promise<boolean>}
+ */
+async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix = `/.well-known/acme-challenge/${challenge.token}`) {
+    const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
+    const challengeUrl = `http://${authz.identifier.value}:${httpPort}${suffix}`;
+    logger.info(`Sending HTTP query to ${authz.identifier.value}, suffix: ${suffix}, port: ${httpPort}`);
+    const resp = await axios.get(challengeUrl);
+    const data = (resp.data || '').replace(/\s+$/, '');
+    logger.info(`Query successful, HTTP status code: ${resp.status}`);
+    if (!data || (data !== keyAuthorization)) {
+        throw new Error(`Authorization not found in HTTP response from ${authz.identifier.value}`);
+    }
+    logger.info(`Key authorization match for ${challenge.type}/${authz.identifier.value}, ACME challenge verified`);
+    return true;
+}
+/**
+ * Verify ACME DNS challenge
+ *
+ * https://tools.ietf.org/html/rfc8555#section-8.4
+ *
+ * @param {object} authz Identifier authorization
+ * @param {object} challenge Authorization challenge
+ * @param {string} keyAuthorization Challenge key authorization
+ * @param {string} [prefix] DNS prefix
+ * @returns {Promise<boolean>}
+ */
+async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
+    logger.info(`Resolving DNS TXT records for ${authz.identifier.value}, prefix: ${prefix}`);
+    let challengeRecord = `${prefix}${authz.identifier.value}`;
+    try {
+        /* Attempt CNAME record first */
+        logger.info(`Checking CNAME for record ${challengeRecord}`);
+        const cnameRecords = await dns.resolveCnameAsync(challengeRecord);
+        if (cnameRecords.length) {
+            logger.info(`CNAME found at ${challengeRecord}, new challenge record: ${cnameRecords[0]}`);
+            challengeRecord = cnameRecords[0];
+        }
+    }
+    catch (e) {
+        logger.info(`No CNAME found for record ${challengeRecord}`);
+    }
+    /* Read TXT record */
+    const result = await dns.resolveTxtAsync(challengeRecord);
+    const records = [].concat(...result);
+    logger.info(`Query successful, found ${records.length} DNS TXT records`);
+    if (records.indexOf(keyAuthorization) === -1) {
+        throw new Error(`Authorization not found in DNS TXT records for ${authz.identifier.value}`);
+    }
+    logger.info(`Key authorization match for ${challenge.type}/${authz.identifier.value}, ACME challenge verified`);
+    return true;
+}
+/**
+ * Export API
+ */
+module.exports = {
+    'http-01': verifyHttpChallenge,
+    'dns-01': verifyDnsChallenge
+};