npm - @certd/acme-client - Versions diffs - 1.20.15 → 1.20.16 - Mend

@certd/acme-client 1.20.15 → 1.20.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/src/crypto/forge.js CHANGED Viewed

@@ -13,7 +13,6 @@ const forge = require('node-forge');
 const generateKeyPair = promisify(forge.pki.rsa.generateKeyPair);
 /**
  * Attempt to parse forge object from PEM encoded string
  *
@@ -54,7 +53,6 @@ function forgeObjectFromPem(input) {
     return result;
 }
 /**
  * Parse domain names from a certificate or CSR
  *
@@ -93,11 +91,10 @@ function parseDomains(obj) {
     return {
         commonName,
-        altNames
+        altNames,
     };
 }
 /**
  * Generate a private RSA key
  *
@@ -123,7 +120,6 @@ async function createPrivateKey(size = 2048) {
 exports.createPrivateKey = createPrivateKey;
 /**
  * Create public key from a private RSA key
  *
@@ -136,14 +132,13 @@ exports.createPrivateKey = createPrivateKey;
  * ```
  */
-exports.createPublicKey = async function(key) {
+exports.createPublicKey = async (key) => {
     const privateKey = forge.pki.privateKeyFromPem(key);
     const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e);
     const pemKey = forge.pki.publicKeyToPem(publicKey);
     return Buffer.from(pemKey);
 };
 /**
  * Parse body of PEM encoded object from buffer or string
  * If multiple objects are chained, the first body will be returned
@@ -157,7 +152,6 @@ exports.getPemBody = (str) => {
     return forge.util.encode64(msg.body);
 };
 /**
  * Split chain of PEM encoded objects from buffer or string into array
  *
@@ -167,7 +161,6 @@ exports.getPemBody = (str) => {
 exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
 /**
  * Get modulus
  *
@@ -182,7 +175,7 @@ exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
  * ```
  */
-exports.getModulus = async function(input) {
+exports.getModulus = async (input) => {
     if (!Buffer.isBuffer(input)) {
         input = Buffer.from(input);
     }
@@ -191,7 +184,6 @@ exports.getModulus = async function(input) {
     return Buffer.from(forge.util.hexToBytes(obj.n.toString(16)), 'binary');
 };
 /**
  * Get public exponent
  *
@@ -206,7 +198,7 @@ exports.getModulus = async function(input) {
  * ```
  */
-exports.getPublicExponent = async function(input) {
+exports.getPublicExponent = async (input) => {
     if (!Buffer.isBuffer(input)) {
         input = Buffer.from(input);
     }
@@ -215,7 +207,6 @@ exports.getPublicExponent = async function(input) {
     return Buffer.from(forge.util.hexToBytes(obj.e.toString(16)), 'binary');
 };
 /**
  * Read domains from a Certificate Signing Request
  *
@@ -231,7 +222,7 @@ exports.getPublicExponent = async function(input) {
  * ```
  */
-exports.readCsrDomains = async function(csr) {
+exports.readCsrDomains = async (csr) => {
     if (!Buffer.isBuffer(csr)) {
         csr = Buffer.from(csr);
     }
@@ -240,7 +231,6 @@ exports.readCsrDomains = async function(csr) {
     return parseDomains(obj);
 };
 /**
  * Read information from a certificate
  *
@@ -260,7 +250,7 @@ exports.readCsrDomains = async function(csr) {
  * ```
  */
-exports.readCertificateInfo = async function(cert) {
+exports.readCertificateInfo = async (cert) => {
     if (!Buffer.isBuffer(cert)) {
         cert = Buffer.from(cert);
     }
@@ -270,15 +260,14 @@ exports.readCertificateInfo = async function(cert) {
     return {
         issuer: {
-            commonName: issuerCn ? issuerCn.value : null
+            commonName: issuerCn ? issuerCn.value : null,
         },
         domains: parseDomains(obj),
         notAfter: obj.validity.notAfter,
-        notBefore: obj.validity.notBefore
+        notBefore: obj.validity.notBefore,
     };
 };
 /**
  * Determine ASN.1 type for CSR subject short name
  * Note: https://datatracker.ietf.org/doc/html/rfc5280
@@ -299,7 +288,6 @@ function getCsrValueTagClass(shortName) {
     }
 }
 /**
  * Create array of short names and values for Certificate Signing Request subjects
  *
@@ -319,7 +307,6 @@ function createCsrSubject(subjectObj) {
     }, []);
 }
 /**
  * Create array of alt names for Certificate Signing Requests
  * Note: https://github.com/digitalbazaar/forge/blob/dfdde475677a8a25c851e33e8f81dca60d90cfb9/lib/x509.js#L1444-L1454
@@ -336,7 +323,6 @@ function formatCsrAltNames(altNames) {
     });
 }
 /**
  * Create a Certificate Signing Request
  *
@@ -356,29 +342,30 @@ function formatCsrAltNames(altNames) {
  * @example Create a Certificate Signing Request
  * ```js
  * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
  * ```js
  * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
  *     keySize: 4096,
  *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with additional information
  * ```js
  * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
  *     country: 'US',
  *     state: 'California',
  *     locality: 'Los Angeles',
  *     organization: 'The Company Inc.',
  *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
  * });
  * ```
  *
@@ -387,11 +374,11 @@ function formatCsrAltNames(altNames) {
  * const certificateKey = await acme.forge.createPrivateKey();
  *
  * const [, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * }, certificateKey);
  */
-exports.createCsr = async function(data, key = null) {
+exports.createCsr = async (data, key = null) => {
     if (!key) {
         key = await createPrivateKey(data.keySize);
     }
@@ -423,7 +410,7 @@ exports.createCsr = async function(data, key = null) {
         L: data.locality,
         O: data.organization,
         OU: data.organizationUnit,
-        E: data.emailAddress
+        E: data.emailAddress,
     });
     csr.setSubject(subject);
@@ -434,8 +421,8 @@ exports.createCsr = async function(data, key = null) {
             name: 'extensionRequest',
             extensions: [{
                 name: 'subjectAltName',
-                altNames: formatCsrAltNames(data.altNames)
-            }]
+                altNames: formatCsrAltNames(data.altNames),
+            }],
         }]);
     }

package/src/crypto/index.js CHANGED Viewed

@@ -22,7 +22,6 @@ const subjectAltNameOID = '2.5.29.17';
 /* id-pe-acmeIdentifier - https://datatracker.ietf.org/doc/html/rfc8737#section-6.1 */
 const alpnAcmeIdentifierOID = '1.3.6.1.5.5.7.1.31';
 /**
  * Determine key type and info by attempting to derive public key
  *
@@ -35,7 +34,7 @@ function getKeyInfo(keyPem) {
     const result = {
         isRSA: false,
         isECDSA: false,
-        publicKey: crypto.createPublicKey(keyPem)
+        publicKey: crypto.createPublicKey(keyPem),
     };
     if (result.publicKey.asymmetricKeyType === 'rsa') {
@@ -51,7 +50,6 @@ function getKeyInfo(keyPem) {
     return result;
 }
 /**
  * Generate a private RSA key
  *
@@ -74,8 +72,8 @@ async function createPrivateRsaKey(modulusLength = 2048) {
         modulusLength,
         privateKeyEncoding: {
             type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
     });
     return Buffer.from(pair.privateKey);
@@ -83,7 +81,6 @@ async function createPrivateRsaKey(modulusLength = 2048) {
 exports.createPrivateRsaKey = createPrivateRsaKey;
 /**
  * Alias of `createPrivateRsaKey()`
  *
@@ -92,7 +89,6 @@ exports.createPrivateRsaKey = createPrivateRsaKey;
 exports.createPrivateKey = createPrivateRsaKey;
 /**
  * Generate a private ECDSA key
  *
@@ -115,14 +111,13 @@ exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
         namedCurve,
         privateKeyEncoding: {
             type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
     });
     return Buffer.from(pair.privateKey);
 };
 /**
  * Get a public key derived from a RSA or ECDSA key
  *
@@ -140,13 +135,12 @@ exports.getPublicKey = (keyPem) => {
     const publicKey = info.publicKey.export({
         type: info.isECDSA ? 'spki' : 'pkcs1',
-        format: 'pem'
+        format: 'pem',
     });
     return Buffer.from(publicKey);
 };
 /**
  * Get a JSON Web Key derived from a RSA or ECDSA key
  *
@@ -163,7 +157,7 @@ exports.getPublicKey = (keyPem) => {
 function getJwk(keyPem) {
     const jwk = crypto.createPublicKey(keyPem).export({
-        format: 'jwk'
+        format: 'jwk',
     });
     /* Sort keys */
@@ -175,7 +169,6 @@ function getJwk(keyPem) {
 exports.getJwk = getJwk;
 /**
  * Produce CryptoKeyPair and signing algorithm from a PEM encoded private key
  *
@@ -191,7 +184,7 @@ async function getWebCryptoKeyPair(keyPem) {
     /* Signing algorithm */
     const sigalg = {
         name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
+        hash: { name: 'SHA-256' },
     };
     if (info.isECDSA) {
@@ -215,7 +208,6 @@ async function getWebCryptoKeyPair(keyPem) {
     return [{ privateKey, publicKey }, sigalg];
 }
 /**
  * Split chain of PEM encoded objects from string into array
  *
@@ -235,7 +227,6 @@ function splitPemChain(chainPem) {
 exports.splitPemChain = splitPemChain;
 /**
  * Parse body of PEM encoded object and return a Base64URL string
  * If multiple objects are chained, the first body will be returned
@@ -256,7 +247,6 @@ exports.getPemBodyAsB64u = (pem) => {
     return Buffer.from(dec).toString('base64url');
 };
 /**
  * Parse domains from a certificate or CSR
  *
@@ -277,11 +267,10 @@ function parseDomains(input) {
     return {
         commonName,
-        altNames
+        altNames,
     };
 }
 /**
  * Read domains from a Certificate Signing Request
  *
@@ -307,7 +296,6 @@ exports.readCsrDomains = (csrPem) => {
     return parseDomains(csr);
 };
 /**
  * Read information from a certificate
  * If multiple certificates are chained, the first will be read
@@ -338,15 +326,14 @@ exports.readCertificateInfo = (certPem) => {
     return {
         issuer: {
-            commonName: cert.issuerName.getField('CN').pop() || null
+            commonName: cert.issuerName.getField('CN').pop() || null,
         },
         domains: parseDomains(cert),
         notBefore: cert.notBefore,
-        notAfter: cert.notAfter
+        notAfter: cert.notAfter,
     };
 };
 /**
  * Determine ASN.1 character string type for CSR subject field name
  *
@@ -369,7 +356,6 @@ function getCsrAsn1CharStringType(field) {
     }
 }
 /**
  * Create array of subject fields for a Certificate Signing Request
  *
@@ -391,7 +377,6 @@ function createCsrSubject(input) {
     }, []);
 }
 /**
  * Create x509 subject alternate name extension
  *
@@ -409,7 +394,6 @@ function createSubjectAltNameExtension(altNames) {
     }));
 }
 /**
  * Create a Certificate Signing Request
  *
@@ -429,29 +413,30 @@ function createSubjectAltNameExtension(altNames) {
  * @example Create a Certificate Signing Request
  * ```js
  * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
  * ```js
  * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
  *     keySize: 4096,
  *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
  * });
  * ```
  *
  * @example Certificate Signing Request with additional information
  * ```js
  * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
  *     country: 'US',
  *     state: 'California',
  *     locality: 'Los Angeles',
  *     organization: 'The Company Inc.',
  *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
  * });
  * ```
  *
@@ -460,8 +445,9 @@ function createSubjectAltNameExtension(altNames) {
  * const certificateKey = await acme.crypto.createPrivateEcdsaKey();
  *
  * const [, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
  * }, certificateKey);
+ * ```
  */
 exports.createCsr = async (data, keyPem = null) => {
@@ -489,7 +475,7 @@ exports.createCsr = async (data, keyPem = null) => {
         new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment), // eslint-disable-line no-bitwise
         /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension(data.altNames)
+        createSubjectAltNameExtension(data.altNames),
     ];
     /* Create CSR */
@@ -504,8 +490,8 @@ exports.createCsr = async (data, keyPem = null) => {
             L: data.locality,
             O: data.organization,
             OU: data.organizationUnit,
-            E: data.emailAddress
-        })
+            E: data.emailAddress,
+        }),
     });
     /* Done */
@@ -513,7 +499,6 @@ exports.createCsr = async (data, keyPem = null) => {
     return [keyPem, Buffer.from(pem)];
 };
 /**
  * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
  *
@@ -533,6 +518,7 @@ exports.createCsr = async (data, keyPem = null) => {
  * ```js
  * const alpnKey = await acme.crypto.createPrivateEcdsaKey();
  * const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
+ * ```
  */
 exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) => {
@@ -564,7 +550,7 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
         await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),
         /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension([commonName])
+        createSubjectAltNameExtension([commonName]),
     ];
     /* ALPN extension */
@@ -581,8 +567,8 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
         notBefore: now,
         notAfter: now,
         name: createCsrSubject({
-            CN: commonName
-        })
+            CN: commonName,
+        }),
     });
     /* Done */
@@ -590,7 +576,6 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
     return [keyPem, Buffer.from(pem)];
 };
 /**
  * Validate that a ALPN certificate contains the expected key authorization
  *

package/src/http.js CHANGED Viewed

@@ -40,7 +40,6 @@ class HttpClient {
         this.jwk = null;
     }
     /**
      * HTTP request
      *
@@ -70,7 +69,6 @@ class HttpClient {
         return resp;
     }
     /**
      * Ensure provider directory exists
      *
@@ -95,7 +93,6 @@ class HttpClient {
         }
     }
     /**
      * Get JSON Web Key
      *
@@ -110,7 +107,6 @@ class HttpClient {
         return this.jwk;
     }
     /**
      * Get nonce from directory API endpoint
      *
@@ -130,7 +126,6 @@ class HttpClient {
         return resp.headers['replay-nonce'];
     }
     /**
      * Get URL for a directory resource
      *
@@ -148,7 +143,6 @@ class HttpClient {
         return this.directory[resource];
     }
     /**
      * Get directory meta field
      *
@@ -166,7 +160,6 @@ class HttpClient {
         return null;
     }
     /**
      * Prepare HTTP request body for signature
      *
@@ -199,11 +192,10 @@ class HttpClient {
         /* Body */
         return {
             payload: payload ? Buffer.from(JSON.stringify(payload)).toString('base64url') : '',
-            protected: Buffer.from(JSON.stringify(header)).toString('base64url')
+            protected: Buffer.from(JSON.stringify(header)).toString('base64url'),
         };
     }
     /**
      * Create JWS HTTP request body using HMAC
      *
@@ -226,7 +218,6 @@ class HttpClient {
         return result;
     }
     /**
      * Create JWS HTTP request body using RSA or ECC
      *
@@ -267,13 +258,12 @@ class HttpClient {
         result.signature = signer.sign({
             key: this.accountKey,
             padding: RSA_PKCS1_PADDING,
-            dsaEncoding: 'ieee-p1363'
+            dsaEncoding: 'ieee-p1363',
         }, 'base64url');
         return result;
     }
     /**
      * Signed HTTP request
      *
@@ -309,7 +299,7 @@ class HttpClient {
         const data = this.createSignedBody(url, payload, { nonce, kid });
         const resp = await this.request(url, 'post', { data });
-        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-10#section-6.4 */
+        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/rfc8555#section-6.5 */
         if (resp.data && resp.data.type && (resp.status === 400) && (resp.data.type === 'urn:ietf:params:acme:error:badNonce') && (attempts < this.maxBadNonceRetries)) {
             nonce = resp.headers['replay-nonce'] || null;
             attempts += 1;
@@ -323,6 +313,5 @@ class HttpClient {
     }
 }
 /* Export client */
 module.exports = HttpClient;

package/src/index.js CHANGED Viewed

@@ -4,7 +4,6 @@
 exports.Client = require('./client');
 /**
  * Directory URLs
  */
@@ -12,18 +11,17 @@ exports.Client = require('./client');
 exports.directory = {
     buypass: {
         staging: 'https://api.test4.buypass.no/acme/directory',
-        production: 'https://api.buypass.com/acme/directory'
+        production: 'https://api.buypass.com/acme/directory',
     },
     letsencrypt: {
         staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
-        production: 'https://acme-v02.api.letsencrypt.org/directory'
+        production: 'https://acme-v02.api.letsencrypt.org/directory',
     },
     zerossl: {
-        production: 'https://acme.zerossl.com/v2/DV90'
-    }
+        production: 'https://acme.zerossl.com/v2/DV90',
+    },
 };
 /**
  * Crypto
  */
@@ -31,14 +29,12 @@ exports.directory = {
 exports.crypto = require('./crypto');
 exports.forge = require('./crypto/forge');
 /**
  * Axios
  */
 exports.axios = require('./axios');
 /**
  * Logger
  */

package/src/logger.js CHANGED Viewed

@@ -6,7 +6,6 @@ const debug = require('debug')('acme-client');
 let logger = () => {};
 /**
  * Set logger function
  *
@@ -17,11 +16,10 @@ exports.setLogger = (fn) => {
     logger = fn;
 };
 /**
  * Log message
  *
- * @param {string} Message
+ * @param {string} msg Message
  */
 exports.log = (msg) => {