@certd/acme-client 1.25.8 → 1.26.0

package/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.25.8",
+    "version": "1.26.0",
     "main": "src/index.js",
     "types": "types/index.d.ts",
     "license": "MIT",
@@ -20,7 +20,7 @@
         "asn1js": "^3.0.5",
         "axios": "^1.7.2",
         "debug": "^4.3.5",
-        "https-proxy-agent": "^7.0.4",
+        "https-proxy-agent": "^7.0.5",
         "node-forge": "^1.3.1"
     },
     "devDependencies": {
@@ -59,5 +59,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "f548fe70117c7b56f40c66a3021e63b6cb264fb3"
+    "gitHead": "46b810822986f7144bb4f67ae5c4a239dbb3691b"
 }

package/src/auto.js

@@ -118,16 +118,16 @@ module.exports = async (client, userOpts) => {
             /* Trigger challengeCreateFn() */
             log(`[auto] [${d}] Trigger challengeCreateFn()`);
             const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
-            let recordItem = null;
+
             try {
-                recordItem = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
+                const { recordReq, recordRes, dnsProvider } = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
                 log(`[auto] [${d}] challengeCreateFn success`);
                 log(`[auto] [${d}] add challengeRemoveFn()`);
                 clearTasks.push(async () => {
                     /* Trigger challengeRemoveFn(), suppress errors */
                     log(`[auto] [${d}] Trigger challengeRemoveFn()`);
                     try {
-                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem);
+                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
                     }
                     catch (e) {
                         log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);

package/src/index.js

@@ -45,3 +45,5 @@ exports.axios = require('./axios');
  */
 
 exports.setLogger = require('./logger').setLogger;
+
+exports.walkTxtRecord = require('./verify').walkTxtRecord;

package/src/verify.js

@@ -66,17 +66,35 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
         log(`Checking name for TXT records: ${recordName}`);
         const txtRecords = await resolver.resolveTxt(recordName);
 
-        if (txtRecords.length) {
+        if (txtRecords && txtRecords.length) {
             log(`Found ${txtRecords.length} TXT records at ${recordName}`);
+            log(`TXT records: ${JSON.stringify(txtRecords)}`);
             return [].concat(...txtRecords);
         }
+        return [];
     }
     catch (e) {
-        log(`No TXT records found for name: ${recordName}`);
+        log(`Resolve TXT records error, ${recordName} :${e.message}`);
+        throw e;
     }
+}
 
-    /* Found nothing */
-    throw new Error(`No TXT records found for name: ${recordName}`);
+async function walkTxtRecord(recordName) {
+    try {
+        /* Default DNS resolver first */
+        log('Attempting to resolve TXT with default DNS resolver first');
+        const res = await walkDnsChallengeRecord(recordName);
+        if (res && res.length > 0) {
+            return res;
+        }
+        throw new Error('No TXT records found');
+    }
+    catch (e) {
+        /* Authoritative DNS resolver */
+        log(`Error using default resolver, attempting to resolve TXT with authoritative NS: ${e.message}`);
+        const authoritativeResolver = await util.getAuthoritativeDnsResolver(recordName);
+        return await walkDnsChallengeRecord(recordName, authoritativeResolver);
+    }
 }
 
 /**
@@ -92,24 +110,10 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
  */
 
 async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
-    let recordValues = [];
     const recordName = `${prefix}${authz.identifier.value}`;
     log(`Resolving DNS TXT from record: ${recordName}`);
-
-    try {
-        /* Default DNS resolver first */
-        log('Attempting to resolve TXT with default DNS resolver first');
-        recordValues = await walkDnsChallengeRecord(recordName);
-    }
-    catch (e) {
-        /* Authoritative DNS resolver */
-        log(`Error using default resolver, attempting to resolve TXT with authoritative NS: ${e.message}`);
-        const authoritativeResolver = await util.getAuthoritativeDnsResolver(recordName);
-        recordValues = await walkDnsChallengeRecord(recordName, authoritativeResolver);
-    }
-
+    const recordValues = await walkTxtRecord(recordName);
     log(`DNS query finished successfully, found ${recordValues.length} TXT records`);
-
     if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
         throw new Error(`Authorization not found in DNS TXT record: ${recordName}，need:${keyAuthorization},found:${recordValues}`);
     }
@@ -153,4 +157,5 @@ module.exports = {
     'http-01': verifyHttpChallenge,
     'dns-01': verifyDnsChallenge,
     'tls-alpn-01': verifyTlsAlpnChallenge,
+    walkTxtRecord,
 };

package/types/index.d.ts

@@ -55,8 +55,8 @@ export interface ClientExternalAccountBindingOptions {
 
 export interface ClientAutoOptions {
     csr: CsrBuffer | CsrString;
-    challengeCreateFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string) => Promise<any>;
-    challengeRemoveFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string, recordRes:any) => Promise<any>;
+    challengeCreateFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string) => Promise<{recordReq:any,recordRes:any,dnsProvider:any}>;
+    challengeRemoveFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string,recordReq:any, recordRes:any,dnsProvider:any) => Promise<any>;
     email?: string;
     termsOfServiceAgreed?: boolean;
     skipChallengeVerification?: boolean;
@@ -197,3 +197,5 @@ export const axios: AxiosInstance;
  */
 
 export function setLogger(fn: (msg: string) => void): void;
+
+export function walkTxtRecord(record: any): Promise<string[]>;