@certd/acme-client 1.31.7 → 1.31.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/src/util.js +1 -1
- package/src/verify.js +32 -11
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"description": "Simple and unopinionated ACME client",
|
|
4
4
|
"private": false,
|
|
5
5
|
"author": "nmorsman",
|
|
6
|
-
"version": "1.31.
|
|
6
|
+
"version": "1.31.9",
|
|
7
7
|
"type": "module",
|
|
8
8
|
"module": "scr/index.js",
|
|
9
9
|
"main": "src/index.js",
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
"types"
|
|
19
19
|
],
|
|
20
20
|
"dependencies": {
|
|
21
|
-
"@certd/basic": "^1.31.
|
|
21
|
+
"@certd/basic": "^1.31.9",
|
|
22
22
|
"@peculiar/x509": "^1.11.0",
|
|
23
23
|
"asn1js": "^3.0.5",
|
|
24
24
|
"axios": "^1.7.2",
|
|
@@ -67,5 +67,5 @@
|
|
|
67
67
|
"bugs": {
|
|
68
68
|
"url": "https://github.com/publishlab/node-acme-client/issues"
|
|
69
69
|
},
|
|
70
|
-
"gitHead": "
|
|
70
|
+
"gitHead": "be58e3084bbcd86d9fcd10950aadf542191a6949"
|
|
71
71
|
}
|
package/src/util.js
CHANGED
|
@@ -62,7 +62,7 @@ async function retryPromise(fn, attempts, backoff) {
|
|
|
62
62
|
|
|
63
63
|
log(`Promise rejected: ${e.message}`);
|
|
64
64
|
const duration = backoff.duration();
|
|
65
|
-
log(`attempt #${backoff.attempts}, ${duration}ms 后重试: ${e.message}`);
|
|
65
|
+
log(`Promise rejected attempt #${backoff.attempts}, ${duration}ms 后重试: ${e.message}`);
|
|
66
66
|
|
|
67
67
|
await new Promise((resolve) => { setTimeout(resolve, duration); });
|
|
68
68
|
return retryPromise(fn, attempts, backoff);
|
package/src/verify.js
CHANGED
|
@@ -82,21 +82,40 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
|
|
|
82
82
|
}
|
|
83
83
|
|
|
84
84
|
export async function walkTxtRecord(recordName) {
|
|
85
|
+
|
|
86
|
+
const txtRecords = []
|
|
85
87
|
try {
|
|
86
88
|
/* Default DNS resolver first */
|
|
87
|
-
log('
|
|
89
|
+
log('从本地DNS服务器获取TXT解析记录');
|
|
88
90
|
const res = await walkDnsChallengeRecord(recordName);
|
|
89
91
|
if (res && res.length > 0) {
|
|
90
|
-
|
|
92
|
+
for (const item of res) {
|
|
93
|
+
txtRecords.push(item)
|
|
94
|
+
}
|
|
91
95
|
}
|
|
92
|
-
|
|
96
|
+
|
|
97
|
+
} catch (e) {
|
|
98
|
+
log(`本地获取TXT解析记录失败:${e.message}`)
|
|
93
99
|
}
|
|
94
|
-
|
|
100
|
+
|
|
101
|
+
try{
|
|
95
102
|
/* Authoritative DNS resolver */
|
|
96
|
-
log(
|
|
103
|
+
log(`从域名权威服务器获取TXT解析记录`);
|
|
97
104
|
const authoritativeResolver = await util.getAuthoritativeDnsResolver(recordName);
|
|
98
|
-
|
|
105
|
+
const res = await walkDnsChallengeRecord(recordName, authoritativeResolver);
|
|
106
|
+
if (res && res.length > 0) {
|
|
107
|
+
for (const item of res) {
|
|
108
|
+
txtRecords.push(item)
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
}catch (e) {
|
|
112
|
+
log(`权威服务器获取TXT解析记录失败:${e.message}`)
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
if (txtRecords.length === 0) {
|
|
116
|
+
throw new Error(`没有找到TXT解析记录(${recordName})`);
|
|
99
117
|
}
|
|
118
|
+
return txtRecords;
|
|
100
119
|
}
|
|
101
120
|
|
|
102
121
|
/**
|
|
@@ -113,14 +132,16 @@ export async function walkTxtRecord(recordName) {
|
|
|
113
132
|
|
|
114
133
|
async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
|
|
115
134
|
const recordName = `${prefix}${authz.identifier.value}`;
|
|
116
|
-
log(
|
|
117
|
-
|
|
118
|
-
|
|
135
|
+
log(`本地校验TXT记录): ${recordName}`);
|
|
136
|
+
let recordValues = await walkTxtRecord(recordName);
|
|
137
|
+
//去重
|
|
138
|
+
recordValues = [...new Set(recordValues)];
|
|
139
|
+
log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录`);
|
|
119
140
|
if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
|
|
120
|
-
throw new Error(
|
|
141
|
+
throw new Error(`没有找到需要的DNS TXT记录: ${recordName},期望:${keyAuthorization},结果:${recordValues}`);
|
|
121
142
|
}
|
|
122
143
|
|
|
123
|
-
log(
|
|
144
|
+
log(`关键授权匹配成功(${challenge.type}/${recordName}),校验成功, ACME challenge verified`);
|
|
124
145
|
return true;
|
|
125
146
|
}
|
|
126
147
|
|