@certd/acme-client 1.34.0 → 1.34.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +5 -4
- package/src/auto.js +3 -2
- package/src/verify.js +34 -10
- package/types/dist/index.test-d.js +0 -58
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"description": "Simple and unopinionated ACME client",
|
|
4
4
|
"private": false,
|
|
5
5
|
"author": "nmorsman",
|
|
6
|
-
"version": "1.34.
|
|
6
|
+
"version": "1.34.2",
|
|
7
7
|
"type": "module",
|
|
8
8
|
"module": "scr/index.js",
|
|
9
9
|
"main": "src/index.js",
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
"types"
|
|
19
19
|
],
|
|
20
20
|
"dependencies": {
|
|
21
|
-
"@certd/basic": "^1.34.
|
|
21
|
+
"@certd/basic": "^1.34.2",
|
|
22
22
|
"@peculiar/x509": "^1.11.0",
|
|
23
23
|
"asn1js": "^3.0.5",
|
|
24
24
|
"axios": "^1.7.2",
|
|
@@ -51,7 +51,8 @@
|
|
|
51
51
|
"lint": "eslint .",
|
|
52
52
|
"lint-types": "tsd",
|
|
53
53
|
"prepublishOnly": "npm run build-docs",
|
|
54
|
-
"test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\""
|
|
54
|
+
"test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\"",
|
|
55
|
+
"pub": "npm publish"
|
|
55
56
|
},
|
|
56
57
|
"repository": {
|
|
57
58
|
"type": "git",
|
|
@@ -68,5 +69,5 @@
|
|
|
68
69
|
"bugs": {
|
|
69
70
|
"url": "https://github.com/publishlab/node-acme-client/issues"
|
|
70
71
|
},
|
|
71
|
-
"gitHead": "
|
|
72
|
+
"gitHead": "a1e504c1387e9b0554c8d030cb53c5058e7d683a"
|
|
72
73
|
}
|
package/src/auto.js
CHANGED
|
@@ -234,6 +234,7 @@ export default async (client, userOpts) => {
|
|
|
234
234
|
throw new CancelError("用户取消");
|
|
235
235
|
}
|
|
236
236
|
|
|
237
|
+
const waitDnsDiffuseTime = opts.waitDnsDiffuseTime || 30;
|
|
237
238
|
try {
|
|
238
239
|
// eslint-disable-next-line no-await-in-loop
|
|
239
240
|
await runPromisePa(challengePromises);
|
|
@@ -242,8 +243,8 @@ export default async (client, userOpts) => {
|
|
|
242
243
|
await wait(60 * 1000);
|
|
243
244
|
} else {
|
|
244
245
|
await runPromisePa(localVerifyTasks, 1000);
|
|
245
|
-
log(
|
|
246
|
-
await wait(
|
|
246
|
+
log(`本地校验完成,等待${waitDnsDiffuseTime}s`)
|
|
247
|
+
await wait(waitDnsDiffuseTime * 1000)
|
|
247
248
|
}
|
|
248
249
|
|
|
249
250
|
log("开始向提供商请求挑战验证");
|
package/src/verify.js
CHANGED
|
@@ -24,22 +24,46 @@ const dns = dnsSdk.promises
|
|
|
24
24
|
*/
|
|
25
25
|
|
|
26
26
|
async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix = `/.well-known/acme-challenge/${challenge.token}`) {
|
|
27
|
-
const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
|
|
28
|
-
const challengeUrl = `http://${authz.identifier.value}:${httpPort}${suffix}`;
|
|
29
27
|
|
|
30
|
-
|
|
31
|
-
|
|
28
|
+
async function doQuery(challengeUrl){
|
|
29
|
+
log(`正在测试请求 ${challengeUrl} `)
|
|
30
|
+
// const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
|
|
31
|
+
// const challengeUrl = `https://${authz.identifier.value}:${httpsPort}${suffix}`;
|
|
32
|
+
|
|
33
|
+
/* May redirect to HTTPS with invalid/self-signed cert - https://letsencrypt.org/docs/challenge-types/#http-01-challenge */
|
|
34
|
+
const httpsAgent = new https.Agent({ rejectUnauthorized: false });
|
|
35
|
+
|
|
36
|
+
log(`Sending HTTP query to ${authz.identifier.value}, suffix: ${suffix}, port: ${httpPort}`);
|
|
37
|
+
let data = ""
|
|
38
|
+
try{
|
|
39
|
+
const resp = await axios.get(challengeUrl, { httpsAgent });
|
|
40
|
+
data = (resp.data || '').replace(/\s+$/, '');
|
|
41
|
+
}catch (e) {
|
|
42
|
+
log(`[error] HTTP request error from ${authz.identifier.value}`,e.message);
|
|
43
|
+
return false
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
if (!data || (data !== keyAuthorization)) {
|
|
47
|
+
log(`[error] Authorization not found in HTTP response from ${authz.identifier.value}`);
|
|
48
|
+
return false
|
|
49
|
+
}
|
|
50
|
+
return true
|
|
32
51
|
|
|
33
|
-
|
|
34
|
-
const resp = await axios.get(challengeUrl, { httpsAgent });
|
|
35
|
-
const data = (resp.data || '').replace(/\s+$/, '');
|
|
52
|
+
}
|
|
36
53
|
|
|
37
|
-
|
|
54
|
+
const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
|
|
55
|
+
const challengeUrl = `http://${authz.identifier.value}:${httpPort}${suffix}`;
|
|
38
56
|
|
|
39
|
-
if (!
|
|
40
|
-
|
|
57
|
+
if (!await doQuery(challengeUrl)) {
|
|
58
|
+
const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
|
|
59
|
+
const httpsChallengeUrl = `https://${authz.identifier.value}:${httpsPort}${suffix}`;
|
|
60
|
+
const res = await doQuery(httpsChallengeUrl)
|
|
61
|
+
if (!res) {
|
|
62
|
+
throw new Error(`[error] 验证失败,请检查以上测试url是否可以正常访问`);
|
|
63
|
+
}
|
|
41
64
|
}
|
|
42
65
|
|
|
66
|
+
|
|
43
67
|
log(`Key authorization match for ${challenge.type}/${authz.identifier.value}, ACME challenge verified`);
|
|
44
68
|
return true;
|
|
45
69
|
}
|
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* acme-client type definition tests
|
|
3
|
-
*/
|
|
4
|
-
import * as acme from 'acme-client';
|
|
5
|
-
(async () => {
|
|
6
|
-
/* Client */
|
|
7
|
-
const accountKey = await acme.crypto.createPrivateKey();
|
|
8
|
-
const client = new acme.Client({
|
|
9
|
-
accountKey,
|
|
10
|
-
directoryUrl: acme.directory.letsencrypt.staging
|
|
11
|
-
});
|
|
12
|
-
/* Account */
|
|
13
|
-
await client.createAccount({
|
|
14
|
-
termsOfServiceAgreed: true,
|
|
15
|
-
contact: ['mailto:test@example.com']
|
|
16
|
-
});
|
|
17
|
-
/* Order */
|
|
18
|
-
const order = await client.createOrder({
|
|
19
|
-
identifiers: [
|
|
20
|
-
{ type: 'dns', value: 'example.com' },
|
|
21
|
-
{ type: 'dns', value: '*.example.com' },
|
|
22
|
-
]
|
|
23
|
-
});
|
|
24
|
-
await client.getOrder(order);
|
|
25
|
-
/* Authorizations / Challenges */
|
|
26
|
-
const authorizations = await client.getAuthorizations(order);
|
|
27
|
-
const authorization = authorizations[0];
|
|
28
|
-
const challenge = authorization.challenges[0];
|
|
29
|
-
await client.getChallengeKeyAuthorization(challenge);
|
|
30
|
-
await client.verifyChallenge(authorization, challenge);
|
|
31
|
-
await client.completeChallenge(challenge);
|
|
32
|
-
await client.waitForValidStatus(challenge);
|
|
33
|
-
/* Finalize */
|
|
34
|
-
const [certKey, certCsr] = await acme.crypto.createCsr({
|
|
35
|
-
commonName: 'example.com',
|
|
36
|
-
altNames: ['example.com', '*.example.com']
|
|
37
|
-
});
|
|
38
|
-
await client.finalizeOrder(order, certCsr);
|
|
39
|
-
await client.getCertificate(order);
|
|
40
|
-
await client.getCertificate(order, 'DST Root CA X3');
|
|
41
|
-
/* Auto */
|
|
42
|
-
await client.auto({
|
|
43
|
-
csr: certCsr,
|
|
44
|
-
challengeCreateFn: async (authz, challenge, keyAuthorization) => { },
|
|
45
|
-
challengeRemoveFn: async (authz, challenge, keyAuthorization) => { }
|
|
46
|
-
});
|
|
47
|
-
await client.auto({
|
|
48
|
-
csr: certCsr,
|
|
49
|
-
email: 'test@example.com',
|
|
50
|
-
termsOfServiceAgreed: false,
|
|
51
|
-
skipChallengeVerification: false,
|
|
52
|
-
challengePriority: ['http-01', 'dns-01'],
|
|
53
|
-
preferredChain: 'DST Root CA X3',
|
|
54
|
-
challengeCreateFn: async (authz, challenge, keyAuthorization) => { },
|
|
55
|
-
challengeRemoveFn: async (authz, challenge, keyAuthorization) => { }
|
|
56
|
-
});
|
|
57
|
-
})();
|
|
58
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXgudGVzdC1kLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vaW5kZXgudGVzdC1kLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBRUgsT0FBTyxLQUFLLElBQUksTUFBTSxhQUFhLENBQUM7QUFFcEMsQ0FBQyxLQUFLLElBQUksRUFBRTtJQUNSLFlBQVk7SUFDWixNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztJQUV4RCxNQUFNLE1BQU0sR0FBRyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUM7UUFDM0IsVUFBVTtRQUNWLFlBQVksRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxPQUFPO0tBQ25ELENBQUMsQ0FBQztJQUVILGFBQWE7SUFDYixNQUFNLE1BQU0sQ0FBQyxhQUFhLENBQUM7UUFDdkIsb0JBQW9CLEVBQUUsSUFBSTtRQUMxQixPQUFPLEVBQUUsQ0FBQyx5QkFBeUIsQ0FBQztLQUN2QyxDQUFDLENBQUM7SUFFSCxXQUFXO0lBQ1gsTUFBTSxLQUFLLEdBQUcsTUFBTSxNQUFNLENBQUMsV0FBVyxDQUFDO1FBQ25DLFdBQVcsRUFBRTtZQUNULEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxLQUFLLEVBQUUsYUFBYSxFQUFFO1lBQ3JDLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxLQUFLLEVBQUUsZUFBZSxFQUFFO1NBQzFDO0tBQ0osQ0FBQyxDQUFDO0lBRUgsTUFBTSxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBRTdCLGlDQUFpQztJQUNqQyxNQUFNLGNBQWMsR0FBRyxNQUFNLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUM3RCxNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDeEMsTUFBTSxTQUFTLEdBQUcsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUU5QyxNQUFNLE1BQU0sQ0FBQyw0QkFBNEIsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNyRCxNQUFNLE1BQU0sQ0FBQyxlQUFlLENBQUMsYUFBYSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3ZELE1BQU0sTUFBTSxDQUFDLGlCQUFpQixDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzFDLE1BQU0sTUFBTSxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBRTNDLGNBQWM7SUFDZCxNQUFNLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7UUFDbkQsVUFBVSxFQUFFLGFBQWE7UUFDekIsUUFBUSxFQUFFLENBQUMsYUFBYSxFQUFFLGVBQWUsQ0FBQztLQUM3QyxDQUFDLENBQUM7SUFFSCxNQUFNLE1BQU0sQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzNDLE1BQU0sTUFBTSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNuQyxNQUFNLE1BQU0sQ0FBQyxjQUFjLENBQUMsS0FBSyxFQUFFLGdCQUFnQixDQUFDLENBQUM7SUFFckQsVUFBVTtJQUNWLE1BQU0sTUFBTSxDQUFDLElBQUksQ0FBQztRQUNkLEdBQUcsRUFBRSxPQUFPO1FBQ1osaUJBQWlCLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxTQUFTLEVBQUUsZ0JBQWdCLEVBQUUsRUFBRSxHQUFFLENBQUM7UUFDbkUsaUJBQWlCLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxTQUFTLEVBQUUsZ0JBQWdCLEVBQUUsRUFBRSxHQUFFLENBQUM7S0FDdEUsQ0FBQyxDQUFDO0lBRUgsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDO1FBQ2QsR0FBRyxFQUFFLE9BQU87UUFDWixLQUFLLEVBQUUsa0JBQWtCO1FBQ3pCLG9CQUFvQixFQUFFLEtBQUs7UUFDM0IseUJBQXlCLEVBQUUsS0FBSztRQUNoQyxpQkFBaUIsRUFBRSxDQUFDLFNBQVMsRUFBRSxRQUFRLENBQUM7UUFDeEMsY0FBYyxFQUFFLGdCQUFnQjtRQUNoQyxpQkFBaUIsRUFBRSxLQUFLLEVBQUUsS0FBSyxFQUFFLFNBQVMsRUFBRSxnQkFBZ0IsRUFBRSxFQUFFLEdBQUUsQ0FBQztRQUNuRSxpQkFBaUIsRUFBRSxLQUFLLEVBQUUsS0FBSyxFQUFFLFNBQVMsRUFBRSxnQkFBZ0IsRUFBRSxFQUFFLEdBQUUsQ0FBQztLQUN0RSxDQUFDLENBQUM7QUFDUCxDQUFDLENBQUMsRUFBRSxDQUFDIn0=
|