npm - @certd/acme-client - Versions diffs - 1.39.12 → 1.39.13 - Mend

@certd/acme-client 1.39.12 → 1.39.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/api.d.ts +151 -0
package/{src → dist}/api.js +2 -38
package/dist/auto.d.ts +9 -0
package/{src → dist}/auto.js +45 -79
package/dist/axios.d.ts +8 -0
package/{src → dist}/axios.js +3 -31
package/dist/client.d.ts +396 -0
package/{src → dist}/client.js +16 -108
package/dist/crypto/forge.d.ts +174 -0
package/{src → dist}/crypto/forge.js +7 -63
package/dist/crypto/index.d.ts +215 -0
package/{src → dist}/crypto/index.js +2 -87
package/dist/error.d.ts +3 -0
package/{src → dist}/error.js +1 -3
package/dist/http.d.ts +135 -0
package/{src → dist}/http.js +3 -65
package/dist/index.d.ts +58 -0
package/dist/index.js +90 -0
package/dist/logger.d.ts +15 -0
package/{src → dist}/logger.js +4 -9
package/dist/rfc8555.d.ts +106 -0
package/dist/rfc8555.js +25 -0
package/dist/types.d.ts +117 -0
package/dist/types.js +1 -0
package/dist/util.d.ts +85 -0
package/{src → dist}/util.js +11 -78
package/dist/verify.d.ts +14 -0
package/{src → dist}/verify.js +46 -78
package/dist/wait.d.ts +1 -0
package/{src → dist}/wait.js +1 -0
package/package.json +18 -12
package/types/index.d.ts +14 -5
package/types/index.test-d.ts +10 -3
package/src/index.js +0 -106
package/src/logs/app.log +0 -0

package/{src → dist}/client.js RENAMED Viewed

@@ -1,35 +1,30 @@
+// @ts-nocheck
 /**
  * ACME client
  *
  * @namespace Client
  */
 import { createHash } from 'crypto';
-import  { getPemBodyAsB64u } from './crypto/index.js';
+import { getPemBodyAsB64u } from './crypto/index.js';
 import HttpClient from './http.js';
 import AcmeApi from './api.js';
-import {createChallengeFn} from './verify.js';
+import { createChallengeFn } from './verify.js';
 import * as util from './util.js';
 import auto from './auto.js';
 import { CancelError } from './error.js';
 /**
  * ACME states
  *
  * @private
  */
 const validStates = ['ready', 'valid'];
 const pendingStates = ['pending', 'processing'];
 const invalidStates = ['invalid'];
 /**
  * Default options
  *
  * @private
  */
 const defaultOpts = {
     directoryUrl: undefined,
     accountKey: undefined,
@@ -39,7 +34,6 @@ const defaultOpts = {
     backoffMin: 5000,
     backoffMax: 30000,
 };
 /**
  * AcmeClient
  *
@@ -87,33 +81,27 @@ const defaultOpts = {
  * });
  * ```
  */
 class AcmeClient {
-    sslProvider
     constructor(opts) {
         if (!Buffer.isBuffer(opts.accountKey)) {
             opts.accountKey = Buffer.from(opts.accountKey);
         }
         this.sslProvider = opts.sslProvider;
         this.opts = { ...defaultOpts, ...opts };
         this.backoffOpts = {
             attempts: this.opts.backoffAttempts,
             min: this.opts.backoffMin,
             max: this.opts.backoffMax,
         };
-        const cacheNonce = true
+        const cacheNonce = true;
         // const cacheNonce = this.sslProvider === 'litessl';
         this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding, this.opts.urlMapping, opts.logger, cacheNonce);
         this.api = new AcmeApi(this.http, this.opts.accountUrl);
         this.logger = opts.logger;
     }
     log(...args) {
         this.logger.info(...args);
     }
     /**
      * Get Terms of Service URL if available
      *
@@ -128,11 +116,9 @@ class AcmeClient {
      * }
      * ```
      */
     getTermsOfServiceUrl() {
         return this.api.getTermsOfServiceUrl();
     }
     /**
      * Get current account URL
      *
@@ -149,11 +135,9 @@ class AcmeClient {
      * }
      * ```
      */
     getAccountUrl() {
         return this.api.getAccountUrl();
     }
     /**
      * Create a new account
      *
@@ -177,28 +161,23 @@ class AcmeClient {
      * });
      * ```
      */
     async createAccount(data = {}) {
         try {
             this.getAccountUrl();
             /* Account URL exists */
             this.log('Account URL exists, returning updateAccount()');
             return this.updateAccount(data);
         }
         catch (e) {
             const resp = await this.api.createAccount(data);
             /* HTTP 200: Account exists */
             if (resp.status === 200) {
                 this.log('Account already exists (HTTP 200), returning updateAccount()');
                 return this.updateAccount(data);
             }
             return resp.data;
         }
     }
     /**
      * Update existing account
      *
@@ -214,7 +193,6 @@ class AcmeClient {
      * });
      * ```
      */
     async updateAccount(data = {}) {
         try {
             this.api.getAccountUrl();
@@ -223,21 +201,17 @@ class AcmeClient {
             this.log('No account URL found, returning createAccount()');
             return this.createAccount(data);
         }
         /* Remove data only applicable to createAccount() */
         if ('onlyReturnExisting' in data) {
             delete data.onlyReturnExisting;
         }
         /* POST-as-GET */
         if (Object.keys(data).length === 0) {
             data = null;
         }
         const resp = await this.api.updateAccount(data);
         return resp.data;
     }
     /**
      * Update account private key
      *
@@ -253,36 +227,27 @@ class AcmeClient {
      * const result = await client.updateAccountKey(newAccountKey);
      * ```
      */
     async updateAccountKey(newAccountKey, data = {}) {
         if (!Buffer.isBuffer(newAccountKey)) {
             newAccountKey = Buffer.from(newAccountKey);
         }
         const accountUrl = this.api.getAccountUrl();
         /* Create new HTTP and API clients using new key */
         const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey, this.opts.externalAccountBinding);
         const newApiClient = new AcmeApi(newHttpClient, accountUrl);
         /* Get old JWK */
         data.account = accountUrl;
         data.oldKey = this.http.getJwk();
         /* Get signed request body from new client */
         const url = await newHttpClient.getResourceUrl('keyChange');
         const body = newHttpClient.createSignedBody(url, data);
         /* Change key using old client */
         const resp = await this.api.updateAccountKey(body);
         /* Replace existing HTTP and API client */
         this.http = newHttpClient;
         this.api = newApiClient;
         return resp.data;
     }
     /**
      * Create a new order
      *
@@ -301,20 +266,15 @@ class AcmeClient {
      * });
      * ```
      */
     async createOrder(data) {
         const resp = await this.api.createOrder(data);
         if (!resp.headers.location) {
             throw new Error('Creating a new order did not return an order link');
         }
         /* Add URL to response */
         resp.data.url = this.api.getLocationFromHeader(resp);
         return resp.data;
     }
     /**
      * Refresh order object from CA
      *
@@ -329,19 +289,15 @@ class AcmeClient {
      * const result = await client.getOrder(order);
      * ```
      */
     async getOrder(order) {
         if (!order.url) {
             throw new Error('Unable to get order, URL not found');
         }
         const resp = await this.api.getOrder(order.url);
         /* Add URL to response */
         resp.data.url = order.url;
         return resp.data;
     }
     /**
      * Finalize order
      *
@@ -358,24 +314,19 @@ class AcmeClient {
      * const result = await client.finalizeOrder(order, csr);
      * ```
      */
     async finalizeOrder(order, csr) {
         if (!order.finalize) {
             throw new Error('Unable to finalize order, URL not found');
         }
         if (!Buffer.isBuffer(csr)) {
             csr = Buffer.from(csr);
         }
         const data = { csr: getPemBodyAsB64u(csr) };
         const resp = await this.api.finalizeOrder(order.finalize, data);
         /* Add URL to response */
         resp.data.url = order.url;
         return resp.data;
     }
     /**
      * Get identifier authorizations from order
      *
@@ -394,17 +345,14 @@ class AcmeClient {
      * });
      * ```
      */
     async getAuthorizations(order) {
         return Promise.all((order.authorizations || []).map(async (url) => {
             const resp = await this.api.getAuthorization(url);
             /* Add URL to response */
             resp.data.url = url;
             return resp.data;
         }));
     }
     /**
      * Deactivate identifier authorization
      *
@@ -419,20 +367,16 @@ class AcmeClient {
      * const result = await client.deactivateAuthorization(authz);
      * ```
      */
     async deactivateAuthorization(authz) {
         if (!authz.url) {
             throw new Error('Unable to deactivate identifier authorization, URL not found');
         }
         const data = { status: 'deactivated' };
         const resp = await this.api.updateAuthorization(authz.url, data);
         /* Add URL to response */
         resp.data.url = authz.url;
         return resp.data;
     }
     /**
      * Get key authorization for ACME challenge
      *
@@ -449,31 +393,25 @@ class AcmeClient {
      * // Write key somewhere to satisfy challenge
      * ```
      */
     async getChallengeKeyAuthorization(challenge) {
         const jwk = this.http.getJwk();
         const keysum = createHash('sha256').update(JSON.stringify(jwk));
         const thumbprint = keysum.digest('base64url');
         const result = `${challenge.token}.${thumbprint}`;
         /* https://datatracker.ietf.org/doc/html/rfc8555#section-8.3 */
         if (challenge.type === 'http-01') {
             return result;
         }
         /* https://datatracker.ietf.org/doc/html/rfc8555#section-8.4 */
         if (challenge.type === 'dns-01') {
             return createHash('sha256').update(result).digest('base64url');
         }
         /* https://datatracker.ietf.org/doc/html/rfc8737 */
         if (challenge.type === 'tls-alpn-01') {
             return result;
         }
         throw new Error(`Unable to produce key authorization, unknown challenge type: ${challenge.type}`);
     }
     /**
      * Verify that ACME challenge is satisfied
      *
@@ -488,21 +426,16 @@ class AcmeClient {
      * await client.verifyChallenge(authz, challenge);
      * ```
      */
     async verifyChallenge(authz, challenge) {
         if (!authz.url || !challenge.url) {
             throw new Error('Unable to verify ACME challenge, URL not found');
         }
-        const {challenges} = createChallengeFn({logger:this.logger,walkFromAuthoritative: this.opts.walkFromAuthoritative});
-        const verify = challenges
+        const { challenges } = createChallengeFn({ logger: this.logger, walkFromAuthoritative: this.opts.walkFromAuthoritative });
+        const verify = challenges;
         if (typeof verify[challenge.type] === 'undefined') {
             throw new Error(`Unable to verify ACME challenge, unknown type: ${challenge.type}`);
         }
         const keyAuthorization = await this.getChallengeKeyAuthorization(challenge);
         const verifyFn = async (abort) => {
             if (this.opts.signal && this.opts.signal.aborted) {
                 abort();
@@ -510,16 +443,12 @@ class AcmeClient {
             }
             await verify[challenge.type](authz, challenge, keyAuthorization);
         };
         this.log('Waiting for ACME challenge verification（等待ACME检查验证）');
-        const log = (...args)=>{
-            this.logger.info(...args)
-        }
-        return util.retry(verifyFn, this.backoffOpts,log);
+        const log = (...args) => {
+            this.logger.info(...args);
+        };
+        return util.retry(verifyFn, this.backoffOpts, log);
     }
     /**
      * Notify CA that challenge has been completed
      *
@@ -534,7 +463,6 @@ class AcmeClient {
      * const result = await client.completeChallenge(challenge);
      * ```
      */
     async completeChallenge(challenge) {
         if (this.opts.signal && this.opts.signal.aborted) {
             throw new CancelError('用户取消');
@@ -542,7 +470,6 @@ class AcmeClient {
         const resp = await this.api.completeChallenge(challenge.url, {});
         return resp.data;
     }
     /**
      * Wait for ACME provider to verify status on a order, authorization or challenge
      *
@@ -569,23 +496,18 @@ class AcmeClient {
      * await client.waitForValidStatus(order);
      * ```
      */
-    async waitForValidStatus(item,d) {
+    async waitForValidStatus(item, d) {
         if (!item.url) {
             throw new Error(`[${d}] Unable to verify status of item, URL not found`);
         }
         const verifyFn = async (abort) => {
             if (this.opts.signal && this.opts.signal.aborted) {
                 abort(true);
                 throw new CancelError('用户取消');
             }
             const resp = await this.api.apiRequest(item.url, null, [200]);
             /* Verify status */
             this.log(`[${d}] Item has status（检查状态）: ${resp.data.status}`);
             if (invalidStates.includes(resp.data.status)) {
                 abort();
                 this.log(`[${d}] : 检查状态 = ${resp.data.status} ： ${JSON.stringify(resp.data)}`);
@@ -597,17 +519,14 @@ class AcmeClient {
             else if (validStates.includes(resp.data.status)) {
                 return resp.data;
             }
             throw new Error(`[${d}] Unexpected item status: ${resp.data.status}`);
         };
         this.log(`[${d}] Waiting for valid status （等待valid状态）: ${item.url}`, JSON.stringify(this.backoffOpts));
-        const log = (...args)=>{
-            this.logger.info(...args)
-        }
-        return util.retry(verifyFn, this.backoffOpts,log);
+        const log = (...args) => {
+            this.logger.info(...args);
+        };
+        return util.retry(verifyFn, this.backoffOpts, log);
     }
     /**
      * Get certificate from ACME order
      *
@@ -629,31 +548,24 @@ class AcmeClient {
      * const certificate = await client.getCertificate(order, 'DST Root CA X3');
      * ```
      */
     async getCertificate(order, preferredChain = null) {
         if (!validStates.includes(order.status)) {
             order = await this.waitForValidStatus(order);
         }
         if (!order.certificate) {
             throw new Error('Unable to download certificate, URL not found');
         }
         const resp = await this.api.apiRequest(order.certificate, null, [200]);
         /* Handle alternate certificate chains */
         if (preferredChain && resp.headers.link) {
             const alternateLinks = util.parseLinkHeader(resp.headers.link);
             const alternates = await Promise.all(alternateLinks.map(async (link) => this.api.apiRequest(link, null, [200])));
             const certificates = [resp].concat(alternates).map((c) => c.data);
             return util.findCertificateChainForIssuer(certificates, preferredChain);
         }
         /* Return default certificate chain */
         return resp.data;
     }
     /**
      * Revoke certificate
      *
@@ -677,13 +589,11 @@ class AcmeClient {
      * });
      * ```
      */
     async revokeCertificate(cert, data = {}) {
         data.certificate = getPemBodyAsB64u(cert);
         const resp = await this.api.revokeCert(data);
         return resp.data;
     }
     /**
      * Auto mode
      *
@@ -733,11 +643,9 @@ class AcmeClient {
      * });
      * ```
      */
     auto(opts) {
         return auto(this, opts);
     }
 }
 /* Export client */
-export default  AcmeClient;
+export default AcmeClient;

package/dist/crypto/forge.d.ts ADDED Viewed

@@ -0,0 +1,174 @@
+/**
+ * Generate a private RSA key
+ *
+ * @param {number} [size] Size of the key, default: `2048`
+ * @returns {Promise<buffer>} PEM encoded private RSA key
+ *
+ * @example Generate private RSA key
+ * ```js
+ * const privateKey = await acme.forge.createPrivateKey();
+ * ```
+ *
+ * @example Private RSA key with defined size
+ * ```js
+ * const privateKey = await acme.forge.createPrivateKey(4096);
+ * ```
+ */
+export declare function createPrivateKey(size?: number): Promise<Buffer>;
+/**
+ * Create public key from a private RSA key
+ *
+ * @param {buffer|string} key PEM encoded private RSA key
+ * @returns {Promise<buffer>} PEM encoded public RSA key
+ *
+ * @example Create public key
+ * ```js
+ * const publicKey = await acme.forge.createPublicKey(privateKey);
+ * ```
+ */
+export declare const createPublicKey: (key: any) => Promise<Buffer>;
+/**
+ * Parse body of PEM encoded object from buffer or string
+ * If multiple objects are chained, the first body will be returned
+ *
+ * @param {buffer|string} str PEM encoded buffer or string
+ * @returns {string} PEM body
+ */
+export declare const getPemBody: (str: any) => any;
+/**
+ * Split chain of PEM encoded objects from buffer or string into array
+ *
+ * @param {buffer|string} str PEM encoded buffer or string
+ * @returns {string[]} Array of PEM bodies
+ */
+export declare const splitPemChain: (str: any) => any;
+/**
+ * Get modulus
+ *
+ * @param {buffer|string} input PEM encoded private key, certificate or CSR
+ * @returns {Promise<buffer>} Modulus
+ *
+ * @example Get modulus
+ * ```js
+ * const m1 = await acme.forge.getModulus(privateKey);
+ * const m2 = await acme.forge.getModulus(certificate);
+ * const m3 = await acme.forge.getModulus(certificateRequest);
+ * ```
+ */
+export declare const getModulus: (input: any) => Promise<Buffer>;
+/**
+ * Get public exponent
+ *
+ * @param {buffer|string} input PEM encoded private key, certificate or CSR
+ * @returns {Promise<buffer>} Exponent
+ *
+ * @example Get public exponent
+ * ```js
+ * const e1 = await acme.forge.getPublicExponent(privateKey);
+ * const e2 = await acme.forge.getPublicExponent(certificate);
+ * const e3 = await acme.forge.getPublicExponent(certificateRequest);
+ * ```
+ */
+export declare const getPublicExponent: (input: any) => Promise<Buffer>;
+/**
+ * Read domains from a Certificate Signing Request
+ *
+ * @param {buffer|string} csr PEM encoded Certificate Signing Request
+ * @returns {Promise<object>} {commonName, altNames}
+ *
+ * @example Read Certificate Signing Request domains
+ * ```js
+ * const { commonName, altNames } = await acme.forge.readCsrDomains(certificateRequest);
+ *
+ * console.log(`Common name: ${commonName}`);
+ * console.log(`Alt names: ${altNames.join(', ')}`);
+ * ```
+ */
+export declare const readCsrDomains: (csr: any) => Promise<{
+    commonName: any;
+    altNames: any[];
+}>;
+/**
+ * Read information from a certificate
+ *
+ * @param {buffer|string} cert PEM encoded certificate
+ * @returns {Promise<object>} Certificate info
+ *
+ * @example Read certificate information
+ * ```js
+ * const info = await acme.forge.readCertificateInfo(certificate);
+ * const { commonName, altNames } = info.domains;
+ *
+ * console.log(`Not after: ${info.notAfter}`);
+ * console.log(`Not before: ${info.notBefore}`);
+ *
+ * console.log(`Common name: ${commonName}`);
+ * console.log(`Alt names: ${altNames.join(', ')}`);
+ * ```
+ */
+export declare const readCertificateInfo: (cert: any) => Promise<{
+    issuer: {
+        commonName: any;
+    };
+    domains: {
+        commonName: any;
+        altNames: any[];
+    };
+    notAfter: any;
+    notBefore: any;
+}>;
+/**
+ * Create a Certificate Signing Request
+ *
+ * @param {object} data
+ * @param {number} [data.keySize] Size of newly created private key, default: `2048`
+ * @param {string} [data.commonName]
+ * @param {string[]} [data.altNames] default: `[]`
+ * @param {string} [data.country]
+ * @param {string} [data.state]
+ * @param {string} [data.locality]
+ * @param {string} [data.organization]
+ * @param {string} [data.organizationUnit]
+ * @param {string} [data.emailAddress]
+ * @param {buffer|string} [key] CSR private key
+ * @returns {Promise<buffer[]>} [privateKey, certificateSigningRequest]
+ *
+ * @example Create a Certificate Signing Request
+ * ```js
+ * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
+ *     altNames: ['test.example.com'],
+ * });
+ * ```
+ *
+ * @example Certificate Signing Request with both common and alternative names
+ * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
+ * ```js
+ * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
+ *     keySize: 4096,
+ *     commonName: 'test.example.com',
+ *     altNames: ['foo.example.com', 'bar.example.com'],
+ * });
+ * ```
+ *
+ * @example Certificate Signing Request with additional information
+ * ```js
+ * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
+ *     altNames: ['test.example.com'],
+ *     country: 'US',
+ *     state: 'California',
+ *     locality: 'Los Angeles',
+ *     organization: 'The Company Inc.',
+ *     organizationUnit: 'IT Department',
+ *     emailAddress: 'contact@example.com',
+ * });
+ * ```
+ *
+ * @example Certificate Signing Request with predefined private key
+ * ```js
+ * const certificateKey = await acme.forge.createPrivateKey();
+ *
+ * const [, certificateRequest] = await acme.forge.createCsr({
+ *     altNames: ['test.example.com'],
+ * }, certificateKey);
+ */
+export declare const createCsr: (data: any, keyType?: any) => Promise<any[]>;