@certd/acme-client 1.39.12 → 1.39.13

package/{src → dist}/verify.js

@@ -1,28 +1,24 @@
+// @ts-nocheck
 /**
  * ACME challenge verification
  */
-
-import dnsSdk from "dns"
-import https from 'https'
-import { log as defaultLog } from './logger.js'
-import axios from './axios.js'
-import * as util from './util.js'
-import { isAlpnCertificateAuthorizationValid } from './crypto/index.js'
-import { utils } from '@certd/basic'
-
-const dns = dnsSdk.promises
-
-let walkFromAuthoritative = true
+import dnsSdk from "dns";
+import https from 'https';
+import { log as defaultLog } from './logger.js';
+import axios from './axios.js';
+import * as util from './util.js';
+import { isAlpnCertificateAuthorizationValid } from './crypto/index.js';
+import { utils } from '@certd/basic';
+const dns = dnsSdk.promises;
+let walkFromAuthoritative = true;
 export function setWalkFromAuthoritative(value = true) {
-    walkFromAuthoritative = value
+    walkFromAuthoritative = value;
 }
-
 export function createChallengeFn(opts = {}) {
-    const logger = opts?.logger || { info: defaultLog, error: defaultLog, warn: defaultLog, debug: defaultLog }
-
+    const logger = opts?.logger || { info: defaultLog, error: defaultLog, warn: defaultLog, debug: defaultLog };
     const log = function (...args) {
-        logger.info(...args)
-    }
+        logger.info(...args);
+    };
     /**
  * Verify ACME HTTP challenge
  *
@@ -34,65 +30,52 @@ export function createChallengeFn(opts = {}) {
  * @param {string} [suffix] URL suffix
  * @returns {Promise<boolean>}
  */
-
     async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix = `/.well-known/acme-challenge/${challenge.token}`) {
-
         async function doQuery(challengeUrl) {
-            log(`正在测试请求 ${challengeUrl} `)
+            log(`正在测试请求 ${challengeUrl} `);
             // const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
             // const challengeUrl = `https://${authz.identifier.value}:${httpsPort}${suffix}`;
-
             /* May redirect to HTTPS with invalid/self-signed cert - https://letsencrypt.org/docs/challenge-types/#http-01-challenge */
             const httpsAgent = new https.Agent({ rejectUnauthorized: false });
-
             log(`Sending HTTP query to ${authz.identifier.value}, suffix: ${suffix}, port: ${httpPort}`);
-            let data = ""
+            let data = "";
             try {
                 const resp = await axios.get(challengeUrl, { httpsAgent });
                 data = (resp.data || '').replace(/\s+$/, '');
-            } catch (e) {
+            }
+            catch (e) {
                 log(`[error] HTTP request error from ${authz.identifier.value}`, e.message);
-                return false
+                return false;
             }
-
             if (!data || (data !== keyAuthorization)) {
                 log(`[error] Authorization not found in HTTP response from ${authz.identifier.value}`);
-                return false
+                return false;
             }
-            return true
-
+            return true;
         }
-
         const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
         let host = authz.identifier.value;
         if (utils.domain.isIpv6(host)) {
             host = `[${host}]`;
         }
         const challengeUrl = `http://${host}:${httpPort}${suffix}`;
-
         if (!await doQuery(challengeUrl)) {
             const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
             const httpsChallengeUrl = `https://${host}:${httpsPort}${suffix}`;
-            const res = await doQuery(httpsChallengeUrl)
+            const res = await doQuery(httpsChallengeUrl);
             if (!res) {
                 throw new Error(`[error] 验证失败，请检查以上测试url是否可以正常访问`);
             }
         }
-
-
         log(`Key authorization match for ${challenge.type}/${authz.identifier.value}, ACME challenge verified`);
         return true;
     }
-
     /**
      * Walk DNS until TXT records are found
      */
-
     async function walkDnsChallengeRecord(recordName, resolver = dns, deep = 0) {
-
         let records = [];
-
-        const isAuthoritative = resolver === dns
+        const isAuthoritative = resolver === dns;
         /* Resolve TXT records */
         try {
             log(`检查域名 ${recordName} 的TXT记录(from ${isAuthoritative ? '本地DNS' : '权威DNS服务器'})`);
@@ -102,15 +85,14 @@ export function createChallengeFn(opts = {}) {
                 log(`TXT records: ${JSON.stringify(txtRecords)}`);
                 records = records.concat(...txtRecords);
             }
-        } catch (e) {
+        }
+        catch (e) {
             log(`解析 TXT 记录出错, ${recordName} :${e.message}`);
         }
-
         /* Resolve CNAME record first */
         try {
             log(`检查是否存在CNAME映射: ${recordName}`);
             const cnameRecords = await resolver.resolveCname(recordName);
-
             if (cnameRecords.length) {
                 const cnameRecord = cnameRecords[0];
                 log(`已找到${recordName}的CNAME记录，将检查: ${cnameRecord}`);
@@ -119,37 +101,36 @@ export function createChallengeFn(opts = {}) {
                     log(`从CNAME中找到TXT记录: ${JSON.stringify(res)}`);
                     records = records.concat(...res);
                 }
-            } else {
+            }
+            else {
                 log(`没有CNAME映射（${recordName}）`);
             }
-        } catch (e) {
+        }
+        catch (e) {
             log(`检查CNAME出错（${recordName}） :${e.message}`);
         }
-        return records
+        return records;
     }
-
     async function walkTxtRecord(recordName, deep = 0) {
         if (deep > 5) {
-            log(`walkTxtRecord too deep (#${deep}) , skip walk`)
-            return []
+            log(`walkTxtRecord too deep (#${deep}) , skip walk`);
+            return [];
         }
-
-        const txtRecords = []
+        const txtRecords = [];
         try {
             /* Default DNS resolver first */
             log('从本地DNS服务器获取TXT解析记录');
             const res = await walkDnsChallengeRecord(recordName, dns, deep);
             if (res && res.length > 0) {
                 for (const item of res) {
-                    txtRecords.push(item)
+                    txtRecords.push(item);
                 }
             }
-
-        } catch (e) {
-            log(`本地获取TXT解析记录失败:${e.message}`)
         }
-
-        if (walkFromAuthoritative !==false) {
+        catch (e) {
+            log(`本地获取TXT解析记录失败:${e.message}`);
+        }
+        if (walkFromAuthoritative !== false) {
             try {
                 /* Authoritative DNS resolver */
                 log(`从域名权威服务器获取TXT解析记录`);
@@ -157,23 +138,22 @@ export function createChallengeFn(opts = {}) {
                 const res = await walkDnsChallengeRecord(recordName, authoritativeResolver, deep);
                 if (res && res.length > 0) {
                     for (const item of res) {
-                        txtRecords.push(item)
+                        txtRecords.push(item);
                     }
                 }
-            } catch (e) {
-                log(`权威服务器获取TXT解析记录失败:${e.message}`)
             }
-        }else{
+            catch (e) {
+                log(`权威服务器获取TXT解析记录失败:${e.message}`);
+            }
+        }
+        else {
             log(`跳过从权威服务器获取TXT解析记录`);
         }
-
-
         if (txtRecords.length === 0) {
             throw new Error(`没有找到TXT解析记录（${recordName}）`);
         }
         return txtRecords;
     }
-
     /**
      * Verify ACME DNS challenge
      *
@@ -185,7 +165,6 @@ export function createChallengeFn(opts = {}) {
      * @param {string} [prefix] DNS prefix
      * @returns {Promise<boolean>}
      */
-
     async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '_acme-challenge.') {
         const recordName = `${prefix}${authz.identifier.value}`;
         log(`本地校验TXT记录）: ${recordName}`);
@@ -194,14 +173,12 @@ export function createChallengeFn(opts = {}) {
         recordValues = [...new Set(recordValues)];
         log(`DNS查询成功, 找到 ${recordValues.length} 条TXT记录：${recordValues}`);
         if (!recordValues.length || !recordValues.includes(keyAuthorization)) {
-            const err = `没有找到需要的DNS TXT记录: ${recordName}，期望:${keyAuthorization},结果:${recordValues}`
+            const err = `没有找到需要的DNS TXT记录: ${recordName}，期望:${keyAuthorization},结果:${recordValues}`;
             throw new Error(err);
         }
-
         log(`关键授权匹配成功（${challenge.type}/${recordName}）:${keyAuthorization}，校验成功， ACME challenge verified`);
         return true;
     }
-
     /**
      * Verify ACME TLS ALPN challenge
      *
@@ -212,23 +189,18 @@ export function createChallengeFn(opts = {}) {
      * @param {string} keyAuthorization Challenge key authorization
      * @returns {Promise<boolean>}
      */
-
     async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
         const tlsAlpnPort = axios.defaults.acmeSettings.tlsAlpnChallengePort || 443;
         const host = authz.identifier.value;
         log(`Establishing TLS connection with host: ${host}:${tlsAlpnPort}`);
-
         const certificate = await util.retrieveTlsAlpnCertificate(host, tlsAlpnPort);
         log('Certificate received from server successfully, matching key authorization in ALPN');
-
         if (!isAlpnCertificateAuthorizationValid(certificate, keyAuthorization)) {
             throw new Error(`Authorization not found in certificate from ${authz.identifier.value}`);
         }
-
         log(`Key authorization match for ${challenge.type}/${authz.identifier.value}, ACME challenge verified`);
         return true;
     }
-
     return {
         challenges: {
             'http-01': verifyHttpChallenge,
@@ -237,10 +209,6 @@ export function createChallengeFn(opts = {}) {
         },
         walkTxtRecord,
         walkDnsChallengeRecord,
-    }
-
+    };
 }
-
-
-
 // createChallengeFn({logger:{info:console.log}}).walkDnsChallengeRecord("handsfree.work")

package/dist/wait.d.ts

@@ -0,0 +1 @@
+export declare function wait(ms: any): Promise<unknown>;

package/{src → dist}/wait.js

@@ -1,3 +1,4 @@
+// @ts-nocheck
 export async function wait(ms) {
     return new Promise((resolve) => {
         setTimeout(resolve, ms);

package/package.json

@@ -3,22 +3,22 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.39.12",
+    "version": "1.39.13",
     "type": "module",
-    "module": "scr/index.js",
-    "main": "src/index.js",
-    "types": "types/index.d.ts",
+    "module": "./dist/index.js",
+    "main": "./dist/index.js",
+    "types": "./dist/index.d.ts",
     "license": "MIT",
     "homepage": "https://github.com/publishlab/node-acme-client",
     "engines": {
         "node": ">= 18"
     },
     "files": [
-        "src",
+        "dist",
         "types"
     ],
     "dependencies": {
-        "@certd/basic": "^1.39.12",
+        "@certd/basic": "^1.39.13",
         "@peculiar/x509": "^1.11.0",
         "asn1js": "^3.0.5",
         "axios": "^1.9.0",
@@ -35,10 +35,12 @@
         "@typescript-eslint/parser": "^8.26.1",
         "chai": "^4.4.1",
         "chai-as-promised": "^7.1.2",
+        "cross-env": "^7.0.3",
         "eslint": "^8.57.0",
         "eslint-config-prettier": "^8.5.0",
         "eslint-plugin-import": "^2.29.1",
         "eslint-plugin-prettier": "^4.2.1",
+        "esmock": "^2.7.5",
         "jsdoc-to-markdown": "^8.0.1",
         "mocha": "^10.6.0",
         "nock": "^13.5.4",
@@ -47,13 +49,17 @@
         "typescript": "^5.4.2"
     },
     "scripts": {
-        "build-docs": "jsdoc2md src/client.js > docs/client.md && jsdoc2md src/crypto/index.js > docs/crypto.md && jsdoc2md src/crypto/forge.js > docs/forge.md",
-        "lint": "eslint .",
-        "lint-types": "tsd",
-        "prepublishOnly": "npm run build-docs",
+        "before-build": "node -e \"const fs=require('fs');fs.rmSync('dist',{recursive:true,force:true});fs.rmSync('tsconfig.tsbuildinfo',{force:true});\"",
+        "build": "npm run before-build && tsc --skipLibCheck",
+        "build-docs": "jsdoc2md dist/client.js > docs/client.md && jsdoc2md dist/crypto/index.js > docs/crypto.md && jsdoc2md dist/crypto/forge.js > docs/forge.md",
+        "lint": "eslint \"src/**/*.ts\" \"types/**/*.ts\"",
+        "lint-types": "tsd --files \"types/index.test-d.ts\"",
+        "prepublishOnly": "npm run build && npm run build-docs",
         "test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\"",
+        "before-test:unit": "node -e \"const fs=require('fs');fs.rmSync('dist-test',{recursive:true,force:true});fs.rmSync('tsconfig.test.tsbuildinfo',{force:true});\"",
+        "test:unit": "cross-env NODE_ENV=unittest npm run before-test:unit && cross-env NODE_ENV=unittest tsc -p tsconfig.test.json --skipLibCheck && cross-env NODE_ENV=unittest mocha -t 60000 \"dist-test/**/*.test.js\"",
         "pub": "npm publish",
-        "compile": "echo '1'"
+        "compile": "tsc --skipLibCheck --watch"
     },
     "repository": {
         "type": "git",
@@ -70,5 +76,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "898bc9b9f2f75df11ea0803b144862ba98b7511a"
+    "gitHead": "9f7d766cb386b299d4098141f4a47d23e16975e3"
 }

package/types/index.d.ts

@@ -4,8 +4,6 @@
 
 import { AxiosInstance } from 'axios';
 import * as rfc8555 from './rfc8555';
-import {CancelError} from '../src/error.js'
-export * from '../src/error.js'
 
 export type PrivateKeyBuffer = Buffer;
 export type PublicKeyBuffer = Buffer;
@@ -115,6 +113,15 @@ export const directory: {
     zerossl: {
         staging: string,
         production: string
+    },
+    sslcom: {
+        staging: string,
+        production: string,
+        ec: string
+    },
+    litessl: {
+        staging: string,
+        production: string
     }
 };
 
@@ -211,14 +218,16 @@ export const agents: any;
  * Logger
  */
 
+export class CancelError extends Error {
+    constructor(message?: string);
+}
+
 export function setLogger(fn: (message: any, ...args: any[]) => void): void;
 
 export function createChallengeFn(opts?: {logger?:any}): any;
 // export function walkTxtRecord(record: any): Promise<string[]>;
 export function getAuthoritativeDnsResolver(record:string): Promise<any>;
 
-export const CancelError: typeof CancelError;
-
 export function resolveDomainBySoaRecord(domain: string): Promise<string>;
 
-export function setWalkFromAuthoritative(value = true): void;
+export function setWalkFromAuthoritative(value?: boolean): void;

package/types/index.test-d.ts

@@ -2,7 +2,7 @@
  * acme-client type definition tests
  */
 
-import * as acme from 'acme-client';
+import * as acme from '..';
 
 (async () => {
     /* Client */
@@ -10,6 +10,7 @@ import * as acme from 'acme-client';
 
     const client = new acme.Client({
         accountKey,
+        sslProvider: 'letsencrypt',
         directoryUrl: acme.directory.letsencrypt.staging
     });
 
@@ -52,7 +53,10 @@ import * as acme from 'acme-client';
     /* Auto */
     await client.auto({
         csr: certCsr,
-        challengeCreateFn: async (authz, challenge, keyAuthorization) => {},
+        challengeCreateFn: async (authz, keyAuthorization) => ({
+            challenge: authz.challenges[0],
+            keyAuthorization: await keyAuthorization(authz.challenges[0])
+        }),
         challengeRemoveFn: async (authz, challenge, keyAuthorization) => {}
     });
 
@@ -63,7 +67,10 @@ import * as acme from 'acme-client';
         skipChallengeVerification: false,
         challengePriority: ['http-01', 'dns-01'],
         preferredChain: 'DST Root CA X3',
-        challengeCreateFn: async (authz, challenge, keyAuthorization) => {},
+        challengeCreateFn: async (authz, keyAuthorization) => ({
+            challenge: authz.challenges[0],
+            keyAuthorization: await keyAuthorization(authz.challenges[0])
+        }),
         challengeRemoveFn: async (authz, challenge, keyAuthorization) => {}
     });
 })();

package/src/index.js

@@ -1,106 +0,0 @@
-/**
- * acme-client
- */
-import AcmeClinet  from './client.js'
-export const Client = AcmeClinet
-
-/**
- * Directory URLs
- */
-
-export const directory = {
-    buypass: {
-        staging: 'https://api.test4.buypass.no/acme/directory',
-        production: 'https://api.buypass.com/acme/directory',
-    },
-    google: {
-        staging: 'https://dv.acme-v02.test-api.pki.goog/directory',
-        production: 'https://dv.acme-v02.api.pki.goog/directory',
-    },
-    letsencrypt: {
-        staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
-        production: 'https://acme-v02.api.letsencrypt.org/directory',
-    },
-    letsencrypt_staging: {
-        production: 'https://acme-staging-v02.api.letsencrypt.org/directory',
-    },
-    zerossl: {
-        staging: 'https://acme.zerossl.com/v2/DV90',
-        production: 'https://acme.zerossl.com/v2/DV90',
-    },
-    sslcom:{
-      staging: 'https://acme.ssl.com/sslcom-dv-rsa',
-      production: 'https://acme.ssl.com/sslcom-dv-rsa',
-      ec: 'https://acme.ssl.com/sslcom-dv-ecc',
-    },
-    litessl: {
-        staging: 'https://acme.litessl.com/acme/v2/directory',
-        production: 'https://acme.litessl.com/acme/v2/directory',
-    },
-};
-
-export function getDirectoryUrl(opts) {
-  const {sslProvider, pkType} = opts
-  const list= directory[sslProvider]
-  if (!list) {
-    throw new Error(`sslProvider ${sslProvider} not found`)
-  }
-  let pkTypePrefix = pkType || 'rsa'
-  if (pkType) {
-   pkTypePrefix = pkType.toLowerCase().split("_")[0]
-  }
-
-  if (pkTypePrefix && list[pkTypePrefix]) {
-    return list[pkTypePrefix]
-  }
-
-  return list.production
-}
-
-
-export function getAllSslProviderDomains() {
-  const list = Object.values(directory).map((item) => {
-    let url =  item.production.replace('https://', '')
-    url = url.substring(0, url.indexOf('/'))
-    return url
-  })
-  return list
-}
-
-let sslProviderReverseProxies = {}
-
-function initSslProviderReverseProxies() {
-  for (const sslProvider of getAllSslProviderDomains()) {
-    sslProviderReverseProxies[sslProvider] = ""
-  }
-}
-initSslProviderReverseProxies()
-
-export function getSslProviderReverseProxies() {
-  return sslProviderReverseProxies
-}
-export function setSslProviderReverseProxies(reverseProxies) {
-  Object.assign(sslProviderReverseProxies, reverseProxies)
-}
-
-/**
- * Crypto
- */
-
-export * as crypto from './crypto/index.js'
-export * as forge from './crypto/forge.js'
-
-/**
- * Axios
- */
-
-export *  from './axios.js'
-/**
- * Logger
- */
-
-export * from './logger.js'
-export * from './verify.js'
-export * from './error.js'
-
-export * from './util.js'