@certd/plugin-cert 1.25.4 → 1.25.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/dist/access/eab-access.d.ts +4 -4
  3. package/dist/access/eab-access.js +48 -48
  4. package/dist/access/index.d.ts +1 -1
  5. package/dist/access/index.js +1 -1
  6. package/dist/dns-provider/api.d.ts +27 -27
  7. package/dist/dns-provider/api.js +1 -1
  8. package/dist/dns-provider/base.d.ts +8 -8
  9. package/dist/dns-provider/base.js +6 -6
  10. package/dist/dns-provider/decorator.d.ts +3 -3
  11. package/dist/dns-provider/decorator.js +26 -26
  12. package/dist/dns-provider/index.d.ts +4 -4
  13. package/dist/dns-provider/index.js +4 -4
  14. package/dist/dns-provider/registry.d.ts +2 -2
  15. package/dist/dns-provider/registry.js +2 -2
  16. package/dist/index.d.ts +3 -3
  17. package/dist/index.js +3 -3
  18. package/dist/plugin/cert-plugin/acme.d.ts +66 -66
  19. package/dist/plugin/cert-plugin/acme.js +280 -280
  20. package/dist/plugin/cert-plugin/base.d.ts +46 -46
  21. package/dist/plugin/cert-plugin/base.js +281 -281
  22. package/dist/plugin/cert-plugin/cert-reader.d.ts +34 -34
  23. package/dist/plugin/cert-plugin/cert-reader.js +112 -112
  24. package/dist/plugin/cert-plugin/convert.d.ts +21 -21
  25. package/dist/plugin/cert-plugin/convert.js +71 -71
  26. package/dist/plugin/cert-plugin/index.d.ts +18 -18
  27. package/dist/plugin/cert-plugin/index.js +208 -208
  28. package/dist/plugin/cert-plugin/lego/dns.d.ts +1 -1
  29. package/dist/plugin/cert-plugin/lego/dns.js +1 -1
  30. package/dist/plugin/cert-plugin/lego/index.d.ts +17 -17
  31. package/dist/plugin/cert-plugin/lego/index.js +172 -172
  32. package/dist/plugin/index.d.ts +2 -2
  33. package/dist/plugin/index.js +2 -2
  34. package/package.json +9 -7
  35. package/tsconfig.tsbuildinfo +1 -1
  36. package/stats.html +0 -6177
  37. package/test/user.secret.js +0 -7
  38. package/test/user.secret.ts +0 -4
package/dist/plugin/cert-plugin/acme.js CHANGED
@@ -1,280 +1,280 @@
1
- // @ts-ignore
2
- import * as acme from "@certd/acme-client";
3
- import _ from "lodash-es";
4
- import psl from "psl";
5
- import { utils } from "@certd/pipeline";
6
- export class AcmeService {
7
- options;
8
- userContext;
9
- logger;
10
- sslProvider;
11
- skipLocalVerify = true;
12
- eab;
13
- constructor(options) {
14
- this.options = options;
15
- this.userContext = options.userContext;
16
- this.logger = options.logger;
17
- this.sslProvider = options.sslProvider || "letsencrypt";
18
- this.eab = options.eab;
19
- this.skipLocalVerify = options.skipLocalVerify ?? false;
20
- acme.setLogger((text) => {
21
- this.logger.info(text);
22
- });
23
- }
24
- async getAccountConfig(email, urlMapping) {
25
- const conf = (await this.userContext.getObj(this.buildAccountKey(email))) || {};
26
- if (urlMapping && urlMapping.mappings) {
27
- for (const key in urlMapping.mappings) {
28
- if (Object.prototype.hasOwnProperty.call(urlMapping.mappings, key)) {
29
- const element = urlMapping.mappings[key];
30
- if (conf.accountUrl?.indexOf(element) > -1) {
31
- //如果用了代理url,要替换回去
32
- conf.accountUrl = conf.accountUrl.replace(element, key);
33
- }
34
- }
35
- }
36
- }
37
- return conf;
38
- }
39
- buildAccountKey(email) {
40
- return `acme.config.${this.sslProvider}.${email}`;
41
- }
42
- async saveAccountConfig(email, conf) {
43
- await this.userContext.setObj(this.buildAccountKey(email), conf);
44
- }
45
- async getAcmeClient(email, isTest = false) {
46
- const urlMapping = {
47
- enabled: false,
48
- mappings: {
49
- "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work",
50
- "dv.acme-v02.api.pki.goog": "google.proxy.handsfree.work",
51
- },
52
- };
53
- const conf = await this.getAccountConfig(email, urlMapping);
54
- if (conf.key == null) {
55
- conf.key = await this.createNewKey();
56
- await this.saveAccountConfig(email, conf);
57
- this.logger.info(`创建新的Accountkey:${email}`);
58
- }
59
- let directoryUrl = "";
60
- if (isTest) {
61
- directoryUrl = acme.directory[this.sslProvider].staging;
62
- }
63
- else {
64
- directoryUrl = acme.directory[this.sslProvider].production;
65
- }
66
- if (this.options.useMappingProxy) {
67
- urlMapping.enabled = true;
68
- }
69
- else {
70
- //测试directory是否可以访问
71
- const isOk = await this.testDirectory(directoryUrl);
72
- if (!isOk) {
73
- this.logger.info("测试访问失败,自动使用代理");
74
- urlMapping.enabled = true;
75
- }
76
- }
77
- const client = new acme.Client({
78
- directoryUrl: directoryUrl,
79
- accountKey: conf.key,
80
- accountUrl: conf.accountUrl,
81
- externalAccountBinding: this.eab,
82
- backoffAttempts: 15,
83
- backoffMin: 5000,
84
- backoffMax: 10000,
85
- urlMapping,
86
- signal: this.options.signal,
87
- });
88
- if (conf.accountUrl == null) {
89
- const accountPayload = {
90
- termsOfServiceAgreed: true,
91
- contact: [`mailto:${email}`],
92
- externalAccountBinding: this.eab,
93
- };
94
- await client.createAccount(accountPayload);
95
- conf.accountUrl = client.getAccountUrl();
96
- await this.saveAccountConfig(email, conf);
97
- }
98
- return client;
99
- }
100
- async createNewKey() {
101
- const key = await acme.crypto.createPrivateKey(2048);
102
- return key.toString();
103
- }
104
- parseDomain(fullDomain) {
105
- const parsed = psl.parse(fullDomain);
106
- if (parsed.error) {
107
- throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
108
- }
109
- return parsed.domain;
110
- }
111
- async challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider) {
112
- this.logger.info("Triggered challengeCreateFn()");
113
- /* http-01 */
114
- const fullDomain = authz.identifier.value;
115
- if (challenge.type === "http-01") {
116
- const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
117
- const fileContents = keyAuthorization;
118
- this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);
119
- /* Replace this */
120
- this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
121
- // await fs.writeFileAsync(filePath, fileContents);
122
- }
123
- else if (challenge.type === "dns-01") {
124
- /* dns-01 */
125
- const dnsRecord = `_acme-challenge.${fullDomain}`;
126
- const recordValue = keyAuthorization;
127
- this.logger.info(`Creating TXT record for ${fullDomain}: ${dnsRecord}`);
128
- /* Replace this */
129
- this.logger.info(`Would create TXT record "${dnsRecord}" with value "${recordValue}"`);
130
- const domain = this.parseDomain(fullDomain);
131
- this.logger.info("解析到域名domain=", domain);
132
- return await dnsProvider.createRecord({
133
- fullRecord: dnsRecord,
134
- type: "TXT",
135
- value: recordValue,
136
- domain,
137
- });
138
- }
139
- }
140
- /**
141
- * Function used to remove an ACME challenge response
142
- *
143
- * @param {object} authz Authorization object
144
- * @param {object} challenge Selected challenge
145
- * @param {string} keyAuthorization Authorization key
146
- * @param recordItem challengeCreateFn create record item
147
- * @param dnsProvider dnsProvider
148
- * @returns {Promise}
149
- */
150
- async challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider) {
151
- this.logger.info("Triggered challengeRemoveFn()");
152
- /* http-01 */
153
- const fullDomain = authz.identifier.value;
154
- if (challenge.type === "http-01") {
155
- const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
156
- this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);
157
- /* Replace this */
158
- this.logger.info(`Would remove file on path "${filePath}"`);
159
- // await fs.unlinkAsync(filePath);
160
- }
161
- else if (challenge.type === "dns-01") {
162
- const dnsRecord = `_acme-challenge.${fullDomain}`;
163
- const recordValue = keyAuthorization;
164
- this.logger.info(`Removing TXT record for ${fullDomain}: ${dnsRecord}`);
165
- /* Replace this */
166
- this.logger.info(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
167
- const domain = this.parseDomain(fullDomain);
168
- try {
169
- await dnsProvider.removeRecord({
170
- fullRecord: dnsRecord,
171
- type: "TXT",
172
- value: keyAuthorization,
173
- record: recordItem,
174
- domain,
175
- });
176
- }
177
- catch (e) {
178
- this.logger.error("删除解析记录出错:", e);
179
- throw e;
180
- }
181
- }
182
- }
183
- async order(options) {
184
- const { email, isTest, domains, csrInfo, dnsProvider } = options;
185
- const client = await this.getAcmeClient(email, isTest);
186
- /* Create CSR */
187
- const { commonName, altNames } = this.buildCommonNameByDomains(domains);
188
- let privateKey = null;
189
- const privateKeyType = options.privateKeyType || "rsa_2048";
190
- const privateKeyArr = privateKeyType.split("_");
191
- const type = privateKeyArr[0];
192
- let size = 2048;
193
- if (privateKeyArr.length > 1) {
194
- size = parseInt(privateKeyArr[1]);
195
- }
196
- let encodingType = "pkcs8";
197
- if (privateKeyArr.length > 2) {
198
- encodingType = privateKeyArr[2];
199
- }
200
- if (type == "ec") {
201
- const name = "P-" + size;
202
- privateKey = await acme.crypto.createPrivateEcdsaKey(name, encodingType);
203
- }
204
- else {
205
- privateKey = await acme.crypto.createPrivateRsaKey(size, encodingType);
206
- }
207
- let createCsr = acme.crypto.createCsr;
208
- if (encodingType === "pkcs1") {
209
- //兼容老版本
210
- createCsr = acme.forge.createCsr;
211
- }
212
- const [key, csr] = await createCsr({
213
- commonName,
214
- ...csrInfo,
215
- altNames,
216
- }, privateKey);
217
- if (dnsProvider == null) {
218
- throw new Error("dnsProvider 不能为空");
219
- }
220
- /* 自动申请证书 */
221
- const crt = await client.auto({
222
- csr,
223
- email: email,
224
- termsOfServiceAgreed: true,
225
- skipChallengeVerification: this.skipLocalVerify,
226
- challengePriority: ["dns-01"],
227
- challengeCreateFn: async (authz, challenge, keyAuthorization) => {
228
- return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider);
229
- },
230
- challengeRemoveFn: async (authz, challenge, keyAuthorization, recordItem) => {
231
- return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider);
232
- },
233
- signal: this.options.signal,
234
- });
235
- const crtString = crt.toString();
236
- const cert = {
237
- crt: crtString,
238
- key: key.toString(),
239
- csr: csr.toString(),
240
- };
241
- /* Done */
242
- this.logger.debug(`CSR:\n${cert.csr}`);
243
- this.logger.debug(`Certificate:\n${cert.crt}`);
244
- this.logger.info("证书申请成功");
245
- return cert;
246
- }
247
- buildCommonNameByDomains(domains) {
248
- if (typeof domains === "string") {
249
- domains = domains.split(",");
250
- }
251
- if (domains.length === 0) {
252
- throw new Error("domain can not be empty");
253
- }
254
- const commonName = domains[0];
255
- let altNames = undefined;
256
- if (domains.length > 1) {
257
- altNames = _.slice(domains, 1);
258
- }
259
- return {
260
- commonName,
261
- altNames,
262
- };
263
- }
264
- async testDirectory(directoryUrl) {
265
- try {
266
- await utils.http.request({
267
- url: directoryUrl,
268
- method: "GET",
269
- timeout: 10000,
270
- });
271
- }
272
- catch (e) {
273
- this.logger.error(`${directoryUrl},测试访问失败`, e.stack);
274
- return false;
275
- }
276
- this.logger.info(`${directoryUrl},测试访问成功`);
277
- return true;
278
- }
279
- }
280
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNtZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9wbHVnaW4vY2VydC1wbHVnaW4vYWNtZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxhQUFhO0FBQ2IsT0FBTyxLQUFLLElBQUksTUFBTSxvQkFBb0IsQ0FBQztBQUMzQyxPQUFPLENBQUMsTUFBTSxXQUFXLENBQUM7QUFLMUIsT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDO0FBRXRCLE9BQU8sRUFBRSxLQUFLLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQXNCeEMsTUFBTSxPQUFPLFdBQVc7SUFDdEIsT0FBTyxDQUFxQjtJQUM1QixXQUFXLENBQVc7SUFDdEIsTUFBTSxDQUFTO0lBQ2YsV0FBVyxDQUFjO0lBQ3pCLGVBQWUsR0FBRyxJQUFJLENBQUM7SUFDdkIsR0FBRyxDQUF1QztJQUMxQyxZQUFZLE9BQTJCO1FBQ3JDLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxXQUFXLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQztRQUN2QyxJQUFJLENBQUMsTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUM7UUFDN0IsSUFBSSxDQUFDLFdBQVcsR0FBRyxPQUFPLENBQUMsV0FBVyxJQUFJLGFBQWEsQ0FBQztRQUN4RCxJQUFJLENBQUMsR0FBRyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUM7UUFDdkIsSUFBSSxDQUFDLGVBQWUsR0FBRyxPQUFPLENBQUMsZUFBZSxJQUFJLEtBQUssQ0FBQztRQUN4RCxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsSUFBWSxFQUFFLEVBQUU7WUFDOUIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDekIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWEsRUFBRSxVQUFzQjtRQUMxRCxNQUFNLElBQUksR0FBRyxDQUFDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2hGLElBQUksVUFBVSxJQUFJLFVBQVUsQ0FBQyxRQUFRLEVBQUU7WUFDckMsS0FBSyxNQUFNLEdBQUcsSUFBSSxVQUFVLENBQUMsUUFBUSxFQUFFO2dCQUNyQyxJQUFJLE1BQU0sQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxFQUFFLEdBQUcsQ0FBQyxFQUFFO29CQUNsRSxNQUFNLE9BQU8sR0FBRyxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDO29CQUN6QyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFO3dCQUMxQyxpQkFBaUI7d0JBQ2pCLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxDQUFDO3FCQUN6RDtpQkFDRjthQUNGO1NBQ0Y7UUFDRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxlQUFlLENBQUMsS0FBYTtRQUMzQixPQUFPLGVBQWUsSUFBSSxDQUFDLFdBQVcsSUFBSSxLQUFLLEVBQUUsQ0FBQztJQUNwRCxDQUFDO0lBRUQsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQWEsRUFBRSxJQUFTO1FBQzlDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNuRSxDQUFDO0lBRUQsS0FBSyxDQUFDLGFBQWEsQ0FBQyxLQUFhLEVBQUUsTUFBTSxHQUFHLEtBQUs7UUFDL0MsTUFBTSxVQUFVLEdBQWU7WUFDN0IsT0FBTyxFQUFFLEtBQUs7WUFDZCxRQUFRLEVBQUU7Z0JBQ1IsOEJBQThCLEVBQUUsa0NBQWtDO2dCQUNsRSwwQkFBMEIsRUFBRSw2QkFBNkI7YUFDMUQ7U0FDRixDQUFDO1FBQ0YsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBQzVELElBQUksSUFBSSxDQUFDLEdBQUcsSUFBSSxJQUFJLEVBQUU7WUFDcEIsSUFBSSxDQUFDLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNyQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDMUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEtBQUssRUFBRSxDQUFDLENBQUM7U0FDN0M7UUFDRCxJQUFJLFlBQVksR0FBRyxFQUFFLENBQUM7UUFDdEIsSUFBSSxNQUFNLEVBQUU7WUFDVixZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsT0FBTyxDQUFDO1NBQ3pEO2FBQU07WUFDTCxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsVUFBVSxDQUFDO1NBQzVEO1FBQ0QsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRTtZQUNoQyxVQUFVLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQztTQUMzQjthQUFNO1lBQ0wsbUJBQW1CO1lBQ25CLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUNwRCxJQUFJLENBQUMsSUFBSSxFQUFFO2dCQUNULElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO2dCQUNsQyxVQUFVLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQzthQUMzQjtTQUNGO1FBQ0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDO1lBQzdCLFlBQVksRUFBRSxZQUFZO1lBQzFCLFVBQVUsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNwQixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0Isc0JBQXNCLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDaEMsZUFBZSxFQUFFLEVBQUU7WUFDbkIsVUFBVSxFQUFFLElBQUk7WUFDaEIsVUFBVSxFQUFFLEtBQUs7WUFDakIsVUFBVTtZQUNWLE1BQU0sRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU07U0FDNUIsQ0FBQyxDQUFDO1FBRUgsSUFBSSxJQUFJLENBQUMsVUFBVSxJQUFJLElBQUksRUFBRTtZQUMzQixNQUFNLGNBQWMsR0FBRztnQkFDckIsb0JBQW9CLEVBQUUsSUFBSTtnQkFDMUIsT0FBTyxFQUFFLENBQUMsVUFBVSxLQUFLLEVBQUUsQ0FBQztnQkFDNUIsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLEdBQUc7YUFDakMsQ0FBQztZQUNGLE1BQU0sTUFBTSxDQUFDLGFBQWEsQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUMzQyxJQUFJLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUN6QyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7U0FDM0M7UUFDRCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLFlBQVk7UUFDaEIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3JELE9BQU8sR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQ3hCLENBQUM7SUFFRCxXQUFXLENBQUMsVUFBa0I7UUFDNUIsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQXFCLENBQUM7UUFDekQsSUFBSSxNQUFNLENBQUMsS0FBSyxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxLQUFLLENBQUMsS0FBSyxVQUFVLE9BQU8sR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1NBQ3hFO1FBQ0QsT0FBTyxNQUFNLENBQUMsTUFBZ0IsQ0FBQztJQUNqQyxDQUFDO0lBQ0QsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQVUsRUFBRSxTQUFjLEVBQUUsZ0JBQXdCLEVBQUUsV0FBeUI7UUFDckcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsK0JBQStCLENBQUMsQ0FBQztRQUVsRCxhQUFhO1FBQ2IsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUM7UUFDMUMsSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRTtZQUNoQyxNQUFNLFFBQVEsR0FBRyw0Q0FBNEMsU0FBUyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQy9FLE1BQU0sWUFBWSxHQUFHLGdCQUFnQixDQUFDO1lBRXRDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLG1DQUFtQyxVQUFVLGFBQWEsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUV2RixrQkFBa0I7WUFDbEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLFlBQVksY0FBYyxRQUFRLEdBQUcsQ0FBQyxDQUFDO1lBQ3hFLG1EQUFtRDtTQUNwRDthQUFNLElBQUksU0FBUyxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUU7WUFDdEMsWUFBWTtZQUNaLE1BQU0sU0FBUyxHQUFHLG1CQUFtQixVQUFVLEVBQUUsQ0FBQztZQUNsRCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQztZQUVyQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywyQkFBMkIsVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDeEUsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDRCQUE0QixTQUFTLGlCQUFpQixXQUFXLEdBQUcsQ0FBQyxDQUFDO1lBRXZGLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDNUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDO2dCQUNwQyxVQUFVLEVBQUUsU0FBUztnQkFDckIsSUFBSSxFQUFFLEtBQUs7Z0JBQ1gsS0FBSyxFQUFFLFdBQVc7Z0JBQ2xCLE1BQU07YUFDUCxDQUFDLENBQUM7U0FDSjtJQUNILENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFFSCxLQUFLLENBQUMsaUJBQWlCLENBQUMsS0FBVSxFQUFFLFNBQWMsRUFBRSxnQkFBd0IsRUFBRSxVQUFlLEVBQUUsV0FBeUI7UUFDdEgsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsK0JBQStCLENBQUMsQ0FBQztRQUVsRCxhQUFhO1FBQ2IsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUM7UUFDMUMsSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRTtZQUNoQyxNQUFNLFFBQVEsR0FBRyw0Q0FBNEMsU0FBUyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBRS9FLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLG1DQUFtQyxVQUFVLGFBQWEsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUV2RixrQkFBa0I7WUFDbEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsOEJBQThCLFFBQVEsR0FBRyxDQUFDLENBQUM7WUFDNUQsa0NBQWtDO1NBQ25DO2FBQU0sSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRTtZQUN0QyxNQUFNLFNBQVMsR0FBRyxtQkFBbUIsVUFBVSxFQUFFLENBQUM7WUFDbEQsTUFBTSxXQUFXLEdBQUcsZ0JBQWdCLENBQUM7WUFFckMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsMkJBQTJCLFVBQVUsS0FBSyxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBRXhFLGtCQUFrQjtZQUNsQixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw0QkFBNEIsU0FBUyxpQkFBaUIsV0FBVyxHQUFHLENBQUMsQ0FBQztZQUV2RixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBRTVDLElBQUk7Z0JBQ0YsTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDO29CQUM3QixVQUFVLEVBQUUsU0FBUztvQkFDckIsSUFBSSxFQUFFLEtBQUs7b0JBQ1gsS0FBSyxFQUFFLGdCQUFnQjtvQkFDdkIsTUFBTSxFQUFFLFVBQVU7b0JBQ2xCLE1BQU07aUJBQ1AsQ0FBQyxDQUFDO2FBQ0o7WUFBQyxPQUFPLENBQUMsRUFBRTtnQkFDVixJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xDLE1BQU0sQ0FBQyxDQUFDO2FBQ1Q7U0FDRjtJQUNILENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSyxDQUFDLE9BT1g7UUFDQyxNQUFNLEVBQUUsS0FBSyxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUNqRSxNQUFNLE1BQU0sR0FBZ0IsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQztRQUVwRSxnQkFBZ0I7UUFDaEIsTUFBTSxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDeEUsSUFBSSxVQUFVLEdBQUcsSUFBSSxDQUFDO1FBQ3RCLE1BQU0sY0FBYyxHQUFHLE9BQU8sQ0FBQyxjQUFjLElBQUksVUFBVSxDQUFDO1FBQzVELE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDaEQsTUFBTSxJQUFJLEdBQUcsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzlCLElBQUksSUFBSSxHQUFHLElBQUksQ0FBQztRQUNoQixJQUFJLGFBQWEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFO1lBQzVCLElBQUksR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDbkM7UUFFRCxJQUFJLFlBQVksR0FBRyxPQUFPLENBQUM7UUFDM0IsSUFBSSxhQUFhLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtZQUM1QixZQUFZLEdBQUcsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDO1NBQ2pDO1FBRUQsSUFBSSxJQUFJLElBQUksSUFBSSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxHQUFRLElBQUksR0FBRyxJQUFJLENBQUM7WUFDOUIsVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLEVBQUUsWUFBWSxDQUFDLENBQUM7U0FDMUU7YUFBTTtZQUNMLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsbUJBQW1CLENBQUMsSUFBSSxFQUFFLFlBQVksQ0FBQyxDQUFDO1NBQ3hFO1FBRUQsSUFBSSxTQUFTLEdBQVEsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7UUFDM0MsSUFBSSxZQUFZLEtBQUssT0FBTyxFQUFFO1lBQzVCLE9BQU87WUFDUCxTQUFTLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUM7U0FDbEM7UUFDRCxNQUFNLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxHQUFHLE1BQU0sU0FBUyxDQUNoQztZQUNFLFVBQVU7WUFDVixHQUFHLE9BQU87WUFDVixRQUFRO1NBQ1QsRUFDRCxVQUFVLENBQ1gsQ0FBQztRQUVGLElBQUksV0FBVyxJQUFJLElBQUksRUFBRTtZQUN2QixNQUFNLElBQUksS0FBSyxDQUFDLGtCQUFrQixDQUFDLENBQUM7U0FDckM7UUFDRCxZQUFZO1FBQ1osTUFBTSxHQUFHLEdBQUcsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDO1lBQzVCLEdBQUc7WUFDSCxLQUFLLEVBQUUsS0FBSztZQUNaLG9CQUFvQixFQUFFLElBQUk7WUFDMUIseUJBQXlCLEVBQUUsSUFBSSxDQUFDLGVBQWU7WUFDL0MsaUJBQWlCLEVBQUUsQ0FBQyxRQUFRLENBQUM7WUFDN0IsaUJBQWlCLEVBQUUsS0FBSyxFQUFFLEtBQXlCLEVBQUUsU0FBb0IsRUFBRSxnQkFBd0IsRUFBZ0IsRUFBRTtnQkFDbkgsT0FBTyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsU0FBUyxFQUFFLGdCQUFnQixFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ3ZGLENBQUM7WUFDRCxpQkFBaUIsRUFBRSxLQUFLLEVBQUUsS0FBeUIsRUFBRSxTQUFvQixFQUFFLGdCQUF3QixFQUFFLFVBQWUsRUFBZ0IsRUFBRTtnQkFDcEksT0FBTyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsU0FBUyxFQUFFLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxXQUFXLENBQUMsQ0FBQztZQUNuRyxDQUFDO1lBQ0QsTUFBTSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTTtTQUM1QixDQUFDLENBQUM7UUFFSCxNQUFNLFNBQVMsR0FBRyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLEdBQWE7WUFDckIsR0FBRyxFQUFFLFNBQVM7WUFDZCxHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNuQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtTQUNwQixDQUFDO1FBQ0YsVUFBVTtRQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDdkMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQy9DLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVELHdCQUF3QixDQUFDLE9BQTBCO1FBSWpELElBQUksT0FBTyxPQUFPLEtBQUssUUFBUSxFQUFFO1lBQy9CLE9BQU8sR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1NBQzlCO1FBQ0QsSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRTtZQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7U0FDNUM7UUFDRCxNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDOUIsSUFBSSxRQUFRLEdBQXlCLFNBQVMsQ0FBQztRQUMvQyxJQUFJLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFO1lBQ3RCLFFBQVEsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQztTQUNoQztRQUNELE9BQU87WUFDTCxVQUFVO1lBQ1YsUUFBUTtTQUNULENBQUM7SUFDSixDQUFDO0lBRU8sS0FBSyxDQUFDLGFBQWEsQ0FBQyxZQUFvQjtRQUM5QyxJQUFJO1lBQ0YsTUFBTSxLQUFLLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQztnQkFDdkIsR0FBRyxFQUFFLFlBQVk7Z0JBQ2pCLE1BQU0sRUFBRSxLQUFLO2dCQUNiLE9BQU8sRUFBRSxLQUFLO2FBQ2YsQ0FBQyxDQUFDO1NBQ0o7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsWUFBWSxTQUFTLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ3JELE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFDRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLFlBQVksU0FBUyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0NBQ0YifQ==
1
+ // @ts-ignore
2
+ import * as acme from "@certd/acme-client";
3
+ import _ from "lodash-es";
4
+ import psl from "psl";
5
+ import { utils } from "@certd/pipeline";
6
+ export class AcmeService {
7
+ options;
8
+ userContext;
9
+ logger;
10
+ sslProvider;
11
+ skipLocalVerify = true;
12
+ eab;
13
+ constructor(options) {
14
+ this.options = options;
15
+ this.userContext = options.userContext;
16
+ this.logger = options.logger;
17
+ this.sslProvider = options.sslProvider || "letsencrypt";
18
+ this.eab = options.eab;
19
+ this.skipLocalVerify = options.skipLocalVerify ?? false;
20
+ acme.setLogger((text) => {
21
+ this.logger.info(text);
22
+ });
23
+ }
24
+ async getAccountConfig(email, urlMapping) {
25
+ const conf = (await this.userContext.getObj(this.buildAccountKey(email))) || {};
26
+ if (urlMapping && urlMapping.mappings) {
27
+ for (const key in urlMapping.mappings) {
28
+ if (Object.prototype.hasOwnProperty.call(urlMapping.mappings, key)) {
29
+ const element = urlMapping.mappings[key];
30
+ if (conf.accountUrl?.indexOf(element) > -1) {
31
+ //如果用了代理url,要替换回去
32
+ conf.accountUrl = conf.accountUrl.replace(element, key);
33
+ }
34
+ }
35
+ }
36
+ }
37
+ return conf;
38
+ }
39
+ buildAccountKey(email) {
40
+ return `acme.config.${this.sslProvider}.${email}`;
41
+ }
42
+ async saveAccountConfig(email, conf) {
43
+ await this.userContext.setObj(this.buildAccountKey(email), conf);
44
+ }
45
+ async getAcmeClient(email, isTest = false) {
46
+ const urlMapping = {
47
+ enabled: false,
48
+ mappings: {
49
+ "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work",
50
+ "dv.acme-v02.api.pki.goog": "google.proxy.handsfree.work",
51
+ },
52
+ };
53
+ const conf = await this.getAccountConfig(email, urlMapping);
54
+ if (conf.key == null) {
55
+ conf.key = await this.createNewKey();
56
+ await this.saveAccountConfig(email, conf);
57
+ this.logger.info(`创建新的Accountkey:${email}`);
58
+ }
59
+ let directoryUrl = "";
60
+ if (isTest) {
61
+ directoryUrl = acme.directory[this.sslProvider].staging;
62
+ }
63
+ else {
64
+ directoryUrl = acme.directory[this.sslProvider].production;
65
+ }
66
+ if (this.options.useMappingProxy) {
67
+ urlMapping.enabled = true;
68
+ }
69
+ else {
70
+ //测试directory是否可以访问
71
+ const isOk = await this.testDirectory(directoryUrl);
72
+ if (!isOk) {
73
+ this.logger.info("测试访问失败,自动使用代理");
74
+ urlMapping.enabled = true;
75
+ }
76
+ }
77
+ const client = new acme.Client({
78
+ directoryUrl: directoryUrl,
79
+ accountKey: conf.key,
80
+ accountUrl: conf.accountUrl,
81
+ externalAccountBinding: this.eab,
82
+ backoffAttempts: 15,
83
+ backoffMin: 5000,
84
+ backoffMax: 10000,
85
+ urlMapping,
86
+ signal: this.options.signal,
87
+ });
88
+ if (conf.accountUrl == null) {
89
+ const accountPayload = {
90
+ termsOfServiceAgreed: true,
91
+ contact: [`mailto:${email}`],
92
+ externalAccountBinding: this.eab,
93
+ };
94
+ await client.createAccount(accountPayload);
95
+ conf.accountUrl = client.getAccountUrl();
96
+ await this.saveAccountConfig(email, conf);
97
+ }
98
+ return client;
99
+ }
100
+ async createNewKey() {
101
+ const key = await acme.crypto.createPrivateKey(2048);
102
+ return key.toString();
103
+ }
104
+ parseDomain(fullDomain) {
105
+ const parsed = psl.parse(fullDomain);
106
+ if (parsed.error) {
107
+ throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
108
+ }
109
+ return parsed.domain;
110
+ }
111
+ async challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider) {
112
+ this.logger.info("Triggered challengeCreateFn()");
113
+ /* http-01 */
114
+ const fullDomain = authz.identifier.value;
115
+ if (challenge.type === "http-01") {
116
+ const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
117
+ const fileContents = keyAuthorization;
118
+ this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);
119
+ /* Replace this */
120
+ this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
121
+ // await fs.writeFileAsync(filePath, fileContents);
122
+ }
123
+ else if (challenge.type === "dns-01") {
124
+ /* dns-01 */
125
+ const dnsRecord = `_acme-challenge.${fullDomain}`;
126
+ const recordValue = keyAuthorization;
127
+ this.logger.info(`Creating TXT record for ${fullDomain}: ${dnsRecord}`);
128
+ /* Replace this */
129
+ this.logger.info(`Would create TXT record "${dnsRecord}" with value "${recordValue}"`);
130
+ const domain = this.parseDomain(fullDomain);
131
+ this.logger.info("解析到域名domain=", domain);
132
+ return await dnsProvider.createRecord({
133
+ fullRecord: dnsRecord,
134
+ type: "TXT",
135
+ value: recordValue,
136
+ domain,
137
+ });
138
+ }
139
+ }
140
+ /**
141
+ * Function used to remove an ACME challenge response
142
+ *
143
+ * @param {object} authz Authorization object
144
+ * @param {object} challenge Selected challenge
145
+ * @param {string} keyAuthorization Authorization key
146
+ * @param recordItem challengeCreateFn create record item
147
+ * @param dnsProvider dnsProvider
148
+ * @returns {Promise}
149
+ */
150
+ async challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider) {
151
+ this.logger.info("Triggered challengeRemoveFn()");
152
+ /* http-01 */
153
+ const fullDomain = authz.identifier.value;
154
+ if (challenge.type === "http-01") {
155
+ const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
156
+ this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);
157
+ /* Replace this */
158
+ this.logger.info(`Would remove file on path "${filePath}"`);
159
+ // await fs.unlinkAsync(filePath);
160
+ }
161
+ else if (challenge.type === "dns-01") {
162
+ const dnsRecord = `_acme-challenge.${fullDomain}`;
163
+ const recordValue = keyAuthorization;
164
+ this.logger.info(`Removing TXT record for ${fullDomain}: ${dnsRecord}`);
165
+ /* Replace this */
166
+ this.logger.info(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
167
+ const domain = this.parseDomain(fullDomain);
168
+ try {
169
+ await dnsProvider.removeRecord({
170
+ fullRecord: dnsRecord,
171
+ type: "TXT",
172
+ value: keyAuthorization,
173
+ record: recordItem,
174
+ domain,
175
+ });
176
+ }
177
+ catch (e) {
178
+ this.logger.error("删除解析记录出错:", e);
179
+ throw e;
180
+ }
181
+ }
182
+ }
183
+ async order(options) {
184
+ const { email, isTest, domains, csrInfo, dnsProvider } = options;
185
+ const client = await this.getAcmeClient(email, isTest);
186
+ /* Create CSR */
187
+ const { commonName, altNames } = this.buildCommonNameByDomains(domains);
188
+ let privateKey = null;
189
+ const privateKeyType = options.privateKeyType || "rsa_2048";
190
+ const privateKeyArr = privateKeyType.split("_");
191
+ const type = privateKeyArr[0];
192
+ let size = 2048;
193
+ if (privateKeyArr.length > 1) {
194
+ size = parseInt(privateKeyArr[1]);
195
+ }
196
+ let encodingType = "pkcs8";
197
+ if (privateKeyArr.length > 2) {
198
+ encodingType = privateKeyArr[2];
199
+ }
200
+ if (type == "ec") {
201
+ const name = "P-" + size;
202
+ privateKey = await acme.crypto.createPrivateEcdsaKey(name, encodingType);
203
+ }
204
+ else {
205
+ privateKey = await acme.crypto.createPrivateRsaKey(size, encodingType);
206
+ }
207
+ let createCsr = acme.crypto.createCsr;
208
+ if (encodingType === "pkcs1") {
209
+ //兼容老版本
210
+ createCsr = acme.forge.createCsr;
211
+ }
212
+ const [key, csr] = await createCsr({
213
+ commonName,
214
+ ...csrInfo,
215
+ altNames,
216
+ }, privateKey);
217
+ if (dnsProvider == null) {
218
+ throw new Error("dnsProvider 不能为空");
219
+ }
220
+ /* 自动申请证书 */
221
+ const crt = await client.auto({
222
+ csr,
223
+ email: email,
224
+ termsOfServiceAgreed: true,
225
+ skipChallengeVerification: this.skipLocalVerify,
226
+ challengePriority: ["dns-01"],
227
+ challengeCreateFn: async (authz, challenge, keyAuthorization) => {
228
+ return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider);
229
+ },
230
+ challengeRemoveFn: async (authz, challenge, keyAuthorization, recordItem) => {
231
+ return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider);
232
+ },
233
+ signal: this.options.signal,
234
+ });
235
+ const crtString = crt.toString();
236
+ const cert = {
237
+ crt: crtString,
238
+ key: key.toString(),
239
+ csr: csr.toString(),
240
+ };
241
+ /* Done */
242
+ this.logger.debug(`CSR:\n${cert.csr}`);
243
+ this.logger.debug(`Certificate:\n${cert.crt}`);
244
+ this.logger.info("证书申请成功");
245
+ return cert;
246
+ }
247
+ buildCommonNameByDomains(domains) {
248
+ if (typeof domains === "string") {
249
+ domains = domains.split(",");
250
+ }
251
+ if (domains.length === 0) {
252
+ throw new Error("domain can not be empty");
253
+ }
254
+ const commonName = domains[0];
255
+ let altNames = undefined;
256
+ if (domains.length > 1) {
257
+ altNames = _.slice(domains, 1);
258
+ }
259
+ return {
260
+ commonName,
261
+ altNames,
262
+ };
263
+ }
264
+ async testDirectory(directoryUrl) {
265
+ try {
266
+ await utils.http.request({
267
+ url: directoryUrl,
268
+ method: "GET",
269
+ timeout: 10000,
270
+ });
271
+ }
272
+ catch (e) {
273
+ this.logger.error(`${directoryUrl},测试访问失败`, e.stack);
274
+ return false;
275
+ }
276
+ this.logger.info(`${directoryUrl},测试访问成功`);
277
+ return true;
278
+ }
279
+ }
280
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNtZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9wbHVnaW4vY2VydC1wbHVnaW4vYWNtZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxhQUFhO0FBQ2IsT0FBTyxLQUFLLElBQUksTUFBTSxvQkFBb0IsQ0FBQztBQUMzQyxPQUFPLENBQUMsTUFBTSxXQUFXLENBQUM7QUFLMUIsT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDO0FBRXRCLE9BQU8sRUFBRSxLQUFLLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQXNCeEMsTUFBTSxPQUFPLFdBQVc7SUFDdEIsT0FBTyxDQUFxQjtJQUM1QixXQUFXLENBQVc7SUFDdEIsTUFBTSxDQUFTO0lBQ2YsV0FBVyxDQUFjO0lBQ3pCLGVBQWUsR0FBRyxJQUFJLENBQUM7SUFDdkIsR0FBRyxDQUF1QztJQUMxQyxZQUFZLE9BQTJCO1FBQ3JDLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxXQUFXLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQztRQUN2QyxJQUFJLENBQUMsTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUM7UUFDN0IsSUFBSSxDQUFDLFdBQVcsR0FBRyxPQUFPLENBQUMsV0FBVyxJQUFJLGFBQWEsQ0FBQztRQUN4RCxJQUFJLENBQUMsR0FBRyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUM7UUFDdkIsSUFBSSxDQUFDLGVBQWUsR0FBRyxPQUFPLENBQUMsZUFBZSxJQUFJLEtBQUssQ0FBQztRQUN4RCxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsSUFBWSxFQUFFLEVBQUU7WUFDOUIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDekIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWEsRUFBRSxVQUFzQjtRQUMxRCxNQUFNLElBQUksR0FBRyxDQUFDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2hGLElBQUksVUFBVSxJQUFJLFVBQVUsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUN0QyxLQUFLLE1BQU0sR0FBRyxJQUFJLFVBQVUsQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDdEMsSUFBSSxNQUFNLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxHQUFHLENBQUMsRUFBRSxDQUFDO29CQUNuRSxNQUFNLE9BQU8sR0FBRyxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDO29CQUN6QyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUM7d0JBQzNDLGlCQUFpQjt3QkFDakIsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLENBQUM7b0JBQzFELENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQsZUFBZSxDQUFDLEtBQWE7UUFDM0IsT0FBTyxlQUFlLElBQUksQ0FBQyxXQUFXLElBQUksS0FBSyxFQUFFLENBQUM7SUFDcEQsQ0FBQztJQUVELEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxLQUFhLEVBQUUsSUFBUztRQUM5QyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxDQUFDLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDbkUsQ0FBQztJQUVELEtBQUssQ0FBQyxhQUFhLENBQUMsS0FBYSxFQUFFLE1BQU0sR0FBRyxLQUFLO1FBQy9DLE1BQU0sVUFBVSxHQUFlO1lBQzdCLE9BQU8sRUFBRSxLQUFLO1lBQ2QsUUFBUSxFQUFFO2dCQUNSLDhCQUE4QixFQUFFLGtDQUFrQztnQkFDbEUsMEJBQTBCLEVBQUUsNkJBQTZCO2FBQzFEO1NBQ0YsQ0FBQztRQUNGLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssRUFBRSxVQUFVLENBQUMsQ0FBQztRQUM1RCxJQUFJLElBQUksQ0FBQyxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7WUFDckIsSUFBSSxDQUFDLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNyQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDMUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUNELElBQUksWUFBWSxHQUFHLEVBQUUsQ0FBQztRQUN0QixJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1gsWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLE9BQU8sQ0FBQztRQUMxRCxDQUFDO2FBQU0sQ0FBQztZQUNOLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxVQUFVLENBQUM7UUFDN0QsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUNqQyxVQUFVLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQztRQUM1QixDQUFDO2FBQU0sQ0FBQztZQUNOLG1CQUFtQjtZQUNuQixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDcEQsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO2dCQUNsQyxVQUFVLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQztZQUM1QixDQUFDO1FBQ0gsQ0FBQztRQUNELE1BQU0sTUFBTSxHQUFHLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQztZQUM3QixZQUFZLEVBQUUsWUFBWTtZQUMxQixVQUFVLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDcEIsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1lBQzNCLHNCQUFzQixFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ2hDLGVBQWUsRUFBRSxFQUFFO1lBQ25CLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLFVBQVUsRUFBRSxLQUFLO1lBQ2pCLFVBQVU7WUFDVixNQUFNLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNO1NBQzVCLENBQUMsQ0FBQztRQUVILElBQUksSUFBSSxDQUFDLFVBQVUsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUM1QixNQUFNLGNBQWMsR0FBRztnQkFDckIsb0JBQW9CLEVBQUUsSUFBSTtnQkFDMUIsT0FBTyxFQUFFLENBQUMsVUFBVSxLQUFLLEVBQUUsQ0FBQztnQkFDNUIsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLEdBQUc7YUFDakMsQ0FBQztZQUNGLE1BQU0sTUFBTSxDQUFDLGFBQWEsQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUMzQyxJQUFJLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUN6QyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDNUMsQ0FBQztRQUNELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLLENBQUMsWUFBWTtRQUNoQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDckQsT0FBTyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7SUFDeEIsQ0FBQztJQUVELFdBQVcsQ0FBQyxVQUFrQjtRQUM1QixNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBcUIsQ0FBQztRQUN6RCxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLEtBQUssVUFBVSxPQUFPLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUN6RSxDQUFDO1FBQ0QsT0FBTyxNQUFNLENBQUMsTUFBZ0IsQ0FBQztJQUNqQyxDQUFDO0lBQ0QsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQVUsRUFBRSxTQUFjLEVBQUUsZ0JBQXdCLEVBQUUsV0FBeUI7UUFDckcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsK0JBQStCLENBQUMsQ0FBQztRQUVsRCxhQUFhO1FBQ2IsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUM7UUFDMUMsSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sUUFBUSxHQUFHLDRDQUE0QyxTQUFTLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDL0UsTUFBTSxZQUFZLEdBQUcsZ0JBQWdCLENBQUM7WUFFdEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsbUNBQW1DLFVBQVUsYUFBYSxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBRXZGLGtCQUFrQjtZQUNsQixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsWUFBWSxjQUFjLFFBQVEsR0FBRyxDQUFDLENBQUM7WUFDeEUsbURBQW1EO1FBQ3JELENBQUM7YUFBTSxJQUFJLFNBQVMsQ0FBQyxJQUFJLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDdkMsWUFBWTtZQUNaLE1BQU0sU0FBUyxHQUFHLG1CQUFtQixVQUFVLEVBQUUsQ0FBQztZQUNsRCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQztZQUVyQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywyQkFBMkIsVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDeEUsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDRCQUE0QixTQUFTLGlCQUFpQixXQUFXLEdBQUcsQ0FBQyxDQUFDO1lBRXZGLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDNUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDO2dCQUNwQyxVQUFVLEVBQUUsU0FBUztnQkFDckIsSUFBSSxFQUFFLEtBQUs7Z0JBQ1gsS0FBSyxFQUFFLFdBQVc7Z0JBQ2xCLE1BQU07YUFDUCxDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUVILEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxLQUFVLEVBQUUsU0FBYyxFQUFFLGdCQUF3QixFQUFFLFVBQWUsRUFBRSxXQUF5QjtRQUN0SCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO1FBRWxELGFBQWE7UUFDYixNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQztRQUMxQyxJQUFJLFNBQVMsQ0FBQyxJQUFJLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDakMsTUFBTSxRQUFRLEdBQUcsNENBQTRDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUUvRSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxtQ0FBbUMsVUFBVSxhQUFhLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFFdkYsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDhCQUE4QixRQUFRLEdBQUcsQ0FBQyxDQUFDO1lBQzVELGtDQUFrQztRQUNwQyxDQUFDO2FBQU0sSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ3ZDLE1BQU0sU0FBUyxHQUFHLG1CQUFtQixVQUFVLEVBQUUsQ0FBQztZQUNsRCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQztZQUVyQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywyQkFBMkIsVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFFeEUsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDRCQUE0QixTQUFTLGlCQUFpQixXQUFXLEdBQUcsQ0FBQyxDQUFDO1lBRXZGLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUM7WUFFNUMsSUFBSSxDQUFDO2dCQUNILE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQztvQkFDN0IsVUFBVSxFQUFFLFNBQVM7b0JBQ3JCLElBQUksRUFBRSxLQUFLO29CQUNYLEtBQUssRUFBRSxnQkFBZ0I7b0JBQ3ZCLE1BQU0sRUFBRSxVQUFVO29CQUNsQixNQUFNO2lCQUNQLENBQUMsQ0FBQztZQUNMLENBQUM7WUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUNYLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDbEMsTUFBTSxDQUFDLENBQUM7WUFDVixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSyxDQUFDLE9BT1g7UUFDQyxNQUFNLEVBQUUsS0FBSyxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUNqRSxNQUFNLE1BQU0sR0FBZ0IsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQztRQUVwRSxnQkFBZ0I7UUFDaEIsTUFBTSxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDeEUsSUFBSSxVQUFVLEdBQUcsSUFBSSxDQUFDO1FBQ3RCLE1BQU0sY0FBYyxHQUFHLE9BQU8sQ0FBQyxjQUFjLElBQUksVUFBVSxDQUFDO1FBQzVELE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDaEQsTUFBTSxJQUFJLEdBQUcsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzlCLElBQUksSUFBSSxHQUFHLElBQUksQ0FBQztRQUNoQixJQUFJLGFBQWEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDN0IsSUFBSSxHQUFHLFFBQVEsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNwQyxDQUFDO1FBRUQsSUFBSSxZQUFZLEdBQUcsT0FBTyxDQUFDO1FBQzNCLElBQUksYUFBYSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM3QixZQUFZLEdBQUcsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2xDLENBQUM7UUFFRCxJQUFJLElBQUksSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUNqQixNQUFNLElBQUksR0FBUSxJQUFJLEdBQUcsSUFBSSxDQUFDO1lBQzlCLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMscUJBQXFCLENBQUMsSUFBSSxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBQzNFLENBQUM7YUFBTSxDQUFDO1lBQ04sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLEVBQUUsWUFBWSxDQUFDLENBQUM7UUFDekUsQ0FBQztRQUVELElBQUksU0FBUyxHQUFRLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDO1FBQzNDLElBQUksWUFBWSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQzdCLE9BQU87WUFDUCxTQUFTLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUM7UUFDbkMsQ0FBQztRQUNELE1BQU0sQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsTUFBTSxTQUFTLENBQ2hDO1lBQ0UsVUFBVTtZQUNWLEdBQUcsT0FBTztZQUNWLFFBQVE7U0FDVCxFQUNELFVBQVUsQ0FDWCxDQUFDO1FBRUYsSUFBSSxXQUFXLElBQUksSUFBSSxFQUFFLENBQUM7WUFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7UUFDRCxZQUFZO1FBQ1osTUFBTSxHQUFHLEdBQUcsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDO1lBQzVCLEdBQUc7WUFDSCxLQUFLLEVBQUUsS0FBSztZQUNaLG9CQUFvQixFQUFFLElBQUk7WUFDMUIseUJBQXlCLEVBQUUsSUFBSSxDQUFDLGVBQWU7WUFDL0MsaUJBQWlCLEVBQUUsQ0FBQyxRQUFRLENBQUM7WUFDN0IsaUJBQWlCLEVBQUUsS0FBSyxFQUFFLEtBQXlCLEVBQUUsU0FBb0IsRUFBRSxnQkFBd0IsRUFBZ0IsRUFBRTtnQkFDbkgsT0FBTyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsU0FBUyxFQUFFLGdCQUFnQixFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ3ZGLENBQUM7WUFDRCxpQkFBaUIsRUFBRSxLQUFLLEVBQUUsS0FBeUIsRUFBRSxTQUFvQixFQUFFLGdCQUF3QixFQUFFLFVBQWUsRUFBZ0IsRUFBRTtnQkFDcEksT0FBTyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsU0FBUyxFQUFFLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxXQUFXLENBQUMsQ0FBQztZQUNuRyxDQUFDO1lBQ0QsTUFBTSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTTtTQUM1QixDQUFDLENBQUM7UUFFSCxNQUFNLFNBQVMsR0FBRyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLEdBQWE7WUFDckIsR0FBRyxFQUFFLFNBQVM7WUFDZCxHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNuQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtTQUNwQixDQUFDO1FBQ0YsVUFBVTtRQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDdkMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQy9DLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVELHdCQUF3QixDQUFDLE9BQTBCO1FBSWpELElBQUksT0FBTyxPQUFPLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDaEMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDL0IsQ0FBQztRQUNELElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6QixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7UUFDN0MsQ0FBQztRQUNELE1BQU0sVUFBVSxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM5QixJQUFJLFFBQVEsR0FBeUIsU0FBUyxDQUFDO1FBQy9DLElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN2QixRQUFRLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDakMsQ0FBQztRQUNELE9BQU87WUFDTCxVQUFVO1lBQ1YsUUFBUTtTQUNULENBQUM7SUFDSixDQUFDO0lBRU8sS0FBSyxDQUFDLGFBQWEsQ0FBQyxZQUFvQjtRQUM5QyxJQUFJLENBQUM7WUFDSCxNQUFNLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDO2dCQUN2QixHQUFHLEVBQUUsWUFBWTtnQkFDakIsTUFBTSxFQUFFLEtBQUs7Z0JBQ2IsT0FBTyxFQUFFLEtBQUs7YUFDZixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsWUFBWSxTQUFTLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ3JELE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUNELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsWUFBWSxTQUFTLENBQUMsQ0FBQztRQUMzQyxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7Q0FDRiJ9