roster-server 2.2.9 → 2.2.12

package/vendor/greenlock/order.js

@@ -0,0 +1,63 @@
+var log = require('lemonlog')('greenlock-order');
+var accountKeypair = await Keypairs.generate({ kty: accKty });
+if (config.debug) {
+    log.info('Account key created', accountKeypair);
+}
+
+var account = await acme.accounts.create({
+    agreeToTerms: agree,
+    // TODO detect jwk/pem/der?
+    accountKeypair: { privateKeyJwk: accountKeypair.private },
+    subscriberEmail: config.email
+});
+
+// TODO top-level agree
+function agree(tos) {
+    if (config.debug) log.info('Agreeing to Terms of Service:', tos);
+    agreed = true;
+    return Promise.resolve(tos);
+}
+if (config.debug) log.info('New subscriber account', account);
+if (!agreed) {
+    throw new Error('Failed to ask the user to agree to terms');
+}
+
+var certKeypair = await Keypairs.generate({ kty: srvKty });
+var pem = await Keypairs.export({
+    jwk: certKeypair.private,
+    encoding: 'pem'
+});
+if (config.debug) {
+    log.info('Server key created (privkey.%s.pem)', srvKty.toLowerCase(), certKeypair);
+}
+
+// 'subject' should be first in list
+var domains = randomDomains(rnd);
+if (config.debug) {
+    log.info('Requesting certificates for domains:', domains.map(function(p) {
+        var u = punycode.toUnicode(p);
+        return p !== u ? p + ' (' + u + ')' : p;
+    }).join(', '));
+}
+
+// Create CSR
+var csrDer = await CSR.csr({
+    jwk: certKeypair.private,
+    domains: domains,
+    encoding: 'der'
+});
+var csr = Enc.bufToUrlBase64(csrDer);
+var csrPem = PEM.packBlock({
+    type: 'CERTIFICATE REQUEST',
+    bytes: csrDer /* { jwk: jwk, domains: opts.domains } */
+});
+if (config.debug) log.info('Certificate signing request (CSR) created');
+
+var results = await acme.certificates.create({
+    account: account,
+    accountKeypair: { privateKeyJwk: accountKeypair.private },
+    csr: csr,
+    domains: domains,
+    challenges: challenges, // must be implemented
+    customerEmail: null
+});

package/vendor/greenlock/package-lock.json

@@ -0,0 +1,140 @@
+{
+    "name": "@root/greenlock",
+    "version": "4.0.5",
+    "lockfileVersion": 1,
+    "requires": true,
+    "dependencies": {
+        "@greenlock/manager": {
+            "version": "3.1.0",
+            "resolved": "https://registry.npmjs.org/@greenlock/manager/-/manager-3.1.0.tgz",
+            "integrity": "sha512-PBy5CMK+j4oD7sj7hF5qE+xKEOSiiuL2hHd5X5ttEbtnTSDKjNeqbrR5k2ZddwVNdjOVeBIeuqlm81IFZ+Ftew==",
+            "requires": {
+                "greenlock-manager-fs": "^3.1.0"
+            },
+            "dependencies": {
+                "greenlock-manager-fs": {
+                    "version": "3.1.1",
+                    "resolved": "https://registry.npmjs.org/greenlock-manager-fs/-/greenlock-manager-fs-3.1.1.tgz",
+                    "integrity": "sha512-np6qdnPIOZx40PAcSQcqK1eMPWjTKxsxcgRd/OVg0ai49WC1Ds74CTrwmB84pq2n53ikbnDBQFmKEQ4AC0DK8w==",
+                    "requires": {
+                        "@root/mkdirp": "^1.0.0",
+                        "safe-replace": "^1.1.0"
+                    }
+                }
+            }
+        },
+        "@root/acme": {
+            "version": "3.1.0",
+            "resolved": "https://registry.npmjs.org/@root/acme/-/acme-3.1.0.tgz",
+            "integrity": "sha512-GAyaW63cpSYd2KvVp5lHLbCWeEhJPKZK9nsJvZJOKsD9Uv88KEttn4FpDZEJ+2q3Jsey0DWpuQ2I4ft0JV9p2w==",
+            "requires": {
+                "@root/csr": "^0.8.1",
+                "@root/encoding": "^1.0.1",
+                "@root/keypairs": "^0.10.0",
+                "@root/pem": "^1.0.4",
+                "@root/request": "^1.6.1",
+                "@root/x509": "^0.7.2"
+            },
+            "dependencies": {
+                "@root/request": {
+                    "version": "1.6.1",
+                    "resolved": "https://registry.npmjs.org/@root/request/-/request-1.6.1.tgz",
+                    "integrity": "sha512-8wrWyeBLRp7T8J36GkT3RODJ6zYmL0/maWlAUD5LOXT28D3TDquUepyYDKYANNA3Gc8R5ZCgf+AXvSTYpJEWwQ=="
+                }
+            }
+        },
+        "@root/asn1": {
+            "version": "1.0.0",
+            "resolved": "https://registry.npmjs.org/@root/asn1/-/asn1-1.0.0.tgz",
+            "integrity": "sha512-0lfZNuOULKJDJmdIkP8V9RnbV3XaK6PAHD3swnFy4tZwtlMDzLKoM/dfNad7ut8Hu3r91wy9uK0WA/9zym5mig==",
+            "requires": {
+                "@root/encoding": "^1.0.1"
+            }
+        },
+        "@root/csr": {
+            "version": "0.8.1",
+            "resolved": "https://registry.npmjs.org/@root/csr/-/csr-0.8.1.tgz",
+            "integrity": "sha512-hKl0VuE549TK6SnS2Yn9nRvKbFZXn/oAg+dZJU/tlKl/f/0yRXeuUzf8akg3JjtJq+9E592zDqeXZ7yyrg8fSQ==",
+            "requires": {
+                "@root/asn1": "^1.0.0",
+                "@root/pem": "^1.0.4",
+                "@root/x509": "^0.7.2"
+            }
+        },
+        "@root/encoding": {
+            "version": "1.0.1",
+            "resolved": "https://registry.npmjs.org/@root/encoding/-/encoding-1.0.1.tgz",
+            "integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ=="
+        },
+        "@root/keypairs": {
+            "version": "0.10.0",
+            "resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.10.0.tgz",
+            "integrity": "sha512-t8VocY46Mtb0NTsxzyLLf5tsgfw0BXLYVADAyiRdEdqHcvPFGJdjkXNtHVQuSV/FMaC65iTOHVP4E6X8iT3Ikg==",
+            "requires": {
+                "@root/encoding": "^1.0.1",
+                "@root/pem": "^1.0.4",
+                "@root/x509": "^0.7.2"
+            }
+        },
+        "@root/mkdirp": {
+            "version": "1.0.0",
+            "resolved": "https://registry.npmjs.org/@root/mkdirp/-/mkdirp-1.0.0.tgz",
+            "integrity": "sha512-hxGAYUx5029VggfG+U9naAhQkoMSXtOeXtbql97m3Hi6/sQSRL/4khKZPyOF6w11glyCOU38WCNLu9nUcSjOfA=="
+        },
+        "@root/pem": {
+            "version": "1.0.4",
+            "resolved": "https://registry.npmjs.org/@root/pem/-/pem-1.0.4.tgz",
+            "integrity": "sha512-rEUDiUsHtild8GfIjFE9wXtcVxeS+ehCJQBwbQQ3IVfORKHK93CFnRtkr69R75lZFjcmKYVc+AXDB+AeRFOULA=="
+        },
+        "@root/request": {
+            "version": "1.6.1",
+            "resolved": "https://registry.npmjs.org/@root/request/-/request-1.6.1.tgz",
+            "integrity": "sha512-8wrWyeBLRp7T8J36GkT3RODJ6zYmL0/maWlAUD5LOXT28D3TDquUepyYDKYANNA3Gc8R5ZCgf+AXvSTYpJEWwQ=="
+        },
+        "@root/x509": {
+            "version": "0.7.2",
+            "resolved": "https://registry.npmjs.org/@root/x509/-/x509-0.7.2.tgz",
+            "integrity": "sha512-ENq3LGYORK5NiMFHEVeNMt+fTXaC7DTS6sQXoqV+dFdfT0vmiL5cDLjaXQhaklJQq0NiwicZegzJRl1ZOTp3WQ==",
+            "requires": {
+                "@root/asn1": "^1.0.0",
+                "@root/encoding": "^1.0.1"
+            }
+        },
+        "acme-http-01-standalone": {
+            "version": "3.0.5",
+            "resolved": "https://registry.npmjs.org/acme-http-01-standalone/-/acme-http-01-standalone-3.0.5.tgz",
+            "integrity": "sha512-W4GfK+39GZ+u0mvxRVUcVFCG6gposfzEnSBF20T/NUwWAKG59wQT1dUbS1NixRIAsRuhpGc4Jx659cErFQH0Pg=="
+        },
+        "cert-info": {
+            "version": "1.5.1",
+            "resolved": "https://registry.npmjs.org/cert-info/-/cert-info-1.5.1.tgz",
+            "integrity": "sha512-eoQC/yAgW3gKTKxjzyClvi+UzuY97YCjcl+lSqbsGIy7HeGaWxCPOQFivhUYm27hgsBMhsJJFya3kGvK6PMIcQ=="
+        },
+        "dotenv": {
+            "version": "8.2.0",
+            "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz",
+            "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==",
+            "dev": true
+        },
+        "greenlock-store-fs": {
+            "version": "3.2.2",
+            "resolved": "https://registry.npmjs.org/greenlock-store-fs/-/greenlock-store-fs-3.2.2.tgz",
+            "integrity": "sha512-92ejLB4DyV4qv/2b6VLGF2nKfYQeIfg3o+e/1cIoYLjlIaUFdbBXkzLTRozFlHsQPZt2ALi5qYrpC9IwH7GK8A==",
+            "requires": {
+                "@root/mkdirp": "^1.0.0",
+                "safe-replace": "^1.1.0"
+            }
+        },
+        "punycode": {
+            "version": "1.4.1",
+            "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
+            "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=",
+            "dev": true
+        },
+        "safe-replace": {
+            "version": "1.1.0",
+            "resolved": "https://registry.npmjs.org/safe-replace/-/safe-replace-1.1.0.tgz",
+            "integrity": "sha512-9/V2E0CDsKs9DWOOwJH7jYpSl9S3N05uyevNjvsnDauBqRowBPOyot1fIvV5N2IuZAbYyvrTXrYFVG0RZInfFw=="
+        }
+    }
+}

package/vendor/greenlock/package.json

@@ -0,0 +1,56 @@
+{
+    "name": "@root/greenlock",
+    "version": "4.0.5",
+    "description": "The easiest Let's Encrypt client for Node.js and Browsers",
+    "homepage": "https://rootprojects.org/greenlock/",
+    "main": "greenlock.js",
+    "browser": {},
+    "bin": {
+        "greenlock": "bin/greenlock.js"
+    },
+    "files": [
+        "*.js",
+        "lib",
+        "bin",
+        "dist"
+    ],
+    "scripts": {
+        "build": "nodex bin/bundle.js",
+        "lint": "jshint lib bin",
+        "test": "node server.js",
+        "start": "node server.js"
+    },
+    "repository": {
+        "type": "git",
+        "url": "https://git.rootprojects.org/root/greenlock.js.git"
+    },
+    "keywords": [
+        "Let's Encrypt",
+        "ACME",
+        "browser",
+        "EC",
+        "RSA",
+        "CSR",
+        "greenlock",
+        "VanillaJS",
+        "ZeroSSL"
+    ],
+    "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
+    "license": "MPL-2.0",
+    "dependencies": {
+        "@greenlock/manager": "^3.1.0",
+        "@root/acme": "^3.1.0",
+        "@root/csr": "^0.8.1",
+        "@root/keypairs": "^0.10.0",
+        "@root/mkdirp": "^1.0.0",
+        "@root/request": "^1.6.1",
+        "acme-http-01-standalone": "^3.0.5",
+        "cert-info": "^1.5.1",
+        "greenlock-store-fs": "^3.2.2",
+        "safe-replace": "^1.1.0"
+    },
+    "devDependencies": {
+        "dotenv": "^8.2.0",
+        "punycode": "^1.4.1"
+    }
+}

package/vendor/greenlock/plugins.js

@@ -0,0 +1,270 @@
+'use strict';
+
+var P = module.exports;
+var log = require('lemonlog')('greenlock-plugins');
+
+var spawn = require('child_process').spawn;
+var spawnSync = require('child_process').spawnSync;
+var promisify = require('util').promisify;
+
+// Exported for CLIs and such to override
+P.PKG_DIR = __dirname;
+
+P._loadStore = function(storeConf) {
+    return P._loadHelper(storeConf.module).then(function(plugin) {
+        return P._normalizeStore(storeConf.module, plugin.create(storeConf));
+    });
+};
+P._loadChallenge = function(chConfs, typ01) {
+    return P._loadHelper(chConfs[typ01].module).then(function(plugin) {
+        var ch = P._normalizeChallenge(
+            chConfs[typ01].module,
+            plugin.create(chConfs[typ01])
+        );
+        ch._type = typ01;
+        return ch;
+    });
+};
+P._loadHelper = function(modname) {
+    try {
+        return Promise.resolve(require(modname));
+    } catch (e) {
+        log.error("Could not load plugin '%s'. Install: npm install --save %s", modname, modname);
+        e.context = 'load_plugin';
+        throw e;
+
+        // Fun experiment, bad idea
+        /*
+		return P._install(modname).then(function() {
+			return require(modname);
+		});
+    */
+    }
+};
+
+P._normalizeStore = function(name, store) {
+    var acc = store.accounts;
+    var crt = store.certificates;
+
+    var warned = false;
+    function warn() {
+        if (warned) {
+            return;
+        }
+        warned = true;
+        log.warn("Store '%s' may have incorrect signatures or deprecated callbacks", name);
+    }
+
+    // accs
+    if (acc.check && 2 === acc.check.length) {
+        warn();
+        acc._thunk_check = acc.check;
+        acc.check = promisify(acc._thunk_check);
+    }
+    if (acc.set && 3 === acc.set.length) {
+        warn();
+        acc._thunk_set = acc.set;
+        acc.set = promisify(acc._thunk_set);
+    }
+    if (2 === acc.checkKeypair.length) {
+        warn();
+        acc._thunk_checkKeypair = acc.checkKeypair;
+        acc.checkKeypair = promisify(acc._thunk_checkKeypair);
+    }
+    if (3 === acc.setKeypair.length) {
+        warn();
+        acc._thunk_setKeypair = acc.setKeypair;
+        acc.setKeypair = promisify(acc._thunk_setKeypair);
+    }
+
+    // certs
+    if (2 === crt.check.length) {
+        warn();
+        crt._thunk_check = crt.check;
+        crt.check = promisify(crt._thunk_check);
+    }
+    if (3 === crt.set.length) {
+        warn();
+        crt._thunk_set = crt.set;
+        crt.set = promisify(crt._thunk_set);
+    }
+    if (2 === crt.checkKeypair.length) {
+        warn();
+        crt._thunk_checkKeypair = crt.checkKeypair;
+        crt.checkKeypair = promisify(crt._thunk_checkKeypair);
+    }
+    if (2 === crt.setKeypair.length) {
+        warn();
+        crt._thunk_setKeypair = crt.setKeypair;
+        crt.setKeypair = promisify(crt._thunk_setKeypair);
+    }
+
+    return store;
+};
+P._normalizeChallenge = function(name, ch) {
+    var gch = {};
+    var warned = false;
+    function warn() {
+        if (warned) {
+            return;
+        }
+        warned = true;
+        log.warn("Challenge '%s' may have incorrect signatures or deprecated callbacks", name);
+    }
+
+    var warned2 = false;
+    function warn2() {
+        if (warned2) {
+            return;
+        }
+        warned2 = true;
+        log.warn("Challenge '%s' did not return a Promise; maintainer should fix", name);
+    }
+
+    function wrappy(fn) {
+        return function(_params) {
+            return Promise.resolve().then(function() {
+                var result = fn.call(ch, _params);
+                if (!result || !result.then) {
+                    warn2();
+                }
+                return result;
+            });
+        };
+    }
+
+    // init, zones, set, get, remove, propagationDelay
+    if (ch.init) {
+        if (2 === ch.init.length) {
+            warn();
+            ch._thunk_init = ch.init;
+            ch.init = promisify(ch._thunk_init);
+        }
+        gch.init = wrappy(ch.init);
+    }
+    if (ch.zones) {
+        if (2 === ch.zones.length) {
+            warn();
+            ch._thunk_zones = ch.zones;
+            ch.zones = promisify(ch._thunk_zones);
+        }
+        gch.zones = wrappy(ch.zones);
+    }
+    if (2 === ch.set.length) {
+        warn();
+        ch._thunk_set = ch.set;
+        ch.set = promisify(ch._thunk_set);
+    }
+    gch.set = wrappy(ch.set);
+    if (2 === ch.remove.length) {
+        warn();
+        ch._thunk_remove = ch.remove;
+        ch.remove = promisify(ch._thunk_remove);
+    }
+    gch.remove = wrappy(ch.remove);
+    if (ch.get) {
+        if (2 === ch.get.length) {
+            warn();
+            ch._thunk_get = ch.get;
+            ch.get = promisify(ch._thunk_get);
+        }
+        gch.get = wrappy(ch.get);
+    }
+    if("number" === typeof ch.propagationDelay) {
+        gch.propagationDelay = ch.propagationDelay;
+    }
+
+    return gch;
+};
+
+P._loadSync = function(modname) {
+    try {
+        return require(modname);
+    } catch (e) {
+        log.error("Could not load plugin '%s'. Install: npm install --save %s", modname, modname);
+        e.context = 'load_plugin';
+        throw e;
+    }
+    /*
+	try {
+		mod = require(modname);
+	} catch (e) {
+		P._installSync(modname);
+		mod = require(modname);
+	}
+  */
+};
+
+P._installSync = function(moduleName) {
+    try {
+        return require(moduleName);
+    } catch (e) {
+        // continue
+    }
+    var npm = 'npm';
+    var args = ['install', '--save', moduleName];
+    var out = '';
+    var cmd;
+
+    try {
+        cmd = spawnSync(npm, args, {
+            cwd: P.PKG_DIR,
+            windowsHide: true
+        });
+    } catch (e) {
+        log.error("Failed to start npm install in %s: %s", P.PKG_DIR, e.message);
+        process.exit(1);
+    }
+
+    if (!cmd.status) {
+        return;
+    }
+
+    out += cmd.stdout.toString('utf8');
+    out += cmd.stderr.toString('utf8');
+    if (out) log.error(out);
+    log.error("npm install failed in %s. Try: cd %s && npm %s", P.PKG_DIR, P.PKG_DIR, args.join(' '));
+    process.exit(1);
+};
+
+P._install = function(moduleName) {
+    return new Promise(function(resolve) {
+        if (!moduleName) {
+            throw new Error('no module name given');
+        }
+
+        var npm = 'npm';
+        var args = ['install', '--save', moduleName];
+        var out = '';
+        var cmd = spawn(npm, args, {
+            cwd: P.PKG_DIR,
+            windowsHide: true
+        });
+
+        cmd.stdout.on('data', function(chunk) {
+            out += chunk.toString('utf8');
+        });
+        cmd.stdout.on('data', function(chunk) {
+            out += chunk.toString('utf8');
+        });
+
+        cmd.on('error', function(e) {
+            log.error("Failed to start npm install in %s: %s", P.PKG_DIR, e.message);
+            process.exit(1);
+        });
+
+        cmd.on('exit', function(code) {
+            if (!code) {
+                resolve();
+                return;
+            }
+            if (out) log.error(out);
+            log.error("npm install failed in %s. Try: cd %s && npm %s", P.PKG_DIR, P.PKG_DIR, args.join(' '));
+            process.exit(1);
+        });
+    });
+};
+
+if (require.main === module) {
+    P._installSync(process.argv[2]);
+}

package/vendor/greenlock/tests/cli.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+# TODO notify if wildcard is selected and no dns challenge is present
+node bin/greenlock.js add --subject example.com --altnames 'example.com,*.example.com'
+node bin/greenlock.js update --subject example.com
+node bin/greenlock.js config --subject example.com
+node bin/greenlock.js config --subject *.example.com
+node bin/greenlock.js defaults
+node bin/greenlock.js defaults --account-key-type
+node bin/greenlock.js defaults
+# using --challenge-xx-xx-xxx is additive
+node bin/greenlock.js defaults --challenge-dns-01 foo-http-01-bar --challenge-dns-01-token BIG_TOKEN
+# using --challenge is exclusive (will delete things not mentioned)
+node bin/greenlock.js defaults --challenge acme-http-01-standalone
+# should delete all and add just this one anew
+node bin/greenlock.js update --subject example.com --challenge bar-http-01-baz
+# should add, leaving the existing
+node bin/greenlock.js update --subject example.com --challenge-dns-01 baz-dns-01-qux --challenge-dns-01-token BIG_TOKEN
+# should delete all and add just this one anew
+node bin/greenlock.js update --subject example.com --challenge bar-http-01-baz
+node bin/greenlock.js remove --subject example.com
+
+# TODO test for failure
+# node bin/greenlock.js add --subject example.com
+# node bin/greenlock.js add --subject example --altnames example
+# node bin/greenlock.js add --subject example.com --altnames '*.example.com'
+# node bin/greenlock.js add --subject example.com --altnames '*.example.com,example.com'
+# node bin/greenlock.js update --altnames example.com
+# node bin/greenlock.js config foo.example.com

package/vendor/greenlock/tests/index.js

@@ -0,0 +1,53 @@
+'use strict';
+
+require('dotenv').config();
+var log = require('lemonlog')('greenlock-test');
+
+var Greenlock = require('../');
+
+var subject = process.env.BASE_DOMAIN;
+var altnames = [subject, '*.' + subject, 'foo.bar.' + subject];
+var email = process.env.SUBSCRIBER_EMAIL;
+var challenge = JSON.parse(process.env.CHALLENGE_OPTIONS);
+challenge.module = process.env.CHALLENGE_PLUGIN;
+
+var greenlock = Greenlock.create({
+    packageAgent: 'Greenlock_Test/v0',
+    maintainerEmail: email,
+    staging: true,
+    manager: require('greenlock-manager-fs').create({
+        //configFile: '~/.config/greenlock/certs.json',
+    })
+});
+
+greenlock.manager
+    .defaults({
+        agreeToTerms: true,
+        subscriberEmail: email,
+        challenges: {
+            'dns-01': challenge
+        }
+        //store: args.storeOpts,
+        //renewOffset: args.renewOffset || '30d',
+        //renewStagger: '1d'
+    })
+    .then(function() {
+        return greenlock
+            .add({
+                subject: subject,
+                altnames: altnames,
+                subscriberEmail: email
+            })
+            .then(function() {
+                return greenlock
+                    .get({ servername: subject })
+                    .then(function(pems) {
+                        if (pems && pems.privkey && pems.cert && pems.chain) {
+                            log.info('Success');
+                        }
+                    });
+            });
+    })
+    .catch(function(e) {
+        log.error('Test failed: %s', e.code, e);
+    });

package/vendor/greenlock/user-events.js

@@ -0,0 +1,7 @@
+'use strict';
+
+var UserEvents = module.exports;
+
+UserEvents.notify = function() {
+    // TODO not implemented yet
+};