v3.0.4: ACME challenge reference implementation for Greenlock v2.7+ (and v3)

README.md

@@ -1,4 +1,4 @@
-# [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git)
+# [greenlock-challenge-manual](https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js)
 
 | A [Root](https://rootprojects.org) Project |
 
@@ -6,21 +6,22 @@ An extremely simple reference implementation
 of an ACME (Let's Encrypt) challenge strategy
 for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js) v2.7+ (and v3).
 
-* Prints the ACME challenge details to the terminal (and waits for you to hit enter before continuing)
+* Prints the ACME challenge details to the terminal
-* Asks you to enter the change response.
+  * (waits for you to hit enter before continuing)
-* Let's you know it's safeto remove the challenge.
+* Asks you to enter the challenge response.
+* Let's you know it's safe to remove the challenge.
 
 Other ACME Challenge Reference Implementations:
 
-* [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git)
+* [**greenlock-challenge-manual**](https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js)
-* [le-challenge-http](https://git.coolaj86.com/coolaj86/le-challenge-http.js.git)
+* [greenlock-challenge-http](https://git.coolaj86.com/coolaj86/greenlock-challenge-http.js)
-* [le-challenge-dns](https://git.coolaj86.com/coolaj86/le-challenge-dns.js.git)
+* [greenlock-challenge-dns](https://git.coolaj86.com/coolaj86/greenlock-challenge-dns.js)
 
 Install
 -------
 
 ```bash
-npm install --save le-challenge-manual@3.x
+npm install --save greenlock-challenge-manual@3.x
 ```
 
 Usage
@@ -31,9 +32,9 @@ var Greenlock = require('greenlock');
 
 Greenlock.create({
   ...
-, challenges: { 'http-01': require('le-challenge-manual')
+, challenges: { 'http-01': require('greenlock-challenge-manual')
-              , 'dns-01': require('le-challenge-manual')
+              , 'dns-01': require('greenlock-challenge-manual')
-              , 'tls-alpn-01': require('le-challenge-manual')
+              , 'tls-alpn-01': require('greenlock-challenge-manual')
               }
   ...
 });

index.js

@@ -3,17 +3,12 @@
 
 var Challenge = module.exports;
 
-// IMPORTANT
-//
-// These are all PROMISIFIED by Greenlock in such a way that
-// it doesn't matter whether you return synchronously, asynchronously,
-// or even node-style callback thunk.
-//
-// Typically you should be using a promise or async function,
-// but choose whichever makes sense for you.
 Challenge.create = function (config) {
   // If your implementation needs config options, set them. Otherwise, don't bother (duh).
 
+  var http01 = require('greenlock-challenge-http').create(config);
+  var dns01 = require('greenlock-challenge-dns').create(config);
+
   var challenger = {};
 
   // Note: normally you'd implement these right here, but for the sake of
@@ -21,11 +16,13 @@ Challenge.create = function (config) {
 
   // call out to set the challenge, wherever
   challenger.set = function (opts, cb) {
+    // Note: this can be defined as a thunk (like this) or a Promise
+
     var ch = opts.challenge;
     if ('http-01' === ch.type) {
-      return Challenge._setHttp(opts, cb);
+      return http01.set(opts, cb);
     } else if ('dns-01' === ch.type) {
-      return Challenge._setDns(opts, cb);
+      return dns01.set(opts, cb);
     } else {
       return Challenge._setAny(opts, cb);
     }
@@ -33,25 +30,28 @@ Challenge.create = function (config) {
 
   // call out to remove the challenge, wherever
   challenger.remove = function (opts) {
+    // Note: this can be defined synchronously (like this) or as a Promise, or a thunk
+
     var ch = opts.challenge;
     if ('http-01' === ch.type) {
-      return Challenge._removeHttp(opts);
+      return http01.remove(opts);
     } else if ('dns-01' === ch.type) {
-      return Challenge._removeDns(opts);
+      return dns01.remove(opts);
     } else {
       return Challenge._removeAny(opts);
     }
   };
 
-  // only really useful for http,
+  // only really useful for http
-  // but probably not so much in this context...
+  // (and tls-alpn-01, which isn't implemented yet)
-  // (though you can test it and it'll work)
   challenger.get = function (opts) {
+    // Note: this can be defined as a Promise (like this) or synchronously, or a thunk
+
     var ch = opts.challenge;
     if ('http-01' === ch.type) {
-      return Challenge._get(opts);
+      return http01.get(opts);
     } else if ('dns-01' === ch.type) {
-      return Challenge._get(opts);
+      return dns01.get(opts);
     } else {
       return Challenge._get(opts);
     }
@@ -64,71 +64,16 @@ Challenge.create = function (config) {
   return challenger;
 };
 
-// Show the user the token and key and wait for them to be ready to continue
-Challenge._setHttp = function (args, cb) {
-  // Using a node-style callback "thunk" in this example, because that makes
-
-  var ch = args.challenge;
-  console.info("[ACME http-01 '" + ch.altname + "' CHALLENGE]");
-  console.info("Your mission (since you chose to accept it):");
-  console.info("First, you must create a file with the following name and contents.");
-  console.info("Then, by any means necessary, you cause that file to appear at the specified URL.");
-  console.info("");
-  console.info("\tFilename: " + ch.token);
-  console.info("\tContents: " + ch.keyAuthorization);
-  // TODO let acme-v2 handle generating this url
-  console.info('\tURL: http://' + ch.altname + '/.well-known/acme-challenge/' + ch.token);
-  console.info("");
-  if (args.debug) {
-    console.info("And, if you need additional information for debugging:");
-    console.info("");
-    console.info(JSON.stringify(httpChallengeToJson(ch), null, 2).replace(/^/gm, '\t'));
-    console.info("");
-  }
-  console.info("This message won't self-destruct, but you may press hit the any as soon as you're ready to continue...");
-  console.info("[Press the ANY key to continue...]");
-
-  process.stdin.resume();
-  process.stdin.once('data', function () {
-    process.stdin.pause();
-    cb(null, null);
-  });
-};
-
-Challenge._setDns = function (args, cb) {
-  // Using a node-style callback "thunk" in this example, because that makes
-
-  var ch = args.challenge;
-  console.info("[ACME dns-01 '" + ch.altname + "' CHALLENGE]");
-  console.info("Your mission (since you chose to accept it):");
-  console.info("First, you must create a DNS record with the following parameters:");
-  console.info("");
-  console.info(ch.dnsHost + "\tTXT\t" + ch.dnsKeyAuthorization + "\tTTL 60");
-  console.info("");
-  console.info("Next, wait, no... there is no next.");
-  if (args.debug) {
-    console.log("Oh, did you want this?");
-    console.info("");
-    console.info(JSON.stringify(dnsChallengeToJson(ch), null, 2).replace(/^/gm, '\t'));
-    console.info("");
-  }
-  console.info("[Press the ANY key to continue...]");
-
-  process.stdin.resume();
-  process.stdin.once('data', function () {
-    process.stdin.pause();
-    cb(null, null);
-  });
-};
-
 Challenge._setAny = function (args, cb) {
   var ch = args.challenge;
   console.info("[ACME " + ch.type + " '" + ch.altname + "' CHALLENGE]");
-  console.info("There's no quippy pre-programmed response for this type of challenge.");
+  console.info("Your mission (since you chose to accept it):");
-  console.info("I have no idea what you intend to do, but I'll tell you everything I know:");
+  console.info("You must, by whatever means necessary, use the following information"
+    + " to make a device or service ready to respond to a '" + ch.type + "' request.");
   console.info("");
   console.info(JSON.stringify(ch, null, 2).replace(/^/gm, '\t'));
   console.info("");
+  console.info("Press the any key once the response is ready to continue with the '" + ch.type + "' challenge process");
   console.info("[Press the ANY key to continue...]");
 
   process.stdin.resume();
@@ -138,60 +83,38 @@ Challenge._setAny = function (args, cb) {
   });
 };
 
-// might as well tell the user that whatever they were setting up has been checked
-Challenge._removeHttp = function (args) {
-  var ch = args.challenge;
-  console.info("");
-  console.info("Challenge for '" + ch.altname + "' complete. You can delete this file now:");
-  console.info('\thttp://' + ch.altname + '/.well-known/acme-challenge/' + ch.token);
-  console.info("");
-
-  // this can return null or a Promise null
-  // (or callback null, just like the set() above)
-  return null;
-};
-Challenge._removeDns = function (args) {
-  var ch = args.challenge;
-  console.info("");
-  console.info("Challenge for '" + ch.altname + "' complete. You can remove this record now:");
-  console.info("\t" + ch.dnsHost + "\tTXT\t" + ch.dnsKeyAuthorization + "\tTTL 60");
-  console.info("");
-
-  // this can return null or a Promise null
-  // (or callback null, just like the set() above)
-  return null;
-};
 Challenge._removeAny = function (args) {
   var ch = args.challenge;
   console.info("");
-  console.info("Challenge for '" + ch.altname + "' complete. You can now undo what you did.");
+  console.info("[ACME " + ch.type + " '" + ch.altname + "' COMPLETE]: " + ch.status);
+  console.info("You may now undo whatever you did to create and ready the response.");
   console.info("");
 
-  // this can return null or a Promise null
-  // (or callback null, just like set() above)
   return null;
 };
 
-// nothing to do here, that's why it's manual
+// This can be used for http-01 and tls-alpn-01 (when it's available), but not dns-01.
+// And not all http-01 or tls-alpn-01 strategies will need to implement this.
 Challenge._get = function (args) {
   var ch = args.challenge;
 
   if (!Challenge._getCache[ch.altname + ':' + ch.token]) {
     Challenge._getCache[ch.altname + ':' + ch.token] = true;
     console.info("");
-    console.info('GET http://' + ch.altname + '/.well-known/acme-challenge/' + ch.token);
+    console.info("[ACME " + ch.type + " '" + ch.altname + "' REQUEST]: " + ch.status);
-    console.info("It's time to painstakingly type out the ACME challenge response with your bear hands. Yes. Your bear hands.");
+    console.info("The '" + ch.type + "' challenge request has arrived!");
+    console.info("It's now time to painstakingly type out the expected response object with your bear hands.");
+    console.log("Yes. Your bear hands.");
+    console.log('ex: { "keyAuthorization": "xxxxxxxx.yyyyyyyy" }');
     process.stdout.write("> ");
   }
 
-  // Using a promise here just to show that Promises are support
-  // (in fact, they're the default)
   return new Promise(function (resolve, reject) {
     process.stdin.resume();
     process.stdin.once('error', reject);
     process.stdin.once('data', function (chunk) {
       process.stdin.pause();
-      var result = chunk.toString();
+      var result = chunk.toString('utf8').trim();
       try {
         result = JSON.parse(result);
       } catch(e) {
@@ -204,31 +127,3 @@ Challenge._get = function (args) {
 };
 // Because the ACME server will hammer us with requests, and that's confusing during a manual test:
 Challenge._getCache = {};
-
-function httpChallengeToJson(ch) {
-  return {
-    type: ch.type
-  , altname: ch.altname
-  , identifier: ch.identifier
-  , wildcard: false
-  , expires: ch.expires
-  , token: ch.token
-  , thumbprint: ch.thumbprint
-  , keyAuthorization: ch.keyAuthorization
-  };
-}
-
-function dnsChallengeToJson(ch) {
-  return {
-    type: ch.type
-  , altname: '*.example.com'
-  , identifier: ch.identifier
-  , wildcard: ch.wildcard
-  , expires: ch.expires
-  , token: ch.token
-  , thumbprint: ch.thumbprint
-  , keyAuthorization: ch.keyAuthorization
-  , dnsHost: ch.dnsHost
-  , dnsAuthorization: ch.dnsAuthorization
-  };
-}

package-lock.json

@@ -1,5 +1,18 @@
 {
-  "name": "le-challenge-manual",
+  "name": "greenlock-challenge-manual",
-  "version": "2.1.1",
+  "version": "3.0.4",
-  "lockfileVersion": 1
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "greenlock-challenge-dns": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/greenlock-challenge-dns/-/greenlock-challenge-dns-3.0.4.tgz",
+      "integrity": "sha512-CJI9RAtrZl9ICldyU5cRGzb1/wIbS3O+MJy9z7gKb7fLDNF7Wmw9Fv2agBLSOtIPr7TYgyyesvt8ppA4OIS+yg=="
+    },
+    "greenlock-challenge-http": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/greenlock-challenge-http/-/greenlock-challenge-http-3.0.1.tgz",
+      "integrity": "sha512-u+r8VtT+Qve0wucVZEPivFRT7DP+Jfl7McGMbna0BFVvAc+NJyOJGyvBa6aGDi4qgEhx7pjh0yCsCEKDHI2zDw=="
+    }
+  }
 }

package.json

@@ -1,22 +1,21 @@
 {
-  "name": "le-challenge-manual",
+  "name": "greenlock-challenge-manual",
-  "version": "3.0.1",
+  "version": "3.0.4",
   "description": "A cli-based strategy for node-letsencrypt. Prints the ACME challenge Token and Key and then waits for you to hit enter before continuing.",
   "main": "index.js",
-  "homepage": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js",
+  "homepage": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js",
   "scripts": {
     "test": "node test.js"
   },
   "repository": {
     "type": "git",
-    "url": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git"
+    "url": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js.git"
   },
   "keywords": [
-    "le-challenge",
+    "Let's Encrypt",
-    "le-challenge-",
+    "ACME",
+    "challenge",
     "manual",
-    "acme",
-    "letsencrypt",
     "certbot",
     "cli",
     "commandline"
@@ -24,6 +23,10 @@
   "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
   "license": "MPL-2.0",
   "bugs": {
-    "url": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js/issues"
+    "url": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js/issues"
+  },
+  "dependencies": {
+    "greenlock-challenge-dns": "^3.0.3",
+    "greenlock-challenge-http": "^3.0.0"
   }
 }

test.js

@@ -1,50 +1,25 @@
 'use strict';
-/*global Promise*/
 
-var challenge = require('./').create({});
+var tester = require('greenlock-challenge-test');
 
-var opts = challenge.getOptions && challenge.getOptions() || challenge.options;
+var challenger = require('./').create({});
 
-function run() {
+// The dry-run tests can pass on, literally, 'example.com'
-  // this will cause the prompt to appear
+// but the integration tests require that you have control over the domain
-  return new Promise(function (resolve, reject) {
+var domain = 'example.com';
-    challenge.set(opts, function () {
+var wildname = '*.example.com';
-      // this will cause the final completion message to appear
+
-      return Promise.resolve(challenge.remove(opts)).then(resolve).catch(reject);
+tester.test('http-01', domain, challenger).then(function () {
-    });
+  console.info("PASS http-01");
+  return tester.test('dns-01', wildname, challenger).then(function () {
+    console.info("PASS dns-01");
   });
-}
-
-opts.challenge = {
-  type: 'http-01'
-, identifier: { type: 'dns', value: 'example.com' }
-, wildcard: false
-, expires: '2012-01-01T12:00:00.000Z'
-, token: 'abc123'
-, thumbprint: '<<account key thumbprint>>'
-, keyAuthorization: 'abc123.xxxx'
-, dnsHost: '_acme-challenge.example.com'
-, dnsAuthorization: 'yyyy'
-, altname: 'example.com'
-};
-run(opts).then(function () {
-  opts.challenge = {
-    type: 'dns-01'
-  , identifier: { type: 'dns', value: 'example.com' }
-  , wildcard: true
-  , expires: '2012-01-01T12:00:00.000Z'
-  , token: 'abc123'
-  , thumbprint: '<<account key thumbprint>>'
-  , keyAuthorization: 'abc123.xxxx'
-  , dnsHost: '_acme-challenge.example.com'
-  , dnsAuthorization: 'yyyy'
-  , altname: '*.example.com'
-  };
-  return run(opts);
 }).then(function () {
-  console.info("PASS");
+  return tester.test('fake-01', domain, challenger).then(function () {
+    console.info("PASS fake-01");
+  });
 }).catch(function (err) {
   console.error("FAIL");
   console.error(err);
-  process.exit(17);
+  process.exit(20);
 });