coolaj86/greenlock-challenge-manual.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolaj86:v3.0.1
Branches Tags
coolaj86:master
coolaj86:v3.0.4
coolaj86:v3.0.3
coolaj86:v3.0.2
coolaj86:v3.0.1
coolaj86:v3.0.0
coolaj86:v2.1.1
coolaj86:v2.0.0
..
compare: coolaj86:master
Branches Tags
coolaj86:master
coolaj86:v3.0.4
coolaj86:v3.0.3
coolaj86:v3.0.2
coolaj86:v3.0.1
coolaj86:v3.0.0
coolaj86:v2.1.1
coolaj86:v2.0.0

3 Commits
v3.0.1 ... master

Author SHA1 Message Date
AJ ONeal
0997ac76cf v3.0.4: ACME challenge reference implementation for Greenlock v2.7+ (and v3) 2019-04-07 17:43:47 -06:00
AJ ONeal
d5d44ea2d2 v3.0.3: update deps 2019-04-06 02:37:52 -06:00
AJ ONeal
bd907f2004 v3.0.2: include other reference implementations, typo fixes 2019-04-06 01:43:39 -06:00
5 changed files with 86 additions and 199 deletions
Show Stats Expand all files Collapse all files

23
README.md
View File

@ -1,4 +1,4 @@
# [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git)
# [greenlock-challenge-manual](https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js)
| A [Root](https://rootprojects.org) Project |
@ -6,21 +6,22 @@ An extremely simple reference implementation
of an ACME (Let's Encrypt) challenge strategy
for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js) v2.7+ (and v3).
* Prints the ACME challenge details to the terminal (and waits for you to hit enter before continuing)
* Asks you to enter the change response.
* Let's you know it's safeto remove the challenge.
* Prints the ACME challenge details to the terminal
* (waits for you to hit enter before continuing)
* Asks you to enter the challenge response.
* Let's you know it's safe to remove the challenge.
Other ACME Challenge Reference Implementations:
* [le-challenge-manual](https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git)
* [le-challenge-http](https://git.coolaj86.com/coolaj86/le-challenge-http.js.git)
* [le-challenge-dns](https://git.coolaj86.com/coolaj86/le-challenge-dns.js.git)
* [**greenlock-challenge-manual**](https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js)
* [greenlock-challenge-http](https://git.coolaj86.com/coolaj86/greenlock-challenge-http.js)
* [greenlock-challenge-dns](https://git.coolaj86.com/coolaj86/greenlock-challenge-dns.js)
Install
-------
```bash
npm install --save le-challenge-manual@3.x
npm install --save greenlock-challenge-manual@3.x
```
Usage
@ -31,9 +32,9 @@ var Greenlock = require('greenlock');
Greenlock.create({
...
, challenges: { 'http-01': require('le-challenge-manual')
, 'dns-01': require('le-challenge-manual')
, 'tls-alpn-01': require('le-challenge-manual')
, challenges: { 'http-01': require('greenlock-challenge-manual')
, 'dns-01': require('greenlock-challenge-manual')
, 'tls-alpn-01': require('greenlock-challenge-manual')
}
...
});

167
index.js
View File

@ -3,17 +3,12 @@
var Challenge = module.exports;
// IMPORTANT
//
// These are all PROMISIFIED by Greenlock in such a way that
// it doesn't matter whether you return synchronously, asynchronously,
// or even node-style callback thunk.
//
// Typically you should be using a promise or async function,
// but choose whichever makes sense for you.
Challenge.create = function (config) {
// If your implementation needs config options, set them. Otherwise, don't bother (duh).
var http01 = require('greenlock-challenge-http').create(config);
var dns01 = require('greenlock-challenge-dns').create(config);
var challenger = {};
// Note: normally you'd implement these right here, but for the sake of
@ -21,11 +16,13 @@ Challenge.create = function (config) {
// call out to set the challenge, wherever
challenger.set = function (opts, cb) {
// Note: this can be defined as a thunk (like this) or a Promise
var ch = opts.challenge;
if ('http-01' === ch.type) {
return Challenge._setHttp(opts, cb);
return http01.set(opts, cb);
} else if ('dns-01' === ch.type) {
return Challenge._setDns(opts, cb);
return dns01.set(opts, cb);
} else {
return Challenge._setAny(opts, cb);
}
@ -33,25 +30,28 @@ Challenge.create = function (config) {
// call out to remove the challenge, wherever
challenger.remove = function (opts) {
// Note: this can be defined synchronously (like this) or as a Promise, or a thunk
var ch = opts.challenge;
if ('http-01' === ch.type) {
return Challenge._removeHttp(opts);
return http01.remove(opts);
} else if ('dns-01' === ch.type) {
return Challenge._removeDns(opts);
return dns01.remove(opts);
} else {
return Challenge._removeAny(opts);
}
};
// only really useful for http,
// but probably not so much in this context...
// (though you can test it and it'll work)
// only really useful for http
// (and tls-alpn-01, which isn't implemented yet)
challenger.get = function (opts) {
// Note: this can be defined as a Promise (like this) or synchronously, or a thunk
var ch = opts.challenge;
if ('http-01' === ch.type) {
return Challenge._get(opts);
return http01.get(opts);
} else if ('dns-01' === ch.type) {
return Challenge._get(opts);
return dns01.get(opts);
} else {
return Challenge._get(opts);
}
@ -64,71 +64,16 @@ Challenge.create = function (config) {
return challenger;
};
// Show the user the token and key and wait for them to be ready to continue
Challenge._setHttp = function (args, cb) {
// Using a node-style callback "thunk" in this example, because that makes
var ch = args.challenge;
console.info("[ACME http-01 '" + ch.altname + "' CHALLENGE]");
console.info("Your mission (since you chose to accept it):");
console.info("First, you must create a file with the following name and contents.");
console.info("Then, by any means necessary, you cause that file to appear at the specified URL.");
console.info("");
console.info("\tFilename: " + ch.token);
console.info("\tContents: " + ch.keyAuthorization);
// TODO let acme-v2 handle generating this url
console.info('\tURL: http://' + ch.altname + '/.well-known/acme-challenge/' + ch.token);
console.info("");
if (args.debug) {
console.info("And, if you need additional information for debugging:");
console.info("");
console.info(JSON.stringify(httpChallengeToJson(ch), null, 2).replace(/^/gm, '\t'));
console.info("");
}
console.info("This message won't self-destruct, but you may press hit the any as soon as you're ready to continue...");
console.info("[Press the ANY key to continue...]");
process.stdin.resume();
process.stdin.once('data', function () {
process.stdin.pause();
cb(null, null);
});
};
Challenge._setDns = function (args, cb) {
// Using a node-style callback "thunk" in this example, because that makes
var ch = args.challenge;
console.info("[ACME dns-01 '" + ch.altname + "' CHALLENGE]");
console.info("Your mission (since you chose to accept it):");
console.info("First, you must create a DNS record with the following parameters:");
console.info("");
console.info(ch.dnsHost + "\tTXT\t" + ch.dnsKeyAuthorization + "\tTTL 60");
console.info("");
console.info("Next, wait, no... there is no next.");
if (args.debug) {
console.log("Oh, did you want this?");
console.info("");
console.info(JSON.stringify(dnsChallengeToJson(ch), null, 2).replace(/^/gm, '\t'));
console.info("");
}
console.info("[Press the ANY key to continue...]");
process.stdin.resume();
process.stdin.once('data', function () {
process.stdin.pause();
cb(null, null);
});
};
Challenge._setAny = function (args, cb) {
var ch = args.challenge;
console.info("[ACME " + ch.type + " '" + ch.altname + "' CHALLENGE]");
console.info("There's no quippy pre-programmed response for this type of challenge.");
console.info("I have no idea what you intend to do, but I'll tell you everything I know:");
console.info("Your mission (since you chose to accept it):");
console.info("You must, by whatever means necessary, use the following information"
+ " to make a device or service ready to respond to a '" + ch.type + "' request.");
console.info("");
console.info(JSON.stringify(ch, null, 2).replace(/^/gm, '\t'));
console.info("");
console.info("Press the any key once the response is ready to continue with the '" + ch.type + "' challenge process");
console.info("[Press the ANY key to continue...]");
process.stdin.resume();
@ -138,60 +83,38 @@ Challenge._setAny = function (args, cb) {
});
};
// might as well tell the user that whatever they were setting up has been checked
Challenge._removeHttp = function (args) {
var ch = args.challenge;
console.info("");
console.info("Challenge for '" + ch.altname + "' complete. You can delete this file now:");
console.info('\thttp://' + ch.altname + '/.well-known/acme-challenge/' + ch.token);
console.info("");
// this can return null or a Promise null
// (or callback null, just like the set() above)
return null;
};
Challenge._removeDns = function (args) {
var ch = args.challenge;
console.info("");
console.info("Challenge for '" + ch.altname + "' complete. You can remove this record now:");
console.info("\t" + ch.dnsHost + "\tTXT\t" + ch.dnsKeyAuthorization + "\tTTL 60");
console.info("");
// this can return null or a Promise null
// (or callback null, just like the set() above)
return null;
};
Challenge._removeAny = function (args) {
var ch = args.challenge;
console.info("");
console.info("Challenge for '" + ch.altname + "' complete. You can now undo what you did.");
console.info("[ACME " + ch.type + " '" + ch.altname + "' COMPLETE]: " + ch.status);
console.info("You may now undo whatever you did to create and ready the response.");
console.info("");
// this can return null or a Promise null
// (or callback null, just like set() above)
return null;
};
// nothing to do here, that's why it's manual
// This can be used for http-01 and tls-alpn-01 (when it's available), but not dns-01.
// And not all http-01 or tls-alpn-01 strategies will need to implement this.
Challenge._get = function (args) {
var ch = args.challenge;
if (!Challenge._getCache[ch.altname + ':' + ch.token]) {
Challenge._getCache[ch.altname + ':' + ch.token] = true;
console.info("");
console.info('GET http://' + ch.altname + '/.well-known/acme-challenge/' + ch.token);
console.info("It's time to painstakingly type out the ACME challenge response with your bear hands. Yes. Your bear hands.");
console.info("[ACME " + ch.type + " '" + ch.altname + "' REQUEST]: " + ch.status);
console.info("The '" + ch.type + "' challenge request has arrived!");
console.info("It's now time to painstakingly type out the expected response object with your bear hands.");
console.log("Yes. Your bear hands.");
console.log('ex: { "keyAuthorization": "xxxxxxxx.yyyyyyyy" }');
process.stdout.write("> ");
}
// Using a promise here just to show that Promises are support
// (in fact, they're the default)
return new Promise(function (resolve, reject) {
process.stdin.resume();
process.stdin.once('error', reject);
process.stdin.once('data', function (chunk) {
process.stdin.pause();
var result = chunk.toString();
var result = chunk.toString('utf8').trim();
try {
result = JSON.parse(result);
} catch(e) {
@ -204,31 +127,3 @@ Challenge._get = function (args) {
};
// Because the ACME server will hammer us with requests, and that's confusing during a manual test:
Challenge._getCache = {};
function httpChallengeToJson(ch) {
return {
type: ch.type
, altname: ch.altname
, identifier: ch.identifier
, wildcard: false
, expires: ch.expires
, token: ch.token
, thumbprint: ch.thumbprint
, keyAuthorization: ch.keyAuthorization
};
}
function dnsChallengeToJson(ch) {
return {
type: ch.type
, altname: '*.example.com'
, identifier: ch.identifier
, wildcard: ch.wildcard
, expires: ch.expires
, token: ch.token
, thumbprint: ch.thumbprint
, keyAuthorization: ch.keyAuthorization
, dnsHost: ch.dnsHost
, dnsAuthorization: ch.dnsAuthorization
};
}

19
package-lock.json generated
View File

@ -1,5 +1,18 @@
{
"name": "le-challenge-manual",
"version": "2.1.1",
"lockfileVersion": 1
"name": "greenlock-challenge-manual",
"version": "3.0.4",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"greenlock-challenge-dns": {
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/greenlock-challenge-dns/-/greenlock-challenge-dns-3.0.4.tgz",
"integrity": "sha512-CJI9RAtrZl9ICldyU5cRGzb1/wIbS3O+MJy9z7gKb7fLDNF7Wmw9Fv2agBLSOtIPr7TYgyyesvt8ppA4OIS+yg=="
},
"greenlock-challenge-http": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/greenlock-challenge-http/-/greenlock-challenge-http-3.0.1.tgz",
"integrity": "sha512-u+r8VtT+Qve0wucVZEPivFRT7DP+Jfl7McGMbna0BFVvAc+NJyOJGyvBa6aGDi4qgEhx7pjh0yCsCEKDHI2zDw=="
}
}
}

21
package.json
View File

@ -1,22 +1,21 @@
{
"name": "le-challenge-manual",
"version": "3.0.1",
"name": "greenlock-challenge-manual",
"version": "3.0.4",
"description": "A cli-based strategy for node-letsencrypt. Prints the ACME challenge Token and Key and then waits for you to hit enter before continuing.",
"main": "index.js",
"homepage": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js",
"homepage": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js",
"scripts": {
"test": "node test.js"
},
"repository": {
"type": "git",
"url": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js.git"
"url": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js.git"
},
"keywords": [
"le-challenge",
"le-challenge-",
"Let's Encrypt",
"ACME",
"challenge",
"manual",
"acme",
"letsencrypt",
"certbot",
"cli",
"commandline"
@ -24,6 +23,10 @@
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "MPL-2.0",
"bugs": {
"url": "https://git.coolaj86.com/coolaj86/le-challenge-manual.js/issues"
"url": "https://git.coolaj86.com/coolaj86/greenlock-challenge-manual.js/issues"
},
"dependencies": {
"greenlock-challenge-dns": "^3.0.3",
"greenlock-challenge-http": "^3.0.0"
}
}

55
test.js
View File

@ -1,50 +1,25 @@
'use strict';
/*global Promise*/
var challenge = require('./').create({});
var tester = require('greenlock-challenge-test');
var opts = challenge.getOptions && challenge.getOptions() || challenge.options;
var challenger = require('./').create({});
function run() {
// this will cause the prompt to appear
return new Promise(function (resolve, reject) {
challenge.set(opts, function () {
// this will cause the final completion message to appear
return Promise.resolve(challenge.remove(opts)).then(resolve).catch(reject);
// The dry-run tests can pass on, literally, 'example.com'
// but the integration tests require that you have control over the domain
var domain = 'example.com';
var wildname = '*.example.com';
tester.test('http-01', domain, challenger).then(function () {
console.info("PASS http-01");
return tester.test('dns-01', wildname, challenger).then(function () {
console.info("PASS dns-01");
});
});
}
opts.challenge = {
type: 'http-01'
, identifier: { type: 'dns', value: 'example.com' }
, wildcard: false
, expires: '2012-01-01T12:00:00.000Z'
, token: 'abc123'
, thumbprint: '<<account key thumbprint>>'
, keyAuthorization: 'abc123.xxxx'
, dnsHost: '_acme-challenge.example.com'
, dnsAuthorization: 'yyyy'
, altname: 'example.com'
};
run(opts).then(function () {
opts.challenge = {
type: 'dns-01'
, identifier: { type: 'dns', value: 'example.com' }
, wildcard: true
, expires: '2012-01-01T12:00:00.000Z'
, token: 'abc123'
, thumbprint: '<<account key thumbprint>>'
, keyAuthorization: 'abc123.xxxx'
, dnsHost: '_acme-challenge.example.com'
, dnsAuthorization: 'yyyy'
, altname: '*.example.com'
};
return run(opts);
}).then(function () {
console.info("PASS");
return tester.test('fake-01', domain, challenger).then(function () {
console.info("PASS fake-01");
});
}).catch(function (err) {
console.error("FAIL");
console.error(err);
process.exit(17);
process.exit(20);
});