🔱: [acme] sync upgrade with 10 commits [trident-sync]

Bump v5.2.0 - package.json Bump v5.2.0 yarn -> npm CHANGELOG and tests for #76 Fix tests Update auto.js: wait for all challenge promises before exit Fixes #75 CHANGELOG and tests for #66 Fix lint errors Allow self-signed or invalid certificate when evaluating verifyHttpChallenge
2026-04-28 07:57:25 +08:00 · 2024-01-22 19:24:37 +00:00
parent 18865f0931
commit 08c1f338d5
11 changed files with 119 additions and 17 deletions
@@ -129,7 +129,7 @@ describe('pebble', () => {
        });

        it('should add challenge response', async () => {
-            const resp = await cts.addHttps01ChallengeResponse(testHttps01ChallengeToken, testHttps01ChallengeContent, testHttps01ChallengeHost, httpsPort);
+            const resp = await cts.addHttps01ChallengeResponse(testHttps01ChallengeToken, testHttps01ChallengeContent, testHttps01ChallengeHost);
            assert.isTrue(resp);
        });

@@ -17,6 +17,10 @@ describe('verify', () => {
    const testHttp01Challenge = { type: 'http-01', status: 'pending', token: uuid() };
    const testHttp01Key = uuid();

+    const testHttps01Authz = { identifier: { type: 'dns', value: `${uuid()}.${domainName}` } };
+    const testHttps01Challenge = { type: 'http-01', status: 'pending', token: uuid() };
+    const testHttps01Key = uuid();
+
    const testDns01Authz = { identifier: { type: 'dns', value: `${uuid()}.${domainName}` } };
    const testDns01Challenge = { type: 'dns-01', status: 'pending', token: uuid() };
    const testDns01Key = uuid();
@@ -74,6 +78,27 @@ describe('verify', () => {
    });


+    /**
+     * https-01
+     */
+
+    describe('https-01', () => {
+        it('should reject challenge', async () => {
+            await assert.isRejected(verify['http-01'](testHttps01Authz, testHttps01Challenge, testHttps01Key));
+        });
+
+        it('should mock challenge response', async () => {
+            const resp = await cts.addHttps01ChallengeResponse(testHttps01Challenge.token, testHttps01Key, testHttps01Authz.identifier.value);
+            assert.isTrue(resp);
+        });
+
+        it('should verify challenge', async () => {
+            const resp = await verify['http-01'](testHttps01Authz, testHttps01Challenge, testHttps01Key);
+            assert.isTrue(resp);
+        });
+    });
+
+
    /**
     * dns-01
     */
@@ -32,6 +32,7 @@ if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY)
 describe('client.auto', () => {
    const testDomain = `${uuid()}.${domainName}`;
    const testHttpDomain = `${uuid()}.${domainName}`;
+    const testHttpsDomain = `${uuid()}.${domainName}`;
    const testDnsDomain = `${uuid()}.${domainName}`;
    const testWildcardDomain = `${uuid()}.${domainName}`;

@@ -178,6 +179,38 @@ describe('client.auto', () => {
                assert.isString(cert);
            });

+            it('should settle all challenges before rejecting', async () => {
+                const results = [];
+                const [, csr] = await acme.crypto.createCsr({
+                    commonName: `${uuid()}.${domainName}`,
+                    altNames: [
+                        `${uuid()}.${domainName}`,
+                        `${uuid()}.${domainName}`,
+                        `${uuid()}.${domainName}`,
+                        `${uuid()}.${domainName}`
+                    ]
+                }, await createKeyFn());
+
+                await assert.isRejected(testClient.auto({
+                    csr,
+                    termsOfServiceAgreed: true,
+                    challengeCreateFn: async (...args) => {
+                        if ([0, 1, 2].includes(results.length)) {
+                            results.push(false);
+                            throw new Error('oops');
+                        }
+
+                        await new Promise((resolve) => { setTimeout(resolve, 500); });
+                        results.push(true);
+                        return cts.challengeCreateFn(...args);
+                    },
+                    challengeRemoveFn: cts.challengeRemoveFn
+                }));
+
+                assert.strictEqual(results.length, 5);
+                assert.deepStrictEqual(results, [false, false, false, true, true]);
+            });
+

            /**
             * Order certificates
@@ -215,6 +248,22 @@ describe('client.auto', () => {
                assert.isString(cert);
            });

+            it('should order certificate using https-01', async () => {
+                const [, csr] = await acme.crypto.createCsr({
+                    commonName: testHttpsDomain
+                }, await createKeyFn());
+
+                const cert = await testClient.auto({
+                    csr,
+                    termsOfServiceAgreed: true,
+                    challengeCreateFn: cts.assertHttpsChallengeCreateFn,
+                    challengeRemoveFn: cts.challengeRemoveFn,
+                    challengePriority: ['http-01']
+                });
+
+                assert.isString(cert);
+            });
+
            it('should order certificate using dns-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
                    commonName: testDnsDomain
@@ -6,6 +6,7 @@ const { assert } = require('chai');
 const axios = require('./../src/axios');

 const apiBaseUrl = process.env.ACME_CHALLTESTSRV_URL || null;
+const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;


 /**
@@ -50,11 +51,11 @@ async function addHttp01ChallengeResponse(token, content) {
    return request('add-http01', { token, content });
 }

-async function addHttps01ChallengeResponse(token, content, targetHostname, targetPort = 443) {
+async function addHttps01ChallengeResponse(token, content, targetHostname) {
    await addHttp01ChallengeResponse(token, content);
    return request('add-redirect', {
        path: `/.well-known/acme-challenge/${token}`,
-        targetURL: `https://${targetHostname}:${targetPort}/.well-known/acme-challenge/${token}`
+        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`
    });
 }

@@ -76,6 +77,11 @@ async function assertHttpChallengeCreateFn(authz, challenge, keyAuthorization) {
    return addHttp01ChallengeResponse(challenge.token, keyAuthorization);
 }

+async function assertHttpsChallengeCreateFn(authz, challenge, keyAuthorization) {
+    assert.strictEqual(challenge.type, 'http-01');
+    return addHttps01ChallengeResponse(challenge.token, keyAuthorization, authz.identifier.value);
+}
+
 async function assertDnsChallengeCreateFn(authz, challenge, keyAuthorization) {
    assert.strictEqual(challenge.type, 'dns-01');
    return addDns01ChallengeResponse(`_acme-challenge.${authz.identifier.value}.`, keyAuthorization);
@@ -98,5 +104,6 @@ exports.challengeNoopFn = async () => true;
 exports.challengeThrowFn = async () => { throw new Error('oops'); };

 exports.assertHttpChallengeCreateFn = assertHttpChallengeCreateFn;
+exports.assertHttpsChallengeCreateFn = assertHttpsChallengeCreateFn;
 exports.assertDnsChallengeCreateFn = assertDnsChallengeCreateFn;
 exports.challengeCreateFn = challengeCreateFn;