🔱: [acme] sync upgrade with 3 commits [trident-sync]

Clean up eslintrc, style refactor and formatting fixes Update auto.js see https://github.com/publishlab/node-acme-client/issues/88#issuecomment-2105255828
2026-04-24 12:27:25 +08:00 · 2024-05-22 19:24:07 +00:00
parent c9d5cda953
commit 0f1ae6ccd9
34 changed files with 175 additions and 422 deletions
@@ -13,7 +13,6 @@ const forge = require('node-forge');

 const generateKeyPair = promisify(forge.pki.rsa.generateKeyPair);

-
 /**
 * Attempt to parse forge object from PEM encoded string
 *
@@ -54,7 +53,6 @@ function forgeObjectFromPem(input) {
    return result;
 }

-
 /**
 * Parse domain names from a certificate or CSR
 *
@@ -93,11 +91,10 @@ function parseDomains(obj) {

    return {
        commonName,
-        altNames
+        altNames,
    };
 }

-
 /**
 * Generate a private RSA key
 *
@@ -123,7 +120,6 @@ async function createPrivateKey(size = 2048) {

 exports.createPrivateKey = createPrivateKey;

-
 /**
 * Create public key from a private RSA key
 *
@@ -136,14 +132,13 @@ exports.createPrivateKey = createPrivateKey;
 * ```
 */

-exports.createPublicKey = async function(key) {
+exports.createPublicKey = async (key) => {
    const privateKey = forge.pki.privateKeyFromPem(key);
    const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e);
    const pemKey = forge.pki.publicKeyToPem(publicKey);
    return Buffer.from(pemKey);
 };

-
 /**
 * Parse body of PEM encoded object from buffer or string
 * If multiple objects are chained, the first body will be returned
@@ -157,7 +152,6 @@ exports.getPemBody = (str) => {
    return forge.util.encode64(msg.body);
 };

-
 /**
 * Split chain of PEM encoded objects from buffer or string into array
 *
@@ -167,7 +161,6 @@ exports.getPemBody = (str) => {

 exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);

-
 /**
 * Get modulus
 *
@@ -182,7 +175,7 @@ exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
 * ```
 */

-exports.getModulus = async function(input) {
+exports.getModulus = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -191,7 +184,6 @@ exports.getModulus = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.n.toString(16)), 'binary');
 };

-
 /**
 * Get public exponent
 *
@@ -206,7 +198,7 @@ exports.getModulus = async function(input) {
 * ```
 */

-exports.getPublicExponent = async function(input) {
+exports.getPublicExponent = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -215,7 +207,6 @@ exports.getPublicExponent = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.e.toString(16)), 'binary');
 };

-
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -231,7 +222,7 @@ exports.getPublicExponent = async function(input) {
 * ```
 */

-exports.readCsrDomains = async function(csr) {
+exports.readCsrDomains = async (csr) => {
    if (!Buffer.isBuffer(csr)) {
        csr = Buffer.from(csr);
    }
@@ -240,7 +231,6 @@ exports.readCsrDomains = async function(csr) {
    return parseDomains(obj);
 };

-
 /**
 * Read information from a certificate
 *
@@ -260,7 +250,7 @@ exports.readCsrDomains = async function(csr) {
 * ```
 */

-exports.readCertificateInfo = async function(cert) {
+exports.readCertificateInfo = async (cert) => {
    if (!Buffer.isBuffer(cert)) {
        cert = Buffer.from(cert);
    }
@@ -270,15 +260,14 @@ exports.readCertificateInfo = async function(cert) {

    return {
        issuer: {
-            commonName: issuerCn ? issuerCn.value : null
+            commonName: issuerCn ? issuerCn.value : null,
        },
        domains: parseDomains(obj),
        notAfter: obj.validity.notAfter,
-        notBefore: obj.validity.notBefore
+        notBefore: obj.validity.notBefore,
    };
 };

-
 /**
 * Determine ASN.1 type for CSR subject short name
 * Note: https://datatracker.ietf.org/doc/html/rfc5280
@@ -299,7 +288,6 @@ function getCsrValueTagClass(shortName) {
    }
 }

-
 /**
 * Create array of short names and values for Certificate Signing Request subjects
 *
@@ -319,7 +307,6 @@ function createCsrSubject(subjectObj) {
    }, []);
 }

-
 /**
 * Create array of alt names for Certificate Signing Requests
 * Note: https://github.com/digitalbazaar/forge/blob/dfdde475677a8a25c851e33e8f81dca60d90cfb9/lib/x509.js#L1444-L1454
@@ -336,7 +323,6 @@ function formatCsrAltNames(altNames) {
    });
 }

-
 /**
 * Create a Certificate Signing Request
 *
@@ -391,7 +377,7 @@ function formatCsrAltNames(altNames) {
 * }, certificateKey);
 */

-exports.createCsr = async function(data, key = null) {
+exports.createCsr = async (data, key = null) => {
    if (!key) {
        key = await createPrivateKey(data.keySize);
    }
@@ -423,7 +409,7 @@ exports.createCsr = async function(data, key = null) {
        L: data.locality,
        O: data.organization,
        OU: data.organizationUnit,
-        E: data.emailAddress
+        E: data.emailAddress,
    });

    csr.setSubject(subject);
@@ -434,8 +420,8 @@ exports.createCsr = async function(data, key = null) {
            name: 'extensionRequest',
            extensions: [{
                name: 'subjectAltName',
-                altNames: formatCsrAltNames(data.altNames)
-            }]
+                altNames: formatCsrAltNames(data.altNames),
+            }],
        }]);
    }

@@ -22,7 +22,6 @@ const subjectAltNameOID = '2.5.29.17';
 /* id-pe-acmeIdentifier - https://datatracker.ietf.org/doc/html/rfc8737#section-6.1 */
 const alpnAcmeIdentifierOID = '1.3.6.1.5.5.7.1.31';

-
 /**
 * Determine key type and info by attempting to derive public key
 *
@@ -35,7 +34,7 @@ function getKeyInfo(keyPem) {
    const result = {
        isRSA: false,
        isECDSA: false,
-        publicKey: crypto.createPublicKey(keyPem)
+        publicKey: crypto.createPublicKey(keyPem),
    };

    if (result.publicKey.asymmetricKeyType === 'rsa') {
@@ -51,7 +50,6 @@ function getKeyInfo(keyPem) {
    return result;
 }

-
 /**
 * Generate a private RSA key
 *
@@ -74,8 +72,8 @@ async function createPrivateRsaKey(modulusLength = 2048) {
        modulusLength,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
    });

    return Buffer.from(pair.privateKey);
@@ -83,7 +81,6 @@ async function createPrivateRsaKey(modulusLength = 2048) {

 exports.createPrivateRsaKey = createPrivateRsaKey;

-
 /**
 * Alias of `createPrivateRsaKey()`
 *
@@ -92,7 +89,6 @@ exports.createPrivateRsaKey = createPrivateRsaKey;

 exports.createPrivateKey = createPrivateRsaKey;

-
 /**
 * Generate a private ECDSA key
 *
@@ -115,14 +111,13 @@ exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
        namedCurve,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
-        }
+            format: 'pem',
+        },
    });

    return Buffer.from(pair.privateKey);
 };

-
 /**
 * Get a public key derived from a RSA or ECDSA key
 *
@@ -140,13 +135,12 @@ exports.getPublicKey = (keyPem) => {

    const publicKey = info.publicKey.export({
        type: info.isECDSA ? 'spki' : 'pkcs1',
-        format: 'pem'
+        format: 'pem',
    });

    return Buffer.from(publicKey);
 };

-
 /**
 * Get a JSON Web Key derived from a RSA or ECDSA key
 *
@@ -163,7 +157,7 @@ exports.getPublicKey = (keyPem) => {

 function getJwk(keyPem) {
    const jwk = crypto.createPublicKey(keyPem).export({
-        format: 'jwk'
+        format: 'jwk',
    });

    /* Sort keys */
@@ -175,7 +169,6 @@ function getJwk(keyPem) {

 exports.getJwk = getJwk;

-
 /**
 * Produce CryptoKeyPair and signing algorithm from a PEM encoded private key
 *
@@ -191,7 +184,7 @@ async function getWebCryptoKeyPair(keyPem) {
    /* Signing algorithm */
    const sigalg = {
        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
+        hash: { name: 'SHA-256' },
    };

    if (info.isECDSA) {
@@ -215,7 +208,6 @@ async function getWebCryptoKeyPair(keyPem) {
    return [{ privateKey, publicKey }, sigalg];
 }

-
 /**
 * Split chain of PEM encoded objects from string into array
 *
@@ -235,7 +227,6 @@ function splitPemChain(chainPem) {

 exports.splitPemChain = splitPemChain;

-
 /**
 * Parse body of PEM encoded object and return a Base64URL string
 * If multiple objects are chained, the first body will be returned
@@ -256,7 +247,6 @@ exports.getPemBodyAsB64u = (pem) => {
    return Buffer.from(dec).toString('base64url');
 };

-
 /**
 * Parse domains from a certificate or CSR
 *
@@ -277,11 +267,10 @@ function parseDomains(input) {

    return {
        commonName,
-        altNames
+        altNames,
    };
 }

-
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -307,7 +296,6 @@ exports.readCsrDomains = (csrPem) => {
    return parseDomains(csr);
 };

-
 /**
 * Read information from a certificate
 * If multiple certificates are chained, the first will be read
@@ -338,15 +326,14 @@ exports.readCertificateInfo = (certPem) => {

    return {
        issuer: {
-            commonName: cert.issuerName.getField('CN').pop() || null
+            commonName: cert.issuerName.getField('CN').pop() || null,
        },
        domains: parseDomains(cert),
        notBefore: cert.notBefore,
-        notAfter: cert.notAfter
+        notAfter: cert.notAfter,
    };
 };

-
 /**
 * Determine ASN.1 character string type for CSR subject field name
 *
@@ -369,7 +356,6 @@ function getCsrAsn1CharStringType(field) {
    }
 }

-
 /**
 * Create array of subject fields for a Certificate Signing Request
 *
@@ -391,7 +377,6 @@ function createCsrSubject(input) {
    }, []);
 }

-
 /**
 * Create x509 subject alternate name extension
 *
@@ -409,7 +394,6 @@ function createSubjectAltNameExtension(altNames) {
    }));
 }

-
 /**
 * Create a Certificate Signing Request
 *
@@ -489,7 +473,7 @@ exports.createCsr = async (data, keyPem = null) => {
        new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment), // eslint-disable-line no-bitwise

        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension(data.altNames)
+        createSubjectAltNameExtension(data.altNames),
    ];

    /* Create CSR */
@@ -504,8 +488,8 @@ exports.createCsr = async (data, keyPem = null) => {
            L: data.locality,
            O: data.organization,
            OU: data.organizationUnit,
-            E: data.emailAddress
-        })
+            E: data.emailAddress,
+        }),
    });

    /* Done */
@@ -513,7 +497,6 @@ exports.createCsr = async (data, keyPem = null) => {
    return [keyPem, Buffer.from(pem)];
 };

-
 /**
 * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
 *
@@ -564,7 +547,7 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),

        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension([commonName])
+        createSubjectAltNameExtension([commonName]),
    ];

    /* ALPN extension */
@@ -581,8 +564,8 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        notBefore: now,
        notAfter: now,
        name: createCsrSubject({
-            CN: commonName
-        })
+            CN: commonName,
+        }),
    });

    /* Done */
@@ -590,7 +573,6 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
    return [keyPem, Buffer.from(pem)];
 };

-
 /**
 * Validate that a ALPN certificate contains the expected key authorization
 *