lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-05-01 02:17:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复litessl new-nonce报428的bug

Browse Source
This commit is contained in:
xiaojunnuo
2026-02-01 15:25:28 +08:00
parent 1baf30a671
commit 540ef96745
2 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/acme-client/src/client.js
+3 -1
View File
@@ -103,7 +103,9 @@ class AcmeClient {
max: this.opts.backoffMax, max: this.opts.backoffMax,
}; };
this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding, this.opts.urlMapping, opts.logger); const cacheNonce = true
// const cacheNonce = this.sslProvider === 'litessl';
this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding, this.opts.urlMapping, opts.logger, cacheNonce);
this.api = new AcmeApi(this.http, this.opts.accountUrl); this.api = new AcmeApi(this.http, this.opts.accountUrl);
this.logger = opts.logger; this.logger = opts.logger;
} }
packages/core/acme-client/src/http.js
+47 -2
View File
@@ -19,7 +19,7 @@ import { getJwk } from './crypto/index.js';
*/ */
class HttpClient { class HttpClient {
constructor(directoryUrl, accountKey, externalAccountBinding = {}, urlMapping = {},logger) { constructor(directoryUrl, accountKey, externalAccountBinding = {}, urlMapping = {}, logger, cacheNonce= false) {
this.directoryUrl = directoryUrl; this.directoryUrl = directoryUrl;
this.accountKey = accountKey; this.accountKey = accountKey;
this.externalAccountBinding = externalAccountBinding; this.externalAccountBinding = externalAccountBinding;
@@ -31,7 +31,34 @@ class HttpClient {
this.directoryMaxAge = 86400; this.directoryMaxAge = 86400;
this.directoryTimestamp = 0; this.directoryTimestamp = 0;
this.urlMapping = urlMapping; this.urlMapping = urlMapping;
this.log = logger? logger.info.bind(logger) : log; this.log = logger ? logger.info.bind(logger) : log;
this.nonces = [];
this.cacheNonce = cacheNonce;
}
pushNonce(nonce) {
if (!this.cacheNonce || !nonce) {
return;
}
this.nonces.push({
nonce,
expires: Date.now() + 30*1000,
});
}
popNonce() {
while (true) {
if (this.nonces.length === 0) {
return null;
}
const item = this.nonces.shift();
if (!item) {
return null;
}
if (item.expires < Date.now()) {
continue;
}
return item.nonce;
}
} }
/** /**
@@ -70,6 +97,13 @@ class HttpClient {
const resp = await axios.request(opts); const resp = await axios.request(opts);
this.log(`RESP ${resp.status} ${method} ${url}`); this.log(`RESP ${resp.status} ${method} ${url}`);
const nonce = resp.headers['replay-nonce'];
if (nonce) {
//如果有nonce
this.pushNonce(nonce);
}
return resp; return resp;
} }
@@ -127,6 +161,13 @@ class HttpClient {
*/ */
async getNonce() { async getNonce() {
//尝试从队列中pop一个nonce
const nonce = this.popNonce();
if (nonce) {
return nonce;
}
const url = await this.getResourceUrl('newNonce'); const url = await this.getResourceUrl('newNonce');
const resp = await this.request(url, 'head'); const resp = await this.request(url, 'head');
@@ -134,7 +175,11 @@ class HttpClient {
throw new Error('Failed to get nonce from ACME provider'); throw new Error('Failed to get nonce from ACME provider');
} }
if (this.cacheNonce) {
return this.popNonce();
}
return resp.headers['replay-nonce']; return resp.headers['replay-nonce'];
} }
/** /**