build: add node-acme-client copy

2026-04-24 04:17:25 +08:00 · 2023-01-29 14:44:10 +08:00
parent 49ea196160
commit a269d8374e
54 changed files with 8191 additions and 0 deletions
@@ -0,0 +1,153 @@
+/**
+ * Example of acme.Client API
+ */
+
+const acme = require('./../');
+
+
+function log(m) {
+    process.stdout.write(`${m}\n`);
+}
+
+
+/**
+ * Function used to satisfy an ACME challenge
+ *
+ * @param {object} authz Authorization object
+ * @param {object} challenge Selected challenge
+ * @param {string} keyAuthorization Authorization key
+ * @returns {Promise}
+ */
+
+async function challengeCreateFn(authz, challenge, keyAuthorization) {
+    /* Do something here */
+    log(JSON.stringify(authz));
+    log(JSON.stringify(challenge));
+    log(keyAuthorization);
+}
+
+
+/**
+ * Function used to remove an ACME challenge response
+ *
+ * @param {object} authz Authorization object
+ * @param {object} challenge Selected challenge
+ * @returns {Promise}
+ */
+
+async function challengeRemoveFn(authz, challenge, keyAuthorization) {
+    /* Do something here */
+    log(JSON.stringify(authz));
+    log(JSON.stringify(challenge));
+    log(keyAuthorization);
+}
+
+
+/**
+ * Main
+ */
+
+module.exports = async function() {
+    /* Init client */
+    const client = new acme.Client({
+        directoryUrl: acme.directory.letsencrypt.staging,
+        accountKey: await acme.crypto.createPrivateKey()
+    });
+
+    /* Register account */
+    await client.createAccount({
+        termsOfServiceAgreed: true,
+        contact: ['mailto:test@example.com']
+    });
+
+    /* Place new order */
+    const order = await client.createOrder({
+        identifiers: [
+            { type: 'dns', value: 'example.com' },
+            { type: 'dns', value: '*.example.com' }
+        ]
+    });
+
+    /**
+     * authorizations / client.getAuthorizations(order);
+     * An array with one item per DNS name in the certificate order.
+     * All items require at least one satisfied challenge before order can be completed.
+     */
+
+    const authorizations = await client.getAuthorizations(order);
+
+    const promises = authorizations.map(async (authz) => {
+        let challengeCompleted = false;
+
+        try {
+            /**
+             * challenges / authz.challenges
+             * An array of all available challenge types for a single DNS name.
+             * One of these challenges needs to be satisfied.
+             */
+
+            const { challenges } = authz;
+
+            /* Just select any challenge */
+            const challenge = challenges.pop();
+            const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
+
+            try {
+                /* Satisfy challenge */
+                await challengeCreateFn(authz, challenge, keyAuthorization);
+
+                /* Verify that challenge is satisfied */
+                await client.verifyChallenge(authz, challenge);
+
+                /* Notify ACME provider that challenge is satisfied */
+                await client.completeChallenge(challenge);
+                challengeCompleted = true;
+
+                /* Wait for ACME provider to respond with valid status */
+                await client.waitForValidStatus(challenge);
+            }
+            finally {
+                /* Clean up challenge response */
+                try {
+                    await challengeRemoveFn(authz, challenge, keyAuthorization);
+                }
+                catch (e) {
+                    /**
+                     * Catch errors thrown by challengeRemoveFn() so the order can
+                     * be finalized, even though something went wrong during cleanup
+                     */
+                }
+            }
+        }
+        catch (e) {
+            /* Deactivate pending authz when unable to complete challenge */
+            if (!challengeCompleted) {
+                try {
+                    await client.deactivateAuthorization(authz);
+                }
+                catch (f) {
+                    /* Catch and suppress deactivateAuthorization() errors */
+                }
+            }
+
+            throw e;
+        }
+    });
+
+    /* Wait for challenges to complete */
+    await Promise.all(promises);
+
+    /* Finalize order */
+    const [key, csr] = await acme.crypto.createCsr({
+        commonName: '*.example.com',
+        altNames: ['example.com']
+    });
+
+    const finalized = await client.finalizeOrder(order, csr);
+    const cert = await client.getCertificate(finalized);
+
+    /* Done */
+    log(`CSR:\n${csr.toString()}`);
+    log(`Private key:\n${key.toString()}`);
+    log(`Certificate:\n${cert.toString()}`);
+};
@@ -0,0 +1,118 @@
+/**
+ * Example of acme.Client.auto()
+ */
+
+// const fs = require('fs').promises;
+const acme = require('./../');
+
+
+function log(m) {
+    process.stdout.write(`${m}\n`);
+}
+
+
+/**
+ * Function used to satisfy an ACME challenge
+ *
+ * @param {object} authz Authorization object
+ * @param {object} challenge Selected challenge
+ * @param {string} keyAuthorization Authorization key
+ * @returns {Promise}
+ */
+
+async function challengeCreateFn(authz, challenge, keyAuthorization) {
+    log('Triggered challengeCreateFn()');
+
+    /* http-01 */
+    if (challenge.type === 'http-01') {
+        const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
+        const fileContents = keyAuthorization;
+
+        log(`Creating challenge response for ${authz.identifier.value} at path: ${filePath}`);
+
+        /* Replace this */
+        log(`Would write "${fileContents}" to path "${filePath}"`);
+        // await fs.writeFile(filePath, fileContents);
+    }
+
+    /* dns-01 */
+    else if (challenge.type === 'dns-01') {
+        const dnsRecord = `_acme-challenge.${authz.identifier.value}`;
+        const recordValue = keyAuthorization;
+
+        log(`Creating TXT record for ${authz.identifier.value}: ${dnsRecord}`);
+
+        /* Replace this */
+        log(`Would create TXT record "${dnsRecord}" with value "${recordValue}"`);
+        // await dnsProvider.createRecord(dnsRecord, 'TXT', recordValue);
+    }
+}
+
+
+/**
+ * Function used to remove an ACME challenge response
+ *
+ * @param {object} authz Authorization object
+ * @param {object} challenge Selected challenge
+ * @param {string} keyAuthorization Authorization key
+ * @returns {Promise}
+ */
+
+async function challengeRemoveFn(authz, challenge, keyAuthorization) {
+    log('Triggered challengeRemoveFn()');
+
+    /* http-01 */
+    if (challenge.type === 'http-01') {
+        const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
+
+        log(`Removing challenge response for ${authz.identifier.value} at path: ${filePath}`);
+
+        /* Replace this */
+        log(`Would remove file on path "${filePath}"`);
+        // await fs.unlink(filePath);
+    }
+
+    /* dns-01 */
+    else if (challenge.type === 'dns-01') {
+        const dnsRecord = `_acme-challenge.${authz.identifier.value}`;
+        const recordValue = keyAuthorization;
+
+        log(`Removing TXT record for ${authz.identifier.value}: ${dnsRecord}`);
+
+        /* Replace this */
+        log(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
+        // await dnsProvider.removeRecord(dnsRecord, 'TXT');
+    }
+}
+
+
+/**
+ * Main
+ */
+
+module.exports = async function() {
+    /* Init client */
+    const client = new acme.Client({
+        directoryUrl: acme.directory.letsencrypt.staging,
+        accountKey: await acme.crypto.createPrivateKey()
+    });
+
+    /* Create CSR */
+    const [key, csr] = await acme.crypto.createCsr({
+        commonName: 'example.com'
+    });
+
+    /* Certificate */
+    const cert = await client.auto({
+        csr,
+        email: 'test@example.com',
+        termsOfServiceAgreed: true,
+        challengeCreateFn,
+        challengeRemoveFn
+    });
+
+    /* Done */
+    log(`CSR:\n${csr.toString()}`);
+    log(`Private key:\n${key.toString()}`);
+    log(`Certificate:\n${cert.toString()}`);
+};