build: add node-acme-client copy

packages/core/acme-client/scripts/run-tests.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+#
+# Run test suite locally using CircleCI CLI.
+#
+set -eu
+
+JOBS=("$@")
+
+CIRCLECI_CLI_URL="https://github.com/CircleCI-Public/circleci-cli/releases/download/v0.1.16947/circleci-cli_0.1.16947_linux_amd64.tar.gz"
+CIRCLECI_CLI_SHASUM="c6f9a3276445c69ae40439acfed07e2c53502216a96bfacc4556e1d862d1019a"
+CIRCLECI_CLI_PATH="/tmp/circleci-cli"
+CIRCLECI_CLI_BIN="${CIRCLECI_CLI_PATH}/circleci"
+
+PROJECT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && cd .. && pwd )"
+CONFIG_PATH="${PROJECT_DIR}/.circleci/.temp.yml"
+
+# Run all jobs by default
+if [[ ${#JOBS[@]} -eq 0 ]]; then
+    JOBS=(
+        "v16"
+        "v18"
+        "eab-v16"
+        "eab-v18"
+    )
+fi
+
+# Download CircleCI CLI
+if [[ ! -f "${CIRCLECI_CLI_BIN}" ]]; then
+    echo "[-] Downloading CircleCI cli"
+    mkdir -p "${CIRCLECI_CLI_PATH}"
+    wget -nv "${CIRCLECI_CLI_URL}" -O "${CIRCLECI_CLI_PATH}/circleci-cli.tar.gz"
+    echo "${CIRCLECI_CLI_SHASUM} *${CIRCLECI_CLI_PATH}/circleci-cli.tar.gz" | sha256sum -c
+    tar zxvf "${CIRCLECI_CLI_PATH}/circleci-cli.tar.gz" -C "${CIRCLECI_CLI_PATH}" --strip-components=1
+fi
+
+# Skip CircleCI update checks
+export CIRCLECI_CLI_SKIP_UPDATE_CHECK="true"
+
+# Run test suite
+echo "[-] Running test suite"
+$CIRCLECI_CLI_BIN config process "${PROJECT_DIR}/.circleci/config.yml" > "${CONFIG_PATH}"
+$CIRCLECI_CLI_BIN config validate -c "${CONFIG_PATH}"
+
+for job in "${JOBS[@]}"; do
+    echo "[-] Running job: ${job}"
+    $CIRCLECI_CLI_BIN local execute -c "${CONFIG_PATH}" --job "${job}" --skip-checkout
+    echo "[+] ${job} completed successfully"
+done
+
+# Clean up
+if [[ -f "${CONFIG_PATH}" ]]; then
+    rm "${CONFIG_PATH}"
+fi
+
+echo "[+] Test suite ran successfully!"
+exit 0

packages/core/acme-client/scripts/test-suite-install-coredns.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+#
+# Install CoreDNS for testing.
+#
+set -eu
+
+# Download and install
+wget -nv "https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz" -O /tmp/coredns.tgz
+
+tar zxvf /tmp/coredns.tgz -C /usr/local/bin
+chown root:root /usr/local/bin/coredns
+chmod 0755 /usr/local/bin/coredns
+
+mkdir -p /etc/coredns
+
+# Zones
+tee /etc/coredns/db.example.com << EOF
+\$ORIGIN example.com.
+@       3600 IN SOA ns.coredns.invalid. master.coredns.invalid. (
+                                2017042745  ; serial
+                                7200        ; refresh
+                                3600        ; retry
+                                1209600     ; expire
+                                3600        ; minimum
+                                )
+
+        3600 IN NS ns1.example.com.
+        3600 IN NS ns2.example.com.
+
+ns1     3600 IN A 127.0.0.1
+ns2     3600 IN A 127.0.0.1
+
+@       3600 IN A 127.0.0.1
+www     3600 IN CNAME example.com.
+EOF
+
+# Config
+tee /etc/coredns/Corefile << EOF
+example.com {
+    errors
+    log
+    file /etc/coredns/db.example.com
+}
+
+test.example.com {
+    errors
+    log
+    forward . 127.0.0.1:${PEBBLECTS_DNS_PORT}
+}
+
+. {
+    errors
+    log
+    forward . 8.8.8.8
+}
+EOF
+
+exit 0

packages/core/acme-client/scripts/test-suite-install-cts.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+#
+# Install Pebble Challenge Test Server for testing.
+#
+set -eu
+
+# Download and install
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv_linux-amd64" -O /usr/local/bin/pebble-challtestsrv
+
+chown root:root /usr/local/bin/pebble-challtestsrv
+chmod 0755 /usr/local/bin/pebble-challtestsrv
+
+exit 0

packages/core/acme-client/scripts/test-suite-install-pebble.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Install Pebble for testing.
+#
+set -eu
+
+config_name="pebble-config.json"
+
+# Use Pebble EAB config if enabled
+set +u
+if [[ ! -z $ACME_CAP_EAB_ENABLED ]] && [[ $ACME_CAP_EAB_ENABLED -eq 1 ]]; then
+    config_name="pebble-config-external-account-bindings.json"
+fi
+set -u
+
+# Download certs and config
+mkdir -p /etc/pebble
+
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/certs/pebble.minica.pem" -O /etc/pebble/ca.cert.pem
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/certs/localhost/cert.pem" -O /etc/pebble/cert.pem
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/certs/localhost/key.pem" -O /etc/pebble/key.pem
+wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/config/${config_name}" -O /etc/pebble/pebble.json
+
+# Download and install Pebble
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble_linux-amd64" -O /usr/local/bin/pebble
+
+chown root:root /usr/local/bin/pebble
+chmod 0755 /usr/local/bin/pebble
+
+# Config
+sed -i 's/test\/certs\/localhost/\/etc\/pebble/' /etc/pebble/pebble.json
+
+exit 0

packages/core/acme-client/scripts/test-suite-install-step.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Install and init step-ca for testing.
+#
+set -eu
+
+# Download and install
+wget -nv "https://dl.step.sm/gh-release/certificates/gh-release-header/v${STEPCA_VERSION}/step-ca_${STEPCA_VERSION}_amd64.deb" -O /tmp/step-ca.deb
+wget -nv "https://dl.step.sm/gh-release/cli/gh-release-header/v${STEPCLI_VERSION}/step-cli_${STEPCLI_VERSION}_amd64.deb" -O /tmp/step-cli.deb
+
+sudo dpkg -i /tmp/step-ca.deb
+sudo dpkg -i /tmp/step-cli.deb
+
+# Initialize
+echo "hunter2" > /tmp/password
+
+step ca init --name="Example Inc." --dns="localhost" --address="127.0.0.1:8443" --provisioner="test@example.com" --password-file="/tmp/password"
+step ca provisioner add acme --type ACME
+
+exit 0

packages/core/acme-client/scripts/test-suite-wait-for-ca.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Wait for ACME server to accept connections.
+#
+set -eu
+
+MAX_ATTEMPTS=15
+ATTEMPT=0
+
+# Loop until ready
+while ! $(curl --cacert "${ACME_CA_CERT_PATH}" -s -D - "${ACME_DIRECTORY_URL}" | grep '^HTTP.*200' > /dev/null 2>&1); do
+    ATTEMPT=$((ATTEMPT + 1))
+
+    # Max attempts
+    if [[ $ATTEMPT -gt $MAX_ATTEMPTS ]]; then
+        echo "[!] Waited ${ATTEMPT} attempts for server to become ready, exit 1"
+        exit 1
+    fi
+
+    # Retry
+    echo "[-] Waiting 1 second for server to become ready, attempt: ${ATTEMPT}/${MAX_ATTEMPTS}, check: ${ACME_DIRECTORY_URL}, cert: ${ACME_CA_CERT_PATH}"
+    sleep 1
+done
+
+# Ready
+echo "[+] Server ready!"
+exit 0