From c9d5cda9538a1ace6f1eef35811b83fcef64a4c4 Mon Sep 17 00:00:00 2001
From: GitHub Actions Bot <xiaojunnuo@qq.com>
Date: Tue, 21 May 2024 19:24:05 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=B1:=20[acme]=20sync=20upgrade=20with?=
 =?UTF-8?q?=207=20commits=20[trident-sync]?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add Node v22 to test matrix
Postpone Pebble bump, v2.5.1 broke EAB tests
Bump Pebble v2.5.1
Allow client.auto() being called with an empty CSR common name
Carry EAB over to new HttpClient when updating account key
Ignore actrc
---
 .../core/acme-client/.github/scripts/tests-install-pebble.sh | 2 +-
 packages/core/acme-client/.github/workflows/tests.yml        | 2 +-
 packages/core/acme-client/.gitignore                         | 1 +
 packages/core/acme-client/CHANGELOG.md                       | 5 +++++
 packages/core/acme-client/src/auto.js                        | 5 ++---
 packages/core/acme-client/src/client.js                      | 2 +-
 packages/core/acme-client/test/70-auto.spec.js               | 1 -
 7 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/packages/core/acme-client/.github/scripts/tests-install-pebble.sh b/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
index 4b830e6d0..56c263ab9 100644
--- a/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
+++ b/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
@@ -28,6 +28,6 @@ chown root:root /usr/local/bin/pebble
 chmod 0755 /usr/local/bin/pebble
 
 # Config
-sed -i 's/test\/certs\/localhost/\/etc\/pebble/' /etc/pebble/pebble.json
+sed -i 's#test/certs/localhost#/etc/pebble#' /etc/pebble/pebble.json
 
 exit 0
diff --git a/packages/core/acme-client/.github/workflows/tests.yml b/packages/core/acme-client/.github/workflows/tests.yml
index 6f9e7c4ba..f22e35a9c 100644
--- a/packages/core/acme-client/.github/workflows/tests.yml
+++ b/packages/core/acme-client/.github/workflows/tests.yml
@@ -9,7 +9,7 @@ jobs:
 
     strategy:
       matrix:
-        node: [16, 18, 20]
+        node: [16, 18, 20, 22]
         eab: [0, 1]
 
 
diff --git a/packages/core/acme-client/.gitignore b/packages/core/acme-client/.gitignore
index a261ab9a8..f6c4390aa 100644
--- a/packages/core/acme-client/.gitignore
+++ b/packages/core/acme-client/.gitignore
@@ -1,3 +1,4 @@
+.actrc
 .vscode/
 node_modules/
 npm-debug.log
diff --git a/packages/core/acme-client/CHANGELOG.md b/packages/core/acme-client/CHANGELOG.md
index 6fc2a30bf..6c371af1a 100644
--- a/packages/core/acme-client/CHANGELOG.md
+++ b/packages/core/acme-client/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v5.3.1
+
+* `fixed` Allow `client.auto()` being called with an empty CSR common name
+* `fixed` Bug when calling `updateAccountKey()` with external account binding
+
 ## v5.3.0 (2024-02-05)
 
 * `added` Support and tests for satisfying `tls-alpn-01` challenges
diff --git a/packages/core/acme-client/src/auto.js b/packages/core/acme-client/src/auto.js
index 9e7dc05d1..3de5fa37f 100644
--- a/packages/core/acme-client/src/auto.js
+++ b/packages/core/acme-client/src/auto.js
@@ -59,9 +59,8 @@ module.exports = async function(client, userOpts) {
      */
 
     log('[auto] Parsing domains from Certificate Signing Request');
-    const csrDomains = readCsrDomains(opts.csr);
-    const domains = [csrDomains.commonName].concat(csrDomains.altNames);
-    const uniqueDomains = Array.from(new Set(domains));
+    const { commonName, altNames } = readCsrDomains(opts.csr);
+    const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));
 
     log(`[auto] Resolved ${uniqueDomains.length} unique domains from parsing the Certificate Signing Request`);
 
diff --git a/packages/core/acme-client/src/client.js b/packages/core/acme-client/src/client.js
index fea978499..ea16e7e31 100644
--- a/packages/core/acme-client/src/client.js
+++ b/packages/core/acme-client/src/client.js
@@ -261,7 +261,7 @@ class AcmeClient {
         const accountUrl = this.api.getAccountUrl();
 
         /* Create new HTTP and API clients using new key */
-        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey);
+        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey, this.opts.externalAccountBinding);
         const newApiClient = new AcmeApi(newHttpClient, accountUrl);
 
         /* Get old JWK */
diff --git a/packages/core/acme-client/test/70-auto.spec.js b/packages/core/acme-client/test/70-auto.spec.js
index 9d5742c9f..b5fe270f2 100644
--- a/packages/core/acme-client/test/70-auto.spec.js
+++ b/packages/core/acme-client/test/70-auto.spec.js
@@ -299,7 +299,6 @@ describe('client.auto', () => {
 
             it('should order san certificate', async () => {
                 const [, csr] = await acme.crypto.createCsr({
-                    commonName: testSanDomains[0],
                     altNames: testSanDomains
                 }, await createKeyFn());