https

express server läuft jetzt mit https

express-server/node_modules/acme/LICENSE

@@ -0,0 +1,41 @@
+Copyright 2018 AJ ONeal
+
+This is open source software; you can redistribute it and/or modify it under the
+terms of either:
+
+   a) the "MIT License"
+   b) the "Apache-2.0 License"
+
+MIT License
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+
+Apache-2.0 License Summary
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

express-server/node_modules/acme/README.md

@@ -0,0 +1,233 @@
+acme.js
+==========
+
+Free SSL for everybody. The bare essentials of the Let's Encrypt v2 (ACME) API.
+Built for [Greenlock](https://git.coolaj86.com/coolaj86/greenlock-express.js),
+[by request](https://git.coolaj86.com/coolaj86/greenlock.js/issues/5#issuecomment-8).
+
+| Sponsored by [ppl](https://ppl.family) |
+!["Monthly Downloads"](https://img.shields.io/npm/dm/acme-v2.svg "Monthly Download Count can't be shown")
+!["Weekly Downloads"](https://img.shields.io/npm/dw/acme-v2.svg "Weekly Download Count can't be shown")
+
+Looking for Quick 'n' Easy™?
+=======
+
+This is intented for building ACME API clients in node.js. It is **not** a high-level, fully-integrated solution.
+
+You may be more interested in one of these:
+
+* <https://greenlock.domains> Instant SSL Certificates in your Browser
+* [Greenlock for Web Browsers](https://git.coolaj86.com/coolaj86/greenlock.html) (Browser JavaScript)
+* [Greenlock for Web Servers](https://git.coolaj86.com/coolaj86/greenlock-cli.js) (Command line, like certbot)
+* [Greenlock for Express.js](https://git.coolaj86.com/coolaj86/greenlock-express.js) (Automated HTTPS for Express.js apps)
+* [Greenlock for node.js](https://git.coolaj86.com/coolaj86/greenlock.js) (Automated HTTPS for Proxies, Load-Balances, Servers, CLIs)
+* [goldilocks.js](https://git.coolaj86.com/coolaj86/goldilocks.js) (A Full-Blown WebServer)
+
+Demonstration
+=============
+
+As this is intended to *build* ACME clients, there is not a simple 2-line example.
+
+I'd recommend first trying out one of the [Greenlock for Web Servers](https://git.coolaj86.com/coolaj86/greenlock-cli.js)
+examples, which are guaranteed to work and have great error checking to help you debug.
+
+Then I'd recommend running the example CLI client with a test domain and then investigating the files used for that example:
+
+```bash
+git clone https://git.coolaj86.com/coolaj86/acme.js.git
+pushd acme.js/
+node examples/cli.js
+```
+
+The example cli has the following prompts:
+
+```
+What web address(es) would you like to get certificates for? (ex: example.com,*.example.com)
+What challenge will you be testing today? http-01 or dns-01? [http-01]
+What email should we use? (optional)
+What directoryUrl should we use? [https://acme-staging-v02.api.letsencrypt.org/directory]
+
+Put the string 'mBfh0SqaAV3MOK3B6cAhCbIReAyDuwuxlO1Sl70x6bM.VNAzCR4THe4czVzo9piNn73B1ZXRLaB2CESwJfKkvRM' into a file at 'example.com/.well-known/acme-challenge/mBfh0SqaAV3MOK3B6cAhCbIReAyDuwuxlO1Sl70x6bM'
+
+echo 'mBfh0SqaAV3MOK3B6cAhCbIReAyDuwuxlO1Sl70x6bM.VNAzCR4THe4czVzo9piNn73B1ZXRLaB2CESwJfKkvRM' > 'example.com/.well-known/acme-challenge/mBfh0SqaAV3MOK3B6cAhCbIReAyDuwuxlO1Sl70x6bM'
+
+Then hit the 'any' key to continue...
+```
+
+When you've completed the challenge you can hit a key to continue the process.
+
+If you place the certificate you receive back in `tests/fullchain.pem`
+then you can test it with `examples/https-server.js`.
+
+```
+examples/cli.js
+examples/genkeypair.js
+examples/https-server.js
+examples/http-server.js
+```
+
+Let's Encrypt v2 / ACME draft 11 Support
+========
+
+This library (acme.js) supports ACME [*draft 11*](https://tools.ietf.org/html/draft-ietf-acme-acme-11),
+otherwise known as Let's Encrypt v2 (or v02).
+
+  * ACME draft 11
+  * Let's Encrypt v2
+  * Let's Encrypt v02
+
+```
+# Production URL
+https://acme-v02.api.letsencrypt.org/directory
+```
+
+```
+# Staging URL
+https://acme-staging-v02.api.letsencrypt.org/directory
+```
+
+Install
+=======
+
+Install via npm
+
+```bash
+npm install --save acme
+```
+
+Install via git
+
+```bash
+npm install https://git.coolaj86.com/coolaj86/acme.js.git
+```
+
+API
+===
+
+This API is an evolution of le-acme-core,
+but tries to provide a better mapping to the new draft 11 APIs.
+
+Status: Almost stable, but **not semver locked**.
+
+Patch versions will not introduce breaking changes,
+but may introduce lower-level APIs.
+Minor versions may change return values to include more information.
+
+### Overview
+
+```
+var ACME = require('acme').ACME;
+
+ACME.create(opts)
+
+acme.init(acmeDirectoryUrl)
+acme.accounts.create(opts)
+acme.certificates.create(opts)
+```
+
+### Detailed Explanation
+
+```
+var ACME = require('acme').ACME;
+
+// Create Instance (Dependency Injection)
+var acme = ACME.create({
+  RSA: require('rsa-compat').RSA
+
+  // other overrides
+, request: require('request')
+, promisify: require('util').promisify
+
+  // used for constructing user-agent
+, os: require('os')
+, process: require('process')
+
+  // used for overriding the default user-agent
+, userAgent: 'My custom UA String'
+, getUserAgentString: function (deps) { return 'My custom UA String'; }
+
+  // don't try to validate challenges locally
+, skipChallengeTest: false
+});
+
+
+// Discover Directory URLs
+acme.init(acmeDirectoryUrl)                   // returns Promise<acmeUrls={keyChange,meta,newAccount,newNonce,newOrder,revokeCert}>
+
+
+// Accounts
+acme.accounts.create(options)                 // returns Promise<regr> registration data
+
+    { email: '<email>'                        //    valid email (server checks MX records)
+    , accountKeypair: {                       //    privateKeyPem or privateKeyJwt
+        privateKeyPem: '<ASCII PEM>'
+      }
+    , agreeToTerms: fn (tosUrl) {}            //    returns Promise with tosUrl
+    }
+
+
+// Registration
+acme.certificates.create(options)             // returns Promise<pems={ privkey (key), cert, chain (ca) }>
+
+    { newAuthzUrl: '<url>'                    //    specify acmeUrls.newAuthz
+    , newCertUrl: '<url>'                     //    specify acmeUrls.newCert
+
+    , domainKeypair: {
+        privateKeyPem: '<ASCII PEM>'
+      }
+    , accountKeypair: {
+        privateKeyPem: '<ASCII PEM>'
+      }
+    , domains: [ 'example.com' ]
+
+    , setChallenge: fn (hostname, key, val)   // return Promise
+    , removeChallenge: fn (hostname, key)     // return Promise
+    }
+```
+
+Helpers & Stuff
+
+```javascript
+// Constants
+ACME.challengePrefixes['http-01']             // '/.well-known/acme-challenge'
+ACME.challengePrefixes['dns-01']              // '_acme-challenge'
+```
+
+Changelog
+---------
+
+* v1.0.9 - update docs
+* v1.0.8 - rename to acme.js, remove backwards compat
+* v1.0.7 - improved error handling again, after user testing
+* v1.0.6 - improved error handling
+* v1.0.5 - cleanup logging
+* v1.0.4 - v6- compat use `promisify` from node's util or bluebird
+* v1.0.3 - documentation cleanup
+* v1.0.2
+  * use `options.contact` to provide raw contact array
+  * made `options.email` optional
+  * file cleanup
+* v1.0.1
+  * Compat API is ready for use
+  * Eliminate debug logging
+* Apr 10, 2018 - tested backwards-compatibility using greenlock.js
+* Apr  5, 2018 - export http and dns challenge tests
+* Apr  5, 2018 - test http and dns challenges (success and failure)
+* Apr  5, 2018 - test subdomains and its wildcard
+* Apr  5, 2018 - test two subdomains
+* Apr  5, 2018 - test wildcard
+* Apr  5, 2018 - completely match api for acme v1 (le-acme-core.js)
+* Mar 21, 2018 - *mostly* matches le-acme-core.js API
+* Mar 21, 2018 - can now accept values (not hard coded)
+* Mar 20, 2018 - SUCCESS - got a test certificate (hard-coded)
+* Mar 20, 2018 - download certificate
+* Mar 20, 2018 - poll for status
+* Mar 20, 2018 - finalize order (submit csr)
+* Mar 20, 2018 - generate domain keypair
+* Mar 20, 2018 - respond to challenges
+* Mar 16, 2018 - get challenges
+* Mar 16, 2018 - new order
+* Mar 15, 2018 - create account
+* Mar 15, 2018 - generate account keypair
+* Mar 15, 2018 - get nonce
+* Mar 15, 2018 - get directory

express-server/node_modules/acme/examples/cli.js

@@ -0,0 +1,64 @@
+'use strict';
+
+var readline = require('readline');
+var inquisitor = {};
+var rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+});
+
+require('./genkeypair.js');
+
+inquisitor.getWeb = function getWeb() {
+  rl.question('What web address(es) would you like to get certificates for? (ex: example.com,*.example.com) ', function (web) {
+    web = (web||'').trim().split(/,/g);
+    if (!web[0]) { inquisitor.getWeb(); return; }
+
+    if (web.some(function (w) { return '*' === w[0]; })) {
+      console.log('Wildcard domains must use dns-01');
+      inquisitor.getEmail(web, 'dns-01');
+    } else {
+      inquisitor.getChallengeType(web);
+    }
+  });
+};
+
+inquisitor.getChallengeType = function getChallengeType(web) {
+  rl.question('What challenge will you be testing today? http-01 or dns-01? [http-01] ', function (chType) {
+    chType = (chType||'').trim();
+    if (!chType) { chType = 'http-01'; }
+
+    inquisitor.getEmail(web, chType);
+  });
+};
+
+inquisitor.getEmail = function getEmail(web, chType) {
+  rl.question('What email should we use? (optional) ', function (email) {
+    email = (email||'').trim();
+    if (!email) { email = null; }
+
+    inquisitor.getDirectoryUrl(web, chType, email);
+  });
+};
+
+inquisitor.getDirectoryUrl = function getDirectoryUrl(web, chType, email) {
+  var defaultDirectoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory';
+  rl.question('What directoryUrl should we use? [' + defaultDirectoryUrl + '] ', function (directoryUrl) {
+    directoryUrl = (directoryUrl||'').trim();
+    if (!directoryUrl) { directoryUrl = 'https://acme-staging-v02.api.letsencrypt.org/directory'; }
+
+    inquisitor.run(directoryUrl, web, chType, email);
+  });
+};
+
+inquisitor.run = function run(directoryUrl, web, chType, email) {
+  rl.close();
+
+  var RSA = require('rsa-compat').RSA;
+  var accountKeypair = RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/../tests/account.privkey.pem') });
+  var domainKeypair = RSA.import({ privateKeyPem: require('fs').readFileSync(__dirname + '/../tests/privkey.pem') });
+
+  require('../tests/promise.js').run(directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair);
+};
+
+inquisitor.getWeb();

express-server/node_modules/acme/examples/genkeypair.js

@@ -0,0 +1,22 @@
+var RSA = require('rsa-compat').RSA;
+var fs = require('fs');
+
+if (!fs.existsSync(__dirname + '/../tests/account.privkey.pem')) {
+  RSA.generateKeypair(2048, 65537, {}, function (err, keypair) {
+    console.log(keypair);
+    var privkeyPem = RSA.exportPrivatePem(keypair)
+    console.log(privkeyPem);
+
+    fs.writeFileSync(__dirname + '/../tests/account.privkey.pem', privkeyPem);
+  });
+}
+
+if (!fs.existsSync(__dirname + '/../tests/privkey.pem')) {
+  RSA.generateKeypair(2048, 65537, {}, function (err, keypair) {
+    console.log(keypair);
+    var privkeyPem = RSA.exportPrivatePem(keypair)
+    console.log(privkeyPem);
+
+    fs.writeFileSync(__dirname + '/../tests/privkey.pem', privkeyPem);
+  });
+}

express-server/node_modules/acme/examples/http-server.js

@@ -0,0 +1,7 @@
+'use strict';
+
+var http = require('http');
+var express = require('express');
+var server = http.createServer(express.static('../tests')).listen(80, function () {
+  console.log('Listening on', this.address());
+});

express-server/node_modules/acme/examples/https-server.js

@@ -0,0 +1,11 @@
+'use strict';
+
+var https = require('https');
+var server = https.createServer({
+  key: require('fs').readFileSync('../tests/privkey.pem')
+, cert: require('fs').readFileSync('../tests/fullchain.pem')
+}, function (req, res) {
+  res.end("Hello, World!");
+}).listen(443, function () {
+  console.log('Listening on', this.address());
+});

express-server/node_modules/acme/node.js

@@ -0,0 +1,3 @@
+// For the time being I'm still pulling in my acme-v2 module until I transition over
+// I export as ".ACME" rather than bare so that this can be compatible with the browser version too
+module.exports.ACME = require('acme-v2').ACME;

express-server/node_modules/acme/package.json

@@ -0,0 +1,109 @@
+{
+  "_args": [
+    [
+      "acme@^1.0.6",
+      "/nodeapps/https-test/greenlock-express.js/node_modules/greenlock"
+    ]
+  ],
+  "_from": "acme@>=1.0.6 <2.0.0",
+  "_id": "acme@1.1.1",
+  "_inCache": true,
+  "_installable": true,
+  "_location": "/acme",
+  "_nodeVersion": "10.2.1",
+  "_npmOperationalInternal": {
+    "host": "s3://npm-registry-packages",
+    "tmp": "tmp/acme_1.1.1_1530693806508_0.5374627943153449"
+  },
+  "_npmUser": {
+    "email": "coolaj86@gmail.com",
+    "name": "coolaj86"
+  },
+  "_npmVersion": "5.6.0",
+  "_phantomChildren": {},
+  "_requested": {
+    "name": "acme",
+    "raw": "acme@^1.0.6",
+    "rawSpec": "^1.0.6",
+    "scope": null,
+    "spec": ">=1.0.6 <2.0.0",
+    "type": "range"
+  },
+  "_requiredBy": [
+    "/greenlock"
+  ],
+  "_resolved": "https://registry.npmjs.org/acme/-/acme-1.1.1.tgz",
+  "_shasum": "8831797657303336eb3d3d06f42d6152081f42bf",
+  "_shrinkwrap": null,
+  "_spec": "acme@^1.0.6",
+  "_where": "/nodeapps/https-test/greenlock-express.js/node_modules/greenlock",
+  "author": {
+    "email": "coolaj86@gmail.com",
+    "name": "AJ ONeal",
+    "url": "https://coolaj86.com/"
+  },
+  "dependencies": {
+    "acme-v2": "^1.1.0"
+  },
+  "description": "The bare essentials of the ACME (Let's Encrypt v2) API. This is a low-level library for building high-level clients.",
+  "devDependencies": {},
+  "directories": {},
+  "dist": {
+    "fileCount": 9,
+    "integrity": "sha512-CZFTpD2hGSE8dd63vHtvdhabondEhgmpL0wH0weV0pk+I1WH9RVcJbdR6MgoalsUtJW/SaC+OxUDrcjINur1ow==",
+    "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJbPIiuCRA9TVsSAnZWagAAFEcP/34ebMMxTtSVjlKkNxZQ\n80AmVT4ESDenhRX3buCUgWuUAiK0q9K5eTel+Mj7ijElXLFzmA56VdwbaZKr\ng+5WRm3DfXA2/rGOHztLlbBXwO3Gcn6X28SUIg8R6xLrC9Z/KVd5smygOiIY\nqgmjhaDZcMxE9Wehkl6v0fYjsP0KQF6OT19f8YMHOw9m9dIJBLaJFxPVONuT\nu9XLzMnCWmsMhc2T/a+dZAHTZmZYMS0PqnJJ7S8x14+kvEiCaVME1XqSgwHv\nIagQUVICle3CLvyJaS5XnTjbxC6swd8S79IG2lrko6r8bnieonvFdUKg8AHH\n7ejyPyLw6jcruUWn6sf5U/lv0pzMyD3aldDY5udYfkLVUDrJW+xratvGCWgZ\nxwIsk9nQrnft6zhiHSuF/J7c+MRcG0i1DkXmm8gQxph4lI4KlQcfhHz1b8QI\nvGbAhk4qAphaOch0HSmFwPRv3cfEPZ03/IXQanGov2D0OLm2Zf9+BnE3Jq27\nkmrFSKbsm2LZEGK+ei7jPiXErVGP1HQx5oS59+ZAhT1QhaI/J1bha33iiyGg\nsWi5QGCxrIXY8wLgH20e4boOqUMAAkL1m3SPChCVHWl6Z2Xv9is/02oYrSmN\n5d/yb8yO34SykrrnsKx2Sj3z3xXOebdNqCob1pwL1mZC2+ccMEUsTj8GiFSQ\nQNJX\r\n=v/wZ\r\n-----END PGP SIGNATURE-----\r\n",
+    "shasum": "8831797657303336eb3d3d06f42d6152081f42bf",
+    "tarball": "https://registry.npmjs.org/acme/-/acme-1.1.1.tgz",
+    "unpackedSize": 17077
+  },
+  "gitHead": "71ae7393cbf816aa9eef85bfb9722bcee82feefb",
+  "homepage": "https://git.coolaj86.com/coolaj86/acme.js",
+  "keywords": [
+    "11",
+    "Let's Encrypt",
+    "acme",
+    "acme-draft-11",
+    "acme-draft11",
+    "acme-v02",
+    "acme-v2",
+    "acme11",
+    "acme2",
+    "acmev02",
+    "acmev2",
+    "draft",
+    "greenlock",
+    "greenlock2",
+    "https",
+    "letsencrypt",
+    "letsencrypt-v02",
+    "letsencrypt-v2",
+    "letsencrypt2",
+    "letsencryptv02",
+    "letsencryptv2",
+    "ssl",
+    "tls"
+  ],
+  "license": "(MIT OR Apache-2.0)",
+  "main": "node.js",
+  "maintainers": [
+    {
+      "name": "coolaj86",
+      "email": "coolaj86@gmail.com"
+    },
+    {
+      "name": "thejshaver",
+      "email": "john@jshaver.net"
+    }
+  ],
+  "name": "acme",
+  "optionalDependencies": {},
+  "readme": "ERROR: No README data found!",
+  "repository": {
+    "type": "git",
+    "url": "ssh://gitea@git.coolaj86.com:22042/coolaj86/acme.js.git"
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "version": "1.1.1"
+}

express-server/node_modules/acme/tests/promise.js

@@ -0,0 +1,85 @@
+'use strict';
+
+/* global Promise */
+module.exports.run = function run(directoryUrl, RSA, web, chType, email, accountKeypair, domainKeypair) {
+  var acme2 = require('../').ACME.create({ RSA: RSA });
+  // [ 'test.ppl.family' ] 'coolaj86@gmail.com''http-01'
+  acme2.init(directoryUrl).then(function () {
+    var options = {
+      agreeToTerms: function (tosUrl) {
+        return Promise.resolve(tosUrl);
+      }
+    , setChallenge: function (opts) {
+        return new Promise(function (resolve, reject) {
+          var pathname;
+
+          console.log("");
+          console.log('identifier:');
+          console.log(opts.identifier);
+          console.log('hostname:');
+          console.log(opts.hostname);
+          console.log('type:');
+          console.log(opts.type);
+          console.log('token:');
+          console.log(opts.token);
+          console.log('thumbprint:');
+          console.log(opts.thumbprint);
+          console.log('keyAuthorization:');
+          console.log(opts.keyAuthorization);
+          console.log('dnsAuthorization:');
+          console.log(opts.dnsAuthorization);
+          console.log("");
+
+          if ('http-01' === opts.type) {
+            pathname = opts.hostname + acme2.challengePrefixes['http-01'] + "/" + opts.token;
+            console.log("Put the string '" + opts.keyAuthorization + "' into a file at '" + pathname + "'");
+            console.log("echo '" + opts.keyAuthorization + "' > '" + pathname + "'");
+          } else if ('dns-01' === opts.type) {
+            pathname = acme2.challengePrefixes['dns-01'] + "." + opts.hostname.replace(/^\*\./, '');;
+            console.log("Put the string '" + opts.dnsAuthorization + "' into the TXT record '" + pathname + "'");
+            console.log("ddig TXT " + pathname + " '" + opts.dnsAuthorization + "'");
+          } else {
+            reject(new Error("[acme-v2] unrecognized challenge type"));
+            return;
+          }
+          console.log("\nThen hit the 'any' key to continue...");
+
+          function onAny() {
+            console.log("'any' key was hit");
+            process.stdin.pause();
+            process.stdin.removeListener('data', onAny);
+            process.stdin.setRawMode(false);
+            resolve();
+            return;
+          }
+
+          process.stdin.setRawMode(true);
+          process.stdin.resume();
+          process.stdin.on('data', onAny);
+        });
+      }
+    , removeChallenge: function (opts) {
+        console.log('[acme-v2] remove challenge', opts.hostname, opts.keyAuthorization);
+        return new Promise(function (resolve) {
+          // hostname, key
+          setTimeout(resolve, 1 * 1000);
+        });
+      }
+    , challengeType: chType
+    , email: email
+    , accountKeypair: accountKeypair
+    , domainKeypair: domainKeypair
+    , domains: web
+    };
+
+    acme2.accounts.create(options).then(function (account) {
+      console.log('[acme-v2] account:');
+      console.log(account);
+
+      acme2.certificates.create(options).then(function (fullchainPem) {
+        console.log('[acme-v2] fullchain.pem:');
+        console.log(fullchainPem);
+      });
+    });
+  });
+};