diff --git a/CHANGELOG.md b/CHANGELOG.md index d06515e..a281ba5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,13 +55,13 @@ ## v4.2.0 (2022-01-06) -* `added` Support for external account binding - [RFC 8555 Section 7.3.4](https://tools.ietf.org/html/rfc8555#section-7.3.4) +* `added` Support for external account binding - [RFC 8555 Section 7.3.4](https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.4) * `added` Ability to pass through custom logger function * `changed` Increase default `backoffAttempts` to 10 * `fixed` Deactivate authorizations where challenges can not be completed * `fixed` Attempt authoritative name servers when verifying `dns-01` challenges * `fixed` Error verbosity when failing to read ACME directory -* `fixed` Correctly recognize `ready` and `processing` states - [RFC 8555 Section 7.1.6](https://tools.ietf.org/html/rfc8555#section-7.1.6) +* `fixed` Correctly recognize `ready` and `processing` states - [RFC 8555 Section 7.1.6](https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.6) ## v4.1.4 (2021-12-23) @@ -111,7 +111,7 @@ ## v3.3.0 (2019-12-19) * `added` TypeScript definitions -* `fixed` Allow missing ACME directory meta field - [RFC 8555 Section 7.1.1](https://tools.ietf.org/html/rfc8555#section-7.1.1) +* `fixed` Allow missing ACME directory meta field - [RFC 8555 Section 7.1.1](https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1) ## v3.2.1 (2019-11-14) @@ -122,10 +122,10 @@ * `added` More extensive testing using [letsencrypt/pebble](https://github.com/letsencrypt/pebble) * `changed` When creating a CSR, `commonName` no longer defaults to `'localhost'` * This change is not considered breaking since `commonName: 'localhost'` will result in an error when ordering a certificate -* `fixed` Retry signed API requests on `urn:ietf:params:acme:error:badNonce` - [RFC 8555 Section 6.5](https://tools.ietf.org/html/rfc8555#section-6.5) +* `fixed` Retry signed API requests on `urn:ietf:params:acme:error:badNonce` - [RFC 8555 Section 6.5](https://datatracker.ietf.org/doc/html/rfc8555#section-6.5) * `fixed` Minor bugs related to `POST-as-GET` when calling `updateAccount()` * `fixed` Ensure subject common name is present in SAN when creating a CSR - [CAB v1.2.3 Section 9.2.2](https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf) -* `fixed` Send empty JSON body when responding to challenges - [RFC 8555 Section 7.5.1](https://tools.ietf.org/html/rfc8555#section-7.5.1) +* `fixed` Send empty JSON body when responding to challenges - [RFC 8555 Section 7.5.1](https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1) ## v2.3.1 (2019-08-26) @@ -134,8 +134,8 @@ ## v3.1.0 (2019-08-21) -* `added` UTF-8 support when generating a CSR subject using forge - [RFC 5280](https://tools.ietf.org/html/rfc5280) -* `fixed` Implement `POST-as-GET` for all ACME API requests - [RFC 8555 Section 6.3](https://tools.ietf.org/html/rfc8555#section-6.3) +* `added` UTF-8 support when generating a CSR subject using forge - [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) +* `fixed` Implement `POST-as-GET` for all ACME API requests - [RFC 8555 Section 6.3](https://datatracker.ietf.org/doc/html/rfc8555#section-6.3) ## v2.3.0 (2019-08-21) @@ -172,7 +172,7 @@ ## v2.0.1 (2018-08-17) -* `fixed` Key rollover in compliance with [draft-ietf-acme-13](https://tools.ietf.org/html/draft-ietf-acme-acme-13) +* `fixed` Key rollover in compliance with [draft-ietf-acme-13](https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-13) ## v2.0.0 (2018-04-02) diff --git a/README.md b/README.md index 4870ff4..3dff3cf 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This module is written to handle communication with a Boulder/Let's Encrypt-style ACME API. -* RFC 8555 - Automatic Certificate Management Environment (ACME): [https://tools.ietf.org/html/rfc8555](https://tools.ietf.org/html/rfc8555) +* RFC 8555 - Automatic Certificate Management Environment (ACME): [https://datatracker.ietf.org/doc/html/rfc8555](https://datatracker.ietf.org/doc/html/rfc8555) * Boulder divergences from ACME: [https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md](https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md) ## Compatibility @@ -67,7 +67,7 @@ acme.directory.zerossl.production; ### External account binding -To enable [external account binding](https://tools.ietf.org/html/rfc8555#section-7.3.4) when creating your ACME account, provide your KID and HMAC key to the client constructor. +To enable [external account binding](https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.4) when creating your ACME account, provide your KID and HMAC key to the client constructor. ```js const client = new acme.Client({ diff --git a/src/api.js b/src/api.js index 2a24153..31c06f5 100644 --- a/src/api.js +++ b/src/api.js @@ -82,7 +82,7 @@ class AcmeApi { /** * Get Terms of Service URL if available * - * https://tools.ietf.org/html/rfc8555#section-7.1.1 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1 * * @returns {Promise} ToS URL */ @@ -95,7 +95,7 @@ class AcmeApi { /** * Create new account * - * https://tools.ietf.org/html/rfc8555#section-7.3 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3 * * @param {object} data Request payload * @returns {Promise} HTTP response @@ -119,7 +119,7 @@ class AcmeApi { /** * Update account * - * https://tools.ietf.org/html/rfc8555#section-7.3.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2 * * @param {object} data Request payload * @returns {Promise} HTTP response @@ -133,7 +133,7 @@ class AcmeApi { /** * Update account key * - * https://tools.ietf.org/html/rfc8555#section-7.3.5 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5 * * @param {object} data Request payload * @returns {Promise} HTTP response @@ -147,7 +147,7 @@ class AcmeApi { /** * Create new order * - * https://tools.ietf.org/html/rfc8555#section-7.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4 * * @param {object} data Request payload * @returns {Promise} HTTP response @@ -161,7 +161,7 @@ class AcmeApi { /** * Get order * - * https://tools.ietf.org/html/rfc8555#section-7.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4 * * @param {string} url Order URL * @returns {Promise} HTTP response @@ -175,7 +175,7 @@ class AcmeApi { /** * Finalize order * - * https://tools.ietf.org/html/rfc8555#section-7.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4 * * @param {string} url Finalization URL * @param {object} data Request payload @@ -190,7 +190,7 @@ class AcmeApi { /** * Get identifier authorization * - * https://tools.ietf.org/html/rfc8555#section-7.5 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5 * * @param {string} url Authorization URL * @returns {Promise} HTTP response @@ -204,7 +204,7 @@ class AcmeApi { /** * Update identifier authorization * - * https://tools.ietf.org/html/rfc8555#section-7.5.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2 * * @param {string} url Authorization URL * @param {object} data Request payload @@ -219,7 +219,7 @@ class AcmeApi { /** * Complete challenge * - * https://tools.ietf.org/html/rfc8555#section-7.5.1 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1 * * @param {string} url Challenge URL * @param {object} data Request payload @@ -234,7 +234,7 @@ class AcmeApi { /** * Revoke certificate * - * https://tools.ietf.org/html/rfc8555#section-7.6 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.6 * * @param {object} data Request payload * @returns {Promise} HTTP response diff --git a/src/client.js b/src/client.js index 7ada063..fea9784 100644 --- a/src/client.js +++ b/src/client.js @@ -154,7 +154,7 @@ class AcmeClient { /** * Create a new account * - * https://tools.ietf.org/html/rfc8555#section-7.3 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3 * * @param {object} [data] Request data * @returns {Promise} Account @@ -200,7 +200,7 @@ class AcmeClient { /** * Update existing account * - * https://tools.ietf.org/html/rfc8555#section-7.3.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2 * * @param {object} [data] Request data * @returns {Promise} Account @@ -240,7 +240,7 @@ class AcmeClient { /** * Update account private key * - * https://tools.ietf.org/html/rfc8555#section-7.3.5 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5 * * @param {buffer|string} newAccountKey New PEM encoded private key * @param {object} [data] Additional request data @@ -286,7 +286,7 @@ class AcmeClient { /** * Create a new order * - * https://tools.ietf.org/html/rfc8555#section-7.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4 * * @param {object} data Request data * @returns {Promise} Order @@ -318,7 +318,7 @@ class AcmeClient { /** * Refresh order object from CA * - * https://tools.ietf.org/html/rfc8555#section-7.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4 * * @param {object} order Order object * @returns {Promise} Order @@ -345,7 +345,7 @@ class AcmeClient { /** * Finalize order * - * https://tools.ietf.org/html/rfc8555#section-7.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4 * * @param {object} order Order object * @param {buffer|string} csr PEM encoded Certificate Signing Request @@ -380,7 +380,7 @@ class AcmeClient { /** * Get identifier authorizations from order * - * https://tools.ietf.org/html/rfc8555#section-7.5 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5 * * @param {object} order Order * @returns {Promise} Authorizations @@ -410,7 +410,7 @@ class AcmeClient { /** * Deactivate identifier authorization * - * https://tools.ietf.org/html/rfc8555#section-7.5.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2 * * @param {object} authz Identifier authorization * @returns {Promise} Authorization @@ -442,7 +442,7 @@ class AcmeClient { /** * Get key authorization for ACME challenge * - * https://tools.ietf.org/html/rfc8555#section-8.1 + * https://datatracker.ietf.org/doc/html/rfc8555#section-8.1 * * @param {object} challenge Challenge object returned by API * @returns {Promise} Key authorization @@ -462,17 +462,17 @@ class AcmeClient { const thumbprint = keysum.digest('base64url'); const result = `${challenge.token}.${thumbprint}`; - /* https://tools.ietf.org/html/rfc8555#section-8.3 */ + /* https://datatracker.ietf.org/doc/html/rfc8555#section-8.3 */ if (challenge.type === 'http-01') { return result; } - /* https://tools.ietf.org/html/rfc8555#section-8.4 */ + /* https://datatracker.ietf.org/doc/html/rfc8555#section-8.4 */ if (challenge.type === 'dns-01') { return createHash('sha256').update(result).digest('base64url'); } - /* https://tools.ietf.org/html/rfc8737 */ + /* https://datatracker.ietf.org/doc/html/rfc8737 */ if (challenge.type === 'tls-alpn-01') { return result; } @@ -519,7 +519,7 @@ class AcmeClient { /** * Notify CA that challenge has been completed * - * https://tools.ietf.org/html/rfc8555#section-7.5.1 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1 * * @param {object} challenge Challenge object returned by API * @returns {Promise} Challenge @@ -540,7 +540,7 @@ class AcmeClient { /** * Wait for ACME provider to verify status on a order, authorization or challenge * - * https://tools.ietf.org/html/rfc8555#section-7.5.1 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1 * * @param {object} item An order, authorization or challenge object * @returns {Promise} Valid order, authorization or challenge @@ -597,7 +597,7 @@ class AcmeClient { /** * Get certificate from ACME order * - * https://tools.ietf.org/html/rfc8555#section-7.4.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.2 * * @param {object} order Order object * @param {string} [preferredChain] Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` @@ -644,7 +644,7 @@ class AcmeClient { /** * Revoke certificate * - * https://tools.ietf.org/html/rfc8555#section-7.6 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.6 * * @param {buffer|string} cert PEM encoded certificate * @param {object} [data] Additional request data diff --git a/src/crypto/forge.js b/src/crypto/forge.js index 692b6d3..5b66327 100644 --- a/src/crypto/forge.js +++ b/src/crypto/forge.js @@ -281,7 +281,7 @@ exports.readCertificateInfo = async function(cert) { /** * Determine ASN.1 type for CSR subject short name - * Note: https://tools.ietf.org/html/rfc5280 + * Note: https://datatracker.ietf.org/doc/html/rfc5280 * * @private * @param {string} shortName CSR subject short name diff --git a/src/crypto/index.js b/src/crypto/index.js index c814922..da0df32 100644 --- a/src/crypto/index.js +++ b/src/crypto/index.js @@ -350,7 +350,7 @@ exports.readCertificateInfo = (certPem) => { /** * Determine ASN.1 character string type for CSR subject field name * - * https://tools.ietf.org/html/rfc5280 + * https://datatracker.ietf.org/doc/html/rfc5280 * https://github.com/PeculiarVentures/x509/blob/ecf78224fd594abbc2fa83c41565d79874f88e00/src/name.ts#L65-L71 * * @private @@ -517,7 +517,7 @@ exports.createCsr = async (data, keyPem = null) => { /** * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges * - * https://tools.ietf.org/html/rfc8737 + * https://datatracker.ietf.org/doc/html/rfc8737 * * @param {object} authz Identifier authorization * @param {string} keyAuthorization Challenge key authorization diff --git a/src/http.js b/src/http.js index 49f7932..b358026 100644 --- a/src/http.js +++ b/src/http.js @@ -64,7 +64,7 @@ class HttpClient { /** * Ensure provider directory exists * - * https://tools.ietf.org/html/rfc8555#section-7.1.1 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1 * * @returns {Promise} */ @@ -104,7 +104,7 @@ class HttpClient { /** * Get nonce from directory API endpoint * - * https://tools.ietf.org/html/rfc8555#section-7.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.2 * * @returns {Promise} nonce */ @@ -267,7 +267,7 @@ class HttpClient { /** * Signed HTTP request * - * https://tools.ietf.org/html/rfc8555#section-6.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-6.2 * * @param {string} url Request URL * @param {object} payload Request payload @@ -299,7 +299,7 @@ class HttpClient { const data = this.createSignedBody(url, payload, { nonce, kid }); const resp = await this.request(url, 'post', { data }); - /* Retry on bad nonce - https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-6.4 */ + /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-10#section-6.4 */ if (resp.data && resp.data.type && (resp.status === 400) && (resp.data.type === 'urn:ietf:params:acme:error:badNonce') && (attempts < this.maxBadNonceRetries)) { nonce = resp.headers['replay-nonce'] || null; attempts += 1; diff --git a/src/verify.js b/src/verify.js index 2ab95e8..c045649 100644 --- a/src/verify.js +++ b/src/verify.js @@ -13,7 +13,7 @@ const { isAlpnCertificateAuthorizationValid } = require('./crypto'); /** * Verify ACME HTTP challenge * - * https://tools.ietf.org/html/rfc8555#section-8.3 + * https://datatracker.ietf.org/doc/html/rfc8555#section-8.3 * * @param {object} authz Identifier authorization * @param {object} challenge Authorization challenge @@ -85,7 +85,7 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) { /** * Verify ACME DNS challenge * - * https://tools.ietf.org/html/rfc8555#section-8.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-8.4 * * @param {object} authz Identifier authorization * @param {object} challenge Authorization challenge @@ -125,7 +125,7 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = ' /** * Verify ACME TLS ALPN challenge * - * https://tools.ietf.org/html/rfc8737 + * https://datatracker.ietf.org/doc/html/rfc8737 * * @param {object} authz Identifier authorization * @param {object} challenge Authorization challenge diff --git a/types/rfc8555.d.ts b/types/rfc8555.d.ts index 51b6f3d..2f88ab7 100644 --- a/types/rfc8555.d.ts +++ b/types/rfc8555.d.ts @@ -1,9 +1,9 @@ /** * Account * - * https://tools.ietf.org/html/rfc8555#section-7.1.2 - * https://tools.ietf.org/html/rfc8555#section-7.3 - * https://tools.ietf.org/html/rfc8555#section-7.3.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.2 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2 */ export interface Account { @@ -31,8 +31,8 @@ export interface AccountUpdateRequest { /** * Order * - * https://tools.ietf.org/html/rfc8555#section-7.1.3 - * https://tools.ietf.org/html/rfc8555#section-7.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.3 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4 */ export interface Order { @@ -57,7 +57,7 @@ export interface OrderCreateRequest { /** * Authorization * - * https://tools.ietf.org/html/rfc8555#section-7.1.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.4 */ export interface Authorization { @@ -77,9 +77,9 @@ export interface Identifier { /** * Challenge * - * https://tools.ietf.org/html/rfc8555#section-8 - * https://tools.ietf.org/html/rfc8555#section-8.3 - * https://tools.ietf.org/html/rfc8555#section-8.4 + * https://datatracker.ietf.org/doc/html/rfc8555#section-8 + * https://datatracker.ietf.org/doc/html/rfc8555#section-8.3 + * https://datatracker.ietf.org/doc/html/rfc8555#section-8.4 */ export interface ChallengeAbstract { @@ -106,7 +106,7 @@ export type Challenge = HttpChallenge | DnsChallenge; /** * Certificate * - * https://tools.ietf.org/html/rfc8555#section-7.6 + * https://datatracker.ietf.org/doc/html/rfc8555#section-7.6 */ export enum CertificateRevocationReason {