update

2025-05-04 10:29:33 +00:00
parent 1698abef16
commit 0c6da9ff74
6 changed files with 73 additions and 33 deletions
--- a/ts/smartacme.classes.certmatcher.ts
+++ b/ts/smartacme.classes.certmatcher.ts
@ -10,10 +10,17 @@ export class SmartacmeCertMatcher {
   * for wild card certificates
   * @param domainNameArg the domainNameArg to create the scope from
   */
-  public getCertificateDomainNameByDomainName(domainNameArg: string): string {
+  public getCertificateDomainNameByDomainName(domainNameArg: string): string | undefined {
+    // Handle wildcard domains by stripping the '*.' prefix.
+    if (domainNameArg.startsWith('*.')) {
+      return domainNameArg.slice(2);
+    }
    const originalDomain = new plugins.smartstring.Domain(domainNameArg);
+    // For domains with up to 3 levels (no level4), return base domain.
    if (!originalDomain.level4) {
      return `${originalDomain.level2}.${originalDomain.level1}`;
    }
+    // Deeper domains (4+ levels) are not supported.
+    return undefined;
  }
 }
--- a/ts/smartacme.classes.smartacme.ts
+++ b/ts/smartacme.classes.smartacme.ts
@ -221,26 +221,24 @@ export class SmartAcme {
   * @param domainArg
   */
  public async getCertificateForDomain(domainArg: string): Promise<SmartacmeCert> {
+    // Determine if this is a wildcard request (e.g., '*.example.com').
+    const isWildcardRequest = domainArg.startsWith('*.');
+    // Determine the base domain for certificate retrieval/issuance.
    const certDomainName = this.certmatcher.getCertificateDomainNameByDomainName(domainArg);
-    const retrievedCertificate = await this.certmanager.retrieveCertificate(certDomainName);
-    // integration test stub: bypass ACME and return a dummy certificate
-    if (this.options.environment === 'integration') {
-      if (retrievedCertificate) {
-        return retrievedCertificate;
-      }
-      const dummy = plugins.smartunique.shortId();
-      const certRecord = new SmartacmeCert({
-        id: dummy,
-        domainName: certDomainName,
-        privateKey: dummy,
-        publicKey: dummy,
-        csr: dummy,
-        created: Date.now(),
-        validUntil: Date.now() + plugins.smarttime.getMilliSecondsFromUnits({ days: 90 }),
-      });
-      await this.certmanager.storeCertificate(certRecord);
-      return certRecord;
+    if (!certDomainName) {
+      throw new Error(`Cannot determine certificate domain for ${domainArg}`);
    }
+    // Wildcard certificates require DNS-01 challenge support.
+    if (isWildcardRequest) {
+      const hasDnsHandler = this.challengeHandlers.some((h) =>
+        h.getSupportedTypes().includes('dns-01'),
+      );
+      if (!hasDnsHandler) {
+        throw new Error('Wildcard certificate requests require a DNS-01 challenge handler');
+      }
+    }
+    // Retrieve any existing certificate record by base domain.
+    const retrievedCertificate = await this.certmanager.retrieveCertificate(certDomainName);

    if (
      !retrievedCertificate &&