alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

acme: Don't panic on logic errors

Browse source 
Since it will ultimately 500 anyway, just return an error.
This commit is contained in:
David Cowden 2020-05-13 20:06:50 -07:00
parent f0228183f5
commit deacbdc358
2 changed files with 26 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
acme/authority.go
View file

@ -5,6 +5,7 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/base64" "encoding/base64"
"log"
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
@ -306,7 +307,8 @@ func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID strin
case StatusInvalid, StatusValid: case StatusInvalid, StatusValid:
return ch.toACME(a.dir, p) return ch.toACME(a.dir, p)
default: default:
panic("unknown challenge state: " + ch.getStatus()) e:= errors.Errorf("unknown challenge state: %s", ch.getStatus())
return nil, ServerInternalErr(e)
} }
// Validate the challenge belongs to the account owned by the requester. // Validate the challenge belongs to the account owned by the requester.
@ -352,7 +354,8 @@ func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID strin
}) })
} }
default: default:
panic("post-validation challenge in unexpected state" + ch.getStatus()) e := errors.Errorf("post-validation challenge in unexpected state, %s", ch.getStatus())
return nil, ServerInternalErr(e)
} }
return ch.toACME(a.dir, p) return ch.toACME(a.dir, p)
} }
@ -388,13 +391,17 @@ func (a *Authority) RetryChallenge(chID string) {
} }
switch ch.getStatus() { switch ch.getStatus() {
case StatusPending: case StatusPending:
panic("pending challenges must first be moved to the processing state") e := errors.New("pending challenges must first be moved to the processing state")
log.Printf("%v", e)
return
case StatusInvalid, StatusValid: case StatusInvalid, StatusValid:
return return
case StatusProcessing: case StatusProcessing:
break break
default: default:
panic("unknown challenge state: " + ch.getStatus()) e:= errors.Errorf("unknown challenge state: %s", ch.getStatus())
log.Printf("%v", e)
return
} }
// When retrying, check to make sure the ordinal has not changed. // When retrying, check to make sure the ordinal has not changed.
@ -449,7 +456,8 @@ func (a *Authority) RetryChallenge(chID string) {
}) })
} }
default: default:
panic("post-validation challenge in unexpected state " + ch.getStatus()) e := errors.Errorf("post-validation challenge in unexpected state, %s", ch.getStatus())
log.Printf("%v", e)
} }
} }

20
acme/challenge.go
View file

@ -302,7 +302,7 @@ func (bc *baseChallenge) morph() challenge {
case "tls-alpn-01": case "tls-alpn-01":
return &tlsALPN01Challenge{bc} return &tlsALPN01Challenge{bc}
default: default:
panic("unrecognized challenge type: " + bc.getType()) return bc
} }
} }
@ -349,13 +349,15 @@ func (hc *http01Challenge) validate(jwk *jose.JSONWebKey, vo validateOptions) (c
// If already valid or invalid then return without performing validation. // If already valid or invalid then return without performing validation.
switch hc.getStatus() { switch hc.getStatus() {
case StatusPending: case StatusPending:
panic("pending challenges must first be moved to the processing state") e := errors.New("pending challenges must first be moved to the processing state")
return nil, ServerInternalErr(e)
case StatusProcessing: case StatusProcessing:
break break
case StatusValid, StatusInvalid: case StatusValid, StatusInvalid:
return hc, nil return hc, nil
default: default:
panic("unknown challenge state: " + hc.getStatus()) e := errors.Errorf("unknown challenge state: %s", hc.getStatus())
return nil, ServerInternalErr(e)
} }
up := &http01Challenge{hc.baseChallenge.clone()} up := &http01Challenge{hc.baseChallenge.clone()}
@ -426,13 +428,15 @@ func (tc *tlsALPN01Challenge) validate(jwk *jose.JSONWebKey, vo validateOptions)
// If already valid or invalid then return without performing validation. // If already valid or invalid then return without performing validation.
switch tc.getStatus() { switch tc.getStatus() {
case StatusPending: case StatusPending:
panic("pending challenges must first be moved to the processing state") e := errors.New("pending challenges must first be moved to the processing state")
return nil, ServerInternalErr(e)
case StatusProcessing: case StatusProcessing:
break break
case StatusValid, StatusInvalid: case StatusValid, StatusInvalid:
return tc, nil return tc, nil
default: default:
panic("unknown challenge state: " + tc.getStatus()) e := errors.Errorf("unknown challenge state: %s", tc.getStatus())
return nil, ServerInternalErr(e)
} }
up := &tlsALPN01Challenge{tc.baseChallenge.clone()} up := &tlsALPN01Challenge{tc.baseChallenge.clone()}
@ -565,13 +569,15 @@ func (dc *dns01Challenge) validate(jwk *jose.JSONWebKey, vo validateOptions) (ch
// If already valid or invalid then return without performing validation. // If already valid or invalid then return without performing validation.
switch dc.getStatus() { switch dc.getStatus() {
case StatusPending: case StatusPending:
panic("pending challenges must first be moved to the processing state") e := errors.New("pending challenges must first be moved to the processing state")
return nil, ServerInternalErr(e)
case StatusProcessing: case StatusProcessing:
break break
case StatusValid, StatusInvalid: case StatusValid, StatusInvalid:
return dc, nil return dc, nil
default: default:
panic("unknown challenge state: " + dc.getStatus()) e := errors.Errorf("unknown challenge state: %s", dc.getStatus())
return nil, ServerInternalErr(e)
} }
up := &dns01Challenge{dc.baseChallenge.clone()} up := &dns01Challenge{dc.baseChallenge.clone()}