fix: use token as unique ID. (#1003)

2019-11-05 12:58:13 +01:00 · 2019-11-05 12:58:13 +01:00 · 738e40f446
commit 738e40f446
parent 46680f6524
7 changed files with 42 additions and 24 deletions
--- a/e2e/challenges_test.go
+++ b/e2e/challenges_test.go
@ -32,6 +32,7 @@ var load = loader.EnvLoader{
 }

 func TestMain(m *testing.M) {
+	os.Setenv("LEGO_E2E_TESTS", "LEGO_E2E_TESTS")
 	os.Exit(load.MainTest(m))
 }

@ -258,10 +259,14 @@ func TestChallengeTLS_Client_Obtain(t *testing.T) {
 	require.NoError(t, err)
 	user.registration = reg

+	// https://github.com/letsencrypt/pebble/issues/285
+	privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
+	require.NoError(t, err, "Could not generate test key")
+
 	request := certificate.ObtainRequest{
 		Domains:    []string{"acme.wtf"},
 		Bundle:     true,
-		PrivateKey: privateKey,
+		PrivateKey: privateKeyCSR,
 	}
 	resource, err := client.Certificate.Obtain(request)
 	require.NoError(t, err)
--- a/e2e/dnschallenge/dns_challenges_test.go
+++ b/e2e/dnschallenge/dns_challenges_test.go
@ -103,10 +103,14 @@ func TestChallengeDNS_Client_Obtain(t *testing.T) {

 	domains := []string{"*.légo.acme", "légo.acme"}

+	// https://github.com/letsencrypt/pebble/issues/285
+	privateKeyCSR, err := rsa.GenerateKey(rand.Reader, 2048)
+	require.NoError(t, err, "Could not generate test key")
+
 	request := certificate.ObtainRequest{
 		Domains:    domains,
 		Bundle:     true,
-		PrivateKey: privateKey,
+		PrivateKey: privateKeyCSR,
 	}
 	resource, err := client.Certificate.Obtain(request)
 	require.NoError(t, err)
--- a/providers/dns/auroradns/auroradns.go
+++ b/providers/dns/auroradns/auroradns.go
@ -127,7 +127,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	}

 	d.recordIDsMu.Lock()
-	d.recordIDs[fqdn] = newRecord.ID
+	d.recordIDs[token] = newRecord.ID
 	d.recordIDsMu.Unlock()

 	return nil
@ -138,7 +138,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	d.recordIDsMu.Lock()
-	recordID, ok := d.recordIDs[fqdn]
+	recordID, ok := d.recordIDs[token]
 	d.recordIDsMu.Unlock()

 	if !ok {
@ -163,7 +163,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	}

 	d.recordIDsMu.Lock()
-	delete(d.recordIDs, fqdn)
+	delete(d.recordIDs, token)
 	d.recordIDsMu.Unlock()

 	return nil
--- a/providers/dns/cloudflare/cloudflare.go
+++ b/providers/dns/cloudflare/cloudflare.go
@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"sync"
 	"time"

 	cloudflare "github.com/cloudflare/cloudflare-go"
@ -47,6 +48,9 @@ func NewDefaultConfig() *Config {
 type DNSProvider struct {
 	client *metaClient
 	config *Config
+
+	recordIDs   map[string]string
+	recordIDsMu sync.Mutex
 }

 // NewDNSProvider returns a DNSProvider instance configured for Cloudflare.
@ -140,6 +144,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		return fmt.Errorf("cloudflare: failed to create TXT record: %+v %+v", response.Errors, response.Messages)
 	}

+	d.recordIDsMu.Lock()
+	d.recordIDs[token] = response.Result.ID
+	d.recordIDsMu.Unlock()
+
 	log.Infof("cloudflare: new record for %s, ID %s", domain, response.Result.ID)

 	return nil
@ -159,22 +167,23 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("cloudflare: failed to find zone %s: %v", authZone, err)
 	}

-	dnsRecord := cloudflare.DNSRecord{
-		Type: "TXT",
-		Name: dns01.UnFqdn(fqdn),
+	// get the record's unique ID from when we created it
+	d.recordIDsMu.Lock()
+	recordID, ok := d.recordIDs[token]
+	d.recordIDsMu.Unlock()
+	if !ok {
+		return fmt.Errorf("cloudflare: unknown record ID for '%s'", fqdn)
 	}

-	records, err := d.client.DNSRecords(zoneID, dnsRecord)
+	err = d.client.DeleteDNSRecord(zoneID, recordID)
 	if err != nil {
-		return fmt.Errorf("cloudflare: failed to find TXT records: %v", err)
+		log.Printf("cloudflare: failed to delete TXT record: %v", err)
 	}

-	for _, record := range records {
-		err = d.client.DeleteDNSRecord(zoneID, record.ID)
-		if err != nil {
-			log.Printf("cloudflare: failed to delete TXT record: %v", err)
-		}
-	}
+	// Delete record ID from map
+	d.recordIDsMu.Lock()
+	delete(d.recordIDs, token)
+	d.recordIDsMu.Unlock()

 	return nil
 }
--- a/providers/dns/digitalocean/digitalocean.go
+++ b/providers/dns/digitalocean/digitalocean.go
@ -94,7 +94,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	}

 	d.recordIDsMu.Lock()
-	d.recordIDs[fqdn] = respData.DomainRecord.ID
+	d.recordIDs[token] = respData.DomainRecord.ID
 	d.recordIDsMu.Unlock()

 	return nil
@ -111,7 +111,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	// get the record's unique ID from when we created it
 	d.recordIDsMu.Lock()
-	recordID, ok := d.recordIDs[fqdn]
+	recordID, ok := d.recordIDs[token]
 	d.recordIDsMu.Unlock()
 	if !ok {
 		return fmt.Errorf("digitalocean: unknown record ID for '%s'", fqdn)
@ -124,7 +124,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	// Delete record ID from map
 	d.recordIDsMu.Lock()
-	delete(d.recordIDs, fqdn)
+	delete(d.recordIDs, token)
 	d.recordIDsMu.Unlock()

 	return nil
--- a/providers/dns/digitalocean/digitalocean_test.go
+++ b/providers/dns/digitalocean/digitalocean_test.go
@ -163,9 +163,9 @@ func TestDNSProvider_CleanUp(t *testing.T) {
 	})

 	provider.recordIDsMu.Lock()
-	provider.recordIDs["_acme-challenge.example.com."] = 1234567
+	provider.recordIDs["token"] = 1234567
 	provider.recordIDsMu.Unlock()

-	err := provider.CleanUp("example.com", "", "")
+	err := provider.CleanUp("example.com", "token", "")
 	require.NoError(t, err, "fail to remove TXT record")
 }
--- a/providers/dns/ovh/ovh.go
+++ b/providers/dns/ovh/ovh.go
@ -141,7 +141,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	}

 	d.recordIDsMu.Lock()
-	d.recordIDs[fqdn] = respData.ID
+	d.recordIDs[token] = respData.ID
 	d.recordIDsMu.Unlock()

 	return nil
@ -153,7 +153,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	// get the record's unique ID from when we created it
 	d.recordIDsMu.Lock()
-	recordID, ok := d.recordIDs[fqdn]
+	recordID, ok := d.recordIDs[token]
 	d.recordIDsMu.Unlock()
 	if !ok {
 		return fmt.Errorf("ovh: unknown record ID for '%s'", fqdn)
@ -182,7 +182,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	// Delete record ID from map
 	d.recordIDsMu.Lock()
-	delete(d.recordIDs, fqdn)
+	delete(d.recordIDs, token)
 	d.recordIDsMu.Unlock()

 	return nil