From 8d31bb01230aa427878b9ca3f192085f37030ad2 Mon Sep 17 00:00:00 2001 From: xenolf Date: Mon, 26 Oct 2015 00:39:24 +0100 Subject: [PATCH] Remove challenge pre-checks. We won't ever be able to do this properly for all possible scenarios. --- acme/client.go | 3 +-- acme/simple_http_challenge.go | 38 ------------------------------ acme/simple_http_challenge_test.go | 27 --------------------- 3 files changed, 1 insertion(+), 67 deletions(-) diff --git a/acme/client.go b/acme/client.go index e53ca592..32a69c65 100644 --- a/acme/client.go +++ b/acme/client.go @@ -38,7 +38,6 @@ type User interface { // Interface for all challenge solvers to implement. type solver interface { - CanSolve(domain string) bool Solve(challenge challenge, domain string) error } @@ -321,7 +320,7 @@ func (c *Client) chooseSolvers(auth authorization, domain string) map[int]solver for _, combination := range auth.Combinations { solvers := make(map[int]solver) for _, idx := range combination { - if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok && (c.devMode || solver.CanSolve(domain)) { + if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok { solvers[idx] = solver } else { logger().Printf("Could not find solver for: %s", auth.Challenges[idx].Type) diff --git a/acme/simple_http_challenge.go b/acme/simple_http_challenge.go index fd098a90..4fc56646 100644 --- a/acme/simple_http_challenge.go +++ b/acme/simple_http_challenge.go @@ -9,7 +9,6 @@ import ( "encoding/pem" "errors" "fmt" - "io/ioutil" "net" "net/http" "strings" @@ -21,43 +20,6 @@ type simpleHTTPChallenge struct { optPort string } -// SimpleHTTPS checks for DNS, public IP and port bindings -func (s *simpleHTTPChallenge) CanSolve(domain string) bool { - - // determine public ip - resp, err := http.Get("https://icanhazip.com/") - if err != nil { - logger().Printf("Could not get public IP -> %v", err) - return false - } - defer resp.Body.Close() - - ip, err := ioutil.ReadAll(resp.Body) - if err != nil { - logger().Printf("Could not get public IP -> %v", err) - return false - } - ipStr := string(ip) - ipStr = strings.Replace(ipStr, "\n", "", -1) - - // resolve domain we should solve for - resolvedIPs, err := net.LookupHost(domain) - if err != nil { - logger().Printf("Could not lookup DNS A record for %s", domain) - return false - } - - // if the resolve does not resolve to our public ip, we can't solve. - for _, resolvedIP := range resolvedIPs { - if resolvedIP == ipStr { - return true - } - } - - logger().Printf("SimpleHTTP: Domain %s does not resolve to the public ip of this server. Determined IP: %s Resolved IP: %s", domain, ipStr, resolvedIPs[0]) - return false -} - func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error { logger().Print("Trying to solve SimpleHTTP") diff --git a/acme/simple_http_challenge_test.go b/acme/simple_http_challenge_test.go index 03f30abf..7e3c75e2 100644 --- a/acme/simple_http_challenge_test.go +++ b/acme/simple_http_challenge_test.go @@ -7,38 +7,11 @@ import ( "io/ioutil" "net/http" "net/http/httptest" - "strings" "testing" "github.com/square/go-jose" ) -func TestSimpleHTTPCanSolve(t *testing.T) { - challenge := &simpleHTTPChallenge{} - - // determine public ip - resp, err := http.Get("https://icanhazip.com/") - if err != nil { - t.Errorf("Could not get public IP -> %v", err) - } - defer resp.Body.Close() - - ip, err := ioutil.ReadAll(resp.Body) - if err != nil { - t.Errorf("Could not get public IP -> %v", err) - } - ipStr := string(ip) - - if expected, actual := false, challenge.CanSolve("google.com"); expected != actual { - t.Errorf("Expected CanSolve to return %t for domain 'google.com' but was %t", expected, actual) - } - - localResolv := strings.Replace(ipStr, "\n", "", -1) + ".xip.io" - if expected, actual := true, challenge.CanSolve(localResolv); expected != actual { - t.Errorf("Expected CanSolve to return %t for domain 'localhost' but was %t", expected, actual) - } -} - func TestSimpleHTTP(t *testing.T) { privKey, err := generatePrivateKey(rsakey, 512) if err != nil {