Remove challenge pre-checks.

We won't ever be able to do this properly for all possible scenarios.
This commit is contained in:
xenolf 2015-10-26 00:39:24 +01:00
parent 537a0b74fd
commit 8d31bb0123
3 changed files with 1 additions and 67 deletions

View file

@ -38,7 +38,6 @@ type User interface {
// Interface for all challenge solvers to implement. // Interface for all challenge solvers to implement.
type solver interface { type solver interface {
CanSolve(domain string) bool
Solve(challenge challenge, domain string) error Solve(challenge challenge, domain string) error
} }
@ -321,7 +320,7 @@ func (c *Client) chooseSolvers(auth authorization, domain string) map[int]solver
for _, combination := range auth.Combinations { for _, combination := range auth.Combinations {
solvers := make(map[int]solver) solvers := make(map[int]solver)
for _, idx := range combination { for _, idx := range combination {
if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok && (c.devMode || solver.CanSolve(domain)) { if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok {
solvers[idx] = solver solvers[idx] = solver
} else { } else {
logger().Printf("Could not find solver for: %s", auth.Challenges[idx].Type) logger().Printf("Could not find solver for: %s", auth.Challenges[idx].Type)

View file

@ -9,7 +9,6 @@ import (
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"io/ioutil"
"net" "net"
"net/http" "net/http"
"strings" "strings"
@ -21,43 +20,6 @@ type simpleHTTPChallenge struct {
optPort string optPort string
} }
// SimpleHTTPS checks for DNS, public IP and port bindings
func (s *simpleHTTPChallenge) CanSolve(domain string) bool {
// determine public ip
resp, err := http.Get("https://icanhazip.com/")
if err != nil {
logger().Printf("Could not get public IP -> %v", err)
return false
}
defer resp.Body.Close()
ip, err := ioutil.ReadAll(resp.Body)
if err != nil {
logger().Printf("Could not get public IP -> %v", err)
return false
}
ipStr := string(ip)
ipStr = strings.Replace(ipStr, "\n", "", -1)
// resolve domain we should solve for
resolvedIPs, err := net.LookupHost(domain)
if err != nil {
logger().Printf("Could not lookup DNS A record for %s", domain)
return false
}
// if the resolve does not resolve to our public ip, we can't solve.
for _, resolvedIP := range resolvedIPs {
if resolvedIP == ipStr {
return true
}
}
logger().Printf("SimpleHTTP: Domain %s does not resolve to the public ip of this server. Determined IP: %s Resolved IP: %s", domain, ipStr, resolvedIPs[0])
return false
}
func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error { func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error {
logger().Print("Trying to solve SimpleHTTP") logger().Print("Trying to solve SimpleHTTP")

View file

@ -7,38 +7,11 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings"
"testing" "testing"
"github.com/square/go-jose" "github.com/square/go-jose"
) )
func TestSimpleHTTPCanSolve(t *testing.T) {
challenge := &simpleHTTPChallenge{}
// determine public ip
resp, err := http.Get("https://icanhazip.com/")
if err != nil {
t.Errorf("Could not get public IP -> %v", err)
}
defer resp.Body.Close()
ip, err := ioutil.ReadAll(resp.Body)
if err != nil {
t.Errorf("Could not get public IP -> %v", err)
}
ipStr := string(ip)
if expected, actual := false, challenge.CanSolve("google.com"); expected != actual {
t.Errorf("Expected CanSolve to return %t for domain 'google.com' but was %t", expected, actual)
}
localResolv := strings.Replace(ipStr, "\n", "", -1) + ".xip.io"
if expected, actual := true, challenge.CanSolve(localResolv); expected != actual {
t.Errorf("Expected CanSolve to return %t for domain 'localhost' but was %t", expected, actual)
}
}
func TestSimpleHTTP(t *testing.T) { func TestSimpleHTTP(t *testing.T) {
privKey, err := generatePrivateKey(rsakey, 512) privKey, err := generatePrivateKey(rsakey, 512)
if err != nil { if err != nil {