forked from TrueCloudLab/lego
Remove challenge pre-checks.
We won't ever be able to do this properly for all possible scenarios.
This commit is contained in:
parent
537a0b74fd
commit
8d31bb0123
3 changed files with 1 additions and 67 deletions
|
@ -38,7 +38,6 @@ type User interface {
|
||||||
|
|
||||||
// Interface for all challenge solvers to implement.
|
// Interface for all challenge solvers to implement.
|
||||||
type solver interface {
|
type solver interface {
|
||||||
CanSolve(domain string) bool
|
|
||||||
Solve(challenge challenge, domain string) error
|
Solve(challenge challenge, domain string) error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -321,7 +320,7 @@ func (c *Client) chooseSolvers(auth authorization, domain string) map[int]solver
|
||||||
for _, combination := range auth.Combinations {
|
for _, combination := range auth.Combinations {
|
||||||
solvers := make(map[int]solver)
|
solvers := make(map[int]solver)
|
||||||
for _, idx := range combination {
|
for _, idx := range combination {
|
||||||
if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok && (c.devMode || solver.CanSolve(domain)) {
|
if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok {
|
||||||
solvers[idx] = solver
|
solvers[idx] = solver
|
||||||
} else {
|
} else {
|
||||||
logger().Printf("Could not find solver for: %s", auth.Challenges[idx].Type)
|
logger().Printf("Could not find solver for: %s", auth.Challenges[idx].Type)
|
||||||
|
|
|
@ -9,7 +9,6 @@ import (
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -21,43 +20,6 @@ type simpleHTTPChallenge struct {
|
||||||
optPort string
|
optPort string
|
||||||
}
|
}
|
||||||
|
|
||||||
// SimpleHTTPS checks for DNS, public IP and port bindings
|
|
||||||
func (s *simpleHTTPChallenge) CanSolve(domain string) bool {
|
|
||||||
|
|
||||||
// determine public ip
|
|
||||||
resp, err := http.Get("https://icanhazip.com/")
|
|
||||||
if err != nil {
|
|
||||||
logger().Printf("Could not get public IP -> %v", err)
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
defer resp.Body.Close()
|
|
||||||
|
|
||||||
ip, err := ioutil.ReadAll(resp.Body)
|
|
||||||
if err != nil {
|
|
||||||
logger().Printf("Could not get public IP -> %v", err)
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
ipStr := string(ip)
|
|
||||||
ipStr = strings.Replace(ipStr, "\n", "", -1)
|
|
||||||
|
|
||||||
// resolve domain we should solve for
|
|
||||||
resolvedIPs, err := net.LookupHost(domain)
|
|
||||||
if err != nil {
|
|
||||||
logger().Printf("Could not lookup DNS A record for %s", domain)
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// if the resolve does not resolve to our public ip, we can't solve.
|
|
||||||
for _, resolvedIP := range resolvedIPs {
|
|
||||||
if resolvedIP == ipStr {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
logger().Printf("SimpleHTTP: Domain %s does not resolve to the public ip of this server. Determined IP: %s Resolved IP: %s", domain, ipStr, resolvedIPs[0])
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error {
|
func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error {
|
||||||
|
|
||||||
logger().Print("Trying to solve SimpleHTTP")
|
logger().Print("Trying to solve SimpleHTTP")
|
||||||
|
|
|
@ -7,38 +7,11 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"strings"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/square/go-jose"
|
"github.com/square/go-jose"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSimpleHTTPCanSolve(t *testing.T) {
|
|
||||||
challenge := &simpleHTTPChallenge{}
|
|
||||||
|
|
||||||
// determine public ip
|
|
||||||
resp, err := http.Get("https://icanhazip.com/")
|
|
||||||
if err != nil {
|
|
||||||
t.Errorf("Could not get public IP -> %v", err)
|
|
||||||
}
|
|
||||||
defer resp.Body.Close()
|
|
||||||
|
|
||||||
ip, err := ioutil.ReadAll(resp.Body)
|
|
||||||
if err != nil {
|
|
||||||
t.Errorf("Could not get public IP -> %v", err)
|
|
||||||
}
|
|
||||||
ipStr := string(ip)
|
|
||||||
|
|
||||||
if expected, actual := false, challenge.CanSolve("google.com"); expected != actual {
|
|
||||||
t.Errorf("Expected CanSolve to return %t for domain 'google.com' but was %t", expected, actual)
|
|
||||||
}
|
|
||||||
|
|
||||||
localResolv := strings.Replace(ipStr, "\n", "", -1) + ".xip.io"
|
|
||||||
if expected, actual := true, challenge.CanSolve(localResolv); expected != actual {
|
|
||||||
t.Errorf("Expected CanSolve to return %t for domain 'localhost' but was %t", expected, actual)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestSimpleHTTP(t *testing.T) {
|
func TestSimpleHTTP(t *testing.T) {
|
||||||
privKey, err := generatePrivateKey(rsakey, 512)
|
privKey, err := generatePrivateKey(rsakey, 512)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue