forked from TrueCloudLab/lego
Change how challenge order is preserved as suggested by @zakjan
This commit is contained in:
parent
ca5c3a4315
commit
3be490f6cb
2 changed files with 10 additions and 54 deletions
|
@ -239,8 +239,6 @@ func (c *Client) ObtainSANCertificate(domains []string, bundle bool) (Certificat
|
||||||
return CertificateResource{}, failures
|
return CertificateResource{}, failures
|
||||||
}
|
}
|
||||||
|
|
||||||
challenges = reorderAuthorizations(domains, challenges)
|
|
||||||
|
|
||||||
errs := c.solveChallenges(challenges)
|
errs := c.solveChallenges(challenges)
|
||||||
// If any challenge fails - return. Do not generate partial SAN certificates.
|
// If any challenge fails - return. Do not generate partial SAN certificates.
|
||||||
if len(errs) > 0 {
|
if len(errs) > 0 {
|
||||||
|
@ -458,21 +456,28 @@ func (c *Client) getChallenges(domains []string) ([]authorizationResource, map[s
|
||||||
}(domain)
|
}(domain)
|
||||||
}
|
}
|
||||||
|
|
||||||
var responses []authorizationResource
|
responses := make(map[string]authorizationResource)
|
||||||
failures := make(map[string]error)
|
failures := make(map[string]error)
|
||||||
for i := 0; i < len(domains); i++ {
|
for i := 0; i < len(domains); i++ {
|
||||||
select {
|
select {
|
||||||
case res := <-resc:
|
case res := <-resc:
|
||||||
responses = append(responses, res)
|
responses[res.Domain] = res
|
||||||
case err := <-errc:
|
case err := <-errc:
|
||||||
failures[err.Domain] = err.Error
|
failures[err.Domain] = err.Error
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
challenges := make([]authorizationResource, 0, len(responses))
|
||||||
|
for _, domain := range domains {
|
||||||
|
if challenge, ok := responses[domain]; ok {
|
||||||
|
challenges = append(challenges, challenge)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
close(resc)
|
close(resc)
|
||||||
close(errc)
|
close(errc)
|
||||||
|
|
||||||
return responses, failures
|
return challenges, failures
|
||||||
}
|
}
|
||||||
|
|
||||||
// requestCertificates iterates all granted authorizations, creates RSA private keys and CSRs.
|
// requestCertificates iterates all granted authorizations, creates RSA private keys and CSRs.
|
||||||
|
@ -663,20 +668,3 @@ func parseLinks(links []string) map[string]string {
|
||||||
|
|
||||||
return linkMap
|
return linkMap
|
||||||
}
|
}
|
||||||
|
|
||||||
func reorderAuthorizations(domains []string, challenges []authorizationResource) []authorizationResource {
|
|
||||||
// restore order of challenges
|
|
||||||
for i, domain := range domains {
|
|
||||||
if domain == challenges[i].Domain {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
for j, chlng := range challenges {
|
|
||||||
if chlng.Domain == domain {
|
|
||||||
challenges[i], challenges[j] = challenges[j], challenges[i]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return challenges
|
|
||||||
}
|
|
||||||
|
|
|
@ -4,8 +4,6 @@ import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
|
||||||
mrand "math/rand"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"testing"
|
"testing"
|
||||||
|
@ -70,33 +68,3 @@ type mockUser struct {
|
||||||
func (u mockUser) GetEmail() string { return u.email }
|
func (u mockUser) GetEmail() string { return u.email }
|
||||||
func (u mockUser) GetRegistration() *RegistrationResource { return u.regres }
|
func (u mockUser) GetRegistration() *RegistrationResource { return u.regres }
|
||||||
func (u mockUser) GetPrivateKey() *rsa.PrivateKey { return u.privatekey }
|
func (u mockUser) GetPrivateKey() *rsa.PrivateKey { return u.privatekey }
|
||||||
|
|
||||||
func TestReorderAuthorizations(t *testing.T) {
|
|
||||||
// generate fake domains
|
|
||||||
var domains []string
|
|
||||||
for i := 0; i < 30; i++ {
|
|
||||||
domains = append(domains, fmt.Sprintf("example%d.com", i))
|
|
||||||
}
|
|
||||||
|
|
||||||
// generate authorizationResources from the domains
|
|
||||||
var challenges []authorizationResource
|
|
||||||
for _, domain := range domains {
|
|
||||||
challenges = append(challenges, authorizationResource{Domain: domain})
|
|
||||||
}
|
|
||||||
|
|
||||||
// shuffle the challenges slice
|
|
||||||
for i := len(challenges) - 1; i > 0; i-- {
|
|
||||||
j := mrand.Intn(i + 1)
|
|
||||||
challenges[i], challenges[j] = challenges[j], challenges[i]
|
|
||||||
}
|
|
||||||
|
|
||||||
// reorder the challenges
|
|
||||||
reordered := reorderAuthorizations(domains, challenges)
|
|
||||||
|
|
||||||
// test if reordering was successfull
|
|
||||||
for i, domain := range domains {
|
|
||||||
if domain != reordered[i].Domain {
|
|
||||||
t.Errorf("Expected reordered[%d] to equal %s but was %s", i, domain, reordered[i].Domain)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue