Handle unprintable characters in HTTP responses. (letsencrypt#4312)

jsha · Daniel McCarney · commit c8dbbf005d20 · 2019-07-02T13:42:55.000-04:00
Fixes letsencrypt#4244.
diff --git a/va/http.go b/va/http.go
@@ -634,7 +634,7 @@ func (va *ValidationAuthorityImpl) validateHTTP01(ctx context.Context, ident ide
 	payload := strings.TrimRight(string(body), whitespaceCutset)
 
 	if payload != challenge.ProvidedKeyAuthorization {
-		problem := probs.Unauthorized("The key authorization file from the server did not match this challenge [%v] != [%v]",
+		problem := probs.Unauthorized("The key authorization file from the server did not match this challenge %q != %q",
 			challenge.ProvidedKeyAuthorization, payload)
 		va.log.Infof("%s for %s", problem.Detail, ident)
 		return validationRecords, problem
diff --git a/va/http_test.go b/va/http_test.go
@@ -1002,6 +1002,29 @@ func TestHTTPBadPort(t *testing.T) {
 	}
 }
 
+func TestHTTPKeyAuthorizationFileMismatch(t *testing.T) {
+	chall := core.HTTPChallenge01("")
+	setChallengeToken(&chall, expectedToken)
+
+	m := http.NewServeMux()
+	hs := httptest.NewUnstartedServer(m)
+	m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("\xef\xffAABBCC"))
+	})
+	hs.Start()
+
+	va, _ := setup(hs, 0, "", nil)
+	_, prob := va.validateHTTP01(ctx, dnsi("localhost.com"), chall)
+
+	if prob == nil {
+		t.Fatalf("Expected validation to fail when file mismatched.")
+	}
+	expected := `The key authorization file from the server did not match this challenge "LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI" != "\xef\xffAABBCC"`
+	if prob.Detail != expected {
+		t.Errorf("validation failed with %s, expected %s", prob.Detail, expected)
+	}
+}
+
 func TestHTTP(t *testing.T) {
 	chall := core.HTTPChallenge01("")
 	setChallengeToken(&chall, expectedToken)
diff --git a/va/va_test.go b/va/va_test.go
@@ -325,7 +325,7 @@ func TestMultiVA(t *testing.T) {
 	}
 
 	unauthorized := probs.Unauthorized(
-		"The key authorization file from the server did not match this challenge [%s] != [???]",
+		`The key authorization file from the server did not match this challenge %q != "???"`,
 		expectedKeyAuthorization)
 
 	internalErr := probs.ServerInternal("Remote PerformValidation RPC failed")

Original file line number	Diff line number	Diff line change
`@@ -325,7 +325,7 @@ func TestMultiVA(t *testing.T) {`
`325`	`325`	`}`
`326`	`326`
`327`	`327`	`unauthorized := probs.Unauthorized(`
`328`		`- "The key authorization file from the server did not match this challenge [%s] != [???]",`
	`328`	+ `The key authorization file from the server did not match this challenge %q != "???"`,
`329`	`329`	`expectedKeyAuthorization)`
`330`	`330`
`331`	`331`	`internalErr := probs.ServerInternal("Remote PerformValidation RPC failed")`