|
| 1 | +// Read a list of reversed hostnames, separated by newlines. Print only those |
| 2 | +// that are rejected by the current policy. |
| 3 | + |
| 4 | +package notmain |
| 5 | + |
| 6 | +import ( |
| 7 | + "bufio" |
| 8 | + "flag" |
| 9 | + "fmt" |
| 10 | + "io" |
| 11 | + "log" |
| 12 | + "os" |
| 13 | + |
| 14 | + "github.com/letsencrypt/boulder/cmd" |
| 15 | + "github.com/letsencrypt/boulder/identifier" |
| 16 | + "github.com/letsencrypt/boulder/policy" |
| 17 | + "github.com/letsencrypt/boulder/sa" |
| 18 | +) |
| 19 | + |
| 20 | +func init() { |
| 21 | + cmd.RegisterCommand("reversed-hostname-checker", main) |
| 22 | +} |
| 23 | + |
| 24 | +func main() { |
| 25 | + inputFilename := flag.String("input", "", "File containing a list of reversed hostnames to check, newline separated. Defaults to stdin") |
| 26 | + policyFile := flag.String("policy", "test/hostname-policy.yaml", "File containing a hostname policy in yaml.") |
| 27 | + flag.Parse() |
| 28 | + |
| 29 | + var input io.Reader |
| 30 | + var err error |
| 31 | + if *inputFilename == "" { |
| 32 | + input = os.Stdin |
| 33 | + } else { |
| 34 | + input, err = os.Open(*inputFilename) |
| 35 | + if err != nil { |
| 36 | + log.Fatalf("opening %s: %s", *inputFilename, err) |
| 37 | + } |
| 38 | + } |
| 39 | + |
| 40 | + scanner := bufio.NewScanner(input) |
| 41 | + pa, err := policy.New(nil) |
| 42 | + if err != nil { |
| 43 | + log.Fatal(err) |
| 44 | + } |
| 45 | + err = pa.SetHostnamePolicyFile(*policyFile) |
| 46 | + if err != nil { |
| 47 | + log.Fatalf("reading %s: %s", *policyFile, err) |
| 48 | + } |
| 49 | + var errors bool |
| 50 | + for scanner.Scan() { |
| 51 | + n := sa.ReverseName(scanner.Text()) |
| 52 | + err := pa.WillingToIssueWildcards([]identifier.ACMEIdentifier{identifier.DNSIdentifier(n)}) |
| 53 | + if err != nil { |
| 54 | + errors = true |
| 55 | + fmt.Printf("%s: %s\n", n, err) |
| 56 | + } |
| 57 | + } |
| 58 | + if errors { |
| 59 | + os.Exit(1) |
| 60 | + } |
| 61 | +} |
0 commit comments