va: Send extValue in TLSALPN unauthorized response (letsencrypt#4330)

alexzorin · jsha · commit df2909a7ca1a · 2019-07-11T09:08:14.000-07:00
Brings it to be more in line with the responses from the other two challenges and
will hopefully make the challenge a lot easier to debug (like in the recent community 
thread).

```json
"error": {
  "type": "urn:ietf:params:acme:error:unauthorized",
  "detail": "Incorrect validation certificate for tls-alpn-01 challenge. Expected acmeValidationV1 extension value 836bf5358f8a32826c61faeff2e0225b00756f935b00ed3002cabb9d536b9f53 for this challenge but got 8539b12e31c306b81a0aedab4128722c6ad71f71f46316a3c71612f47df0e532",
  "status": 403
},
```
diff --git a/va/tlsalpn.go b/va/tlsalpn.go
@@ -222,19 +222,20 @@ func (va *ValidationAuthorityImpl) validateTLSALPN01(ctx context.Context, identi
 			}
 			if !ext.Critical {
 				errText := fmt.Sprintf("Incorrect validation certificate for %s challenge. "+
-					"acmeValidationV1 extension not critical.", core.ChallengeTypeTLSALPN01)
+					"acmeValidationV1 extension not critical", core.ChallengeTypeTLSALPN01)
 				return validationRecords, probs.Unauthorized(errText)
 			}
 			var extValue []byte
 			rest, err := asn1.Unmarshal(ext.Value, &extValue)
-			if err != nil || len(rest) > 0 {
+			if err != nil || len(rest) > 0 || len(h) != len(extValue) {
 				errText := fmt.Sprintf("Incorrect validation certificate for %s challenge. "+
-					"Malformed acmeValidationV1 extension value.", core.ChallengeTypeTLSALPN01)
+					"Malformed acmeValidationV1 extension value", core.ChallengeTypeTLSALPN01)
 				return validationRecords, probs.Unauthorized(errText)
 			}
 			if subtle.ConstantTimeCompare(h[:], extValue) != 1 {
 				errText := fmt.Sprintf("Incorrect validation certificate for %s challenge. "+
-					"Invalid acmeValidationV1 extension value.", core.ChallengeTypeTLSALPN01)
+					"Expected acmeValidationV1 extension value %s for this challenge but got %s",
+					core.ChallengeTypeTLSALPN01, hex.EncodeToString(h[:]), hex.EncodeToString(extValue))
 				return validationRecords, probs.Unauthorized(errText)
 			}
 			return validationRecords, nil
diff --git a/va/tlsalpn_test.go b/va/tlsalpn_test.go
@@ -8,6 +8,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
+	"encoding/hex"
 	"fmt"
 	"math/big"
 	"net"
@@ -69,29 +70,7 @@ func tlssniSrvWithNames(t *testing.T, chall core.Challenge, names ...string) *ht
 	return hs
 }
 
-func tlsalpn01Srv(t *testing.T, chall core.Challenge, oid asn1.ObjectIdentifier, names ...string) *httptest.Server {
-	template := tlsCertTemplate(names)
-	certBytes, _ := x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
-	cert := &tls.Certificate{
-		Certificate: [][]byte{certBytes},
-		PrivateKey:  &TheKey,
-	}
-
-	shasum := sha256.Sum256([]byte(chall.ProvidedKeyAuthorization))
-	encHash, _ := asn1.Marshal(shasum[:])
-	acmeExtension := pkix.Extension{
-		Id:       oid,
-		Critical: true,
-		Value:    encHash,
-	}
-
-	template.ExtraExtensions = []pkix.Extension{acmeExtension}
-	certBytes, _ = x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
-	acmeCert := &tls.Certificate{
-		Certificate: [][]byte{certBytes},
-		PrivateKey:  &TheKey,
-	}
-
+func tlsalpn01SrvWithCert(t *testing.T, chall core.Challenge, oid asn1.ObjectIdentifier, names []string, cert *tls.Certificate, acmeCert *tls.Certificate) *httptest.Server {
 	tlsConfig := &tls.Config{
 		Certificates: []tls.Certificate{},
 		ClientAuth:   tls.NoClientCert,
@@ -118,6 +97,31 @@ func tlsalpn01Srv(t *testing.T, chall core.Challenge, oid asn1.ObjectIdentifier,
 	return hs
 }
 
+func tlsalpn01Srv(t *testing.T, chall core.Challenge, oid asn1.ObjectIdentifier, names ...string) *httptest.Server {
+	template := tlsCertTemplate(names)
+	certBytes, _ := x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
+	cert := &tls.Certificate{
+		Certificate: [][]byte{certBytes},
+		PrivateKey:  &TheKey,
+	}
+
+	shasum := sha256.Sum256([]byte(chall.ProvidedKeyAuthorization))
+	encHash, _ := asn1.Marshal(shasum[:])
+	acmeExtension := pkix.Extension{
+		Id:       oid,
+		Critical: true,
+		Value:    encHash,
+	}
+	template.ExtraExtensions = []pkix.Extension{acmeExtension}
+	certBytes, _ = x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
+	acmeCert := &tls.Certificate{
+		Certificate: [][]byte{certBytes},
+		PrivateKey:  &TheKey,
+	}
+
+	return tlsalpn01SrvWithCert(t, chall, oid, names, cert, acmeCert)
+}
+
 func TestTLSALPN01FailIP(t *testing.T) {
 	chall := createChallenge(core.ChallengeTypeTLSALPN01)
 	hs := tlsalpn01Srv(t, chall, IdPeAcmeIdentifier, "localhost")
@@ -366,6 +370,16 @@ func TestValidateTLSALPN01BadChallenge(t *testing.T) {
 		t.Fatalf("TLS ALPN validation should have failed.")
 	}
 	test.AssertEquals(t, prob.Type, probs.UnauthorizedProblem)
+
+	expectedDigest := sha256.Sum256([]byte(chall.ProvidedKeyAuthorization))
+	badDigest := sha256.Sum256([]byte(chall2.ProvidedKeyAuthorization))
+
+	test.AssertEquals(t, prob.Detail, fmt.Sprintf(
+		"Incorrect validation certificate for %s challenge. "+
+			"Expected acmeValidationV1 extension value %s for this challenge but got %s",
+		core.ChallengeTypeTLSALPN01,
+		hex.EncodeToString(expectedDigest[:]),
+		hex.EncodeToString(badDigest[:])))
 }
 
 func TestValidateTLSALPN01BrokenSrv(t *testing.T) {
@@ -414,3 +428,61 @@ func TestValidateTLSALPN01BadUTFSrv(t *testing.T) {
 			`first certificate had names "localhost, %s"`,
 		port, "\ufffd(\ufffd\ufffd"))
 }
+
+// TestValidateTLSALPN01MalformedExtnValue tests that validating TLS-ALPN-01
+// against a host that returns a certificate that contains an ASN.1 DER
+// acmeValidation extension value that does not parse or is the wrong length
+// will result in an Unauthorized problem
+func TestValidateTLSALPN01MalformedExtnValue(t *testing.T) {
+	chall := createChallenge(core.ChallengeTypeTLSALPN01)
+
+	names := []string{"localhost"}
+	template := tlsCertTemplate(names)
+	certBytes, _ := x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
+	cert := &tls.Certificate{
+		Certificate: [][]byte{certBytes},
+		PrivateKey:  &TheKey,
+	}
+
+	wrongTypeDER, _ := asn1.Marshal("a string")
+	wrongLengthDER, _ := asn1.Marshal(make([]byte, 31))
+	badExtensions := []pkix.Extension{
+		{
+			Id:       IdPeAcmeIdentifier,
+			Critical: true,
+			Value:    wrongTypeDER,
+		},
+		{
+			Id:       IdPeAcmeIdentifier,
+			Critical: true,
+			Value:    wrongLengthDER,
+		},
+	}
+
+	malformedMsg := fmt.Sprintf("Incorrect validation certificate for %s challenge. "+
+		"Malformed acmeValidationV1 extension value", core.ChallengeTypeTLSALPN01)
+
+	for _, badExt := range badExtensions {
+		template.ExtraExtensions = []pkix.Extension{badExt}
+		certBytes, _ = x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
+		acmeCert := &tls.Certificate{
+			Certificate: [][]byte{certBytes},
+			PrivateKey:  &TheKey,
+		}
+
+		hs := tlsalpn01SrvWithCert(t, chall, IdPeAcmeIdentifier, names, cert, acmeCert)
+		va, _ := setup(hs, 0, "", nil)
+
+		_, prob := va.validateTLSALPN01(ctx, dnsi("localhost"), chall)
+		hs.Close()
+
+		if prob == nil {
+			t.Errorf("TLS ALPN validation should have failed for acmeValidation extension %+v.",
+				badExt)
+			continue
+		}
+		test.AssertEquals(t, prob.Type, probs.UnauthorizedProblem)
+		test.AssertEquals(t, prob.Detail, malformedMsg)
+	}
+
+}
