Skip to content

Commit eb42a08

Browse files
bifurcationbifurcation
committed
Make RA check sanity and make tests pass
1 parent b4d4532 commit eb42a08

File tree

3 files changed

+31
-29
lines changed

3 files changed

+31
-29
lines changed

core/challenges.go

Lines changed: 6 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -6,26 +6,15 @@
66
package core
77

88
import (
9-
"encoding/json"
109
"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/letsencrypt/go-jose"
1110
)
1211

1312
func newChallenge(challengeType string, accountKey *jose.JsonWebKey) (Challenge, error) {
14-
ak := AuthorizedKey{
15-
Token: NewToken(),
16-
Key: accountKey,
17-
}
18-
19-
jsonAK, err := json.Marshal(ak)
20-
if err != nil {
21-
return Challenge{}, err
22-
}
23-
2413
return Challenge{
25-
Type: challengeType,
26-
Status: StatusPending,
27-
AccountKey: accountKey,
28-
AuthorizedKey: jsonAK,
14+
Type: challengeType,
15+
Status: StatusPending,
16+
AccountKey: accountKey,
17+
Token: NewToken(),
2918
}, nil
3019
}
3120

@@ -53,16 +42,9 @@ func DvsniChallenge(accountKey *jose.JsonWebKey) (Challenge, error) {
5342
}, nil
5443
}
5544

56-
// HTTPChallenge constructs a random http-00 challenge
45+
// HTTPChallenge constructs a random http-01 challenge
5746
func HTTPChallenge01(accountKey *jose.JsonWebKey) (Challenge, error) {
58-
chall, err := newChallenge(ChallengeTypeHTTP01, accountKey)
59-
if err != nil {
60-
return Challenge{}, err
61-
}
62-
63-
tls := true
64-
chall.TLS = &tls
65-
return chall, nil
47+
return newChallenge(ChallengeTypeHTTP01, accountKey)
6648
}
6749

6850
// DvsniChallenge constructs a random tls-sni-00 challenge

ra/registration-authority.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -506,6 +506,12 @@ func (ra *RegistrationAuthorityImpl) UpdateAuthorization(base core.Authorization
506506
}
507507
authz.Challenges[challengeIndex] = authz.Challenges[challengeIndex].MergeResponse(response)
508508

509+
// At this point, the challenge should be sane as a complete challenge
510+
if !authz.Challenges[challengeIndex].IsSane(true) {
511+
err = core.MalformedRequestError("Response does not complete challenge")
512+
return
513+
}
514+
509515
// Store the updated version
510516
if err = ra.SA.UpdatePendingAuthorization(authz); err != nil {
511517
// This can pretty much only happen when the client corrupts the Challenge

ra/registration-authority_test.go

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -101,9 +101,6 @@ var (
101101
}
102102

103103
ResponseIndex = 0
104-
Response = core.Challenge{
105-
Type: "simpleHttp",
106-
}
107104

108105
ExampleCSR = &x509.CertificateRequest{}
109106

@@ -128,6 +125,19 @@ const (
128125
saDBConnStr = "mysql+tcp://boulder@localhost:3306/boulder_sa_test"
129126
)
130127

128+
func makeResponse(ch core.Challenge) (out core.Challenge, err error) {
129+
jsonAuthorizedKey, err := json.Marshal(core.AuthorizedKey{
130+
Token: ch.Token,
131+
Key: ch.AccountKey,
132+
})
133+
if err != nil {
134+
return
135+
}
136+
137+
out = core.Challenge{AuthorizedKey: jsonAuthorizedKey}
138+
return
139+
}
140+
131141
func initAuthorities(t *testing.T) (*DummyValidationAuthority, *sa.SQLStorageAuthority, *RegistrationAuthorityImpl, clock.FakeClock, func()) {
132142
err := json.Unmarshal(AccountKeyJSONA, &AccountKeyA)
133143
test.AssertNotError(t, err, "Failed to unmarshal public JWK")
@@ -406,7 +416,9 @@ func TestUpdateAuthorization(t *testing.T) {
406416
authz, err := ra.NewAuthorization(AuthzRequest, Registration.ID)
407417
test.AssertNotError(t, err, "NewAuthorization failed")
408418

409-
authz, err = ra.UpdateAuthorization(authz, ResponseIndex, Response)
419+
response, err := makeResponse(authz.Challenges[ResponseIndex])
420+
test.AssertNotError(t, err, "Unable to construct response to challenge")
421+
authz, err = ra.UpdateAuthorization(authz, ResponseIndex, response)
410422
test.AssertNotError(t, err, "UpdateAuthorization failed")
411423

412424
// Verify that returned authz same as DB
@@ -440,7 +452,9 @@ func TestUpdateAuthorizationReject(t *testing.T) {
440452
test.AssertNotError(t, err, "UpdateRegistration failed")
441453

442454
// Verify that the RA rejected the authorization request
443-
_, err = ra.UpdateAuthorization(authz, ResponseIndex, Response)
455+
response, err := makeResponse(authz.Challenges[ResponseIndex])
456+
test.AssertNotError(t, err, "Unable to construct response to challenge")
457+
_, err = ra.UpdateAuthorization(authz, ResponseIndex, response)
444458
test.AssertEquals(t, err, core.UnauthorizedError("Challenge cannot be updated with a different key"))
445459

446460
t.Log("DONE TestUpdateAuthorizationReject")

0 commit comments

Comments
 (0)