mirror of
https://github.com/go-acme/lego.git
synced 2024-12-22 16:53:17 +02:00
bunny: fix zone detection (#2375)
This commit is contained in:
parent
2c13835084
commit
1a62bbab40
@ -5,12 +5,15 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"slices"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/go-acme/lego/v4/challenge"
|
"github.com/go-acme/lego/v4/challenge"
|
||||||
"github.com/go-acme/lego/v4/challenge/dns01"
|
"github.com/go-acme/lego/v4/challenge/dns01"
|
||||||
"github.com/go-acme/lego/v4/platform/config/env"
|
"github.com/go-acme/lego/v4/platform/config/env"
|
||||||
|
"github.com/miekg/dns"
|
||||||
"github.com/nrdcg/bunny-go"
|
"github.com/nrdcg/bunny-go"
|
||||||
|
"golang.org/x/net/publicsuffix"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Environment variables names.
|
// Environment variables names.
|
||||||
@ -94,19 +97,14 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
|
|||||||
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||||
info := dns01.GetChallengeInfo(domain, keyAuth)
|
info := dns01.GetChallengeInfo(domain, keyAuth)
|
||||||
|
|
||||||
authZone, err := getZoneName(info.EffectiveFQDN)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("bunny: could not find zone for domain %q: %w", domain, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
zone, err := d.findZone(ctx, authZone)
|
zone, err := d.findZone(ctx, dns01.UnFqdn(info.EffectiveFQDN))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("bunny: %w", err)
|
return fmt.Errorf("bunny: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
|
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, deref(zone.Domain))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("bunny: %w", err)
|
return fmt.Errorf("bunny: %w", err)
|
||||||
}
|
}
|
||||||
@ -129,19 +127,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||||||
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||||
info := dns01.GetChallengeInfo(domain, keyAuth)
|
info := dns01.GetChallengeInfo(domain, keyAuth)
|
||||||
|
|
||||||
authZone, err := getZoneName(info.EffectiveFQDN)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("bunny: could not find zone for domain %q: %w", domain, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
zone, err := d.findZone(ctx, authZone)
|
zone, err := d.findZone(ctx, dns01.UnFqdn(info.EffectiveFQDN))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("bunny: %w", err)
|
return fmt.Errorf("bunny: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
|
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, deref(zone.Domain))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("bunny: %w", err)
|
return fmt.Errorf("bunny: %w", err)
|
||||||
}
|
}
|
||||||
@ -172,28 +165,53 @@ func (d *DNSProvider) findZone(ctx context.Context, authZone string) (*bunny.DNS
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var zone *bunny.DNSZone
|
zone := findZone(zones, authZone)
|
||||||
for _, item := range zones.Items {
|
|
||||||
if item != nil && deref(item.Domain) == authZone {
|
|
||||||
zone = item
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if zone == nil {
|
if zone == nil {
|
||||||
return nil, fmt.Errorf("could not find DNSZone zone=%s", authZone)
|
return nil, fmt.Errorf("could not find DNSZone domain=%s", authZone)
|
||||||
}
|
}
|
||||||
|
|
||||||
return zone, nil
|
return zone, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getZoneName(fqdn string) (string, error) {
|
func findZone(zones *bunny.DNSZones, domain string) *bunny.DNSZone {
|
||||||
authZone, err := dns01.FindZoneByFqdn(fqdn)
|
domains := possibleDomains(domain)
|
||||||
if err != nil {
|
|
||||||
return "", err
|
var domainLength int
|
||||||
|
|
||||||
|
var zone *bunny.DNSZone
|
||||||
|
for _, item := range zones.Items {
|
||||||
|
if item == nil {
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return dns01.UnFqdn(authZone), nil
|
curr := deref(item.Domain)
|
||||||
|
|
||||||
|
if slices.Contains(domains, curr) && domainLength < len(curr) {
|
||||||
|
domainLength = len(curr)
|
||||||
|
|
||||||
|
zone = item
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return zone
|
||||||
|
}
|
||||||
|
|
||||||
|
func possibleDomains(domain string) []string {
|
||||||
|
var domains []string
|
||||||
|
|
||||||
|
labelIndexes := dns.Split(domain)
|
||||||
|
|
||||||
|
for _, index := range labelIndexes {
|
||||||
|
tld, _ := publicsuffix.PublicSuffix(domain)
|
||||||
|
if tld == domain[index:] {
|
||||||
|
// skip the TLD
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
domains = append(domains, dns01.UnFqdn(domain[index:]))
|
||||||
|
}
|
||||||
|
|
||||||
|
return domains
|
||||||
}
|
}
|
||||||
|
|
||||||
func pointer[T string | int | int32 | int64](v T) *T { return &v }
|
func pointer[T string | int | int32 | int64](v T) *T { return &v }
|
||||||
|
@ -4,6 +4,8 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/go-acme/lego/v4/platform/tester"
|
"github.com/go-acme/lego/v4/platform/tester"
|
||||||
|
"github.com/nrdcg/bunny-go"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -123,3 +125,117 @@ func TestLiveCleanUp(t *testing.T) {
|
|||||||
err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
|
err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Test_findZone(t *testing.T) {
|
||||||
|
testCases := []struct {
|
||||||
|
desc string
|
||||||
|
domain string
|
||||||
|
items []*bunny.DNSZone
|
||||||
|
expected *bunny.DNSZone
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
desc: "found subdomain",
|
||||||
|
domain: "_acme-challenge.foo.bar.example.com",
|
||||||
|
items: []*bunny.DNSZone{
|
||||||
|
{ID: pointer[int64](1), Domain: pointer("example.com")},
|
||||||
|
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||||
|
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||||
|
{ID: pointer[int64](5), Domain: pointer("bar.example.com")},
|
||||||
|
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||||
|
},
|
||||||
|
expected: &bunny.DNSZone{
|
||||||
|
ID: pointer[int64](5),
|
||||||
|
Domain: pointer("bar.example.com"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "found the longest subdomain",
|
||||||
|
domain: "_acme-challenge.foo.bar.example.com",
|
||||||
|
items: []*bunny.DNSZone{
|
||||||
|
{ID: pointer[int64](7), Domain: pointer("foo.bar.example.com")},
|
||||||
|
{ID: pointer[int64](1), Domain: pointer("example.com")},
|
||||||
|
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||||
|
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||||
|
{ID: pointer[int64](5), Domain: pointer("bar.example.com")},
|
||||||
|
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||||
|
},
|
||||||
|
expected: &bunny.DNSZone{
|
||||||
|
ID: pointer[int64](7),
|
||||||
|
Domain: pointer("foo.bar.example.com"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "found apex",
|
||||||
|
domain: "_acme-challenge.foo.bar.example.com",
|
||||||
|
items: []*bunny.DNSZone{
|
||||||
|
{ID: pointer[int64](1), Domain: pointer("example.com")},
|
||||||
|
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||||
|
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||||
|
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||||
|
},
|
||||||
|
expected: &bunny.DNSZone{
|
||||||
|
ID: pointer[int64](1),
|
||||||
|
Domain: pointer("example.com"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "not found",
|
||||||
|
domain: "_acme-challenge.foo.bar.example.com",
|
||||||
|
items: []*bunny.DNSZone{
|
||||||
|
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||||
|
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||||
|
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test := range testCases {
|
||||||
|
t.Run(test.desc, func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
zones := &bunny.DNSZones{Items: test.items}
|
||||||
|
|
||||||
|
zone := findZone(zones, test.domain)
|
||||||
|
|
||||||
|
assert.Equal(t, test.expected, zone)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Test_possibleDomains(t *testing.T) {
|
||||||
|
testCases := []struct {
|
||||||
|
desc string
|
||||||
|
domain string
|
||||||
|
expected []string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
desc: "apex",
|
||||||
|
domain: "example.com",
|
||||||
|
expected: []string{"example.com"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "CCTLD",
|
||||||
|
domain: "example.co.uk",
|
||||||
|
expected: []string{"example.co.uk"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "long domain",
|
||||||
|
domain: "_acme-challenge.foo.bar.example.com",
|
||||||
|
expected: []string{"_acme-challenge.foo.bar.example.com", "foo.bar.example.com", "bar.example.com", "example.com"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "empty",
|
||||||
|
domain: "",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test := range testCases {
|
||||||
|
t.Run(test.desc, func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
domains := possibleDomains(test.domain)
|
||||||
|
|
||||||
|
assert.Equal(t, test.expected, domains)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user