mirror of
https://github.com/go-acme/lego.git
synced 2024-12-22 07:12:22 +02:00
bunny: fix zone detection (#2375)
This commit is contained in:
parent
2c13835084
commit
1a62bbab40
@ -5,12 +5,15 @@ import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"slices"
|
||||
"time"
|
||||
|
||||
"github.com/go-acme/lego/v4/challenge"
|
||||
"github.com/go-acme/lego/v4/challenge/dns01"
|
||||
"github.com/go-acme/lego/v4/platform/config/env"
|
||||
"github.com/miekg/dns"
|
||||
"github.com/nrdcg/bunny-go"
|
||||
"golang.org/x/net/publicsuffix"
|
||||
)
|
||||
|
||||
// Environment variables names.
|
||||
@ -94,19 +97,14 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
|
||||
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||
info := dns01.GetChallengeInfo(domain, keyAuth)
|
||||
|
||||
authZone, err := getZoneName(info.EffectiveFQDN)
|
||||
if err != nil {
|
||||
return fmt.Errorf("bunny: could not find zone for domain %q: %w", domain, err)
|
||||
}
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
zone, err := d.findZone(ctx, authZone)
|
||||
zone, err := d.findZone(ctx, dns01.UnFqdn(info.EffectiveFQDN))
|
||||
if err != nil {
|
||||
return fmt.Errorf("bunny: %w", err)
|
||||
}
|
||||
|
||||
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
|
||||
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, deref(zone.Domain))
|
||||
if err != nil {
|
||||
return fmt.Errorf("bunny: %w", err)
|
||||
}
|
||||
@ -129,19 +127,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||
info := dns01.GetChallengeInfo(domain, keyAuth)
|
||||
|
||||
authZone, err := getZoneName(info.EffectiveFQDN)
|
||||
if err != nil {
|
||||
return fmt.Errorf("bunny: could not find zone for domain %q: %w", domain, err)
|
||||
}
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
zone, err := d.findZone(ctx, authZone)
|
||||
zone, err := d.findZone(ctx, dns01.UnFqdn(info.EffectiveFQDN))
|
||||
if err != nil {
|
||||
return fmt.Errorf("bunny: %w", err)
|
||||
}
|
||||
|
||||
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
|
||||
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, deref(zone.Domain))
|
||||
if err != nil {
|
||||
return fmt.Errorf("bunny: %w", err)
|
||||
}
|
||||
@ -172,28 +165,53 @@ func (d *DNSProvider) findZone(ctx context.Context, authZone string) (*bunny.DNS
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var zone *bunny.DNSZone
|
||||
for _, item := range zones.Items {
|
||||
if item != nil && deref(item.Domain) == authZone {
|
||||
zone = item
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
zone := findZone(zones, authZone)
|
||||
if zone == nil {
|
||||
return nil, fmt.Errorf("could not find DNSZone zone=%s", authZone)
|
||||
return nil, fmt.Errorf("could not find DNSZone domain=%s", authZone)
|
||||
}
|
||||
|
||||
return zone, nil
|
||||
}
|
||||
|
||||
func getZoneName(fqdn string) (string, error) {
|
||||
authZone, err := dns01.FindZoneByFqdn(fqdn)
|
||||
if err != nil {
|
||||
return "", err
|
||||
func findZone(zones *bunny.DNSZones, domain string) *bunny.DNSZone {
|
||||
domains := possibleDomains(domain)
|
||||
|
||||
var domainLength int
|
||||
|
||||
var zone *bunny.DNSZone
|
||||
for _, item := range zones.Items {
|
||||
if item == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
return dns01.UnFqdn(authZone), nil
|
||||
curr := deref(item.Domain)
|
||||
|
||||
if slices.Contains(domains, curr) && domainLength < len(curr) {
|
||||
domainLength = len(curr)
|
||||
|
||||
zone = item
|
||||
}
|
||||
}
|
||||
|
||||
return zone
|
||||
}
|
||||
|
||||
func possibleDomains(domain string) []string {
|
||||
var domains []string
|
||||
|
||||
labelIndexes := dns.Split(domain)
|
||||
|
||||
for _, index := range labelIndexes {
|
||||
tld, _ := publicsuffix.PublicSuffix(domain)
|
||||
if tld == domain[index:] {
|
||||
// skip the TLD
|
||||
break
|
||||
}
|
||||
|
||||
domains = append(domains, dns01.UnFqdn(domain[index:]))
|
||||
}
|
||||
|
||||
return domains
|
||||
}
|
||||
|
||||
func pointer[T string | int | int32 | int64](v T) *T { return &v }
|
||||
|
@ -4,6 +4,8 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/go-acme/lego/v4/platform/tester"
|
||||
"github.com/nrdcg/bunny-go"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@ -123,3 +125,117 @@ func TestLiveCleanUp(t *testing.T) {
|
||||
err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
func Test_findZone(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
domain string
|
||||
items []*bunny.DNSZone
|
||||
expected *bunny.DNSZone
|
||||
}{
|
||||
{
|
||||
desc: "found subdomain",
|
||||
domain: "_acme-challenge.foo.bar.example.com",
|
||||
items: []*bunny.DNSZone{
|
||||
{ID: pointer[int64](1), Domain: pointer("example.com")},
|
||||
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||
{ID: pointer[int64](5), Domain: pointer("bar.example.com")},
|
||||
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||
},
|
||||
expected: &bunny.DNSZone{
|
||||
ID: pointer[int64](5),
|
||||
Domain: pointer("bar.example.com"),
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "found the longest subdomain",
|
||||
domain: "_acme-challenge.foo.bar.example.com",
|
||||
items: []*bunny.DNSZone{
|
||||
{ID: pointer[int64](7), Domain: pointer("foo.bar.example.com")},
|
||||
{ID: pointer[int64](1), Domain: pointer("example.com")},
|
||||
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||
{ID: pointer[int64](5), Domain: pointer("bar.example.com")},
|
||||
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||
},
|
||||
expected: &bunny.DNSZone{
|
||||
ID: pointer[int64](7),
|
||||
Domain: pointer("foo.bar.example.com"),
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "found apex",
|
||||
domain: "_acme-challenge.foo.bar.example.com",
|
||||
items: []*bunny.DNSZone{
|
||||
{ID: pointer[int64](1), Domain: pointer("example.com")},
|
||||
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||
},
|
||||
expected: &bunny.DNSZone{
|
||||
ID: pointer[int64](1),
|
||||
Domain: pointer("example.com"),
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "not found",
|
||||
domain: "_acme-challenge.foo.bar.example.com",
|
||||
items: []*bunny.DNSZone{
|
||||
{ID: pointer[int64](2), Domain: pointer("example.org")},
|
||||
{ID: pointer[int64](4), Domain: pointer("bar.example.org")},
|
||||
{ID: pointer[int64](6), Domain: pointer("foo.example.com")},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
zones := &bunny.DNSZones{Items: test.items}
|
||||
|
||||
zone := findZone(zones, test.domain)
|
||||
|
||||
assert.Equal(t, test.expected, zone)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_possibleDomains(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
domain string
|
||||
expected []string
|
||||
}{
|
||||
{
|
||||
desc: "apex",
|
||||
domain: "example.com",
|
||||
expected: []string{"example.com"},
|
||||
},
|
||||
{
|
||||
desc: "CCTLD",
|
||||
domain: "example.co.uk",
|
||||
expected: []string{"example.co.uk"},
|
||||
},
|
||||
{
|
||||
desc: "long domain",
|
||||
domain: "_acme-challenge.foo.bar.example.com",
|
||||
expected: []string{"_acme-challenge.foo.bar.example.com", "foo.bar.example.com", "bar.example.com", "example.com"},
|
||||
},
|
||||
{
|
||||
desc: "empty",
|
||||
domain: "",
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
domains := possibleDomains(test.domain)
|
||||
|
||||
assert.Equal(t, test.expected, domains)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user