letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add missing User-Agent header for redirects

This commit is contained in:
Patrick Figel 2015-11-21 07:26:35 +01:00
parent c689599244
commit 4c3d2f6541
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
va/validation-authority.go
View File

@ -258,6 +258,10 @@ func (va *ValidationAuthorityImpl) fetchHTTP(identifier core.AcmeIdentifier, pat
// Set Accept header for mod_security (see the other place the header is // Set Accept header for mod_security (see the other place the header is
// set) // set)
req.Header.Set("Accept", "*/*") req.Header.Set("Accept", "*/*")
if va.UserAgent != "" {
req.Header["User-Agent"] = []string{va.UserAgent}
}
reqHost := req.URL.Host reqHost := req.URL.Host
var reqPort int var reqPort int
if h, p, err := net.SplitHostPort(reqHost); err == nil { if h, p, err := net.SplitHostPort(reqHost); err == nil {

27
va/validation-authority_test.go
View File

@ -78,6 +78,7 @@ const pathReLookup = "7e-P57coLM7D3woNTp_xbJrtlkDYy6PWf3mSSbLwCr4"
const pathReLookupInvalid = "re-lookup-invalid" const pathReLookupInvalid = "re-lookup-invalid"
const pathLooper = "looper" const pathLooper = "looper"
const pathValid = "valid" const pathValid = "valid"
const rejectUserAgent = "rejectMe"
// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this method // TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this method
func createValidation(token string, enableTLS bool) string { func createValidation(token string, enableTLS bool) string {
@ -584,6 +585,9 @@ func httpSrv(t *testing.T, token string) *httptest.Server {
} else if strings.HasSuffix(r.URL.Path, pathRedirectPort) { } else if strings.HasSuffix(r.URL.Path, pathRedirectPort) {
t.Logf("HTTPSRV: Got a port redirect req\n") t.Logf("HTTPSRV: Got a port redirect req\n")
http.Redirect(w, r, "http://other.valid:8080/path", 302) http.Redirect(w, r, "http://other.valid:8080/path", 302)
} else if r.Header.Get("User-Agent") == rejectUserAgent {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte("found trap User-Agent"))
} else { } else {
t.Logf("HTTPSRV: Got a valid req\n") t.Logf("HTTPSRV: Got a valid req\n")
t.Logf("HTTPSRV: Path = %s\n", r.URL.Path) t.Logf("HTTPSRV: Path = %s\n", r.URL.Path)
@ -823,6 +827,29 @@ func TestHTTPRedirectLoop(t *testing.T) {
fmt.Println(finChall) fmt.Println(finChall)
} }
func TestHTTPRedirectUserAgent(t *testing.T) {
chall := core.HTTPChallenge01(accountKey)
err := setChallengeToken(&chall, expectedToken)
test.AssertNotError(t, err, "Failed to complete HTTP challenge")
hs := httpSrv(t, expectedToken)
defer hs.Close()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
stats, _ := statsd.NewNoopClient()
va := NewValidationAuthorityImpl(&PortConfig{HTTPPort: port}, nil, stats, clock.Default())
va.DNSResolver = &mocks.DNSResolver{}
va.UserAgent = rejectUserAgent
setChallengeToken(&chall, pathMoved)
finChall, _ := va.validateHTTP01(ident, chall)
test.AssertNotEquals(t, finChall.Status, core.StatusValid)
setChallengeToken(&chall, pathFound)
finChall, _ = va.validateHTTP01(ident, chall)
test.AssertNotEquals(t, finChall.Status, core.StatusValid)
}
func getPort(hs *httptest.Server) (int, error) { func getPort(hs *httptest.Server) (int, error) {
url, err := url.Parse(hs.URL) url, err := url.Parse(hs.URL)
if err != nil { if err != nil {