Expose filters
This commit is contained in:
Roland Shoemaker
parent
5a1a3c7e0d
commit
778c0daae5
12
core/dns.go
12
core/dns.go
|
|
@ -18,14 +18,14 @@ type AddrFilter int
|
|||
|
||||
const (
|
||||
// NoAddrFilter is used to tell LookupHost to query both A and AAAA records
|
||||
noAddrFilter AddrFilter = iota
|
||||
NoAddrFilter AddrFilter = iota
|
||||
// IPv4OnlyFilter is used to tell LookupHost to only query A records
|
||||
ipv4OnlyFilter
|
||||
IPv4OnlyFilter
|
||||
)
|
||||
|
||||
var NameToFilter = map[string]AddrFilter{
|
||||
"": noAddrFilter,
|
||||
"v4": ipv4OnlyFilter,
|
||||
"": NoAddrFilter,
|
||||
"v4": IPv4OnlyFilter,
|
||||
}
|
||||
|
||||
var (
|
||||
|
|
@ -130,7 +130,7 @@ func (dnsResolver *DNSResolverImpl) LookupHost(hostname string, filter AddrFilte
|
|||
}
|
||||
answers = append(answers, r.Answer...)
|
||||
|
||||
if filter != ipv4OnlyFilter {
|
||||
if filter != IPv4OnlyFilter {
|
||||
r, aaaaRtt, err := dnsResolver.ExchangeOne(hostname, dns.TypeAAAA)
|
||||
if err != nil {
|
||||
return addrs, aRtt, aaaaRtt, err
|
||||
|
|
@ -148,7 +148,7 @@ func (dnsResolver *DNSResolverImpl) LookupHost(hostname string, filter AddrFilte
|
|||
addrs = append(addrs, a.A)
|
||||
}
|
||||
} else if answer.Header().Rrtype == dns.TypeAAAA {
|
||||
if aaaa, ok := answer.(*dns.AAAA); ok && aaaa.AAAA.To16() != nil && !isPrivate(aaaa.AAAA) && filter != ipv4OnlyFilter {
|
||||
if aaaa, ok := answer.(*dns.AAAA); ok && aaaa.AAAA.To16() != nil && !isPrivate(aaaa.AAAA) && filter != IPv4OnlyFilter {
|
||||
addrs = append(addrs, aaaa.AAAA)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -178,7 +178,7 @@ func TestDNSLookupsNoServer(t *testing.T) {
|
|||
_, _, err := obj.LookupTXT("letsencrypt.org")
|
||||
test.AssertError(t, err, "No servers")
|
||||
|
||||
_, _, _, err = obj.LookupHost("letsencrypt.org", noAddrFilter)
|
||||
_, _, _, err = obj.LookupHost("letsencrypt.org", NoAddrFilter)
|
||||
test.AssertError(t, err, "No servers")
|
||||
|
||||
_, _, err = obj.LookupCNAME("letsencrypt.org")
|
||||
|
|
@ -198,7 +198,7 @@ func TestDNSServFail(t *testing.T) {
|
|||
_, _, err = obj.LookupCNAME(bad)
|
||||
test.AssertError(t, err, "LookupCNAME didn't return an error")
|
||||
|
||||
_, _, _, err = obj.LookupHost(bad, noAddrFilter)
|
||||
_, _, _, err = obj.LookupHost(bad, NoAddrFilter)
|
||||
test.AssertError(t, err, "LookupHost didn't return an error")
|
||||
|
||||
// CAA lookup ignores validation failures from the resolver for now
|
||||
|
|
@ -220,28 +220,28 @@ func TestDNSLookupTXT(t *testing.T) {
|
|||
func TestDNSLookupHost(t *testing.T) {
|
||||
obj := NewDNSResolverImpl(time.Second*10, []string{dnsLoopbackAddr})
|
||||
|
||||
ip, _, _, err := obj.LookupHost("servfail.com", noAddrFilter)
|
||||
ip, _, _, err := obj.LookupHost("servfail.com", NoAddrFilter)
|
||||
t.Logf("servfail.com - IP: %s, Err: %s", ip, err)
|
||||
test.AssertError(t, err, "Server failure")
|
||||
test.Assert(t, len(ip) == 0, "Should not have IPs")
|
||||
|
||||
ip, _, _, err = obj.LookupHost("nonexistent.letsencrypt.org", noAddrFilter)
|
||||
ip, _, _, err = obj.LookupHost("nonexistent.letsencrypt.org", NoAddrFilter)
|
||||
t.Logf("nonexistent.letsencrypt.org - IP: %s, Err: %s", ip, err)
|
||||
test.AssertNotError(t, err, "Not an error to not exist")
|
||||
test.Assert(t, len(ip) == 0, "Should not have IPs")
|
||||
|
||||
// Single IPv4 address
|
||||
ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", noAddrFilter)
|
||||
ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", NoAddrFilter)
|
||||
t.Logf("cps.letsencrypt.org - IP: %s, Err: %s", ip, err)
|
||||
test.AssertNotError(t, err, "Not an error to exist")
|
||||
test.Assert(t, len(ip) == 1, "Should have IP")
|
||||
ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", ipv4OnlyFilter)
|
||||
ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", IPv4OnlyFilter)
|
||||
t.Logf("cps.letsencrypt.org - IP: %s, Err: %s", ip, err)
|
||||
test.AssertNotError(t, err, "Not an error to exist")
|
||||
test.Assert(t, len(ip) == 1, "Should have IP")
|
||||
|
||||
// Both addresses
|
||||
ip, _, _, err = obj.LookupHost("mixed.letsencrypt.org", noAddrFilter)
|
||||
ip, _, _, err = obj.LookupHost("mixed.letsencrypt.org", NoAddrFilter)
|
||||
t.Logf("mixed.letsencrypt.org - IP: %s, Err: %s", ip, err)
|
||||
test.AssertNotError(t, err, "Not an error to exist")
|
||||
test.Assert(t, len(ip) == 2, "Should not have IPs")
|
||||
|
|
|
|||
|
|
@ -253,7 +253,7 @@ func brokenTLSSrv(t *testing.T, stopChan, waitChan chan bool) {
|
|||
func TestSimpleHttpTLS(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.AddrFilter(0) // No filter
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
|
||||
chall := core.Challenge{Type: core.ChallengeTypeSimpleHTTP, Token: expectedToken}
|
||||
|
||||
|
|
@ -275,6 +275,7 @@ func TestSimpleHttpTLS(t *testing.T) {
|
|||
func TestSimpleHttp(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
|
||||
tls := false
|
||||
chall := core.Challenge{Type: core.ChallengeTypeSimpleHTTP, Token: expectedToken, TLS: &tls}
|
||||
|
|
@ -357,6 +358,7 @@ func TestSimpleHttp(t *testing.T) {
|
|||
func TestSimpleHttpRedirectLookup(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
|
||||
tls := false
|
||||
chall := core.Challenge{Token: expectedToken, TLS: &tls}
|
||||
|
|
@ -405,6 +407,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
|
|||
func TestDvsni(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
|
||||
chall := createChallenge(core.ChallengeTypeDVSNI)
|
||||
|
||||
|
|
@ -467,6 +470,7 @@ func TestDvsni(t *testing.T) {
|
|||
func TestTLSError(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
|
||||
chall := createChallenge(core.ChallengeTypeDVSNI)
|
||||
waitChan := make(chan bool, 1)
|
||||
|
|
@ -484,6 +488,7 @@ func TestTLSError(t *testing.T) {
|
|||
func TestValidateHTTP(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -535,6 +540,7 @@ func createChallenge(challengeType string) core.Challenge {
|
|||
func TestValidateDvsni(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -565,6 +571,7 @@ func TestValidateDvsni(t *testing.T) {
|
|||
func TestValidateDvsniNotSane(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -597,6 +604,7 @@ func TestValidateDvsniNotSane(t *testing.T) {
|
|||
func TestUpdateValidations(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -663,6 +671,7 @@ func TestCAAChecking(t *testing.T) {
|
|||
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
va.IssuerDomain = "letsencrypt.org"
|
||||
for _, caaTest := range tests {
|
||||
present, valid, err := va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: caaTest.Domain})
|
||||
|
|
@ -695,6 +704,7 @@ func TestCAAChecking(t *testing.T) {
|
|||
func TestDNSValidationFailure(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -731,6 +741,7 @@ func TestDNSValidationInvalid(t *testing.T) {
|
|||
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -744,6 +755,7 @@ func TestDNSValidationInvalid(t *testing.T) {
|
|||
func TestDNSValidationNotSane(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -774,6 +786,7 @@ func TestDNSValidationNotSane(t *testing.T) {
|
|||
func TestDNSValidationServFail(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
@ -823,6 +836,7 @@ func TestDNSValidationNoServer(t *testing.T) {
|
|||
func TestDNSValidationLive(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(false)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
va.AddressFilter = core.NoAddrFilter
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue