From 778c0daae5800979005326b1eaca220291254174 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <rolandshoemaker@gmail.com>
Date: Fri, 31 Jul 2015 16:19:25 -0700
Subject: [PATCH] Expose filters

---
 core/dns.go                     | 12 ++++++------
 core/dns_test.go                | 14 +++++++-------
 va/validation-authority_test.go | 16 +++++++++++++++-
 3 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/core/dns.go b/core/dns.go
index bf2ce81c0..024af66c6 100644
--- a/core/dns.go
+++ b/core/dns.go
@@ -18,14 +18,14 @@ type AddrFilter int
 
 const (
 	// NoAddrFilter is used to tell LookupHost to query both A and AAAA records
-	noAddrFilter AddrFilter = iota
+	NoAddrFilter AddrFilter = iota
 	// IPv4OnlyFilter is used to tell LookupHost to only query A records
-	ipv4OnlyFilter
+	IPv4OnlyFilter
 )
 
 var NameToFilter = map[string]AddrFilter{
-	"":   noAddrFilter,
-	"v4": ipv4OnlyFilter,
+	"":   NoAddrFilter,
+	"v4": IPv4OnlyFilter,
 }
 
 var (
@@ -130,7 +130,7 @@ func (dnsResolver *DNSResolverImpl) LookupHost(hostname string, filter AddrFilte
 	}
 	answers = append(answers, r.Answer...)
 
-	if filter != ipv4OnlyFilter {
+	if filter != IPv4OnlyFilter {
 		r, aaaaRtt, err := dnsResolver.ExchangeOne(hostname, dns.TypeAAAA)
 		if err != nil {
 			return addrs, aRtt, aaaaRtt, err
@@ -148,7 +148,7 @@ func (dnsResolver *DNSResolverImpl) LookupHost(hostname string, filter AddrFilte
 				addrs = append(addrs, a.A)
 			}
 		} else if answer.Header().Rrtype == dns.TypeAAAA {
-			if aaaa, ok := answer.(*dns.AAAA); ok && aaaa.AAAA.To16() != nil && !isPrivate(aaaa.AAAA) && filter != ipv4OnlyFilter {
+			if aaaa, ok := answer.(*dns.AAAA); ok && aaaa.AAAA.To16() != nil && !isPrivate(aaaa.AAAA) && filter != IPv4OnlyFilter {
 				addrs = append(addrs, aaaa.AAAA)
 			}
 		}
diff --git a/core/dns_test.go b/core/dns_test.go
index 74b1b49f0..0da04b392 100644
--- a/core/dns_test.go
+++ b/core/dns_test.go
@@ -178,7 +178,7 @@ func TestDNSLookupsNoServer(t *testing.T) {
 	_, _, err := obj.LookupTXT("letsencrypt.org")
 	test.AssertError(t, err, "No servers")
 
-	_, _, _, err = obj.LookupHost("letsencrypt.org", noAddrFilter)
+	_, _, _, err = obj.LookupHost("letsencrypt.org", NoAddrFilter)
 	test.AssertError(t, err, "No servers")
 
 	_, _, err = obj.LookupCNAME("letsencrypt.org")
@@ -198,7 +198,7 @@ func TestDNSServFail(t *testing.T) {
 	_, _, err = obj.LookupCNAME(bad)
 	test.AssertError(t, err, "LookupCNAME didn't return an error")
 
-	_, _, _, err = obj.LookupHost(bad, noAddrFilter)
+	_, _, _, err = obj.LookupHost(bad, NoAddrFilter)
 	test.AssertError(t, err, "LookupHost didn't return an error")
 
 	// CAA lookup ignores validation failures from the resolver for now
@@ -220,28 +220,28 @@ func TestDNSLookupTXT(t *testing.T) {
 func TestDNSLookupHost(t *testing.T) {
 	obj := NewDNSResolverImpl(time.Second*10, []string{dnsLoopbackAddr})
 
-	ip, _, _, err := obj.LookupHost("servfail.com", noAddrFilter)
+	ip, _, _, err := obj.LookupHost("servfail.com", NoAddrFilter)
 	t.Logf("servfail.com - IP: %s, Err: %s", ip, err)
 	test.AssertError(t, err, "Server failure")
 	test.Assert(t, len(ip) == 0, "Should not have IPs")
 
-	ip, _, _, err = obj.LookupHost("nonexistent.letsencrypt.org", noAddrFilter)
+	ip, _, _, err = obj.LookupHost("nonexistent.letsencrypt.org", NoAddrFilter)
 	t.Logf("nonexistent.letsencrypt.org - IP: %s, Err: %s", ip, err)
 	test.AssertNotError(t, err, "Not an error to not exist")
 	test.Assert(t, len(ip) == 0, "Should not have IPs")
 
 	// Single IPv4 address
-	ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", noAddrFilter)
+	ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", NoAddrFilter)
 	t.Logf("cps.letsencrypt.org - IP: %s, Err: %s", ip, err)
 	test.AssertNotError(t, err, "Not an error to exist")
 	test.Assert(t, len(ip) == 1, "Should have IP")
-	ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", ipv4OnlyFilter)
+	ip, _, _, err = obj.LookupHost("cps.letsencrypt.org", IPv4OnlyFilter)
 	t.Logf("cps.letsencrypt.org - IP: %s, Err: %s", ip, err)
 	test.AssertNotError(t, err, "Not an error to exist")
 	test.Assert(t, len(ip) == 1, "Should have IP")
 
 	// Both addresses
-	ip, _, _, err = obj.LookupHost("mixed.letsencrypt.org", noAddrFilter)
+	ip, _, _, err = obj.LookupHost("mixed.letsencrypt.org", NoAddrFilter)
 	t.Logf("mixed.letsencrypt.org - IP: %s, Err: %s", ip, err)
 	test.AssertNotError(t, err, "Not an error to exist")
 	test.Assert(t, len(ip) == 2, "Should not have IPs")
diff --git a/va/validation-authority_test.go b/va/validation-authority_test.go
index 2c630587c..abae1eef9 100644
--- a/va/validation-authority_test.go
+++ b/va/validation-authority_test.go
@@ -253,7 +253,7 @@ func brokenTLSSrv(t *testing.T, stopChan, waitChan chan bool) {
 func TestSimpleHttpTLS(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
-	va.AddressFilter = core.AddrFilter(0) // No filter
+	va.AddressFilter = core.NoAddrFilter
 
 	chall := core.Challenge{Type: core.ChallengeTypeSimpleHTTP, Token: expectedToken}
 
@@ -275,6 +275,7 @@ func TestSimpleHttpTLS(t *testing.T) {
 func TestSimpleHttp(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 
 	tls := false
 	chall := core.Challenge{Type: core.ChallengeTypeSimpleHTTP, Token: expectedToken, TLS: &tls}
@@ -357,6 +358,7 @@ func TestSimpleHttp(t *testing.T) {
 func TestSimpleHttpRedirectLookup(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 
 	tls := false
 	chall := core.Challenge{Token: expectedToken, TLS: &tls}
@@ -405,6 +407,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
 func TestDvsni(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 
 	chall := createChallenge(core.ChallengeTypeDVSNI)
 
@@ -467,6 +470,7 @@ func TestDvsni(t *testing.T) {
 func TestTLSError(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 
 	chall := createChallenge(core.ChallengeTypeDVSNI)
 	waitChan := make(chan bool, 1)
@@ -484,6 +488,7 @@ func TestTLSError(t *testing.T) {
 func TestValidateHTTP(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -535,6 +540,7 @@ func createChallenge(challengeType string) core.Challenge {
 func TestValidateDvsni(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -565,6 +571,7 @@ func TestValidateDvsni(t *testing.T) {
 func TestValidateDvsniNotSane(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -597,6 +604,7 @@ func TestValidateDvsniNotSane(t *testing.T) {
 func TestUpdateValidations(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -663,6 +671,7 @@ func TestCAAChecking(t *testing.T) {
 
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	va.IssuerDomain = "letsencrypt.org"
 	for _, caaTest := range tests {
 		present, valid, err := va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: caaTest.Domain})
@@ -695,6 +704,7 @@ func TestCAAChecking(t *testing.T) {
 func TestDNSValidationFailure(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -731,6 +741,7 @@ func TestDNSValidationInvalid(t *testing.T) {
 
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -744,6 +755,7 @@ func TestDNSValidationInvalid(t *testing.T) {
 func TestDNSValidationNotSane(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -774,6 +786,7 @@ func TestDNSValidationNotSane(t *testing.T) {
 func TestDNSValidationServFail(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
@@ -823,6 +836,7 @@ func TestDNSValidationNoServer(t *testing.T) {
 func TestDNSValidationLive(t *testing.T) {
 	va := NewValidationAuthorityImpl(false)
 	va.DNSResolver = &mocks.MockDNS{}
+	va.AddressFilter = core.NoAddrFilter
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA