challtestsrv

package module

v1.0.0 Latest Latest Go to latest Published: Dec 6, 2018 License: MPL-2.0 Imports: 20 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/letsencrypt/challtestsrv

Links

Open Source Insights

README ¶

Challenge Test Server

The challtestsrv package offers a library/command that can be used by test code to respond to HTTP-01, DNS-01, and TLS-ALPN-01 ACME challenges. The challtestsrv package can also be used as a mock DNS server letting developers mock A, AAAA, and CAA DNS data for specific hostnames.

Important note: The challtestsrv command and library are for TEST USAGE ONLY. It is trivially insecure, offering no authentication. Only use challtestsrv in a controlled test environment.

For example this package is used by the Boulder load-generator command to manage its own in-process HTTP-01 challenge server.

Usage

Create a challenge server responding to HTTP-01 challenges on ":8888" and DNS-01 challenges on ":9999" and "10.0.0.1:9998":

  import "github.com/letsencrypt/pebble/challtestsrv"

  challSrv, err := challtestsrv.New(challsrv.Config{
    HTTPOneAddr: []string{":8888"},
    DNSOneAddr: []string{":9999", "10.0.0.1:9998"},
  })
  if err != nil {
    panic(err)
  }

Run the Challenge server and subservers:

  // Start the Challenge server in its own Go routine
  go challSrv.Run()

Add an HTTP-01 response for the token "aaa" and the value "bbb", defer cleaning it up again:

  challSrv.AddHTTPOneChallenge("aaa", "bbb")
  defer challSrv.DeleteHTTPOneChallenge("aaa")

Add a DNS-01 TXT response for the host "_acme-challenge.example.com." and the value "bbb", defer cleaning it up again:

  challSrv.AddDNSOneChallenge("_acme-challenge.example.com.", "bbb")
  defer challSrv.DeleteHTTPOneChallenge("_acme-challenge.example.com.")

Stop the Challenge server and subservers:

  // Shutdown the Challenge server
  challSrv.Shutdown()

For more information on the package API see Godocs and the associated package sourcecode.

Documentation ¶

Overview ¶

Package challtestsrv provides a trivially insecure acme challenge response server for rapidly testing HTTP-01, DNS-01 and TLS-ALPN-01 challenge types.

Index ¶

Constants
Variables
type ChallSrv
- func New(config Config) (*ChallSrv, error)
type Config
type MockCAAPolicy

Constants ¶

View Source

const ACMETLS1Protocol = "acme-tls/1"

ALPN protocol ID for TLS-ALPN-01 challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2

Variables ¶

View Source

var IdPeAcmeIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}

As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-04#section-5.1 id-pe OID + 31 (acmeIdentifier)

Functions ¶

This section is empty.

Types ¶

type ChallSrv ¶

type ChallSrv struct {
	// contains filtered or unexported fields
}

ChallSrv is a multi-purpose challenge server. Each ChallSrv may have one or more ACME challenges it provides servers for. It is safe to use concurrently.

func New ¶

func New(config Config) (*ChallSrv, error)

New constructs and returns a new ChallSrv instance with the given Config.

func (*ChallSrv) AddDNSAAAARecord ¶

func (s *ChallSrv) AddDNSAAAARecord(host string, addresses []string)

AddDNSAAAARecord adds IPv6 addresses that will be returned when querying for AAAA records for the given host.

func (*ChallSrv) AddDNSARecord ¶

func (s *ChallSrv) AddDNSARecord(host string, addresses []string)

AddDNSARecord adds IPv4 addresses that will be returned when querying for A records for the given host.

func (*ChallSrv) AddDNSCAARecord ¶

func (s *ChallSrv) AddDNSCAARecord(host string, policies []MockCAAPolicy)

AddDNSCAARecord adds mock CAA records that will be returned when querying CAA for the given host.

func (*ChallSrv) AddDNSOneChallenge ¶

func (s *ChallSrv) AddDNSOneChallenge(host, content string)

AddDNSOneChallenge adds a TXT record for the given host with the given content.

func (*ChallSrv) AddHTTPOneChallenge ¶

func (s *ChallSrv) AddHTTPOneChallenge(token, content string)

AddHTTPOneChallenge adds a new HTTP-01 challenge for the given token and content.

func (*ChallSrv) AddHTTPRedirect ¶

func (s *ChallSrv) AddHTTPRedirect(path, targetURL string)

AddHTTPRedirect adds a redirect for the given path to the given URL.

func (*ChallSrv) AddTLSALPNChallenge ¶

func (s *ChallSrv) AddTLSALPNChallenge(host, content string)

AddTLSALPNChallenge adds a new TLS-ALPN-01 key authorization for the given host

func (*ChallSrv) DeleteDNSAAAARecord ¶

func (s *ChallSrv) DeleteDNSAAAARecord(host string)

DeleteDNSAAAARecord deletes any IPv6 addresses that will be returned when querying for A records for the given host.

func (*ChallSrv) DeleteDNSARecord ¶

func (s *ChallSrv) DeleteDNSARecord(host string)

DeleteDNSARecord deletes any IPv4 addresses that will be returned when querying for A records for the given host.record for the given host.

func (*ChallSrv) DeleteDNSCAARecord ¶

func (s *ChallSrv) DeleteDNSCAARecord(host string)

DeleteDNSCAARecord deletes any CAA policies that will be returned when querying CAA for the given host.

func (*ChallSrv) DeleteDNSOneChallenge ¶

func (s *ChallSrv) DeleteDNSOneChallenge(host string)

DeleteDNSOneChallenge deletes a TXT record for the given host.

func (*ChallSrv) DeleteHTTPOneChallenge ¶

func (s *ChallSrv) DeleteHTTPOneChallenge(token string)

DeleteHTTPOneChallenge deletes a given HTTP-01 challenge token.

func (*ChallSrv) DeleteHTTPRedirect ¶

func (s *ChallSrv) DeleteHTTPRedirect(path string)

DeletedHTTPRedirect deletes a redirect for the given path.

func (*ChallSrv) DeleteTLSALPNChallenge ¶

func (s *ChallSrv) DeleteTLSALPNChallenge(host string)

DeleteTLSALPNChallenge deletes the key authorization for a given host

func (*ChallSrv) GetDNSAAAARecord ¶

func (s *ChallSrv) GetDNSAAAARecord(host string) []string

GetDNSAAAARecord returns a slice of IPv6 addresses (in string form) that will be returned when querying for A records for the given host.

func (*ChallSrv) GetDNSARecord ¶

func (s *ChallSrv) GetDNSARecord(host string) []string

GetDNSARecord returns a slice of IPv4 addresses (in string form) that will be returned when querying for A records for the given host.

func (*ChallSrv) GetDNSCAARecord ¶

func (s *ChallSrv) GetDNSCAARecord(host string) []MockCAAPolicy

GetDNSCAARecord returns a slice of mock CAA policies that will be returned when querying CAA for the given host.

func (*ChallSrv) GetDNSOneChallenge ¶

func (s *ChallSrv) GetDNSOneChallenge(host string) []string

GetDNSOneChallenge returns a slice of TXT record values for the given host. If the host does not exist in the challenge response data then nil is returned.

func (*ChallSrv) GetDefaultDNSIPv4 ¶

func (s *ChallSrv) GetDefaultDNSIPv4() string

GetDefaultDNSIPv4 gets the default IPv4 address used for A query responses (in string form), or an empty string if no default is being used.

func (*ChallSrv) GetDefaultDNSIPv6 ¶

func (s *ChallSrv) GetDefaultDNSIPv6() string

GetDefaultDNSIPv6 gets the default IPv6 address used for AAAA query responses (in string form), or an empty string if no default is being used.

func (*ChallSrv) GetHTTPOneChallenge ¶

func (s *ChallSrv) GetHTTPOneChallenge(token string) (string, bool)

GetHTTPOneChallenge returns the HTTP-01 challenge content for the given token (if it exists) and a true bool. If the token does not exist then an empty string and a false bool are returned.

func (*ChallSrv) GetHTTPRedirect ¶

func (s *ChallSrv) GetHTTPRedirect(path string) (string, bool)

GetHTTPRedirect returns the redirect target for the given path (if it exists) and a true bool. If the path does not have a redirect target then an empty string and a false bool are returned.

func (*ChallSrv) GetTLSALPNChallenge ¶

func (s *ChallSrv) GetTLSALPNChallenge(host string) (string, bool)

GetTLSALPNChallenge checks the s.tlsALPNOne map for the given host. If it is present it returns the key authorization and true, if not it returns an empty string and false.

func (*ChallSrv) Run ¶

func (s *ChallSrv) Run()

Run starts each of the ChallSrv's challengeServers.

func (*ChallSrv) ServeChallengeCertFunc ¶

func (s *ChallSrv) ServeChallengeCertFunc(k *ecdsa.PrivateKey) func(*tls.ClientHelloInfo) (*tls.Certificate, error)

func (*ChallSrv) ServeHTTP ¶

func (s *ChallSrv) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP handles an HTTP request. If the request path has the ACME HTTP-01 challenge well known prefix as a prefix and the token specified is known, then the challenge response contents are returned.

func (*ChallSrv) SetDefaultDNSIPv4 ¶

func (s *ChallSrv) SetDefaultDNSIPv4(addr string)

SetDefaultDNSIPv4 sets the default IPv4 address used for A query responses that don't match hosts added with AddDNSARecord. Use "" to disable default A query responses.

func (*ChallSrv) SetDefaultDNSIPv6 ¶

func (s *ChallSrv) SetDefaultDNSIPv6(addr string)

SetDefaultDNSIPv6 sets the default IPv6 address used for AAAA query responses that don't match hosts added with AddDNSAAAARecord. Use "" to disable default AAAA query responses.

func (*ChallSrv) Shutdown ¶

func (s *ChallSrv) Shutdown()

Shutdown gracefully stops each of the ChallSrv's challengeServers.

type Config ¶

type Config struct {
	Log *log.Logger
	// HTTPOneAddrs are the HTTP-01 challenge server bind addresses/ports
	HTTPOneAddrs []string
	// HTTPSOneAddrs are the HTTPS HTTP-01 challenge server bind addresses/ports
	HTTPSOneAddrs []string
	// DNSOneAddrs are the DNS-01 challenge server bind addresses/ports
	DNSOneAddrs []string
	// TLSALPNOneAddrs are the TLS-ALPN-01 challenge server bind addresses/ports
	TLSALPNOneAddrs []string
}

Config holds challenge server configuration

type MockCAAPolicy ¶

type MockCAAPolicy struct {
	Tag   string
	Value string
}

MockCAAPolicy holds a tag and a value for a CAA record. See https://tools.ietf.org/html/rfc6844

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL