// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa *AuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier) ([]core.Challenge, [][]int) {
challenges := []core.Challenge{}
if pa.enabledChallenges[core.ChallengeTypeHTTP01] {
challenges = append(challenges, core.HTTPChallenge01())
}
if pa.enabledChallenges[core.ChallengeTypeTLSSNI01] {
challenges = append(challenges, core.TLSSNIChallenge01())
}
if pa.enabledChallenges[core.ChallengeTypeDNS01] {
challenges = append(challenges, core.DNSChallenge01())
}
// We shuffle the challenges and combinations to prevent ACME clients from
// relying on the specific order that boulder returns them in.
shuffled := make([]core.Challenge, len(challenges))
combinations := make([][]int, len(challenges))
for i, challIdx := range pa.pseudoRNG.Perm(len(challenges)) {
shuffled[i] = challenges[challIdx]
combinations[i] = []int{i}
}
shuffledCombos := make([][]int, len(combinations))
for i, comboIdx := range pa.pseudoRNG.Perm(len(combinations)) {
shuffledCombos[i] = combinations[comboIdx]
}
return shuffled, shuffledCombos
}
// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier, accountKey *jose.JsonWebKey) (challenges []core.Challenge, combinations [][]int, err error) {
challenges = []core.Challenge{}
combinations = [][]int{}
// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
if pa.enabledChallenges[core.ChallengeTypeSimpleHTTP] {
challenges = append(challenges, core.SimpleHTTPChallenge(accountKey))
}
// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
if pa.enabledChallenges[core.ChallengeTypeDVSNI] {
challenges = append(challenges, core.DvsniChallenge(accountKey))
}
if pa.enabledChallenges[core.ChallengeTypeHTTP01] {
challenges = append(challenges, core.HTTPChallenge01(accountKey))
}
if pa.enabledChallenges[core.ChallengeTypeTLSSNI01] {
challenges = append(challenges, core.TLSSNIChallenge01(accountKey))
}
if pa.enabledChallenges[core.ChallengeTypeDNS01] {
challenges = append(challenges, core.DNSChallenge01(accountKey))
}
combinations = make([][]int, len(challenges))
for i := range combinations {
combinations[i] = []int{i}
}
return
}
// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier, accountKey *jose.JsonWebKey) (challenges []core.Challenge, combinations [][]int, err error) {
// TODO(https://github.com/letsencrypt/boulder/issues/894): Update these lines
challenges = []core.Challenge{
core.SimpleHTTPChallenge(accountKey),
core.DvsniChallenge(accountKey),
core.HTTPChallenge01(accountKey),
core.TLSSNIChallenge01(accountKey),
}
combinations = [][]int{[]int{0}, []int{1}, []int{2}, []int{3}}
return
}
// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier, accountKey *jose.JsonWebKey) ([]core.Challenge, [][]int, error) {
challenges := []core.Challenge{}
// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
if pa.enabledChallenges[core.ChallengeTypeSimpleHTTP] {
challenges = append(challenges, core.SimpleHTTPChallenge(accountKey))
}
// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
if pa.enabledChallenges[core.ChallengeTypeDVSNI] {
challenges = append(challenges, core.DvsniChallenge(accountKey))
}
if pa.enabledChallenges[core.ChallengeTypeHTTP01] {
challenges = append(challenges, core.HTTPChallenge01(accountKey))
}
if pa.enabledChallenges[core.ChallengeTypeTLSSNI01] {
challenges = append(challenges, core.TLSSNIChallenge01(accountKey))
}
if pa.enabledChallenges[core.ChallengeTypeDNS01] {
challenges = append(challenges, core.DNSChallenge01(accountKey))
}
// We shuffle the challenges and combinations to prevent ACME clients from
// relying on the specific order that boulder returns them in.
shuffled := make([]core.Challenge, len(challenges))
combinations := make([][]int, len(challenges))
for i, challIdx := range pa.pseudoRNG.Perm(len(challenges)) {
shuffled[i] = challenges[challIdx]
combinations[i] = []int{i}
}
shuffledCombos := make([][]int, len(combinations))
for i, comboIdx := range pa.pseudoRNG.Perm(len(combinations)) {
shuffledCombos[i] = combinations[comboIdx]
}
return shuffled, shuffledCombos, nil
}