Ejemplo n.º 1
0
// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa *AuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier) ([]core.Challenge, [][]int) {
	challenges := []core.Challenge{}

	if pa.enabledChallenges[core.ChallengeTypeHTTP01] {
		challenges = append(challenges, core.HTTPChallenge01())
	}

	if pa.enabledChallenges[core.ChallengeTypeTLSSNI01] {
		challenges = append(challenges, core.TLSSNIChallenge01())
	}

	if pa.enabledChallenges[core.ChallengeTypeDNS01] {
		challenges = append(challenges, core.DNSChallenge01())
	}

	// We shuffle the challenges and combinations to prevent ACME clients from
	// relying on the specific order that boulder returns them in.
	shuffled := make([]core.Challenge, len(challenges))
	combinations := make([][]int, len(challenges))

	for i, challIdx := range pa.pseudoRNG.Perm(len(challenges)) {
		shuffled[i] = challenges[challIdx]
		combinations[i] = []int{i}
	}

	shuffledCombos := make([][]int, len(combinations))
	for i, comboIdx := range pa.pseudoRNG.Perm(len(combinations)) {
		shuffledCombos[i] = combinations[comboIdx]
	}

	return shuffled, shuffledCombos
}
Ejemplo n.º 2
0
// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier, accountKey *jose.JsonWebKey) (challenges []core.Challenge, combinations [][]int, err error) {
	challenges = []core.Challenge{}
	combinations = [][]int{}

	// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
	if pa.enabledChallenges[core.ChallengeTypeSimpleHTTP] {
		challenges = append(challenges, core.SimpleHTTPChallenge(accountKey))
	}

	// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
	if pa.enabledChallenges[core.ChallengeTypeDVSNI] {
		challenges = append(challenges, core.DvsniChallenge(accountKey))
	}

	if pa.enabledChallenges[core.ChallengeTypeHTTP01] {
		challenges = append(challenges, core.HTTPChallenge01(accountKey))
	}

	if pa.enabledChallenges[core.ChallengeTypeTLSSNI01] {
		challenges = append(challenges, core.TLSSNIChallenge01(accountKey))
	}

	if pa.enabledChallenges[core.ChallengeTypeDNS01] {
		challenges = append(challenges, core.DNSChallenge01(accountKey))
	}

	combinations = make([][]int, len(challenges))
	for i := range combinations {
		combinations[i] = []int{i}
	}
	return
}
Ejemplo n.º 3
0
// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier, accountKey *jose.JsonWebKey) (challenges []core.Challenge, combinations [][]int, err error) {
	// TODO(https://github.com/letsencrypt/boulder/issues/894): Update these lines
	challenges = []core.Challenge{
		core.SimpleHTTPChallenge(accountKey),
		core.DvsniChallenge(accountKey),
		core.HTTPChallenge01(accountKey),
		core.TLSSNIChallenge01(accountKey),
	}
	combinations = [][]int{[]int{0}, []int{1}, []int{2}, []int{3}}
	return
}
Ejemplo n.º 4
0
// ChallengesFor makes a decision of what challenges, and combinations, are
// acceptable for the given identifier.
//
// Note: Current implementation is static, but future versions may not be.
func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier, accountKey *jose.JsonWebKey) ([]core.Challenge, [][]int, error) {
	challenges := []core.Challenge{}

	// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
	if pa.enabledChallenges[core.ChallengeTypeSimpleHTTP] {
		challenges = append(challenges, core.SimpleHTTPChallenge(accountKey))
	}

	// TODO(https://github.com/letsencrypt/boulder/issues/894): Remove this block
	if pa.enabledChallenges[core.ChallengeTypeDVSNI] {
		challenges = append(challenges, core.DvsniChallenge(accountKey))
	}

	if pa.enabledChallenges[core.ChallengeTypeHTTP01] {
		challenges = append(challenges, core.HTTPChallenge01(accountKey))
	}

	if pa.enabledChallenges[core.ChallengeTypeTLSSNI01] {
		challenges = append(challenges, core.TLSSNIChallenge01(accountKey))
	}

	if pa.enabledChallenges[core.ChallengeTypeDNS01] {
		challenges = append(challenges, core.DNSChallenge01(accountKey))
	}

	// We shuffle the challenges and combinations to prevent ACME clients from
	// relying on the specific order that boulder returns them in.
	shuffled := make([]core.Challenge, len(challenges))
	combinations := make([][]int, len(challenges))

	for i, challIdx := range pa.pseudoRNG.Perm(len(challenges)) {
		shuffled[i] = challenges[challIdx]
		combinations[i] = []int{i}
	}

	shuffledCombos := make([][]int, len(combinations))
	for i, comboIdx := range pa.pseudoRNG.Perm(len(combinations)) {
		shuffledCombos[i] = combinations[comboIdx]
	}

	return shuffled, shuffledCombos, nil
}