MCPcopy
hub / github.com/caddyserver/certmagic / solveHTTPChallengeBlindly

Method solveHTTPChallengeBlindly

httphandlers.go:134–158  ·  view source on GitHub ↗

solveHTTPChallengeBlindly will try to respond correctly with an http-01 challenge response. The request must be an http-01 challenge request. We cannot know for sure the ACME CA that is requesting this, so we have to guess as we load the account to use for a thumbprint as part of the response body.

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

132// part of the response body. It is a no-op if the last component of the URL path contains
133// characters outside of the base64url alphabet.
134func (am *ACMEIssuer) solveHTTPChallengeBlindly(w http.ResponseWriter, r *http.Request) error {
135 tokenStart := strings.LastIndex(r.URL.Path, "/") + 1
136 token := r.URL.Path[tokenStart:]
137 if allBase64URL(token) {
138 acct, err := am.getAccountToUse(r.Context(), am.CA) // assume production CA, I guess
139 if err != nil {
140 return fmt.Errorf("getting an account to use: %v", err)
141 }
142 thumbprint, err := acct.Thumbprint()
143 if err != nil {
144 return fmt.Errorf("could not encode account thumbprint: %v", err)
145 }
146 w.Header().Add("Content-Type", "text/plain")
147 _, _ = w.Write([]byte(token + "." + thumbprint))
148 r.Close = true
149 am.Logger.Info("served key authentication",
150 zap.String("identifier", hostOnly(r.Host)),
151 zap.String("challenge", "http-01"),
152 zap.String("remote", r.RemoteAddr),
153 zap.Bool("distributed", false),
154 zap.Bool("blind", true),
155 zap.String("ca", am.CA))
156 }
157 return nil
158}
159
160// allBase64URL returns true if all characters of s are in the base64url alphabet.
161func allBase64URL(s string) bool {

Callers 1

Calls 5

getAccountToUseMethod · 0.95
allBase64URLFunction · 0.85
hostOnlyFunction · 0.85
WriteMethod · 0.80
StringMethod · 0.80

Tested by

no test coverage detected