Skip to content
Snippets Groups Projects
Select Git revision
  • lintian-fixes
  • renovate/github.com-miekg-dns-1.x
  • renovate/golang.org-x-crypto-digest
  • master default protected
4 results
Blame Permalink
Forked from ai3 / tools / acmeserver
106 commits behind the upstream repository.
  • ale's avatar
    69d65dfa
    Refactor of the code · 69d65dfa
    ale authored 
    Add dns-01 support, make the code more readable, add a testing
mode that will generate self-signed certificates (for test
environments that are not reachable from outside).
    69d65dfa
    History
    Refactor of the code
    ale authored 
    Add dns-01 support, make the code more readable, add a testing
mode that will generate self-signed certificates (for test
environments that are not reachable from outside).
http_challenge.go 1.17 KiB 
package acmeserver

import (
	"context"
	"net/http"
	"sync"

	"golang.org/x/crypto/acme"
)

// httpValidator can validate http-01 challenges. It serves
// validation tokens under the /.well-known/acme-challenge path when
// used as an HTTP handler.
type httpValidator struct {
	mx     sync.Mutex
	tokens map[string][]byte
}

func newHTTPValidator() *httpValidator {
	return &httpValidator{
		tokens: make(map[string][]byte),
	}
}

func (h *httpValidator) Fulfill(_ context.Context, client *acme.Client, _ string, chal *acme.Challenge) (func(), error) {
	resp, err := client.HTTP01ChallengeResponse(chal.Token)
	if err != nil {
		return nil, err
	}
	path := client.HTTP01ChallengePath(chal.Token)

	h.mx.Lock()
	h.tokens[path] = []byte(resp)
	h.mx.Unlock()

	return func() {
		go func() {
			h.mx.Lock()
			delete(h.tokens, path)
			h.mx.Unlock()
		}()
	}, nil
}

func (h *httpValidator) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	// No defer because it's not polite to Write() while holding the lock.
	h.mx.Lock()
	data, ok := h.tokens[r.URL.Path]
	h.mx.Unlock()

	if !ok {
		http.NotFound(w, r)
		return
	}

	// Not interested in errors writing the response.
	w.Write(data) // nolint
}