diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2021-10-31 02:16:17 +0000 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2021-10-31 02:16:17 +0000 |
| commit | aebf92224f1977cfac6fae779d5c288e16afcebd (patch) | |
| tree | d46a618c03e63ccefa6938409bf584177b78e1b4 /sys/src/cmd/auth | |
| parent | 3f2a206151367ccf516f931aa2413d72e1c9951f (diff) | |
acmed: pass original utf8 subject domain to challengefn, simplify
try to keep everything in utf8 format.
Diffstat (limited to 'sys/src/cmd/auth')
| -rw-r--r-- | sys/src/cmd/auth/acmed.c | 49 |
1 files changed, 24 insertions, 25 deletions
diff --git a/sys/src/cmd/auth/acmed.c b/sys/src/cmd/auth/acmed.c index a292ed444..5b465b092 100644 --- a/sys/src/cmd/auth/acmed.c +++ b/sys/src/cmd/auth/acmed.c @@ -405,6 +405,15 @@ mkaccount(char *addr) keyid = loc.val; } +static char* +idn(char *dom) +{ + static char buf[256]; + if(utf2idn(dom, buf, sizeof(buf)) >= 0) + return buf; + return dom; +} + static JSON* submitorder(char **dom, int ndom, Hdr *hdr) { @@ -422,7 +431,7 @@ submitorder(char **dom, int ndom, Hdr *hdr) " \"type\": \"dns\"," " \"value\": \"%E\"" "}", - sep, dom[i]); + sep, idn(dom[i])); sep = ","; } req = seprint(req, rbuf+sizeof(rbuf), @@ -555,6 +564,16 @@ challenge(JSON *j, char *authurl, JSON *id, char *dom[], int ndom, int *matched) char *resp; int i, nresp; + if((ty = jsonbyname(j, "type")) == nil) + return -1; + if((url = jsonbyname(j, "url")) == nil) + return -1; + if((tok = jsonbyname(j, "token")) == nil) + return -1; + + if(ty->t != JSONString || url->t != JSONString || tok->t != JSONString) + return -1; + if((dn = jsonbyname(id, "value")) == nil) return -1; if(dn->t != JSONString) @@ -562,7 +581,7 @@ challenge(JSON *j, char *authurl, JSON *id, char *dom[], int ndom, int *matched) /* make sure the identifier matches the csr */ for(i = 0; i < ndom; i++){ - if(cistrcmp(dom[i], dn->s) == 0) + if(cistrcmp(idn(dom[i]), dn->s) == 0) break; } if(i >= ndom){ @@ -570,18 +589,8 @@ challenge(JSON *j, char *authurl, JSON *id, char *dom[], int ndom, int *matched) return -1; } - if((ty = jsonbyname(j, "type")) == nil) - return -1; - if((url = jsonbyname(j, "url")) == nil) - return -1; - if((tok = jsonbyname(j, "token")) == nil) - return -1; - - if(ty->t != JSONString || url->t != JSONString || tok->t != JSONString) - return -1; - - dprint("trying challenge %s\n", ty->s); - if(challengefn(ty->s, dn->s, tok->s, matched) == -1){ + dprint("trying challenge %s for %s (%s)\n", ty->s, dom[i], dn->s); + if(challengefn(ty->s, dom[i], tok->s, matched) == -1){ dprint("challengefn failed: %r\n"); return -1; } @@ -743,7 +752,7 @@ getcert(char *csrpath) { char *csr, *dom[64], subj[2048]; uchar *der; - int nder, i, ndom, fd; + int nder, ndom, fd; RSApub *rsa; Hdr loc = { "location" }; JSON *o; @@ -765,14 +774,6 @@ getcert(char *csrpath) if((ndom = getfields(subj, dom, nelem(dom), 1, ", ")) == nelem(dom)) sysfatal("too man domains"); - for(i = 0; i < ndom; i++){ - char buf[256], *s = dom[i]; - if(utf2idn(s, buf, sizeof(buf)) >= 0) - s = buf; - dprint("dom[%d]: %s\n", i, s); - dom[i] = strdup(s); - } - if((o = submitorder(dom, ndom, &loc)) == nil) sysfatal("order: %r"); if(dochallenges(dom, ndom, o) == -1) @@ -783,8 +784,6 @@ getcert(char *csrpath) if(fetchcert(loc.val) == -1) sysfatal("saving cert: %r"); - for(i = 0; i < ndom; i++) - free(dom[i]); free(csr); } |