Skip to content

Commit bebe2f4

Browse files
lidelaschmahmann
lidel
and
aschmahmann
authored
fix/refactor(server/client): go-libp2p v0.38.1, clean-up dns01 request code (ipshipyard#23)
* refactor(client): cleanup dns01 request code removed duplicated/unused code, added logs * chore: go-libp2p v0.38.1 httpauth fix; https://github.com/libp2p/go-libp2p/releases/tag/v0.38.1 * fix(test): switch test to use client.SendChallenge --------- Co-authored-by: Adin Schmahmann <adin.schmahmann@gmail.com>
1 parent 26f81c4 commit bebe2f4

File tree

5 files changed

+122
-127
lines changed

5 files changed

+122
-127
lines changed

client/acme.go

+20-33
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,13 @@ import (
66
"crypto/x509"
77
"errors"
88
"fmt"
9-
"io"
109
"net/http"
1110
"strings"
1211
"sync"
1312
"time"
1413

1514
"github.com/libp2p/go-libp2p/core/network"
1615

17-
httppeeridauth "github.com/libp2p/go-libp2p/p2p/http/auth"
1816
"go.uber.org/zap"
1917

2018
"github.com/caddyserver/certmagic"
@@ -280,12 +278,13 @@ func NewP2PForgeCertMgr(opts ...P2PForgeCertMgrOptions) (*P2PForgeCertMgr, error
280278
Email: mgrCfg.userEmail,
281279
Agreed: true,
282280
DNS01Solver: &dns01P2PForgeSolver{
283-
forge: mgrCfg.forgeRegistrationEndpoint,
281+
forgeRegistrationEndpoint: mgrCfg.forgeRegistrationEndpoint,
284282
forgeAuth: mgrCfg.forgeAuth,
285283
hostFn: hostFn,
286284
modifyForgeRequest: mgrCfg.modifyForgeRequest,
287285
userAgent: mgrCfg.userAgent,
288286
allowPrivateForgeAddresses: mgrCfg.allowPrivateForgeAddresses,
287+
log: mgrCfg.log.Named("dns01solver"),
289288
},
290289
TrustedRoots: mgrCfg.trustedRoots,
291290
Logger: certCfg.Logger,
@@ -468,21 +467,25 @@ func (m *P2PForgeCertMgr) createAddrsFactory(allowPrivateForgeAddrs bool) config
468467
}
469468

470469
type dns01P2PForgeSolver struct {
471-
forge string
470+
forgeRegistrationEndpoint string
472471
forgeAuth string
473472
hostFn func() host.Host
474473
modifyForgeRequest func(r *http.Request) error
475474
userAgent string
476475
allowPrivateForgeAddresses bool
476+
log *zap.SugaredLogger
477477
}
478478

479479
func (d *dns01P2PForgeSolver) Wait(ctx context.Context, challenge acme.Challenge) error {
480+
d.log.Debugw("waiting for DNS-01 TXT record to be set")
480481
// TODO: query the authoritative DNS
481482
time.Sleep(time.Second * 5)
482483
return nil
483484
}
484485

485486
func (d *dns01P2PForgeSolver) Present(ctx context.Context, challenge acme.Challenge) error {
487+
d.log.Debugw("getting DNS-01 challenge value from CA", "acme_challenge", challenge)
488+
dns01value := challenge.DNS01KeyAuthorization()
486489
h := d.hostFn()
487490
addrs := h.Addrs()
488491

@@ -503,38 +506,22 @@ func (d *dns01P2PForgeSolver) Present(ctx context.Context, challenge acme.Challe
503506
} else {
504507
advertisedAddrs = addrs
505508
}
506-
507-
req, err := ChallengeRequest(ctx, d.forge, challenge.DNS01KeyAuthorization(), advertisedAddrs)
509+
d.log.Debugw("advertised libp2p addrs for p2p-forge broker to try", "addrs", advertisedAddrs)
510+
511+
d.log.Debugw("asking p2p-forge broker to set DNS-01 TXT record", "url", d.forgeRegistrationEndpoint, "dns01_value", dns01value)
512+
err := SendChallenge(ctx,
513+
d.forgeRegistrationEndpoint,
514+
h.Peerstore().PrivKey(h.ID()),
515+
dns01value,
516+
advertisedAddrs,
517+
d.forgeAuth,
518+
d.userAgent,
519+
d.modifyForgeRequest,
520+
)
508521
if err != nil {
509-
return err
510-
}
511-
512-
// Add forge auth header if set
513-
if d.forgeAuth != "" {
514-
req.Header.Set(ForgeAuthHeader, d.forgeAuth)
515-
}
516-
517-
// Always include User-Agent header
518-
if d.userAgent == "" {
519-
d.userAgent = defaultUserAgent
522+
return fmt.Errorf("p2p-forge broker registration error: %w", err)
520523
}
521-
req.Header.Set("User-Agent", d.userAgent)
522524

523-
if d.modifyForgeRequest != nil {
524-
if err := d.modifyForgeRequest(req); err != nil {
525-
return err
526-
}
527-
}
528-
529-
client := &httppeeridauth.ClientPeerIDAuth{PrivKey: h.Peerstore().PrivKey(h.ID())}
530-
_, resp, err := client.AuthenticatedDo(http.DefaultClient, req)
531-
if err != nil {
532-
return err
533-
}
534-
if resp.StatusCode != http.StatusOK {
535-
respBody, _ := io.ReadAll(resp.Body)
536-
return fmt.Errorf("%s : %s", resp.Status, respBody)
537-
}
538525
return nil
539526
}
540527

client/challenge.go

+26-9
Original file line numberDiff line numberDiff line change
@@ -14,33 +14,50 @@ import (
1414
"github.com/multiformats/go-multiaddr"
1515
)
1616

17-
// SendChallenge submits a challenge to the DNS server for the given peerID.
17+
// SendChallenge submits value for DNS-01 challenge to the p2p-forge HTTP server for the given peerID.
1818
// It requires the corresponding private key and a list of multiaddresses that the peerID is listening on using
1919
// publicly reachable IP addresses.
20-
func SendChallenge(ctx context.Context, baseURL string, privKey crypto.PrivKey, challenge string, addrs []multiaddr.Multiaddr) error {
21-
req, err := ChallengeRequest(ctx, baseURL, challenge, addrs)
20+
func SendChallenge(ctx context.Context, baseURL string, privKey crypto.PrivKey, challenge string, addrs []multiaddr.Multiaddr, forgeAuth string, userAgent string, modifyForgeRequest func(r *http.Request) error) error {
21+
// Create request
22+
registrationURL := fmt.Sprintf("%s/v1/_acme-challenge", baseURL)
23+
req, err := ChallengeRequest(ctx, registrationURL, challenge, addrs)
2224
if err != nil {
2325
return err
2426
}
2527

28+
// Adjust headers if needed
29+
if forgeAuth != "" {
30+
req.Header.Set(ForgeAuthHeader, forgeAuth)
31+
}
32+
if userAgent == "" {
33+
userAgent = defaultUserAgent
34+
}
35+
req.Header.Set("User-Agent", userAgent)
36+
if modifyForgeRequest != nil {
37+
if err := modifyForgeRequest(req); err != nil {
38+
return err
39+
}
40+
}
41+
42+
// Execute request wrapped in ClientPeerIDAuth
2643
client := &httppeeridauth.ClientPeerIDAuth{PrivKey: privKey}
2744
_, resp, err := client.AuthenticatedDo(http.DefaultClient, req)
2845
if err != nil {
29-
return err
46+
return fmt.Errorf("libp2p HTTP ClientPeerIDAuth error at %s: %w", registrationURL, err)
3047
}
3148
if resp.StatusCode != http.StatusOK {
3249
respBody, _ := io.ReadAll(resp.Body)
33-
return fmt.Errorf("%s : %s", resp.Status, respBody)
50+
return fmt.Errorf("%s error from %s: %q", resp.Status, registrationURL, respBody)
3451
}
3552
return nil
3653
}
3754

38-
// ChallengeRequest creates an HTTP Request object for submitting an ACME challenge to the DNS server for a given peerID.
55+
// ChallengeRequest creates an HTTP Request object for submitting an ACME challenge to the p2p-forge HTTP server for a given peerID.
3956
// Construction of the request requires a list of multiaddresses that the peerID is listening on using
4057
// publicly reachable IP addresses.
4158
//
4259
// Sending the request to the DNS server requires performing HTTP PeerID Authentication for the corresponding peerID
43-
func ChallengeRequest(ctx context.Context, baseURL string, challenge string, addrs []multiaddr.Multiaddr) (*http.Request, error) {
60+
func ChallengeRequest(ctx context.Context, registrationURL string, challenge string, addrs []multiaddr.Multiaddr) (*http.Request, error) {
4461
maStrs := make([]string, len(addrs))
4562
for i, addr := range addrs {
4663
maStrs[i] = addr.String()
@@ -57,9 +74,9 @@ func ChallengeRequest(ctx context.Context, baseURL string, challenge string, add
5774
return nil, err
5875
}
5976

60-
req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/v1/_acme-challenge", baseURL), bytes.NewReader(body))
77+
req, err := http.NewRequestWithContext(ctx, "POST", registrationURL, bytes.NewReader(body))
6178
if err != nil {
62-
return nil, err
79+
return nil, fmt.Errorf("failed while creating a request to %s: %w", registrationURL, err)
6380
}
6481

6582
return req, nil

e2e_test.go

+4-15
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ import (
1313
"encoding/pem"
1414
"errors"
1515
"fmt"
16-
"io"
1716
"log"
1817
"math/big"
1918
"net"
@@ -29,7 +28,6 @@ import (
2928
"github.com/libp2p/go-libp2p"
3029
"github.com/libp2p/go-libp2p/core/crypto"
3130
"github.com/libp2p/go-libp2p/core/peer"
32-
httppeeridauth "github.com/libp2p/go-libp2p/p2p/http/auth"
3331
"github.com/libp2p/go-libp2p/p2p/net/swarm"
3432
libp2pquic "github.com/libp2p/go-libp2p/p2p/transport/quic"
3533
"github.com/libp2p/go-libp2p/p2p/transport/tcp"
@@ -237,22 +235,13 @@ func TestSetACMEChallenge(t *testing.T) {
237235
testDigest := sha256.Sum256([]byte("test"))
238236
testChallenge := base64.RawURLEncoding.EncodeToString(testDigest[:])
239237

240-
req, err := client.ChallengeRequest(ctx, fmt.Sprintf("http://127.0.0.1:%d", httpPort), testChallenge, h.Addrs())
238+
err = client.SendChallenge(ctx, fmt.Sprintf("http://127.0.0.1:%d", httpPort), sk, testChallenge, h.Addrs(), authToken, "", func(req *http.Request) error {
239+
req.Host = forgeRegistration
240+
return nil
241+
})
241242
if err != nil {
242243
t.Fatal(err)
243244
}
244-
req.Host = forgeRegistration
245-
req.Header.Set(authForgeHeader, authToken)
246-
247-
peerHTTPClient := &httppeeridauth.ClientPeerIDAuth{PrivKey: sk}
248-
_, resp, err := peerHTTPClient.AuthenticatedDo(http.DefaultClient, req)
249-
if err != nil {
250-
t.Fatal(err)
251-
}
252-
if resp.StatusCode != http.StatusOK {
253-
respBody, _ := io.ReadAll(resp.Body)
254-
t.Fatal(fmt.Errorf("%s : %s", resp.Status, respBody))
255-
}
256245

257246
peerIDb36, err := peer.ToCid(h.ID()).StringOfBase(multibase.Base36)
258247
if err != nil {

go.mod

+24-23
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,10 @@ require (
1414
github.com/ipfs/go-log/v2 v2.5.1
1515
github.com/joho/godotenv v1.5.1
1616
github.com/letsencrypt/pebble/v2 v2.6.0
17-
github.com/libp2p/go-libp2p v0.37.2
17+
github.com/libp2p/go-libp2p v0.38.1
1818
github.com/mholt/acmez/v2 v2.0.3
1919
github.com/miekg/dns v1.1.62
20-
github.com/multiformats/go-multiaddr v0.13.0
20+
github.com/multiformats/go-multiaddr v0.14.0
2121
github.com/multiformats/go-multiaddr-dns v0.4.1
2222
github.com/multiformats/go-multibase v0.2.0
2323
github.com/prometheus/client_golang v1.20.5
@@ -54,7 +54,7 @@ require (
5454
github.com/golang/snappy v0.0.4 // indirect
5555
github.com/google/flatbuffers v1.12.1 // indirect
5656
github.com/google/gopacket v1.1.19 // indirect
57-
github.com/google/pprof v0.0.0-20241017200806-017d972448fc // indirect
57+
github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
5858
github.com/google/uuid v1.6.0 // indirect
5959
github.com/gorilla/websocket v1.5.3 // indirect
6060
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
@@ -65,7 +65,7 @@ require (
6565
github.com/jbenet/goprocess v0.1.4 // indirect
6666
github.com/jmespath/go-jmespath v0.4.0 // indirect
6767
github.com/klauspost/compress v1.17.11 // indirect
68-
github.com/klauspost/cpuid/v2 v2.2.8 // indirect
68+
github.com/klauspost/cpuid/v2 v2.2.9 // indirect
6969
github.com/koron/go-ssdp v0.0.4 // indirect
7070
github.com/letsencrypt/challtestsrv v1.3.2 // indirect
7171
github.com/libdns/libdns v0.2.2 // indirect
@@ -74,7 +74,7 @@ require (
7474
github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect
7575
github.com/libp2p/go-msgio v0.3.0 // indirect
7676
github.com/libp2p/go-nat v0.2.0 // indirect
77-
github.com/libp2p/go-netroute v0.2.1 // indirect
77+
github.com/libp2p/go-netroute v0.2.2 // indirect
7878
github.com/libp2p/go-reuseport v0.4.0 // indirect
7979
github.com/libp2p/go-yamux/v4 v4.0.1 // indirect
8080
github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
@@ -92,55 +92,56 @@ require (
9292
github.com/multiformats/go-multistream v0.6.0 // indirect
9393
github.com/multiformats/go-varint v0.0.7 // indirect
9494
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
95-
github.com/onsi/ginkgo/v2 v2.20.2 // indirect
95+
github.com/onsi/ginkgo/v2 v2.22.0 // indirect
9696
github.com/opencontainers/runtime-spec v1.2.0 // indirect
9797
github.com/opentracing/opentracing-go v1.2.0 // indirect
9898
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
99-
github.com/pion/datachannel v1.5.9 // indirect
99+
github.com/pion/datachannel v1.5.10 // indirect
100100
github.com/pion/dtls/v2 v2.2.12 // indirect
101-
github.com/pion/ice/v2 v2.3.36 // indirect
101+
github.com/pion/ice/v2 v2.3.37 // indirect
102102
github.com/pion/interceptor v0.1.37 // indirect
103103
github.com/pion/logging v0.2.2 // indirect
104104
github.com/pion/mdns v0.0.12 // indirect
105105
github.com/pion/randutil v0.1.0 // indirect
106-
github.com/pion/rtcp v1.2.14 // indirect
107-
github.com/pion/rtp v1.8.9 // indirect
108-
github.com/pion/sctp v1.8.33 // indirect
106+
github.com/pion/rtcp v1.2.15 // indirect
107+
github.com/pion/rtp v1.8.10 // indirect
108+
github.com/pion/sctp v1.8.35 // indirect
109109
github.com/pion/sdp/v3 v3.0.9 // indirect
110110
github.com/pion/srtp/v2 v2.0.20 // indirect
111111
github.com/pion/stun v0.6.1 // indirect
112112
github.com/pion/transport/v2 v2.2.10 // indirect
113+
github.com/pion/transport/v3 v3.0.7 // indirect
113114
github.com/pion/turn/v2 v2.1.6 // indirect
114-
github.com/pion/webrtc/v3 v3.3.4 // indirect
115+
github.com/pion/webrtc/v3 v3.3.5 // indirect
115116
github.com/pkg/errors v0.9.1 // indirect
116117
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
117118
github.com/prometheus/client_model v0.6.1 // indirect
118-
github.com/prometheus/common v0.60.0 // indirect
119+
github.com/prometheus/common v0.61.0 // indirect
119120
github.com/prometheus/procfs v0.15.1 // indirect
120121
github.com/quic-go/qpack v0.5.1 // indirect
121122
github.com/quic-go/quic-go v0.48.2 // indirect
122123
github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66 // indirect
123124
github.com/raulk/go-watchdog v1.3.0 // indirect
124125
github.com/spaolacci/murmur3 v1.1.0 // indirect
125-
github.com/stretchr/testify v1.9.0 // indirect
126+
github.com/stretchr/testify v1.10.0 // indirect
126127
github.com/wlynxg/anet v0.0.5 // indirect
127128
github.com/zeebo/blake3 v0.2.4 // indirect
128129
go.opencensus.io v0.24.0 // indirect
129130
go.uber.org/dig v1.18.0 // indirect
130131
go.uber.org/fx v1.23.0 // indirect
131132
go.uber.org/mock v0.5.0 // indirect
132133
go.uber.org/multierr v1.11.0 // indirect
133-
golang.org/x/crypto v0.28.0 // indirect
134-
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
135-
golang.org/x/mod v0.21.0 // indirect
136-
golang.org/x/net v0.30.0 // indirect
137-
golang.org/x/sync v0.8.0 // indirect
138-
golang.org/x/sys v0.26.0 // indirect
139-
golang.org/x/text v0.19.0 // indirect
140-
golang.org/x/tools v0.26.0 // indirect
134+
golang.org/x/crypto v0.31.0 // indirect
135+
golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect
136+
golang.org/x/mod v0.22.0 // indirect
137+
golang.org/x/net v0.32.0 // indirect
138+
golang.org/x/sync v0.10.0 // indirect
139+
golang.org/x/sys v0.28.0 // indirect
140+
golang.org/x/text v0.21.0 // indirect
141+
golang.org/x/tools v0.28.0 // indirect
141142
google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
142143
google.golang.org/grpc v1.63.2 // indirect
143-
google.golang.org/protobuf v1.35.1 // indirect
144+
google.golang.org/protobuf v1.36.0 // indirect
144145
gopkg.in/yaml.v3 v3.0.1 // indirect
145146
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
146147
lukechampine.com/blake3 v1.3.0 // indirect

0 commit comments

Comments
 (0)