From 74b39535c6a907f44918f19158eb024df6fb8fa0 Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Mon, 7 Mar 2022 15:54:23 -0800 Subject: [PATCH] support embedding of the IP requesting the certificate in the challenge Signed-off-by: Erik Hollensbe --- migrations/V1__init.sql | 1 + src/acme/challenge.rs | 3 +++ src/acme/handlers/order.rs | 3 +++ src/models/order.rs | 12 ++++++++---- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/migrations/V1__init.sql b/migrations/V1__init.sql index 5084265..085a6f2 100644 --- a/migrations/V1__init.sql +++ b/migrations/V1__init.sql @@ -48,6 +48,7 @@ create table orders_challenges ( identifier varchar not null, token varchar not null, status varchar not null, + issuing_address varchar not null, validated timestamptz, created_at timestamptz default CURRENT_TIMESTAMP not null, deleted_at timestamptz diff --git a/src/acme/challenge.rs b/src/acme/challenge.rs index 561b387..1acf930 100644 --- a/src/acme/challenge.rs +++ b/src/acme/challenge.rs @@ -195,6 +195,7 @@ mod tests { reference: make_nonce(None), token: make_nonce(None), status: OrderStatus::Processing, + issuing_address: "127.0.0.1".to_string(), created_at: chrono::DateTime::::from(std::time::SystemTime::now()), deleted_at: None, validated: None, @@ -225,6 +226,7 @@ mod tests { reference: make_nonce(None), token: make_nonce(None), status: OrderStatus::Processing, + issuing_address: "127.0.0.1".to_string(), created_at: chrono::DateTime::::from(std::time::SystemTime::now()), deleted_at: None, validated: None, @@ -300,6 +302,7 @@ mod tests { reference: make_nonce(None), challenge_type: ChallengeType::DNS01, status: OrderStatus::Pending, + issuing_address: "127.0.0.1".to_string(), created_at: chrono::DateTime::::from( std::time::SystemTime::now(), ), diff --git a/src/acme/handlers/order.rs b/src/acme/handlers/order.rs index 5f5d7f8..cca863b 100644 --- a/src/acme/handlers/order.rs +++ b/src/acme/handlers/order.rs @@ -3,6 +3,7 @@ use serde::{Deserialize, Serialize}; use std::{ collections::HashSet, convert::{TryFrom, TryInto}, + net::IpAddr, }; use tokio_postgres::Transaction; use url::Url; @@ -121,12 +122,14 @@ pub(crate) async fn new_order( // for now at least, schedule one http-01 and dns-01 per name + let ip = req.extensions().get::().unwrap(); for chall in vec![ChallengeType::DNS01, ChallengeType::HTTP01] { let mut c = Challenge::new( o.order_id.clone(), authz.reference.clone(), chall, id.clone().to_string(), + ip.to_string(), OrderStatus::Pending, ); diff --git a/src/models/order.rs b/src/models/order.rs index 29a0b4f..ded7de7 100644 --- a/src/models/order.rs +++ b/src/models/order.rs @@ -369,6 +369,7 @@ pub struct Challenge { pub identifier: String, pub token: String, pub reference: String, + pub issuing_address: String, pub status: OrderStatus, pub validated: Option>, pub created_at: chrono::DateTime, @@ -382,6 +383,7 @@ impl Challenge { authorization_id: String, challenge_type: ChallengeType, identifier: String, + issuing_address: String, status: OrderStatus, ) -> Self { Self { @@ -392,6 +394,7 @@ impl Challenge { identifier, token: make_nonce(None), reference: make_nonce(None), + issuing_address, status, validated: None, created_at: chrono::DateTime::::from(std::time::SystemTime::now()), @@ -454,6 +457,7 @@ impl Challenge { authorization_id: result.get("authorization_id"), challenge_type: ct.clone(), identifier: id.to_string(), + issuing_address: result.get("issuing_address"), validated: result.get("validated"), reference: result.get("reference"), token: result.get("token"), @@ -467,8 +471,8 @@ impl Challenge { let mut client = db.client().await?; let tx = client.transaction().await?; let res = tx.query_one( - "insert into orders_challenges (order_id, authorization_id, challenge_type, identifier, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id", - &[&self.order_id.clone(), &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.identifier.clone().to_string(), &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at], + "insert into orders_challenges (order_id, authorization_id, challenge_type, issuing_address, identifier, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) returning id", + &[&self.order_id.clone(), &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.issuing_address, &self.identifier.clone().to_string(), &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at], ).await?; let id = res.get("id"); @@ -530,8 +534,8 @@ impl RecordList for Challenge { async fn append(&self, order_id: String, tx: &Transaction<'_>) -> Result, SaveError> { tx.execute( - "insert into orders_challenges (order_id, authorization_id, challenge_type, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8) returning id", - &[&order_id, &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at], + "insert into orders_challenges (order_id, authorization_id, challenge_type, issuing_address, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id", + &[&order_id, &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.issuing_address, &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at], ).await?; Ok(Self::collect(order_id, tx).await?) }