teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

Add new check: HTTPS-SNI
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
nemunaire 2022-03-08 13:15:41 +01:00
parent 4d25665835
commit 3967a4e279
3 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
checker/checker.go
View File

@ -619,6 +619,9 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
glueErr = err glueErr = err
} }
snicheck1 := false
snicheck1_tested := false
// Check DNS // Check DNS
if addr, err := check_dns(std.MyDelegatedDomain(), dnsIP); err == nil { if addr, err := check_dns(std.MyDelegatedDomain(), dnsIP); err == nil {
if addr == nil { if addr == nil {
@ -658,6 +661,8 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
if glueErr != nil { if glueErr != nil {
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr)) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr))
} else if err := check_https(std.MyDelegatedDomain(), addr.String()); err == nil { } else if err := check_https(std.MyDelegatedDomain(), addr.String()); err == nil {
snicheck1 = true
snicheck1_tested = true
if verbose { if verbose {
log.Printf("%s just unlocked HTTPS challenge\n", std.Login) log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
} }
@ -665,6 +670,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
} else { } else {
snicheck1_tested = true
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], err) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], err)
if verbose { if verbose {
log.Printf("%s and HTTPS (with DNS ip=%s): %s\n", std.Login, addr.String(), err) log.Printf("%s and HTTPS (with DNS ip=%s): %s\n", std.Login, addr.String(), err)
@ -770,6 +776,16 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonAssociatedDomain], ""); err != nil { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonAssociatedDomain], ""); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
} }
// SNI check: validate if this check + HTTPS on delegation is validated
if snicheck1 {
if verbose {
log.Printf("%s just unlocked HTTPS-SNI challenge\n", std.Login)
}
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSSNI], ""); err != nil {
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
}
}
} else { } else {
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonAssociatedDomain], err) std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonAssociatedDomain], err)
if verbose { if verbose {
@ -778,6 +794,13 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
} }
} }
if snicheck1_tested && !snicheck1 {
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSSNI], fmt.Errorf("associated and delegated domain are not accessible through HTTPS at the same time, see errors for thoses checks"))
if verbose {
log.Printf("%s and HTTPS-SNI: %s\n", std.Login, "associated and delegated domains not accessible at the same time through HTTPS")
}
}
return return
}) })
} }

8
checker/checks.go
View File

@ -9,6 +9,7 @@ const (
DNSDelegation DNSDelegation
HTTPonDelegatedDomain HTTPonDelegatedDomain
HTTPSonDelegatedDomain HTTPSonDelegatedDomain
HTTPSSNI
MatrixSrv MatrixSrv
MatrixClt MatrixClt
SNI SNI
@ -29,9 +30,10 @@ var CheckMap = map[int]map[AdlinTest]int{
DNSDelegation: 103, DNSDelegation: 103,
HTTPonDelegatedDomain: 104, HTTPonDelegatedDomain: 104,
HTTPSonDelegatedDomain: 105, HTTPSonDelegatedDomain: 105,
MatrixSrv: 106, HTTPSSNI: 106,
MatrixClt: 107, MatrixSrv: 107,
DNSSEC: 108, MatrixClt: 108,
DNSSEC: 109,
}, },
3: map[AdlinTest]int{ 3: map[AdlinTest]int{
PingResolver: 200, PingResolver: 200,

7
token-validator/htdocs/js/adlin-common.js
View File

@ -21,9 +21,10 @@ const tuto_progress = [
103: { title: "DNS Delegation", icon: "3", label: "DNS"}, 103: { title: "DNS Delegation", icon: "3", label: "DNS"},
104: { title: "HTTP on delegated domain", icon: "4", label: "HTTP on NS"}, 104: { title: "HTTP on delegated domain", icon: "4", label: "HTTP on NS"},
105: { title: "HTTPS on delegated domain", icon: "5", label: "HTTPS on NS"}, 105: { title: "HTTPS on delegated domain", icon: "5", label: "HTTPS on NS"},
106: { title: "Matrix Federation", icon: "6", label: "Matrix SRV"}, 106: { title: "HTTPS-SNI", icon: "6", label: "HTTPS-SNI"},
107: { title: "Matrix Client", icon: "7", label: "Matrix CLT"}, 107: { title: "Matrix Federation", icon: "7", label: "Matrix SRV"},
108: { title: "DNSSEC (bonus)", icon: "8", label: "DNSSEC"}, 108: { title: "Matrix Client", icon: "8", label: "Matrix CLT"},
109: { title: "DNSSEC (bonus)", icon: "9", label: "DNSSEC"},
}, },
{ {
200: { title: "PONG resolver", icon: "0", label: "PONG srv"}, 200: { title: "PONG resolver", icon: "0", label: "PONG srv"},