From 4d25665835dcbeebace80628fb9579df1d1ddd0e Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Tue, 8 Mar 2022 13:04:22 +0100 Subject: [PATCH 1/2] Add new available domains --- libadlin/domain.go | 4 ++-- token-validator/htdocs/js/adlin-common.js | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/libadlin/domain.go b/libadlin/domain.go index 3ef086b..3941c72 100644 --- a/libadlin/domain.go +++ b/libadlin/domain.go @@ -6,8 +6,8 @@ import ( ) var ( - AssociatedDomainSuffixes = []string{"adlin2023.p0m.fr."} - DelegatedDomainSuffixes = []string{"srs.p0m.fr."} + AssociatedDomainSuffixes = []string{"adlin2023.driivve.com.", "adlin2023.driivve.co.", "adlin2023.driivee.cloud.", "adlin2023.p0m.fr."} + DelegatedDomainSuffixes = []string{"srs.driivve.com.", "srs.driivve.co.", "srs.driivee.cloud.", "srs.p0m.fr."} ) func (student *Student) MyDelegatedDomainSuffix() string { diff --git a/token-validator/htdocs/js/adlin-common.js b/token-validator/htdocs/js/adlin-common.js index bc9f1c0..f739d4b 100644 --- a/token-validator/htdocs/js/adlin-common.js +++ b/token-validator/htdocs/js/adlin-common.js @@ -1,4 +1,6 @@ -var tuto_progress = [ +const dn_without_dnssec = ["driivve.com.", "driivee.cloud."]; + +const tuto_progress = [ { 1: { title: "Is alive?", icon: "👋", label: "Token 1"}, 2: { title: "DMZ reached", icon: "📚", label: "Token 2"}, From 3967a4e2799b32b3d042daf4c151140afe698857 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Tue, 8 Mar 2022 13:15:41 +0100 Subject: [PATCH 2/2] Add new check: HTTPS-SNI --- checker/checker.go | 23 +++++++++++++++++++++++ checker/checks.go | 8 +++++--- token-validator/htdocs/js/adlin-common.js | 7 ++++--- 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/checker/checker.go b/checker/checker.go index b45aaf5..4cae4aa 100644 --- a/checker/checker.go +++ b/checker/checker.go @@ -619,6 +619,9 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) { glueErr = err } + snicheck1 := false + snicheck1_tested := false + // Check DNS if addr, err := check_dns(std.MyDelegatedDomain(), dnsIP); err == nil { if addr == nil { @@ -658,6 +661,8 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) { if glueErr != nil { std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr)) } else if err := check_https(std.MyDelegatedDomain(), addr.String()); err == nil { + snicheck1 = true + snicheck1_tested = true if verbose { log.Printf("%s just unlocked HTTPS challenge\n", std.Login) } @@ -665,6 +670,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) { log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) } } else { + snicheck1_tested = true std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], err) if verbose { log.Printf("%s and HTTPS (with DNS ip=%s): %s\n", std.Login, addr.String(), err) @@ -770,6 +776,16 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) { if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonAssociatedDomain], ""); err != nil { log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) } + + // SNI check: validate if this check + HTTPS on delegation is validated + if snicheck1 { + if verbose { + log.Printf("%s just unlocked HTTPS-SNI challenge\n", std.Login) + } + if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSSNI], ""); err != nil { + log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) + } + } } else { std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonAssociatedDomain], err) if verbose { @@ -778,6 +794,13 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) { } } + if snicheck1_tested && !snicheck1 { + std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSSNI], fmt.Errorf("associated and delegated domain are not accessible through HTTPS at the same time, see errors for thoses checks")) + if verbose { + log.Printf("%s and HTTPS-SNI: %s\n", std.Login, "associated and delegated domains not accessible at the same time through HTTPS") + } + } + return }) } diff --git a/checker/checks.go b/checker/checks.go index 9db5fbf..88e85fd 100644 --- a/checker/checks.go +++ b/checker/checks.go @@ -9,6 +9,7 @@ const ( DNSDelegation HTTPonDelegatedDomain HTTPSonDelegatedDomain + HTTPSSNI MatrixSrv MatrixClt SNI @@ -29,9 +30,10 @@ var CheckMap = map[int]map[AdlinTest]int{ DNSDelegation: 103, HTTPonDelegatedDomain: 104, HTTPSonDelegatedDomain: 105, - MatrixSrv: 106, - MatrixClt: 107, - DNSSEC: 108, + HTTPSSNI: 106, + MatrixSrv: 107, + MatrixClt: 108, + DNSSEC: 109, }, 3: map[AdlinTest]int{ PingResolver: 200, diff --git a/token-validator/htdocs/js/adlin-common.js b/token-validator/htdocs/js/adlin-common.js index f739d4b..6d6e7e8 100644 --- a/token-validator/htdocs/js/adlin-common.js +++ b/token-validator/htdocs/js/adlin-common.js @@ -21,9 +21,10 @@ const tuto_progress = [ 103: { title: "DNS Delegation", icon: "3", label: "DNS"}, 104: { title: "HTTP on delegated domain", icon: "4", label: "HTTP on NS"}, 105: { title: "HTTPS on delegated domain", icon: "5", label: "HTTPS on NS"}, - 106: { title: "Matrix Federation", icon: "6", label: "Matrix SRV"}, - 107: { title: "Matrix Client", icon: "7", label: "Matrix CLT"}, - 108: { title: "DNSSEC (bonus)", icon: "8", label: "DNSSEC"}, + 106: { title: "HTTPS-SNI", icon: "6", label: "HTTPS-SNI"}, + 107: { title: "Matrix Federation", icon: "7", label: "Matrix SRV"}, + 108: { title: "Matrix Client", icon: "8", label: "Matrix CLT"}, + 109: { title: "DNSSEC (bonus)", icon: "9", label: "DNSSEC"}, }, { 200: { title: "PONG resolver", icon: "0", label: "PONG srv"},