Skip to content

Commit 56e23df

Browse files
mholtmholt
authored
Add helpers for dns-account-01 challenge (close #42) (#43)
* Add helpers for dns-account-01 challenge (close #42) * Add dns-account-01 to readme
1 parent df105ba commit 56e23df

File tree

2 files changed

+13
-1
lines changed

2 files changed

+13
-1
lines changed

README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,8 @@ In other words, the `acmez` package is **porcelain** while the `acme` package is
3333
- Device attestation challenges ([draft-acme-device-attest-02](https://datatracker.ietf.org/doc/draft-acme-device-attest/))
3434
- [RFC 8737](https://www.rfc-editor.org/rfc/rfc8737.html) (tls-alpn-01 challenge)
3535
- [RFC 8823](https://www.rfc-editor.org/rfc/rfc8823.html) (email-reply-00 challenge; S/MIME)
36-
- ACME Renewal Information (ARI) support ([RFC 9773](https://datatracker.ietf.org/doc/html/rfc9773)
36+
- DNS Labeled With ACME Account ID Challenge ([draft-ietf-acme-dns-account-label-01](https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/01/))
37+
- ACME Renewal Information (ARI) support ([RFC 9773](https://datatracker.ietf.org/doc/html/rfc9773))
3738
- ACME profiles ([draft-aaron-acme-profiles](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/))
3839

3940

acme/challenge.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ package acme
1717
import (
1818
"context"
1919
"crypto/sha256"
20+
"encoding/base32"
2021
"encoding/base64"
2122
"fmt"
2223
"strings"
@@ -132,6 +133,15 @@ func (c Challenge) DNS01KeyAuthorization() string {
132133
return base64.RawURLEncoding.EncodeToString(h[:])
133134
}
134135

136+
// DNSAcccount01TXTRecordName returns the name of the TXT record to create
137+
// for solving the dns-account-01 challenge. §3.2
138+
func (Challenge) DNSAcccount01TXTRecordName(a Account) string {
139+
acctURLhash := sha256.Sum256([]byte(a.Location))
140+
truncAcctURLHash := acctURLhash[:10]
141+
b32TruncAcctURLHash := base32.StdEncoding.EncodeToString(truncAcctURLHash)
142+
return fmt.Sprintf("_%s._acme_challenge", b32TruncAcctURLHash)
143+
}
144+
135145
// MailReply00KeyAuthorization encodes a key authorization value
136146
// to be sent back to the reply-to address of the ACME challenge email.
137147
// The subject of that mail contains token-part1, which must be combined
@@ -177,4 +187,5 @@ const (
177187
ChallengeTypeDeviceAttest01 = "device-attest-01" // draft-acme-device-attest-00 §5
178188
ChallengeTypeEmailReply00 = "email-reply-00" // RFC 8823 §5.2
179189
ChallengeTypeAuthorityToken = "tkauth-01" // RFC 9447 §3 - ACME Authority Token challenge type
190+
ChallengeTypeDNSAccount01 = "dns-account-01" // draft-ietf-acme-dns-account-label-01 §5
180191
)

0 commit comments

Comments
 (0)