diff --git a/src/mod/acme/acme.go b/src/mod/acme/acme.go index a52d0be..334e9c0 100644 --- a/src/mod/acme/acme.go +++ b/src/mod/acme/acme.go @@ -432,18 +432,18 @@ func (a *ACMEHandler) HandleGetExpiredDomains(w http.ResponseWriter, r *http.Req // to renew the certificate, and sends a JSON response indicating the result of the renewal process. func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Request) { domainPara, err := utils.PostPara(r, "domains") - + //Clean each domain cleanedDomains := []string{} - if (domainPara != "") { + if domainPara != "" { for _, d := range strings.Split(domainPara, ",") { // Apply normalization on each domain nd, err := utils.NormalizeDomain(d) if err != nil { utils.SendErrorResponse(w, jsonEscape(err.Error())) return - } - cleanedDomains = append(cleanedDomains, nd) + } + cleanedDomains = append(cleanedDomains, nd) } } @@ -507,7 +507,6 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ dns = true } - // Default propagation timeout is 300 seconds propagationTimeout := 300 if dns { @@ -549,7 +548,6 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ a.Logf("Could not extract SANs from PEM, using domainPara only", err) } - // Extract DNS servers from the request var dnsServers []string dnsServersPara, err := utils.PostPara(r, "dnsServers") diff --git a/src/mod/acme/utils.go b/src/mod/acme/utils.go index b15b355..df05f2e 100644 --- a/src/mod/acme/utils.go +++ b/src/mod/acme/utils.go @@ -40,8 +40,6 @@ func ExtractDomains(certBytes []byte) ([]string, error) { return []string{}, errors.New("decode cert bytes failed") } - - func ExtractIssuerName(certBytes []byte) (string, error) { // Parse the PEM block block, _ := pem.Decode(certBytes) @@ -71,9 +69,9 @@ func ExtractDomainsFromPEM(pemFilePath string) ([]string, error) { certBytes, err := os.ReadFile(pemFilePath) if err != nil { - return nil, err + return nil, err } - domains,err := ExtractDomains(certBytes) + domains, err := ExtractDomains(certBytes) if err != nil { return nil, err } diff --git a/src/mod/utils/utils.go b/src/mod/utils/utils.go index 219ead4..c99de72 100644 --- a/src/mod/utils/utils.go +++ b/src/mod/utils/utils.go @@ -207,16 +207,17 @@ func ValidateListeningAddress(address string) bool { // - Converts to lowercase // - Removes trailing dot (FQDN canonicalization) // - Checks that the domain conforms to standard rules: -// * Each label ≤ 63 characters -// * Only letters, digits, and hyphens -// * Labels do not start or end with a hyphen -// * Full domain ≤ 253 characters +// - Each label ≤ 63 characters +// - Only letters, digits, and hyphens +// - Labels do not start or end with a hyphen +// - Full domain ≤ 253 characters +// // Returns an empty string if the domain is invalid. func NormalizeDomain(d string) (string, error) { d = strings.TrimSpace(d) d = strings.ToLower(d) d = strings.TrimSuffix(d, ".") - + if len(d) == 0 { return "", errors.New("domain is empty") } @@ -226,7 +227,7 @@ func NormalizeDomain(d string) (string, error) { labels := strings.Split(d, ".") for index, label := range labels { - if index ==0 { + if index == 0 { if len(label) == 1 && label == "*" { continue } @@ -239,11 +240,11 @@ func NormalizeDomain(d string) (string, error) { } for i, r := range label { - if !(unicode.IsLetter(r) || unicode.IsDigit(r) || r == '-') { + if !unicode.IsLetter(r) && !unicode.IsDigit(r) && r != '-' { return "", errors.New("Domain '" + d + "' not valid: Invalid character '" + string(r) + "' in label") } if (i == 0 || i == len(label)-1) && r == '-' { - return "", errors.New("Domain '" + d + "' not valid: label '"+ label +"' starts or ends with hyphen") + return "", errors.New("Domain '" + d + "' not valid: label '" + label + "' starts or ends with hyphen") } } }