lers 0.4.0

An async, user-friendly Let's Encrypt/ACMEv2 library written in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

//! DNS-01 solvers for various providers
//!
//! Currently, the following providers are supported:
//! - [Cloudflare](https://www.cloudflare.com): [`CloudflareDns01Solver`]
//!
//! If you would like a provider to be supported,
//! [file an issue](https://github.com/akrantz01/lers/issues/new?assignees=&labels=dns-01+provider&template=dns-1-provider-request.md&title=)
//! or [make a contribution](https://github.com/akrantz01/lers/compare).

use once_cell::sync::OnceCell;
use trust_dns_resolver::{
    error::{ResolveError, ResolveErrorKind},
    AsyncResolver, IntoName, TokioAsyncResolver,
};

#[cfg(any(feature = "dns-01-cloudflare", feature = "integration"))]
mod cloudflare;

#[cfg(feature = "dns-01-cloudflare")]
#[cfg_attr(docsrs, doc(cfg(feature = "dns-01-cloudflare")))]
pub use cloudflare::{CloudflareDns01Builder, CloudflareDns01Solver, CloudflareError};

// TODO: don't use global resolver to allow for better configuration
static RESOLVER: OnceCell<TokioAsyncResolver> = OnceCell::new();

/// Find the zone for a FQDN.
///
/// This is intended for use by DNS-01 solvers to get the root zone for a FQDN.
pub async fn find_zone_by_fqdn(fqdn: &str) -> Result<String, ResolveError> {
    let resolver = RESOLVER.get_or_try_init(|| AsyncResolver::tokio_from_system_conf())?;

    let mut name = fqdn.into_name()?;
    loop {
        let lookup = resolver.soa_lookup(name.clone()).await;
        match lookup {
            Ok(lookup) => {
                let records = lookup.as_lookup().records();
                debug_assert_ne!(records.len(), 0);
                let record = records.first().unwrap();

                break Ok(record.name().to_utf8());
            }
            Err(e) if matches!(e.kind(), ResolveErrorKind::NoRecordsFound { .. }) => {
                if name.num_labels() > 1 {
                    name = name.base_name();
                    continue;
                } else {
                    break Err(e);
                }
            }
            Err(e) => break Err(e),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::find_zone_by_fqdn;
    use trust_dns_resolver::error::{ResolveError, ResolveErrorKind};

    #[tokio::test]
    async fn find_zone_by_fqdn_simple() -> Result<(), ResolveError> {
        let zone = find_zone_by_fqdn("gist.github.com").await?;
        assert_eq!(zone, "github.com.");

        Ok(())
    }

    #[tokio::test]
    async fn find_zone_by_fqdn_cname() -> Result<(), ResolveError> {
        let zone = find_zone_by_fqdn("mail.google.com").await?;
        assert_eq!(zone, "google.com.");

        Ok(())
    }

    #[tokio::test]
    async fn find_zone_by_fqdn_non_existent_subdomain() -> Result<(), ResolveError> {
        let zone = find_zone_by_fqdn("foo.google.com").await?;
        assert_eq!(zone, "google.com.");

        Ok(())
    }

    #[tokio::test]
    async fn find_zone_by_fqdn_etld() -> Result<(), ResolveError> {
        let zone = find_zone_by_fqdn("example.com.ac").await?;
        assert_eq!(zone, "ac.");

        Ok(())
    }

    #[tokio::test]
    async fn find_zone_by_fqdn_cross_zone_cname() -> Result<(), ResolveError> {
        let zone = find_zone_by_fqdn("cross-zone-example.assets.sh").await?;
        assert_eq!(zone, "assets.sh.");

        Ok(())
    }

    #[tokio::test]
    async fn find_zone_by_fqdn_non_existent() {
        let error = find_zone_by_fqdn("test.lego.zz").await.unwrap_err();
        assert!(matches!(
            error.kind(),
            ResolveErrorKind::NoRecordsFound { .. }
        ));
    }
}