Remove non-compliant hexdigit encoding for dns-01 challenges (#2052 is now

merged).
2026-06-03 22:08:07 -04:00 · 2016-01-04 19:46:28 -05:00 · 2016-01-04 19:46:28 -05:00 · 7747dc8488
commit 7747dc8488
parent 97fb1a03f9
2 changed files with 4 additions and 15 deletions
--- a/acme/acme/challenges.py
+++ b/acme/acme/challenges.py
@ -1,6 +1,5 @@
 """ACME Identifier Validation Challenges."""
 import abc
-import base64
 import dns.resolver
 import dns.exception
 import functools
@ -283,8 +282,7 @@ class DNS01(KeyAuthorizationChallenge):
    LABEL = "_acme-challenge"
    """Label clients prepend to the domain name being validated."""

-    # FIXME: Remove extra parameter once #2052 is integrated
-    def validation(self, account_key, dns01_hexdigit_response=True, **unused_kwargs):
+    def validation(self, account_key, **unused_kwargs):
        """Generate validation.

        :param JWK account_key:
@ -292,9 +290,7 @@ class DNS01(KeyAuthorizationChallenge):

        """
        key_authorization = self.key_authorization(account_key)
-        if dns01_hexdigit_response:
-            return hashlib.sha256(key_authorization).hexdigest()
-        return base64.urlsafe_b64encode(hashlib.sha256(key_authorization).digest())
+        return jose.b64encode(hashlib.sha256(key_authorization).digest())

    def validation_domain_name(self, name):
        """Domain name for TXT validation record.
--- a/acme/acme/challenges_test.py
+++ b/acme/acme/challenges_test.py
@ -168,17 +168,10 @@ class DNS01Test(unittest.TestCase):
        self.assertEqual('_acme-challenge.www.example.com',
                         self.msg.validation_domain_name('www.example.com'))

-    # FIXME: Remove extra parameter once #2052 is integrated
    def test_validation(self):
        self.assertEqual(
-            "rAa7iIg4K2y63fvUhCfy8dP1Xl7wEhmQq0oChTcE3Zk=",
-            self.msg.validation(KEY, dns01_hexdigit_response=False))
-
-    # FIXME: Remove this once #2052 is integrated
-    def test_validation_for_server_with_hexdigit_response(self):
-        self.assertEqual(
-            "ac06bb8888382b6cbaddfbd48427f2f1d3f55e5ef0121990ab4a02853704dd99",
-            self.msg.validation(KEY, dns01_hexdigit_response=True))
+            "rAa7iIg4K2y63fvUhCfy8dP1Xl7wEhmQq0oChTcE3Zk",
+            self.msg.validation(KEY))

    def test_to_partial_json(self):
        self.assertEqual(self.jmsg, self.msg.to_partial_json())