Improvement DNS-01 error message (#576)

shibayan · Mar 26, 2023 · 55027fa · 55027fa
1 parent cddd1ef
commit 55027fa
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 12 deletions.
diff --git a/KeyVault.Acmebot/Functions/GetInstanceState.cs b/KeyVault.Acmebot/Functions/GetInstanceState.cs
@@ -30,7 +30,7 @@ public async Task<IActionResult> HttpStart(
 
         var status = await starter.GetStatusAsync(instanceId);
 
-        if (status == null)
+        if (status is null)
         {
             return BadRequest();
         }

diff --git a/KeyVault.Acmebot/Functions/SharedActivity.cs b/KeyVault.Acmebot/Functions/SharedActivity.cs
@@ -162,7 +162,7 @@ public async Task Dns01Precondition([ActivityTrigger] IReadOnlyList<string> dnsN
                             .MaxBy(x => x.Name.Length);
 
             // マッチする DNS zone が見つからない場合はエラー
-            if (zone == null)
+            if (zone is null)
             {
                 notFoundZoneDnsNames.Add(dnsName);
                 continue;
@@ -213,7 +213,12 @@ public async Task Dns01Precondition([ActivityTrigger] IReadOnlyList<string> dnsN
             var authorization = await acmeProtocolClient.GetAuthorizationDetailsAsync(authorizationUrl);
 
             // DNS-01 Challenge の情報を拾う
-            var challenge = authorization.Challenges.First(x => x.Type == "dns-01");
+            var challenge = authorization.Challenges.FirstOrDefault(x => x.Type == "dns-01");
+
+            if (challenge is null)
+            {
+                throw new PreconditionException("DNS-01 cannot be used for domains for which a certificate has already been issued using HTTP-01.");
+            }
 
             var challengeValidationDetails = AuthorizationDecoder.ResolveChallengeForDns01(authorization, challenge, acmeProtocolClient.Signer);
 
@@ -237,8 +242,12 @@ public async Task Dns01Precondition([ActivityTrigger] IReadOnlyList<string> dnsN
             var dnsRecordName = lookup.Key;
 
             var zone = zones.Where(x => dnsRecordName.EndsWith($".{x.Name}", StringComparison.OrdinalIgnoreCase))
-                            .OrderByDescending(x => x.Name.Length)
-                            .First();
+                            .MaxBy(x => x.Name.Length);
+
+            if (zone is null)
+            {
+                throw new PreconditionException($"DNS zone is not found. DnsRecordName = {dnsRecordName}");
+            }
 
             // Challenge の詳細から DNS 向けにレコード名を作成
             var acmeDnsRecordName = dnsRecordName.Replace($".{zone.Name}", "", StringComparison.OrdinalIgnoreCase);
@@ -318,7 +327,7 @@ public async Task CheckIsReady([ActivityTrigger] (OrderDetails, IReadOnlyList<Ac
             {
                 var challenge = await acmeProtocolClient.GetChallengeDetailsAsync(challengeResult.Url);
 
-                if (challenge.Status != "invalid" || challenge.Error == null)
+                if (challenge.Status != "invalid" || challenge.Error is null)
                 {
                     continue;
                 }

diff --git a/KeyVault.Acmebot/Internal/AcmeProtocolClientFactory.cs b/KeyVault.Acmebot/Internal/AcmeProtocolClientFactory.cs
@@ -35,7 +35,7 @@ public async Task<AcmeProtocolClient> CreateClientAsync()
 
         var acmeProtocolClient = new AcmeProtocolClient(_baseUri, directory, account, accountKey?.GenerateSigner(), usePostAsGet: true);
 
-        if (directory == null)
+        if (directory is null)
         {
             try
             {
@@ -55,7 +55,7 @@ public async Task<AcmeProtocolClient> CreateClientAsync()
 
         await acmeProtocolClient.GetNonceAsync();
 
-        if (acmeProtocolClient.Account == null)
+        if (acmeProtocolClient.Account is null)
         {
             var externalAccountBinding = directory.Meta.ExternalAccountRequired ?? false ? CreateExternalAccountBinding(acmeProtocolClient) : null;
 

diff --git a/KeyVault.Acmebot/Internal/CertificateExtensions.cs b/KeyVault.Acmebot/Internal/CertificateExtensions.cs
@@ -14,7 +14,7 @@ public static bool IsAcmebotManaged(this CertificateProperties properties, strin
     {
         var tags = properties.Tags;
 
-        if (tags == null)
+        if (tags is null)
         {
             return false;
         }
@@ -54,7 +54,7 @@ public static CertificateItem ToCertificateItem(this KeyVaultCertificateWithPoli
 
     private static string ToHexString(byte[] bytes)
     {
-        if (bytes == null)
+        if (bytes is null)
         {
             throw new ArgumentNullException(nameof(bytes));
         }

diff --git a/KeyVault.Acmebot/Models/CertificatePolicyItem.cs b/KeyVault.Acmebot/Models/CertificatePolicyItem.cs
@@ -60,7 +60,7 @@ public CertificatePolicy ToCertificatePolicy()
 
     public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
     {
-        if (DnsNames == null || DnsNames.Length == 0)
+        if (DnsNames is null || DnsNames.Length == 0)
         {
             yield return new ValidationResult($"The {nameof(DnsNames)} is required.", new[] { nameof(DnsNames) });
         }

diff --git a/KeyVault.Acmebot/Providers/DnsZone.cs b/KeyVault.Acmebot/Providers/DnsZone.cs
@@ -29,7 +29,7 @@ public string Name
 
     public bool Equals(DnsZone other)
     {
-        if (other == null)
+        if (other is null)
         {
             return false;
         }