github.com/letsencrypt/boulder@v0.20251208.0/cmd/reversed-hostname-checker/main.go (about) 1 // Read a list of reversed FQDNs and/or normal IP addresses, separated by 2 // newlines. Print only those that are rejected by the current policy. 3 4 package notmain 5 6 import ( 7 "bufio" 8 "flag" 9 "fmt" 10 "io" 11 "log" 12 "net/netip" 13 "os" 14 15 "github.com/letsencrypt/boulder/cmd" 16 "github.com/letsencrypt/boulder/identifier" 17 "github.com/letsencrypt/boulder/policy" 18 "github.com/letsencrypt/boulder/sa" 19 ) 20 21 func init() { 22 cmd.RegisterCommand("reversed-hostname-checker", main, nil) 23 } 24 25 func main() { 26 inputFilename := flag.String("input", "", "File containing a list of reversed hostnames to check, newline separated. Defaults to stdin") 27 policyFile := flag.String("policy", "test/ident-policy.yaml", "File containing an identifier policy in YAML.") 28 flag.Parse() 29 30 var input io.Reader 31 var err error 32 if *inputFilename == "" { 33 input = os.Stdin 34 } else { 35 input, err = os.Open(*inputFilename) 36 if err != nil { 37 log.Fatalf("opening %s: %s", *inputFilename, err) 38 } 39 } 40 41 scanner := bufio.NewScanner(input) 42 logger := cmd.NewLogger(cmd.SyslogConfig{StdoutLevel: 7}) 43 logger.Info(cmd.VersionString()) 44 pa, err := policy.New(nil, nil, logger) 45 if err != nil { 46 log.Fatal(err) 47 } 48 err = pa.LoadIdentPolicyFile(*policyFile) 49 if err != nil { 50 log.Fatalf("reading %s: %s", *policyFile, err) 51 } 52 var errors bool 53 for scanner.Scan() { 54 n := sa.EncodeIssuedName(scanner.Text()) 55 var ident identifier.ACMEIdentifier 56 ip, err := netip.ParseAddr(n) 57 if err == nil { 58 ident = identifier.NewIP(ip) 59 } else { 60 ident = identifier.NewDNS(n) 61 } 62 err = pa.WillingToIssue(identifier.ACMEIdentifiers{ident}) 63 if err != nil { 64 errors = true 65 fmt.Printf("%s: %s\n", n, err) 66 } 67 } 68 if errors { 69 os.Exit(1) 70 } 71 }