acme_dns_tiny: compute key authorization without checking token validity

Indeed, the token is created by the server

acme_dns_tiny: compute key authorization without checking token validity
Indeed, the token is created by the server
a7d50ce8 · Adrien Dorsaz · 474f4b63 · a7d50ce8
Commit a7d50ce8 authored Jun 14, 2020 by Adrien Dorsaz
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

acme_dns_tiny.py acme_dns_tiny.py +1 -2

No files found.
--- a/acme_dns_tiny.py
+++ b/acme_dns_tiny.py
@@ -213,8 +213,7 @@ def get_crt(config, log=LOGGER):

        log.info("Install DNS TXT resource for domain: %s", domain)
        challenge = [c for c in authorization["challenges"] if c["type"] == "dns-01"][0]
-        token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"])
-        keyauthorization = "{0}.{1}".format(token, jwk_thumbprint)
+        keyauthorization = challenge["token"] + "." + jwk_thumbprint
        keydigest64 = _base64(hashlib.sha256(keyauthorization.encode("utf8")).digest())
        dnsrr_domain = "_acme-challenge.{0}.".format(domain)
        try:  # a CNAME resource can be used for advanced TSIG configuration