def test_perform2(self): for achall in self.achalls: self.sni.add_chall(achall) mock_setup_cert = mock.MagicMock(side_effect=[ challenges.DVSNIResponse(s="randomS0"), challenges.DVSNIResponse(s="randomS1") ]) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert responses = self.sni.perform() self.assertEqual(mock_setup_cert.call_count, 2) # Make sure calls made to mocked function were correct self.assertEqual(mock_setup_cert.call_args_list[0], mock.call(self.achalls[0])) self.assertEqual(mock_setup_cert.call_args_list[1], mock.call(self.achalls[1])) self.assertEqual( len( self.sni.configurator.parser.find_dir( "Include", self.sni.challenge_conf)), 1) self.assertEqual(len(responses), 2) for i in xrange(2): self.assertEqual(responses[i].s, "randomS%d" % i)
def test_perform(self, mock_restart, mock_dvsni_perform): # Only tests functionality specific to configurator.perform # Note: As more challenges are offered this will have to be expanded auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem) achall1 = achallenges.DVSNI( challb=acme_util.chall_to_challb( challenges.DVSNI( r="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q", nonce="37bc5eb75d3e00a19b4f6355845e5a18"), "pending"), domain="encryption-example.demo", key=auth_key) achall2 = achallenges.DVSNI( challb=acme_util.chall_to_challb( challenges.DVSNI( r="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU", nonce="59ed014cac95f77057b1d7a1b2c596ba"), "pending"), domain="letsencrypt.demo", key=auth_key) dvsni_ret_val = [ challenges.DVSNIResponse(s="randomS1"), challenges.DVSNIResponse(s="randomS2"), ] mock_dvsni_perform.return_value = dvsni_ret_val responses = self.config.perform([achall1, achall2]) self.assertEqual(mock_dvsni_perform.call_count, 1) self.assertEqual(responses, dvsni_ret_val) self.assertEqual(mock_restart.call_count, 1)
def test_perform2(self): for achall in self.achalls: self.sni.add_chall(achall) mock_setup_cert = mock.MagicMock(side_effect=[ challenges.DVSNIResponse(s="nginxS0"), challenges.DVSNIResponse(s="nginxS1"), challenges.DVSNIResponse(s="nginxS2") ]) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert responses = self.sni.perform() self.assertEqual(mock_setup_cert.call_count, 3) for index, achall in enumerate(self.achalls): self.assertEqual(mock_setup_cert.call_args_list[index], mock.call(achall)) http = self.sni.configurator.parser.parsed[ self.sni.configurator.parser.loc["root"]][-1] self.assertTrue(['include', self.sni.challenge_conf] in http[1]) self.assertTrue(['server_name', 'blah'] in http[1][-2][1]) self.assertEqual(len(responses), 3) for i in xrange(3): self.assertEqual(responses[i].s, "nginxS%d" % i)
def test_perform(self, mock_restart, mock_dvsni_perform): # Only tests functionality specific to configurator.perform # Note: As more challenges are offered this will have to be expanded auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem) achall1 = achallenges.DVSNI(challb=messages.ChallengeBody( chall=challenges.DVSNI(r="foo", nonce="bar"), uri="https://ca.org/chall0_uri", status=messages.Status("pending"), ), domain="localhost", key=auth_key) achall2 = achallenges.DVSNI(challb=messages.ChallengeBody( chall=challenges.DVSNI(r="abc", nonce="def"), uri="https://ca.org/chall1_uri", status=messages.Status("pending"), ), domain="example.com", key=auth_key) dvsni_ret_val = [ challenges.DVSNIResponse(s="irrelevant"), challenges.DVSNIResponse(s="arbitrary"), ] mock_dvsni_perform.return_value = dvsni_ret_val responses = self.config.perform([achall1, achall2]) self.assertEqual(mock_dvsni_perform.call_count, 1) self.assertEqual(responses, dvsni_ret_val) self.assertEqual(mock_restart.call_count, 1)
def test_setup_challenge_cert(self): # This is a helper function that can be used for handling # open context managers more elegantly. It avoids dealing with # __enter__ and __exit__ calls. # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open mock_open, mock_safe_open = mock.mock_open(), mock.mock_open() response = challenges.DVSNIResponse(s="randomS1") achall = mock.MagicMock(nonce=self.achalls[0].nonce, nonce_domain=self.achalls[0].nonce_domain) achall.gen_cert_and_response.return_value = ("pem", response) with mock.patch("letsencrypt.plugins.common.open", mock_open, create=True): with mock.patch("letsencrypt.plugins.common.le_util.safe_open", mock_safe_open): # pylint: disable=protected-access self.assertEqual( response, self.sni._setup_challenge_cert(achall, "randomS1")) # pylint: disable=no-member mock_open.assert_called_once_with(self.sni.get_cert_path(achall), "wb") mock_open.return_value.write.assert_called_once_with("pem") mock_safe_open.assert_called_once_with(self.sni.get_key_path(achall), "wb", chmod=0o400) mock_safe_open.return_value.write.assert_called_once_with( achall.key.key.private_bytes())
def test_setup_challenge_cert(self): # This is a helper function that can be used for handling # open context managers more elegantly. It avoids dealing with # __enter__ and __exit__ calls. # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open mock_open, mock_safe_open = mock.mock_open(), mock.mock_open() response = challenges.DVSNIResponse(validation=mock.Mock()) achall = mock.MagicMock() key = test_util.load_pyopenssl_private_key("rsa512_key.pem") achall.gen_cert_and_response.return_value = ( response, test_util.load_cert("cert.pem"), key) with mock.patch("letsencrypt.plugins.common.open", mock_open, create=True): with mock.patch("letsencrypt.plugins.common.le_util.safe_open", mock_safe_open): # pylint: disable=protected-access self.assertEqual( response, self.sni._setup_challenge_cert(achall, "randomS1")) # pylint: disable=no-member mock_open.assert_called_once_with(self.sni.get_cert_path(achall), "wb") mock_open.return_value.write.assert_called_once_with( test_util.load_vector("cert.pem")) mock_safe_open.assert_called_once_with(self.sni.get_key_path(achall), "wb", chmod=0o400) mock_safe_open.return_value.write.assert_called_once_with( OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key))
def setUp(self): self.chall = acme_util.chall_to_challb( challenges.DVSNI(r="r_value", nonce="12345ABCDE"), "pending") self.response = challenges.DVSNIResponse() key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem")) from letsencrypt.achallenges import DVSNI self.achall = DVSNI(challb=self.chall, domain="example.com", key=key)
def test_perform1(self, mock_save): self.sni.add_chall(self.achalls[0]) mock_setup_cert = mock.MagicMock(return_value=challenges.DVSNIResponse( s="nginxS1")) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert responses = self.sni.perform() mock_setup_cert.assert_called_once_with(self.achalls[0]) self.assertEqual([challenges.DVSNIResponse(s="nginxS1")], responses) self.assertEqual(mock_save.call_count, 2) # Make sure challenge config is included in main config http = self.sni.configurator.parser.parsed[ self.sni.configurator.parser.loc["root"]][-1] self.assertTrue(['include', self.sni.challenge_conf] in http[1])
def setUp(self): self.chall = acme_util.chall_to_challb( challenges.DVSNI(r="r_value", nonce="12345ABCDE"), "pending") self.response = challenges.DVSNIResponse() key = le_util.Key( "path", pkg_resources.resource_string( "acme.jose", os.path.join("testdata", "rsa512_key.pem"))) from letsencrypt.achallenges import DVSNI self.achall = DVSNI(challb=self.chall, domain="example.com", key=key)
def gen_cert_and_response(self, s=None): # pylint: disable=invalid-name """Generate a DVSNI cert and save it to filepath. :returns: ``(cert_pem, response)`` tuple, where ``cert_pem`` is the PEM encoded certificate and ``response`` is an instance :class:`acme.challenges.DVSNIResponse`. :rtype: tuple """ response = challenges.DVSNIResponse(s=s) cert_pem = crypto_util.make_ss_cert( self.key.pem, [self.nonce_domain, self.domain, response.z_domain(self.challb)]) return cert_pem, response
def gen_cert_and_response(self, s=None): # pylint: disable=invalid-name """Generate a DVSNI cert and response. :returns: ``(cert_pem, response)`` tuple, where ``cert_pem`` is the PEM encoded certificate and ``response`` is an instance :class:`acme.challenges.DVSNIResponse`. :rtype: tuple """ key = crypto_util.private_jwk_to_pyopenssl(self.key) response = challenges.DVSNIResponse(s=s) cert = response.gen_cert(self.challb.chall, self.domain, key) cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) return cert_pem, response
def test_perform1(self): achall = self.achalls[0] self.sni.add_chall(achall) mock_setup_cert = mock.MagicMock(return_value=challenges.DVSNIResponse( s="randomS1")) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert responses = self.sni.perform() mock_setup_cert.assert_called_once_with(achall) # Check to make sure challenge config path is included in apache config. self.assertEqual( len( self.sni.configurator.parser.find_dir( "Include", self.sni.challenge_conf)), 1) self.assertEqual(len(responses), 1) self.assertEqual(responses[0].s, "randomS1")
def test_setup_challenge_cert(self): # This is a helper function that can be used for handling # open context managers more elegantly. It avoids dealing with # __enter__ and __exit__ calls. # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open m_open = mock.mock_open() response = challenges.DVSNIResponse(s="randomS1") achall = mock.MagicMock(nonce=self.achalls[0].nonce, nonce_domain=self.achalls[0].nonce_domain) achall.gen_cert_and_response.return_value = ("pem", response) with mock.patch("letsencrypt.plugins.common.open", m_open, create=True): # pylint: disable=protected-access self.assertEqual(response, self.sni._setup_challenge_cert( achall, "randomS1")) self.assertTrue(m_open.called) self.assertEqual( m_open.call_args[0], (self.sni.get_cert_file(achall), "w")) self.assertEqual(m_open().write.call_args[0][0], "pem")