Example #1
0
    def test_perform(self, mock_restart, mock_dvsni_perform):
        # Only tests functionality specific to configurator.perform
        # Note: As more challenges are offered this will have to be expanded
        achall1 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=messages.ChallengeBody(
                chall=challenges.TLSSNI01(token="kNdwjwOeX0I_A8DXt9Msmg"),
                uri="https://ca.org/chall0_uri",
                status=messages.Status("pending"),
            ),
            domain="localhost",
            account_key=self.rsa512jwk)
        achall2 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=messages.ChallengeBody(
                chall=challenges.TLSSNI01(token="m8TdO1qik4JVFtgPPurJmg"),
                uri="https://ca.org/chall1_uri",
                status=messages.Status("pending"),
            ),
            domain="example.com",
            account_key=self.rsa512jwk)

        dvsni_ret_val = [
            achall1.response(self.rsa512jwk),
            achall2.response(self.rsa512jwk),
        ]

        mock_dvsni_perform.return_value = dvsni_ret_val
        responses = self.config.perform([achall1, achall2])

        self.assertEqual(mock_dvsni_perform.call_count, 1)
        self.assertEqual(responses, dvsni_ret_val)
        self.assertEqual(mock_restart.call_count, 1)
    def test_perform(self, mock_restart, mock_dvsni_perform):
        # Only tests functionality specific to configurator.perform
        # Note: As more challenges are offered this will have to be expanded
        auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem)
        achall1 = achallenges.DVSNI(challb=messages.ChallengeBody(
            chall=challenges.DVSNI(r="foo", nonce="bar"),
            uri="https://ca.org/chall0_uri",
            status=messages.Status("pending"),
        ),
                                    domain="localhost",
                                    key=auth_key)
        achall2 = achallenges.DVSNI(challb=messages.ChallengeBody(
            chall=challenges.DVSNI(r="abc", nonce="def"),
            uri="https://ca.org/chall1_uri",
            status=messages.Status("pending"),
        ),
                                    domain="example.com",
                                    key=auth_key)

        dvsni_ret_val = [
            challenges.DVSNIResponse(s="irrelevant"),
            challenges.DVSNIResponse(s="arbitrary"),
        ]

        mock_dvsni_perform.return_value = dvsni_ret_val
        responses = self.config.perform([achall1, achall2])

        self.assertEqual(mock_dvsni_perform.call_count, 1)
        self.assertEqual(responses, dvsni_ret_val)
        self.assertEqual(mock_restart.call_count, 1)
Example #3
0
    def test_perform_and_cleanup(self, mock_revert, mock_restart, mock_http_perform,
        mock_tls_perform):
        # Only tests functionality specific to configurator.perform
        # Note: As more challenges are offered this will have to be expanded
        achall1 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=messages.ChallengeBody(
                chall=challenges.TLSSNI01(token=b"kNdwjwOeX0I_A8DXt9Msmg"),
                uri="https://ca.org/chall0_uri",
                status=messages.Status("pending"),
            ), domain="localhost", account_key=self.rsa512jwk)
        achall2 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=messages.ChallengeBody(
                chall=challenges.HTTP01(token=b"m8TdO1qik4JVFtgPPurJmg"),
                uri="https://ca.org/chall1_uri",
                status=messages.Status("pending"),
            ), domain="example.com", account_key=self.rsa512jwk)

        expected = [
            achall1.response(self.rsa512jwk),
            achall2.response(self.rsa512jwk),
        ]

        mock_tls_perform.return_value = expected[:1]
        mock_http_perform.return_value = expected[1:]
        responses = self.config.perform([achall1, achall2])

        self.assertEqual(mock_tls_perform.call_count, 1)
        self.assertEqual(mock_http_perform.call_count, 1)
        self.assertEqual(responses, expected)

        self.config.cleanup([achall1, achall2])
        self.assertEqual(0, self.config._chall_out) # pylint: disable=protected-access
        self.assertEqual(mock_revert.call_count, 1)
        self.assertEqual(mock_restart.call_count, 2)
    def test_perform_and_cleanup(self, request_info):
        # GIVEN a HTTP authnticator challenge
        account_key = jose.JWKRSA.load(
            pkg_resources.resource_string(
                __name__, os.path.join('testdata', 'rsa512_key.pem')))
        token = b"m8TdO1qik4JVFtgPPurJmg"
        domain = "example.com"
        achall = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=messages.ChallengeBody(
                chall=challenges.HTTP01(token=token),
                uri="https://ca.org/chall1_uri",
                status=messages.Status("pending"),
            ),
            domain=domain,
            account_key=account_key)

        expected = [
            achall.response(account_key),
        ]

        # WHEN the challenge is performed and cleaned up
        responses = self.configurator.perform([achall])

        self.configurator.cleanup([achall])

        # THEN a ACME challenge service is created and
        # then cleaned up in Kong.
        calls = request_info.mock_calls
        requests = self._get_write_requests(calls)

        self.assertEqual(responses, expected)

        acme_service_requests = requests[0:3]
        cleanup_requests = requests[3:]

        service_id = requests[0][1][len("/services/"):]
        plugin_id = requests[1][1][len("/plugins/"):]
        route_id = requests[2][1][len("/routes/"):]

        self.assertEqual(acme_service_requests,
                         [("PUT", "/services/" + service_id, {
                             "name": "certbot-kong_TEMPORARY_ACME_challenge",
                             "url": "http://invalid.example.com"
                         }),
                          ("PUT", "/plugins/" + plugin_id, {
                              "service": {
                                  "id": service_id
                              },
                              "name": "request-termination",
                              "config": {
                                  "status_code": 200,
                                  "content_type": "text/plain",
                                  "body": achall.validation(achall.account_key)
                              }
                          }),
                          ("PUT", "/routes/" + route_id, {
                              "service": {
                                  "id": service_id
                              },
                              "paths": [
                                  "/.well-known/acme-challenge/" +
                                  achall.chall.encode("token")
                              ],
                              "hosts": [domain],
                              "protocols": ["http"]
                          })])

        self.assertEqual(cleanup_requests,
                         [("DELETE", "/routes/" + route_id, None),
                          ("DELETE", "/plugins/" + plugin_id, None),
                          ("DELETE", "/services/" + service_id, None)])