class DVSNIResponseTest(unittest.TestCase): def setUp(self): from acme.challenges import DVSNIResponse # pylint: disable=invalid-name s = '9dbjsl3gTAtOnEtKFEmhS6Mj-ajNjDcOmRkp3Lfzm3c' self.msg = DVSNIResponse(s=jose.decode_b64jose(s)) self.jmsg = { 'resource': 'challenge', 'type': 'dvsni', 's': s, } from acme.challenges import DVSNI self.chall = DVSNI( r=jose.decode_b64jose( 'Tyq0La3slT7tqQ0wlOiXnCY2vyez7Zo5blgPJ1xt5xI'), nonce=jose.decode_b64jose('a82d5ff8ef740d12881f6d3c2277ab2e')) self.z = (b'38e612b0397cc2624a07d351d7ef50e4' b'6134c0213d9ed52f7d7c611acaeed41b') self.domain = 'foo.com' self.key = test_util.load_pyopenssl_private_key('rsa512_key.pem') self.public_key = test_util.load_rsa_private_key( 'rsa512_key.pem').public_key() def test_z_and_domain(self): # pylint: disable=invalid-name self.assertEqual(self.z, self.msg.z(self.chall)) self.assertEqual(self.z + b'.acme.invalid', self.msg.z_domain(self.chall)) def test_to_partial_json(self): self.assertEqual(self.jmsg, self.msg.to_partial_json()) def test_from_json(self): from acme.challenges import DVSNIResponse self.assertEqual(self.msg, DVSNIResponse.from_json(self.jmsg)) def test_from_json_hashable(self): from acme.challenges import DVSNIResponse hash(DVSNIResponse.from_json(self.jmsg)) @mock.patch('acme.challenges.DVSNIResponse.verify_cert') def test_simple_verify(self, mock_verify_cert): chall = mock.Mock() chall.probe_cert.return_value = mock.sentinel.cert mock_verify_cert.return_value = 'x' self.assertEqual( 'x', self.msg.simple_verify(chall, mock.sentinel.domain, mock.sentinel.key)) chall.probe_cert.assert_called_once_with(domain=mock.sentinel.domain) self.msg.verify_cert.assert_called_once_with(chall, mock.sentinel.domain, mock.sentinel.key, mock.sentinel.cert) def test_simple_verify_false_on_probe_error(self): chall = mock.Mock() chall.probe_cert.side_effect = errors.Error self.assertFalse( self.msg.simple_verify(chall=chall, domain=None, public_key=None)) def test_gen_verify_cert_postive_no_key(self): cert = self.msg.gen_cert(self.chall, self.domain, self.key) self.assertTrue( self.msg.verify_cert(self.chall, self.domain, public_key=None, cert=cert)) def test_gen_verify_cert_postive_with_key(self): cert = self.msg.gen_cert(self.chall, self.domain, self.key) self.assertTrue( self.msg.verify_cert(self.chall, self.domain, public_key=self.public_key, cert=cert)) def test_gen_verify_cert_negative_with_wrong_key(self): cert = self.msg.gen_cert(self.chall, self.domain, self.key) key = test_util.load_rsa_private_key('rsa256_key.pem').public_key() self.assertFalse( self.msg.verify_cert(self.chall, self.domain, public_key=key, cert=cert)) def test_gen_verify_cert_negative(self): cert = self.msg.gen_cert(self.chall, self.domain + 'x', self.key) self.assertFalse( self.msg.verify_cert(self.chall, self.domain, public_key=None, cert=cert))
class DVSNIResponseTest(unittest.TestCase): # pylint: disable=too-many-instance-attributes def setUp(self): self.key = jose.JWKRSA(key=KEY) from acme.challenges import DVSNI self.chall = DVSNI( token=jose.b64decode(b'a82d5ff8ef740d12881f6d3c2277ab2e')) from acme.challenges import DVSNIResponse self.validation = jose.JWS.sign( payload=self.chall.json_dumps(sort_keys=True).encode(), key=self.key, alg=jose.RS256) self.msg = DVSNIResponse(validation=self.validation) self.jmsg_to = { 'resource': 'challenge', 'type': 'dvsni', 'validation': self.validation, } self.jmsg_from = { 'resource': 'challenge', 'type': 'dvsni', 'validation': self.validation.to_json(), } # pylint: disable=invalid-name label1 = b'e2df3498860637c667fedadc5a8494ec' label2 = b'09dcc75553c9b3bd73662b50e71b1e42' self.z = label1 + label2 self.z_domain = label1 + b'.' + label2 + b'.acme.invalid' self.domain = 'foo.com' def test_z_and_domain(self): self.assertEqual(self.z, self.msg.z) self.assertEqual(self.z_domain, self.msg.z_domain) def test_to_partial_json(self): self.assertEqual(self.jmsg_to, self.msg.to_partial_json()) def test_from_json(self): from acme.challenges import DVSNIResponse self.assertEqual(self.msg, DVSNIResponse.from_json(self.jmsg_from)) def test_from_json_hashable(self): from acme.challenges import DVSNIResponse hash(DVSNIResponse.from_json(self.jmsg_from)) @mock.patch('acme.challenges.socket.gethostbyname') @mock.patch('acme.challenges.crypto_util.probe_sni') def test_probe_cert(self, mock_probe_sni, mock_gethostbyname): mock_gethostbyname.return_value = '127.0.0.1' self.msg.probe_cert('foo.com') mock_gethostbyname.assert_called_once_with('foo.com') mock_probe_sni.assert_called_once_with(host='127.0.0.1', port=self.msg.PORT, name=self.z_domain) self.msg.probe_cert('foo.com', host='8.8.8.8') mock_probe_sni.assert_called_with(host='8.8.8.8', port=mock.ANY, name=mock.ANY) self.msg.probe_cert('foo.com', port=1234) mock_probe_sni.assert_called_with(host=mock.ANY, port=1234, name=mock.ANY) self.msg.probe_cert('foo.com', bar='baz') mock_probe_sni.assert_called_with(host=mock.ANY, port=mock.ANY, name=mock.ANY, bar='baz') self.msg.probe_cert('foo.com', name=b'xxx') mock_probe_sni.assert_called_with(host=mock.ANY, port=mock.ANY, name=self.z_domain) def test_gen_verify_cert(self): key1 = test_util.load_pyopenssl_private_key('rsa512_key.pem') cert, key2 = self.msg.gen_cert(key1) self.assertEqual(key1, key2) self.assertTrue(self.msg.verify_cert(cert)) def test_gen_verify_cert_gen_key(self): cert, key = self.msg.gen_cert() self.assertTrue(isinstance(key, OpenSSL.crypto.PKey)) self.assertTrue(self.msg.verify_cert(cert)) def test_verify_bad_cert(self): self.assertFalse(self.msg.verify_cert(test_util.load_cert('cert.pem'))) def test_simple_verify_wrong_account_key(self): self.assertFalse( self.msg.simple_verify( self.chall, self.domain, jose.JWKRSA.load( test_util.load_vector('rsa256_key.pem')).public_key())) def test_simple_verify_wrong_payload(self): for payload in b'', b'{}': msg = self.msg.update(validation=jose.JWS.sign( payload=payload, key=self.key, alg=jose.RS256)) self.assertFalse( msg.simple_verify(self.chall, self.domain, self.key.public_key())) def test_simple_verify_wrong_token(self): msg = self.msg.update( validation=jose.JWS.sign(payload=self.chall.update( token=(b'b' * 20)).json_dumps().encode(), key=self.key, alg=jose.RS256)) self.assertFalse( msg.simple_verify(self.chall, self.domain, self.key.public_key())) @mock.patch('acme.challenges.DVSNIResponse.verify_cert', autospec=True) def test_simple_verify(self, mock_verify_cert): mock_verify_cert.return_value = mock.sentinel.verification self.assertEqual( mock.sentinel.verification, self.msg.simple_verify(self.chall, self.domain, self.key.public_key(), cert=mock.sentinel.cert)) mock_verify_cert.assert_called_once_with(self.msg, mock.sentinel.cert) @mock.patch('acme.challenges.DVSNIResponse.probe_cert') def test_simple_verify_false_on_probe_error(self, mock_probe_cert): mock_probe_cert.side_effect = errors.Error self.assertFalse( self.msg.simple_verify(self.chall, self.domain, self.key.public_key()))
class DVSNIResponseTest(unittest.TestCase): def setUp(self): from acme.challenges import DVSNIResponse # pylint: disable=invalid-name s = '9dbjsl3gTAtOnEtKFEmhS6Mj-ajNjDcOmRkp3Lfzm3c' self.msg = DVSNIResponse(s=jose.decode_b64jose(s)) self.jmsg = { 'resource': 'challenge', 'type': 'dvsni', 's': s, } from acme.challenges import DVSNI self.chall = DVSNI( r=jose.decode_b64jose('Tyq0La3slT7tqQ0wlOiXnCY2vyez7Zo5blgPJ1xt5xI'), nonce=jose.decode_b64jose('a82d5ff8ef740d12881f6d3c2277ab2e')) self.z = (b'38e612b0397cc2624a07d351d7ef50e4' b'6134c0213d9ed52f7d7c611acaeed41b') self.domain = 'foo.com' self.key = test_util.load_pyopenssl_private_key('rsa512_key.pem') self.public_key = test_util.load_rsa_private_key( 'rsa512_key.pem').public_key() def test_z_and_domain(self): # pylint: disable=invalid-name self.assertEqual(self.z, self.msg.z(self.chall)) self.assertEqual( self.z + b'.acme.invalid', self.msg.z_domain(self.chall)) def test_to_partial_json(self): self.assertEqual(self.jmsg, self.msg.to_partial_json()) def test_from_json(self): from acme.challenges import DVSNIResponse self.assertEqual(self.msg, DVSNIResponse.from_json(self.jmsg)) def test_from_json_hashable(self): from acme.challenges import DVSNIResponse hash(DVSNIResponse.from_json(self.jmsg)) @mock.patch('acme.challenges.DVSNIResponse.verify_cert') def test_simple_verify(self, mock_verify_cert): chall = mock.Mock() chall.probe_cert.return_value = mock.sentinel.cert mock_verify_cert.return_value = 'x' self.assertEqual('x', self.msg.simple_verify( chall, mock.sentinel.domain, mock.sentinel.key)) chall.probe_cert.assert_called_once_with(domain=mock.sentinel.domain) self.msg.verify_cert.assert_called_once_with( chall, mock.sentinel.domain, mock.sentinel.key, mock.sentinel.cert) def test_simple_verify_false_on_probe_error(self): chall = mock.Mock() chall.probe_cert.side_effect = errors.Error self.assertFalse(self.msg.simple_verify( chall=chall, domain=None, public_key=None)) def test_gen_verify_cert_postive_no_key(self): cert = self.msg.gen_cert(self.chall, self.domain, self.key) self.assertTrue(self.msg.verify_cert( self.chall, self.domain, public_key=None, cert=cert)) def test_gen_verify_cert_postive_with_key(self): cert = self.msg.gen_cert(self.chall, self.domain, self.key) self.assertTrue(self.msg.verify_cert( self.chall, self.domain, public_key=self.public_key, cert=cert)) def test_gen_verify_cert_negative_with_wrong_key(self): cert = self.msg.gen_cert(self.chall, self.domain, self.key) key = test_util.load_rsa_private_key('rsa256_key.pem').public_key() self.assertFalse(self.msg.verify_cert( self.chall, self.domain, public_key=key, cert=cert)) def test_gen_verify_cert_negative(self): cert = self.msg.gen_cert(self.chall, self.domain + 'x', self.key) self.assertFalse(self.msg.verify_cert( self.chall, self.domain, public_key=None, cert=cert))
class DVSNIResponseTest(unittest.TestCase): # pylint: disable=too-many-instance-attributes def setUp(self): self.key = jose.JWKRSA(key=KEY) from acme.challenges import DVSNI self.chall = DVSNI( token=jose.b64decode(b'a82d5ff8ef740d12881f6d3c2277ab2e')) from acme.challenges import DVSNIResponse self.validation = jose.JWS.sign( payload=self.chall.json_dumps(sort_keys=True).encode(), key=self.key, alg=jose.RS256) self.msg = DVSNIResponse(validation=self.validation) self.jmsg_to = { 'resource': 'challenge', 'type': 'dvsni', 'validation': self.validation, } self.jmsg_from = { 'resource': 'challenge', 'type': 'dvsni', 'validation': self.validation.to_json(), } # pylint: disable=invalid-name label1 = b'e2df3498860637c667fedadc5a8494ec' label2 = b'09dcc75553c9b3bd73662b50e71b1e42' self.z = label1 + label2 self.z_domain = label1 + b'.' + label2 + b'.acme.invalid' self.domain = 'foo.com' def test_z_and_domain(self): self.assertEqual(self.z, self.msg.z) self.assertEqual(self.z_domain, self.msg.z_domain) def test_to_partial_json(self): self.assertEqual(self.jmsg_to, self.msg.to_partial_json()) def test_from_json(self): from acme.challenges import DVSNIResponse self.assertEqual(self.msg, DVSNIResponse.from_json(self.jmsg_from)) def test_from_json_hashable(self): from acme.challenges import DVSNIResponse hash(DVSNIResponse.from_json(self.jmsg_from)) @mock.patch('acme.challenges.socket.gethostbyname') @mock.patch('acme.challenges.crypto_util.probe_sni') def test_probe_cert(self, mock_probe_sni, mock_gethostbyname): mock_gethostbyname.return_value = '127.0.0.1' self.msg.probe_cert('foo.com') mock_gethostbyname.assert_called_once_with('foo.com') mock_probe_sni.assert_called_once_with( host='127.0.0.1', port=self.msg.PORT, name=self.z_domain) self.msg.probe_cert('foo.com', host='8.8.8.8') mock_probe_sni.assert_called_with( host='8.8.8.8', port=mock.ANY, name=mock.ANY) self.msg.probe_cert('foo.com', port=1234) mock_probe_sni.assert_called_with( host=mock.ANY, port=1234, name=mock.ANY) self.msg.probe_cert('foo.com', bar='baz') mock_probe_sni.assert_called_with( host=mock.ANY, port=mock.ANY, name=mock.ANY, bar='baz') self.msg.probe_cert('foo.com', name=b'xxx') mock_probe_sni.assert_called_with( host=mock.ANY, port=mock.ANY, name=self.z_domain) def test_gen_verify_cert(self): key1 = test_util.load_pyopenssl_private_key('rsa512_key.pem') cert, key2 = self.msg.gen_cert(key1) self.assertEqual(key1, key2) self.assertTrue(self.msg.verify_cert(cert)) def test_gen_verify_cert_gen_key(self): cert, key = self.msg.gen_cert() self.assertTrue(isinstance(key, OpenSSL.crypto.PKey)) self.assertTrue(self.msg.verify_cert(cert)) def test_verify_bad_cert(self): self.assertFalse(self.msg.verify_cert(test_util.load_cert('cert.pem'))) def test_simple_verify_wrong_account_key(self): self.assertFalse(self.msg.simple_verify( self.chall, self.domain, jose.JWKRSA.load( test_util.load_vector('rsa256_key.pem')).public_key())) def test_simple_verify_wrong_payload(self): for payload in b'', b'{}': msg = self.msg.update(validation=jose.JWS.sign( payload=payload, key=self.key, alg=jose.RS256)) self.assertFalse(msg.simple_verify( self.chall, self.domain, self.key.public_key())) def test_simple_verify_wrong_token(self): msg = self.msg.update(validation=jose.JWS.sign( payload=self.chall.update(token=(b'b' * 20)).json_dumps().encode(), key=self.key, alg=jose.RS256)) self.assertFalse(msg.simple_verify( self.chall, self.domain, self.key.public_key())) @mock.patch('acme.challenges.DVSNIResponse.verify_cert', autospec=True) def test_simple_verify(self, mock_verify_cert): mock_verify_cert.return_value = mock.sentinel.verification self.assertEqual(mock.sentinel.verification, self.msg.simple_verify( self.chall, self.domain, self.key.public_key(), cert=mock.sentinel.cert)) mock_verify_cert.assert_called_once_with(self.msg, mock.sentinel.cert) def test_simple_verify_false_on_probe_error(self): chall = mock.Mock() chall.probe_cert.side_effect = errors.Error self.assertFalse(self.msg.simple_verify( self.chall, self.domain, self.key.public_key()))