def test_perform(self, mock_restart, mock_dvsni_perform):
# Only tests functionality specific to configurator.perform
# Note: As more challenges are offered this will have to be expanded
achall1 = achallenges.KeyAuthorizationAnnotatedChallenge(
challb=messages.ChallengeBody(
chall=challenges.TLSSNI01(token="kNdwjwOeX0I_A8DXt9Msmg"),
uri="https://ca.org/chall0_uri",
status=messages.Status("pending"),
),
domain="localhost",
account_key=self.rsa512jwk)
achall2 = achallenges.KeyAuthorizationAnnotatedChallenge(
challb=messages.ChallengeBody(
chall=challenges.TLSSNI01(token="m8TdO1qik4JVFtgPPurJmg"),
uri="https://ca.org/chall1_uri",
status=messages.Status("pending"),
),
domain="example.com",
account_key=self.rsa512jwk)
dvsni_ret_val = [
achall1.response(self.rsa512jwk),
achall2.response(self.rsa512jwk),
]
mock_dvsni_perform.return_value = dvsni_ret_val
responses = self.config.perform([achall1, achall2])
self.assertEqual(mock_dvsni_perform.call_count, 1)
self.assertEqual(responses, dvsni_ret_val)
self.assertEqual(mock_restart.call_count, 1)
def test_perform(self, mock_restart, mock_dvsni_perform):
# Only tests functionality specific to configurator.perform
# Note: As more challenges are offered this will have to be expanded
auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem)
achall1 = achallenges.DVSNI(challb=messages.ChallengeBody(
chall=challenges.DVSNI(r="foo", nonce="bar"),
uri="https://ca.org/chall0_uri",
status=messages.Status("pending"),
),
domain="localhost",
key=auth_key)
achall2 = achallenges.DVSNI(challb=messages.ChallengeBody(
chall=challenges.DVSNI(r="abc", nonce="def"),
uri="https://ca.org/chall1_uri",
status=messages.Status("pending"),
),
domain="example.com",
key=auth_key)
dvsni_ret_val = [
challenges.DVSNIResponse(s="irrelevant"),
challenges.DVSNIResponse(s="arbitrary"),
]
mock_dvsni_perform.return_value = dvsni_ret_val
responses = self.config.perform([achall1, achall2])
self.assertEqual(mock_dvsni_perform.call_count, 1)
self.assertEqual(responses, dvsni_ret_val)
self.assertEqual(mock_restart.call_count, 1)
def test_perform_and_cleanup(self, mock_revert, mock_restart, mock_http_perform,
mock_tls_perform):
# Only tests functionality specific to configurator.perform
# Note: As more challenges are offered this will have to be expanded
achall1 = achallenges.KeyAuthorizationAnnotatedChallenge(
challb=messages.ChallengeBody(
chall=challenges.TLSSNI01(token=b"kNdwjwOeX0I_A8DXt9Msmg"),
uri="https://ca.org/chall0_uri",
status=messages.Status("pending"),
), domain="localhost", account_key=self.rsa512jwk)
achall2 = achallenges.KeyAuthorizationAnnotatedChallenge(
challb=messages.ChallengeBody(
chall=challenges.HTTP01(token=b"m8TdO1qik4JVFtgPPurJmg"),
uri="https://ca.org/chall1_uri",
status=messages.Status("pending"),
), domain="example.com", account_key=self.rsa512jwk)
expected = [
achall1.response(self.rsa512jwk),
achall2.response(self.rsa512jwk),
]
mock_tls_perform.return_value = expected[:1]
mock_http_perform.return_value = expected[1:]
responses = self.config.perform([achall1, achall2])
self.assertEqual(mock_tls_perform.call_count, 1)
self.assertEqual(mock_http_perform.call_count, 1)
self.assertEqual(responses, expected)
self.config.cleanup([achall1, achall2])
self.assertEqual(0, self.config._chall_out) # pylint: disable=protected-access
self.assertEqual(mock_revert.call_count, 1)
self.assertEqual(mock_restart.call_count, 2)
def test_perform_and_cleanup(self, request_info):
# GIVEN a HTTP authnticator challenge
account_key = jose.JWKRSA.load(
pkg_resources.resource_string(
__name__, os.path.join('testdata', 'rsa512_key.pem')))
token = b"m8TdO1qik4JVFtgPPurJmg"
domain = "example.com"
achall = achallenges.KeyAuthorizationAnnotatedChallenge(
challb=messages.ChallengeBody(
chall=challenges.HTTP01(token=token),
uri="https://ca.org/chall1_uri",
status=messages.Status("pending"),
),
domain=domain,
account_key=account_key)
expected = [
achall.response(account_key),
]
# WHEN the challenge is performed and cleaned up
responses = self.configurator.perform([achall])
self.configurator.cleanup([achall])
# THEN a ACME challenge service is created and
# then cleaned up in Kong.
calls = request_info.mock_calls
requests = self._get_write_requests(calls)
self.assertEqual(responses, expected)
acme_service_requests = requests[0:3]
cleanup_requests = requests[3:]
service_id = requests[0][1][len("/services/"):]
plugin_id = requests[1][1][len("/plugins/"):]
route_id = requests[2][1][len("/routes/"):]
self.assertEqual(acme_service_requests,
[("PUT", "/services/" + service_id, {
"name": "certbot-kong_TEMPORARY_ACME_challenge",
"url": "http://invalid.example.com"
}),
("PUT", "/plugins/" + plugin_id, {
"service": {
"id": service_id
},
"name": "request-termination",
"config": {
"status_code": 200,
"content_type": "text/plain",
"body": achall.validation(achall.account_key)
}
}),
("PUT", "/routes/" + route_id, {
"service": {
"id": service_id
},
"paths": [
"/.well-known/acme-challenge/" +
achall.chall.encode("token")
],
"hosts": [domain],
"protocols": ["http"]
})])
self.assertEqual(cleanup_requests,
[("DELETE", "/routes/" + route_id, None),
("DELETE", "/plugins/" + plugin_id, None),
("DELETE", "/services/" + service_id, None)])