def test_perform(self, mock_restart, mock_dvsni_perform): # Only tests functionality specific to configurator.perform # Note: As more challenges are offered this will have to be expanded auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem) achall1 = achallenges.DVSNI( chall=challenges.DVSNI( r="foo", nonce="bar"), domain="localhost", key=auth_key) achall2 = achallenges.DVSNI( chall=challenges.DVSNI( r="abc", nonce="def"), domain="example.com", key=auth_key) dvsni_ret_val = [ challenges.DVSNIResponse(s="irrelevant"), challenges.DVSNIResponse(s="arbitrary"), ] mock_dvsni_perform.return_value = dvsni_ret_val responses = self.config.perform([achall1, achall2]) self.assertEqual(mock_dvsni_perform.call_count, 1) self.assertEqual(responses, dvsni_ret_val) self.assertEqual(mock_restart.call_count, 1)
def setUp(self): super(DvsniPerformTest, self).setUp() config = util.get_nginx_configurator(self.config_path, self.config_dir, self.work_dir, self.ssl_options) rsa256_file = pkg_resources.resource_filename( "letsencrypt.client.tests", "testdata/rsa256_key.pem") rsa256_pem = pkg_resources.resource_string("letsencrypt.client.tests", "testdata/rsa256_key.pem") auth_key = le_util.Key(rsa256_file, rsa256_pem) from letsencrypt.client.plugins.nginx import dvsni self.sni = dvsni.NginxDvsni(config) self.achalls = [ achallenges.DVSNI(chall=challenges.DVSNI( r="foo", nonce="bar", ), domain="www.example.com", key=auth_key), achallenges.DVSNI(chall=challenges.DVSNI( r="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y\x80" "\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945", nonce="Y\xed\x01L\xac\x95\xf7pW\xb1\xd7" "\xa1\xb2\xc5\x96\xba", ), domain="blah", key=auth_key), ]
def setUp(self): super(DvsniPerformTest, self).setUp() with mock.patch("letsencrypt.client.plugins.apache.configurator." "mod_loaded") as mock_load: mock_load.return_value = True config = util.get_apache_configurator( self.config_path, self.config_dir, self.work_dir, self.ssl_options) from letsencrypt.client.plugins.apache import dvsni self.sni = dvsni.ApacheDvsni(config) rsa256_file = pkg_resources.resource_filename( "letsencrypt.client.tests", "testdata/rsa256_key.pem") rsa256_pem = pkg_resources.resource_string( "letsencrypt.client.tests", "testdata/rsa256_key.pem") auth_key = le_util.Key(rsa256_file, rsa256_pem) self.achalls = [ achallenges.DVSNI( chall=challenges.DVSNI( r="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd\xeb9\xf1" "\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4", nonce="7\xbc^\xb7]>\x00\xa1\x9bOcU\x84^Z\x18", ), domain="encryption-example.demo", key=auth_key), achallenges.DVSNI( chall=challenges.DVSNI( r="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y\x80" "\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945", nonce="Y\xed\x01L\xac\x95\xf7pW\xb1\xd7" "\xa1\xb2\xc5\x96\xba", ), domain="letsencrypt.demo", key=auth_key), ]
def test_perform(self, mock_restart, mock_dvsni_perform): # Only tests functionality specific to configurator.perform # Note: As more challenges are offered this will have to be expanded auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem) achall1 = achallenges.DVSNI(chall=challenges.DVSNI( r="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q", nonce="37bc5eb75d3e00a19b4f6355845e5a18"), domain="encryption-example.demo", key=auth_key) achall2 = achallenges.DVSNI(chall=challenges.DVSNI( r="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU", nonce="59ed014cac95f77057b1d7a1b2c596ba"), domain="letsencrypt.demo", key=auth_key) dvsni_ret_val = [ challenges.DVSNIResponse(s="randomS1"), challenges.DVSNIResponse(s="randomS2"), ] mock_dvsni_perform.return_value = dvsni_ret_val responses = self.config.perform([achall1, achall2]) self.assertEqual(mock_dvsni_perform.call_count, 1) self.assertEqual(responses, dvsni_ret_val) self.assertEqual(mock_restart.call_count, 1)
def setUp(self): from letsencrypt.client.plugins.standalone.authenticator import \ StandaloneAuthenticator self.authenticator = StandaloneAuthenticator(None) self.achall1 = achallenges.DVSNI( challb=acme_util.chall_to_challb( challenges.DVSNI(r="whee", nonce="foo"), "pending"), domain="foo.example.com", key=KEY) self.achall2 = achallenges.DVSNI( challb=acme_util.chall_to_challb( challenges.DVSNI(r="whee", nonce="bar"), "pending"), domain="bar.example.com", key=KEY) bad_achall = ("This", "Represents", "A Non-DVSNI", "Challenge") self.achalls = [self.achall1, self.achall2, bad_achall]
def setUp(self): from letsencrypt.client.standalone_authenticator import \ StandaloneAuthenticator self.authenticator = StandaloneAuthenticator() test_key = pkg_resources.resource_string( __name__, "testdata/rsa256_key.pem") self.key = le_util.Key("something", test_key) self.achall1 = achallenges.DVSNI( chall=challenges.DVSNI(r="whee", nonce="foo"), domain="foo.example.com", key=self.key) self.achall2 = achallenges.DVSNI( chall=challenges.DVSNI(r="whee", nonce="bar"), domain="bar.example.com", key=self.key) bad_achall = ("This", "Represents", "A Non-DVSNI", "Challenge") self.achalls = [self.achall1, self.achall2, bad_achall]
def test_unexpected(self): token = achallenges.RecoveryToken(challb=None, domain="0") unexpected = achallenges.DVSNI(challb=None, domain="0", key="dummy_key") self.assertRaises(errors.LetsEncryptContAuthError, self.auth.cleanup, [token, unexpected])
def _challenge_factory(self, domain, path): """Construct Namedtuple Challenges :param str domain: domain of the enrollee :param list path: List of indices from `challenges`. :returns: dv_chall, list of DVChallenge type :class:`letsencrypt.client.achallenges.Indexed` cont_chall, list of ContinuityChallenge type :class:`letsencrypt.client.achallenges.Indexed` :rtype: tuple :raises errors.LetsEncryptClientError: If Challenge type is not recognized """ dv_chall = [] cont_chall = [] for index in path: chall = self.msgs[domain].challenges[index] if isinstance(chall, challenges.DVSNI): logging.info(" DVSNI challenge for %s.", domain) achall = achallenges.DVSNI( chall=chall, domain=domain, key=self.authkey[domain]) elif isinstance(chall, challenges.SimpleHTTPS): logging.info(" SimpleHTTPS challenge for %s.", domain) achall = achallenges.SimpleHTTPS( chall=chall, domain=domain, key=self.authkey[domain]) elif isinstance(chall, challenges.DNS): logging.info(" DNS challenge for %s.", domain) achall = achallenges.DNS(chall=chall, domain=domain) elif isinstance(chall, challenges.RecoveryToken): logging.info(" Recovery Token Challenge for %s.", domain) achall = achallenges.RecoveryToken(chall=chall, domain=domain) elif isinstance(chall, challenges.RecoveryContact): logging.info(" Recovery Contact Challenge for %s.", domain) achall = achallenges.RecoveryContact(chall=chall, domain=domain) elif isinstance(chall, challenges.ProofOfPossession): logging.info(" Proof-of-Possession Challenge for %s", domain) achall = achallenges.ProofOfPossession( chall=chall, domain=domain) else: raise errors.LetsEncryptClientError( "Received unsupported challenge of type: %s", chall.typ) ichall = achallenges.Indexed(achall=achall, index=index) if isinstance(chall, challenges.ContinuityChallenge): cont_chall.append(ichall) elif isinstance(chall, challenges.DVChallenge): dv_chall.append(ichall) return dv_chall, cont_chall
def setUp(self): from letsencrypt.client.standalone_authenticator import \ StandaloneAuthenticator self.authenticator = StandaloneAuthenticator() self.achall = achallenges.DVSNI( chall=challenges.DVSNI(r="whee", nonce="foononce"), domain="foo.example.com", key="key") self.authenticator.tasks = {self.achall.nonce_domain: "stuff"} self.authenticator.child_pid = 12345
def test_perform_without_challenge_list(self): extra_achall = achallenges.DVSNI(chall="a", domain="b", key="c") # This is wrong because a challenge must be specified. self.assertRaises(ValueError, self.authenticator.perform, []) # This is wrong because it must be a list, not a bare challenge. self.assertRaises( ValueError, self.authenticator.perform, extra_achall) # This is wrong because the list must contain at least one challenge. self.assertRaises( ValueError, self.authenticator.perform, range(20))
def setUp(self): from letsencrypt.client.plugins.standalone.authenticator import \ StandaloneAuthenticator self.authenticator = StandaloneAuthenticator(None) self.achall = achallenges.DVSNI( challb=acme_util.chall_to_challb( challenges.DVSNI(r="whee", nonce="foononce"), "pending"), domain="foo.example.com", key="key") self.authenticator.tasks = {self.achall.nonce_domain: "stuff"} self.authenticator.child_pid = 12345
def setUp(self): from letsencrypt.client.plugins.standalone.authenticator import \ StandaloneAuthenticator self.authenticator = StandaloneAuthenticator(None) self.cert = achallenges.DVSNI( challb=acme_util.DVSNI_P, domain="example.com", key=KEY).gen_cert_and_response()[0] self.authenticator.private_key = PRIVATE_KEY self.authenticator.tasks = {"abcdef.acme.invalid": self.cert} self.authenticator.child_pid = 12345
def setUp(self): from letsencrypt.client.standalone_authenticator import \ StandaloneAuthenticator self.authenticator = StandaloneAuthenticator() test_key = pkg_resources.resource_string( __name__, "testdata/rsa256_key.pem") key = le_util.Key("foo", test_key) self.cert = achallenges.DVSNI( chall=challenges.DVSNI(r="x"*32, nonce="abcdef"), domain="example.com", key=key).gen_cert_and_response()[0] private_key = OpenSSL.crypto.load_privatekey( OpenSSL.crypto.FILETYPE_PEM, key.pem) self.authenticator.private_key = private_key self.authenticator.tasks = {"abcdef.acme.invalid": self.cert} self.authenticator.child_pid = 12345
def challb_to_achall(challb, key, domain): """Converts a ChallengeBody object to an AnnotatedChallenge. :param challb: ChallengeBody :type challb: :class:`letsencrypt.acme.messages2.ChallengeBody` :param key: Key :type key: :class:`letsencrypt.client.le_util.Key` :param str domain: Domain of the challb :returns: Appropriate AnnotatedChallenge :rtype: :class:`letsencrypt.client.achallenges.AnnotatedChallenge` """ chall = challb.chall if isinstance(chall, challenges.DVSNI): logging.info(" DVSNI challenge for %s.", domain) return achallenges.DVSNI( challb=challb, domain=domain, key=key) elif isinstance(chall, challenges.SimpleHTTPS): logging.info(" SimpleHTTPS challenge for %s.", domain) return achallenges.SimpleHTTPS( challb=challb, domain=domain, key=key) elif isinstance(chall, challenges.DNS): logging.info(" DNS challenge for %s.", domain) return achallenges.DNS(challb=challb, domain=domain) elif isinstance(chall, challenges.RecoveryToken): logging.info(" Recovery Token Challenge for %s.", domain) return achallenges.RecoveryToken(challb=challb, domain=domain) elif isinstance(chall, challenges.RecoveryContact): logging.info(" Recovery Contact Challenge for %s.", domain) return achallenges.RecoveryContact( challb=challb, domain=domain) elif isinstance(chall, challenges.ProofOfPossession): logging.info(" Proof-of-Possession Challenge for %s", domain) return achallenges.ProofOfPossession( challb=challb, domain=domain) else: raise errors.LetsEncryptClientError( "Received unsupported challenge of type: %s", chall.typ)
def test_unexpected(self): self.assertRaises( errors.LetsEncryptContAuthError, self.auth.perform, [achallenges.DVSNI(challb=None, domain="0", key="invalid_key")])
def test_bad_cleanup(self): self.assertRaises( ValueError, self.authenticator.cleanup, [achallenges.DVSNI( chall=challenges.DVSNI(r="whee", nonce="badnonce"), domain="bad.example.com", key="key")])
def test_perform_with_pending_tasks(self): self.authenticator.tasks = {"foononce.acme.invalid": "cert_data"} extra_achall = achallenges.DVSNI(chall="a", domain="b", key="c") self.assertRaises( ValueError, self.authenticator.perform, [extra_achall])