Пример #1
0
class DVSNIResponseTest(unittest.TestCase):
    # pylint: disable=too-many-instance-attributes

    def setUp(self):
        self.key = jose.JWKRSA(key=KEY)

        from acme.challenges import DVSNI
        self.chall = DVSNI(
            token=jose.b64decode(b'a82d5ff8ef740d12881f6d3c2277ab2e'))

        from acme.challenges import DVSNIResponse
        self.validation = jose.JWS.sign(
            payload=self.chall.json_dumps(sort_keys=True).encode(),
            key=self.key,
            alg=jose.RS256)
        self.msg = DVSNIResponse(validation=self.validation)
        self.jmsg_to = {
            'resource': 'challenge',
            'type': 'dvsni',
            'validation': self.validation,
        }
        self.jmsg_from = {
            'resource': 'challenge',
            'type': 'dvsni',
            'validation': self.validation.to_json(),
        }

        # pylint: disable=invalid-name
        label1 = b'e2df3498860637c667fedadc5a8494ec'
        label2 = b'09dcc75553c9b3bd73662b50e71b1e42'
        self.z = label1 + label2
        self.z_domain = label1 + b'.' + label2 + b'.acme.invalid'
        self.domain = 'foo.com'

    def test_z_and_domain(self):
        self.assertEqual(self.z, self.msg.z)
        self.assertEqual(self.z_domain, self.msg.z_domain)

    def test_to_partial_json(self):
        self.assertEqual(self.jmsg_to, self.msg.to_partial_json())

    def test_from_json(self):
        from acme.challenges import DVSNIResponse
        self.assertEqual(self.msg, DVSNIResponse.from_json(self.jmsg_from))

    def test_from_json_hashable(self):
        from acme.challenges import DVSNIResponse
        hash(DVSNIResponse.from_json(self.jmsg_from))

    @mock.patch('acme.challenges.socket.gethostbyname')
    @mock.patch('acme.challenges.crypto_util.probe_sni')
    def test_probe_cert(self, mock_probe_sni, mock_gethostbyname):
        mock_gethostbyname.return_value = '127.0.0.1'
        self.msg.probe_cert('foo.com')
        mock_gethostbyname.assert_called_once_with('foo.com')
        mock_probe_sni.assert_called_once_with(host='127.0.0.1',
                                               port=self.msg.PORT,
                                               name=self.z_domain)

        self.msg.probe_cert('foo.com', host='8.8.8.8')
        mock_probe_sni.assert_called_with(host='8.8.8.8',
                                          port=mock.ANY,
                                          name=mock.ANY)

        self.msg.probe_cert('foo.com', port=1234)
        mock_probe_sni.assert_called_with(host=mock.ANY,
                                          port=1234,
                                          name=mock.ANY)

        self.msg.probe_cert('foo.com', bar='baz')
        mock_probe_sni.assert_called_with(host=mock.ANY,
                                          port=mock.ANY,
                                          name=mock.ANY,
                                          bar='baz')

        self.msg.probe_cert('foo.com', name=b'xxx')
        mock_probe_sni.assert_called_with(host=mock.ANY,
                                          port=mock.ANY,
                                          name=self.z_domain)

    def test_gen_verify_cert(self):
        key1 = test_util.load_pyopenssl_private_key('rsa512_key.pem')
        cert, key2 = self.msg.gen_cert(key1)
        self.assertEqual(key1, key2)
        self.assertTrue(self.msg.verify_cert(cert))

    def test_gen_verify_cert_gen_key(self):
        cert, key = self.msg.gen_cert()
        self.assertTrue(isinstance(key, OpenSSL.crypto.PKey))
        self.assertTrue(self.msg.verify_cert(cert))

    def test_verify_bad_cert(self):
        self.assertFalse(self.msg.verify_cert(test_util.load_cert('cert.pem')))

    def test_simple_verify_wrong_account_key(self):
        self.assertFalse(
            self.msg.simple_verify(
                self.chall, self.domain,
                jose.JWKRSA.load(
                    test_util.load_vector('rsa256_key.pem')).public_key()))

    def test_simple_verify_wrong_payload(self):
        for payload in b'', b'{}':
            msg = self.msg.update(validation=jose.JWS.sign(
                payload=payload, key=self.key, alg=jose.RS256))
            self.assertFalse(
                msg.simple_verify(self.chall, self.domain,
                                  self.key.public_key()))

    def test_simple_verify_wrong_token(self):
        msg = self.msg.update(
            validation=jose.JWS.sign(payload=self.chall.update(
                token=(b'b' * 20)).json_dumps().encode(),
                                     key=self.key,
                                     alg=jose.RS256))
        self.assertFalse(
            msg.simple_verify(self.chall, self.domain, self.key.public_key()))

    @mock.patch('acme.challenges.DVSNIResponse.verify_cert', autospec=True)
    def test_simple_verify(self, mock_verify_cert):
        mock_verify_cert.return_value = mock.sentinel.verification
        self.assertEqual(
            mock.sentinel.verification,
            self.msg.simple_verify(self.chall,
                                   self.domain,
                                   self.key.public_key(),
                                   cert=mock.sentinel.cert))
        mock_verify_cert.assert_called_once_with(self.msg, mock.sentinel.cert)

    @mock.patch('acme.challenges.DVSNIResponse.probe_cert')
    def test_simple_verify_false_on_probe_error(self, mock_probe_cert):
        mock_probe_cert.side_effect = errors.Error
        self.assertFalse(
            self.msg.simple_verify(self.chall, self.domain,
                                   self.key.public_key()))
Пример #2
0
class DVSNIResponseTest(unittest.TestCase):
    # pylint: disable=too-many-instance-attributes

    def setUp(self):
        self.key = jose.JWKRSA(key=KEY)

        from acme.challenges import DVSNI
        self.chall = DVSNI(
            token=jose.b64decode(b'a82d5ff8ef740d12881f6d3c2277ab2e'))

        from acme.challenges import DVSNIResponse
        self.validation = jose.JWS.sign(
            payload=self.chall.json_dumps(sort_keys=True).encode(),
            key=self.key, alg=jose.RS256)
        self.msg = DVSNIResponse(validation=self.validation)
        self.jmsg_to = {
            'resource': 'challenge',
            'type': 'dvsni',
            'validation': self.validation,
        }
        self.jmsg_from = {
            'resource': 'challenge',
            'type': 'dvsni',
            'validation': self.validation.to_json(),
        }

        # pylint: disable=invalid-name
        label1 = b'e2df3498860637c667fedadc5a8494ec'
        label2 = b'09dcc75553c9b3bd73662b50e71b1e42'
        self.z = label1 + label2
        self.z_domain = label1 + b'.' + label2 + b'.acme.invalid'
        self.domain = 'foo.com'

    def test_z_and_domain(self):
        self.assertEqual(self.z, self.msg.z)
        self.assertEqual(self.z_domain, self.msg.z_domain)

    def test_to_partial_json(self):
        self.assertEqual(self.jmsg_to, self.msg.to_partial_json())

    def test_from_json(self):
        from acme.challenges import DVSNIResponse
        self.assertEqual(self.msg, DVSNIResponse.from_json(self.jmsg_from))

    def test_from_json_hashable(self):
        from acme.challenges import DVSNIResponse
        hash(DVSNIResponse.from_json(self.jmsg_from))

    @mock.patch('acme.challenges.socket.gethostbyname')
    @mock.patch('acme.challenges.crypto_util.probe_sni')
    def test_probe_cert(self, mock_probe_sni, mock_gethostbyname):
        mock_gethostbyname.return_value = '127.0.0.1'
        self.msg.probe_cert('foo.com')
        mock_gethostbyname.assert_called_once_with('foo.com')
        mock_probe_sni.assert_called_once_with(
            host='127.0.0.1', port=self.msg.PORT,
            name=self.z_domain)

        self.msg.probe_cert('foo.com', host='8.8.8.8')
        mock_probe_sni.assert_called_with(
            host='8.8.8.8', port=mock.ANY, name=mock.ANY)

        self.msg.probe_cert('foo.com', port=1234)
        mock_probe_sni.assert_called_with(
            host=mock.ANY, port=1234, name=mock.ANY)

        self.msg.probe_cert('foo.com', bar='baz')
        mock_probe_sni.assert_called_with(
            host=mock.ANY, port=mock.ANY, name=mock.ANY, bar='baz')

        self.msg.probe_cert('foo.com', name=b'xxx')
        mock_probe_sni.assert_called_with(
            host=mock.ANY, port=mock.ANY,
            name=self.z_domain)

    def test_gen_verify_cert(self):
        key1 = test_util.load_pyopenssl_private_key('rsa512_key.pem')
        cert, key2 = self.msg.gen_cert(key1)
        self.assertEqual(key1, key2)
        self.assertTrue(self.msg.verify_cert(cert))

    def test_gen_verify_cert_gen_key(self):
        cert, key = self.msg.gen_cert()
        self.assertTrue(isinstance(key, OpenSSL.crypto.PKey))
        self.assertTrue(self.msg.verify_cert(cert))

    def test_verify_bad_cert(self):
        self.assertFalse(self.msg.verify_cert(test_util.load_cert('cert.pem')))

    def test_simple_verify_wrong_account_key(self):
        self.assertFalse(self.msg.simple_verify(
            self.chall, self.domain, jose.JWKRSA.load(
                test_util.load_vector('rsa256_key.pem')).public_key()))

    def test_simple_verify_wrong_payload(self):
        for payload in b'', b'{}':
            msg = self.msg.update(validation=jose.JWS.sign(
                payload=payload, key=self.key, alg=jose.RS256))
            self.assertFalse(msg.simple_verify(
                self.chall, self.domain, self.key.public_key()))

    def test_simple_verify_wrong_token(self):
        msg = self.msg.update(validation=jose.JWS.sign(
            payload=self.chall.update(token=(b'b' * 20)).json_dumps().encode(),
            key=self.key, alg=jose.RS256))
        self.assertFalse(msg.simple_verify(
            self.chall, self.domain, self.key.public_key()))

    @mock.patch('acme.challenges.DVSNIResponse.verify_cert', autospec=True)
    def test_simple_verify(self, mock_verify_cert):
        mock_verify_cert.return_value = mock.sentinel.verification
        self.assertEqual(mock.sentinel.verification, self.msg.simple_verify(
            self.chall, self.domain, self.key.public_key(),
            cert=mock.sentinel.cert))
        mock_verify_cert.assert_called_once_with(self.msg, mock.sentinel.cert)

    def test_simple_verify_false_on_probe_error(self):
        chall = mock.Mock()
        chall.probe_cert.side_effect = errors.Error
        self.assertFalse(self.msg.simple_verify(
            self.chall, self.domain, self.key.public_key()))