def test_same_vhost(self): vhost = next(v for v in self.config.vhosts if v.name == "certbot.demo") achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=((b'a' * 16))), "pending"), domain=vhost.name, account_key=self.account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=((b'b' * 16))), "pending"), domain=next(iter(vhost.aliases)), account_key=self.account_key) ] self.common_perform_test(achalls, [vhost])
def setUp(self, *args, **kwargs): super(ApacheHttp01Test, self).setUp(*args, **kwargs) self.account_key = self.rsa512jwk self.achalls = [] # type: List[achallenges.KeyAuthorizationAnnotatedChallenge] vh_truth = util.get_vh_truth( self.temp_dir, "debian_apache_2_4/multiple_vhosts") # Takes the vhosts for encryption-example.demo, certbot.demo, and # vhost.in.rootconf self.vhosts = [vh_truth[0], vh_truth[3], vh_truth[10]] for i in range(NUM_ACHALLS): self.achalls.append( achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=((chr(ord('a') + i).encode() * 16))), "pending"), domain=self.vhosts[i].name, account_key=self.account_key)) modules = ["rewrite", "authz_core", "authz_host"] for mod in modules: self.config.parser.modules.add("mod_{0}.c".format(mod)) self.config.parser.modules.add(mod + "_module") from certbot_apache.http_01 import ApacheHttp01 self.http = ApacheHttp01(self.config)
def _mock_poll_solve_one_chall(self, authzr, desired_status): # pylint: disable=no-self-use """Dummy method that solves one chall at a time to desired_status. When all are solved.. it changes authzr.status to desired_status """ new_challbs = authzr.body.challenges for challb in authzr.body.challenges: if challb.status != desired_status: new_challbs = tuple( challb_temp if challb_temp != challb else acme_util.chall_to_challb(challb.chall, desired_status) for challb_temp in authzr.body.challenges ) break if all(test_challb.status == desired_status for test_challb in new_challbs): status_ = desired_status else: status_ = authzr.body.status new_authzr = messages.AuthorizationResource( uri=authzr.uri, new_cert_uri=authzr.new_cert_uri, body=messages.Authorization( identifier=authzr.body.identifier, challenges=new_challbs, combinations=authzr.body.combinations, status=status_, ), ) return (new_authzr, "response")
def get_achalls(self): """Return testing achallenges.""" account_key = self.rsa512jwk achall1 = achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01( token="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q"), "pending"), domain="encryption-example.demo", account_key=account_key) achall2 = achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01( token="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU"), "pending"), domain="certbot.demo", account_key=account_key) return account_key, achall1, achall2
def test_anonymous_vhost(self): vhosts = [v for v in self.config.vhosts if not v.ssl] achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=((b'a' * 16))), "pending"), domain="something.nonexistent", account_key=self.account_key)] self.common_perform_test(achalls, vhosts)
def test_configure_multiple_vhosts(self): vhosts = [v for v in self.config.vhosts if "duplicate.example.com" in v.get_names()] self.assertEqual(len(vhosts), 2) achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=((b'a' * 16))), "pending"), domain="duplicate.example.com", account_key=self.account_key)] self.common_perform_test(achalls, vhosts)
def test_activate_disabled_vhost(self): vhosts = [v for v in self.config.vhosts if v.name == "certbot.demo"] achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=((b'a' * 16))), "pending"), domain="certbot.demo", account_key=self.account_key)] vhosts[0].enabled = False self.common_perform_test(achalls, vhosts) matches = self.config.parser.find_dir( "Include", vhosts[0].filep, get_aug_path(self.config.parser.loc["default"])) self.assertEqual(len(matches), 1)
def test_perform_cleanup_multiple_challenges(self): bingo_achall = achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"bingo"), "pending"), domain="thing.com", account_key=KEY) bingo_validation_path = "YmluZ28" os.mkdir(self.partial_root_challenge_path) self.auth.prepare() self.auth.perform([bingo_achall, self.achall]) self.auth.cleanup([self.achall]) self.assertFalse(os.path.exists(bingo_validation_path)) self.assertTrue(os.path.exists(self.root_challenge_path)) self.auth.cleanup([bingo_achall]) self.assertFalse(os.path.exists(self.validation_path)) self.assertFalse(os.path.exists(self.root_challenge_path))
def test_foreign_webconfig_multiple_domains(self): # Covers bug https://github.com/certbot/certbot/issues/9091 achall_2 = achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb(challenges.HTTP01(token=b"bingo"), "pending"), domain="second-thing.com", account_key=KEY) self.config.webroot_map["second-thing.com"] = self.path challenge_path = os.path.join(self.path, ".well-known", "acme-challenge") filesystem.makedirs(challenge_path) webconfig_path = os.path.join(challenge_path, "web.config") with open(webconfig_path, "w") as file: file.write("something") self.auth.perform([self.achall, achall_2])
def _create_achalls(plugin): """Returns a list of annotated challenges to test on plugin""" achalls = list() names = plugin.get_testable_domain_names() for domain in names: prefs = plugin.get_chall_pref(domain) for chall_type in prefs: if chall_type == challenges.TLSSNI01: chall = challenges.TLSSNI01( token=os.urandom(challenges.TLSSNI01.TOKEN_SIZE)) challb = acme_util.chall_to_challb( chall, messages.STATUS_PENDING) achall = achallenges.KeyAuthorizationAnnotatedChallenge( challb=challb, domain=domain, account_key=util.JWK) achalls.append(achall) return achalls
def _create_achalls(plugin): """Returns a list of annotated challenges to test on plugin""" achalls = [] names = plugin.get_testable_domain_names() for domain in names: prefs = plugin.get_chall_pref(domain) for chall_type in prefs: if chall_type == challenges.HTTP01: chall = challenges.HTTP01( token=os.urandom(challenges.HTTP01.TOKEN_SIZE)) challb = acme_util.chall_to_challb(chall, messages.STATUS_PENDING) achall = achallenges.KeyAuthorizationAnnotatedChallenge( challb=challb, domain=domain, account_key=util.JWK) achalls.append(achall) return achalls
def _create_achalls(plugin: common.Proxy) -> List[achallenges.AnnotatedChallenge]: """Returns a list of annotated challenges to test on plugin""" achalls: List[achallenges.AnnotatedChallenge] = [] names = plugin.get_testable_domain_names() for domain in names: prefs = plugin.get_chall_pref(domain) for chall_type in prefs: if chall_type == challenges.HTTP01: # challenges.HTTP01.TOKEN_SIZE is a float but os.urandom # expects an integer. chall = challenges.HTTP01( token=os.urandom(int(challenges.HTTP01.TOKEN_SIZE))) challb = acme_util.chall_to_challb( chall, messages.STATUS_PENDING) achall = achallenges.KeyAuthorizationAnnotatedChallenge( challb=challb, domain=domain, account_key=util.JWK) achalls.append(achall) return achalls
def setUp(self, *args, **kwargs): super(ApacheHttp01Test, self).setUp(*args, **kwargs) self.account_key = self.rsa512jwk self.achalls = [] for i in range(NUM_ACHALLS): self.achalls.append( achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=((chr(ord('a') + i) * 16))), "pending"), domain="example{0}.com".format(i), account_key=self.account_key)) modules = ["alias", "authz_core", "authz_host"] for mod in modules: self.config.parser.modules.add("mod_{0}.c".format(mod)) self.config.parser.modules.add(mod + "_module") from certbot_apache.http_01 import ApacheHttp01 self.http = ApacheHttp01(self.config)
import mock except ImportError: # pragma: no cover from unittest import mock from acme import challenges from certbot import achallenges from certbot import crypto_util from certbot import errors from certbot.compat import filesystem from certbot.compat import os from certbot.tests import acme_util from certbot.tests import util as test_util AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem")) ACHALL = achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb(challenges.HTTP01(token=b'token1'), "pending"), domain="encryption-example.demo", account_key=AUTH_KEY) class NamespaceFunctionsTest(unittest.TestCase): """Tests for certbot.plugins.common.*_namespace functions.""" def test_option_namespace(self): from certbot.plugins.common import option_namespace self.assertEqual("foo-", option_namespace("foo")) def test_dest_namespace(self): from certbot.plugins.common import dest_namespace self.assertEqual("foo_", dest_namespace("foo")) def test_dest_namespace_with_dashes(self):
class HttpPerformTest(util.NginxTest): """Test the NginxHttp01 challenge.""" account_key = AUTH_KEY achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjwOeX0I_A8DXt9Msmg"), "pending"), domain="www.example.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01( token=b"\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y" b"\x80\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945" ), "pending"), domain="ipv6.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01( token=b"\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd" b"\xeb9\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4" ), "pending"), domain="www.example.org", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjxOeX0I_A8DXt9Msmg"), "pending"), domain="migration.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjxOeX0I_A8DXt9Msmg"), "pending"), domain="ipv6ssl.com", account_key=account_key), ] def setUp(self): super().setUp() config = self.get_nginx_configurator( self.config_path, self.config_dir, self.work_dir, self.logs_dir) from certbot_nginx._internal import http_01 self.http01 = http_01.NginxHttp01(config) def test_perform0(self): responses = self.http01.perform() self.assertEqual([], responses) @mock.patch("certbot_nginx._internal.configurator.NginxConfigurator.save") def test_perform1(self, mock_save): self.http01.add_chall(self.achalls[0]) response = self.achalls[0].response(self.account_key) responses = self.http01.perform() self.assertEqual([response], responses) self.assertEqual(mock_save.call_count, 1) def test_perform2(self): acme_responses = [] for achall in self.achalls: self.http01.add_chall(achall) acme_responses.append(achall.response(self.account_key)) http_responses = self.http01.perform() self.assertEqual(len(http_responses), 5) for i in range(5): self.assertEqual(http_responses[i], acme_responses[i]) def test_mod_config(self): self.http01.add_chall(self.achalls[0]) self.http01.add_chall(self.achalls[2]) self.http01._mod_config() # pylint: disable=protected-access self.http01.configurator.save() self.http01.configurator.parser.load() # vhosts = self.http01.configurator.parser.get_vhosts() # for vhost in vhosts: # pass # if the name matches # check that the location block is in there and is correct # if vhost.addrs == set(v_addr1): # response = self.achalls[0].response(self.account_key) # else: # response = self.achalls[2].response(self.account_key) # self.assertEqual(vhost.addrs, set(v_addr2_print)) # self.assertEqual(vhost.names, set([response.z_domain.decode('ascii')])) @mock.patch('certbot_nginx._internal.parser.NginxParser.add_server_directives') def test_mod_config_http_and_https(self, mock_add_server_directives): """A server_name with both HTTP and HTTPS vhosts should get modded in both vhosts""" self.configuration.https_port = 443 self.http01.add_chall(self.achalls[3]) # migration.com self.http01._mod_config() # pylint: disable=protected-access # Domain has an HTTP and HTTPS vhost # 2 * 'rewrite' + 2 * 'return 200 keyauthz' = 4 self.assertEqual(mock_add_server_directives.call_count, 4) @mock.patch('certbot_nginx._internal.parser.nginxparser.dump') @mock.patch('certbot_nginx._internal.parser.NginxParser.add_server_directives') def test_mod_config_only_https(self, mock_add_server_directives, mock_dump): """A server_name with only an HTTPS vhost should get modded""" self.http01.add_chall(self.achalls[4]) # ipv6ssl.com self.http01._mod_config() # pylint: disable=protected-access # It should modify the existing HTTPS vhost self.assertEqual(mock_add_server_directives.call_count, 2) # since there was no suitable HTTP vhost or default HTTP vhost, a non-empty one # should have been created and written to the challenge conf file self.assertNotEqual(mock_dump.call_args[0][0], []) @mock.patch('certbot_nginx._internal.parser.NginxParser.add_server_directives') def test_mod_config_deduplicate(self, mock_add_server_directives): """A vhost that appears in both HTTP and HTTPS vhosts only gets modded once""" achall = achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjxOeX0I_A8DXt9Msmg"), "pending"), domain="ssl.both.com", account_key=AUTH_KEY) self.http01.add_chall(achall) self.http01._mod_config() # pylint: disable=protected-access # Should only get called 5 times, rather than 6, because two vhosts are the same self.assertEqual(mock_add_server_directives.call_count, 5*2) @mock.patch("certbot_nginx._internal.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_no_memoization(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (True, True) self.http01._default_listen_addresses() self.assertEqual(ipv6_info.call_count, 1) ipv6_info.return_value = (False, False) self.http01._default_listen_addresses() self.assertEqual(ipv6_info.call_count, 2) @mock.patch("certbot_nginx._internal.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_t_t(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (True, True) addrs = self.http01._default_listen_addresses() http_addr = Addr.fromstring("80") http_ipv6_addr = Addr.fromstring("[::]:80") self.assertEqual(addrs, [http_addr, http_ipv6_addr]) @mock.patch("certbot_nginx._internal.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_t_f(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (True, False) addrs = self.http01._default_listen_addresses() http_addr = Addr.fromstring("80") http_ipv6_addr = Addr.fromstring("[::]:80 ipv6only=on") self.assertEqual(addrs, [http_addr, http_ipv6_addr]) @mock.patch("certbot_nginx._internal.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_f_f(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (False, False) addrs = self.http01._default_listen_addresses() http_addr = Addr.fromstring("80") self.assertEqual(addrs, [http_addr])
class TlsSniPerformTest(util.NginxTest): """Test the NginxTlsSni01 challenge.""" account_key = common_test.TLSSNI01Test.auth_key achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01(token="kNdwjwOeX0I_A8DXt9Msmg"), "pending"), domain="www.example.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01( token="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y" "\x80\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945"), "pending"), domain="blah", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01( token="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd" "\xeb9\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4"), "pending"), domain="www.example.org", account_key=account_key), ] def setUp(self): super(TlsSniPerformTest, self).setUp() config = util.get_nginx_configurator(self.config_path, self.config_dir, self.work_dir) from certbot_nginx import tls_sni_01 self.sni = tls_sni_01.NginxTlsSni01(config) def tearDown(self): shutil.rmtree(self.temp_dir) shutil.rmtree(self.config_dir) shutil.rmtree(self.work_dir) @mock.patch("certbot_nginx.configurator" ".NginxConfigurator.choose_vhost") def test_perform(self, mock_choose): self.sni.add_chall(self.achalls[1]) mock_choose.return_value = None result = self.sni.perform() self.assertTrue(result is None) def test_perform0(self): responses = self.sni.perform() self.assertEqual([], responses) @mock.patch("certbot_nginx.configurator.NginxConfigurator.save") def test_perform1(self, mock_save): self.sni.add_chall(self.achalls[0]) response = self.achalls[0].response(self.account_key) mock_setup_cert = mock.MagicMock(return_value=response) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert responses = self.sni.perform() mock_setup_cert.assert_called_once_with(self.achalls[0]) self.assertEqual([response], responses) self.assertEqual(mock_save.call_count, 2) # Make sure challenge config is included in main config http = self.sni.configurator.parser.parsed[ self.sni.configurator.parser.loc["root"]][-1] self.assertTrue( util.contains_at_depth(http, ['include', self.sni.challenge_conf], 1)) def test_perform2(self): acme_responses = [] for achall in self.achalls: self.sni.add_chall(achall) acme_responses.append(achall.response(self.account_key)) mock_setup_cert = mock.MagicMock(side_effect=acme_responses) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert sni_responses = self.sni.perform() self.assertEqual(mock_setup_cert.call_count, 3) for index, achall in enumerate(self.achalls): self.assertEqual(mock_setup_cert.call_args_list[index], mock.call(achall)) http = self.sni.configurator.parser.parsed[ self.sni.configurator.parser.loc["root"]][-1] self.assertTrue(['include', self.sni.challenge_conf] in http[1]) self.assertTrue( util.contains_at_depth(http, ['server_name', 'blah'], 3)) self.assertEqual(len(sni_responses), 3) for i in xrange(3): self.assertEqual(sni_responses[i], acme_responses[i]) def test_mod_config(self): self.sni.add_chall(self.achalls[0]) self.sni.add_chall(self.achalls[2]) v_addr1 = [ obj.Addr("69.50.225.155", "9000", True, False), obj.Addr("127.0.0.1", "", False, False) ] v_addr2 = [obj.Addr("myhost", "", False, True)] ll_addr = [v_addr1, v_addr2] self.sni._mod_config(ll_addr) # pylint: disable=protected-access self.sni.configurator.save() self.sni.configurator.parser.load() http = self.sni.configurator.parser.parsed[ self.sni.configurator.parser.loc["root"]][-1] self.assertTrue(['include', self.sni.challenge_conf] in http[1]) vhosts = self.sni.configurator.parser.get_vhosts() vhs = [vh for vh in vhosts if vh.filep == self.sni.challenge_conf] for vhost in vhs: if vhost.addrs == set(v_addr1): response = self.achalls[0].response(self.account_key) else: response = self.achalls[2].response(self.account_key) self.assertEqual(vhost.addrs, set(v_addr2)) self.assertEqual(vhost.names, set([response.z_domain])) self.assertEqual(len(vhs), 2) def test_mod_config_fail(self): root = self.sni.configurator.parser.loc["root"] self.sni.configurator.parser.parsed[root] = [['include', 'foo.conf']] # pylint: disable=protected-access self.assertRaises(errors.MisconfigurationError, self.sni._mod_config, [])
import mock import OpenSSL from acme import challenges from certbot import achallenges from certbot import crypto_util from certbot import errors from certbot.tests import acme_util from certbot.tests import util as test_util AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem")) ACHALLS = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01(token=b'token1'), "pending"), domain="encryption-example.demo", account_key=AUTH_KEY), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01(token=b'token2'), "pending"), domain="certbot.demo", account_key=AUTH_KEY), ] class NamespaceFunctionsTest(unittest.TestCase): """Tests for certbot.plugins.common.*_namespace functions.""" def test_option_namespace(self): from certbot.plugins.common import option_namespace self.assertEqual("foo-", option_namespace("foo")) def test_dest_namespace(self):
class HttpPerformTest(util.NginxTest): """Test the NginxHttp01 challenge.""" account_key = common_test.AUTH_KEY achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjwOeX0I_A8DXt9Msmg"), "pending"), domain="www.example.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01( token=b"\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y" b"\x80\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945"), "pending"), domain="ipv6.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01( token=b"\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd" b"\xeb9\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4"), "pending"), domain="www.example.org", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjxOeX0I_A8DXt9Msmg"), "pending"), domain="migration.com", account_key=account_key), ] def setUp(self): super(HttpPerformTest, self).setUp() config = util.get_nginx_configurator(self.config_path, self.config_dir, self.work_dir, self.logs_dir) from certbot_nginx import http_01 self.http01 = http_01.NginxHttp01(config) def tearDown(self): shutil.rmtree(self.temp_dir) shutil.rmtree(self.config_dir) shutil.rmtree(self.work_dir) def test_perform0(self): responses = self.http01.perform() self.assertEqual([], responses) @mock.patch("certbot_nginx.configurator.NginxConfigurator.save") def test_perform1(self, mock_save): self.http01.add_chall(self.achalls[0]) response = self.achalls[0].response(self.account_key) responses = self.http01.perform() self.assertEqual([response], responses) self.assertEqual(mock_save.call_count, 1) def test_perform2(self): acme_responses = [] for achall in self.achalls: self.http01.add_chall(achall) acme_responses.append(achall.response(self.account_key)) sni_responses = self.http01.perform() self.assertEqual(len(sni_responses), 4) for i in six.moves.range(4): self.assertEqual(sni_responses[i], acme_responses[i]) def test_mod_config(self): self.http01.add_chall(self.achalls[0]) self.http01.add_chall(self.achalls[2]) self.http01._mod_config() # pylint: disable=protected-access self.http01.configurator.save() self.http01.configurator.parser.load()
import josepy as jose import mock from acme import challenges from certbot import achallenges from certbot import crypto_util from certbot import errors from certbot.compat import os from certbot.tests import acme_util from certbot.tests import util as test_util AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem")) ACHALLS = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb(challenges.TLSSNI01(token=b'token1'), "pending"), domain="encryption-example.demo", account_key=AUTH_KEY), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb(challenges.TLSSNI01(token=b'token2'), "pending"), domain="certbot.demo", account_key=AUTH_KEY), ] class NamespaceFunctionsTest(unittest.TestCase): """Tests for certbot.plugins.common.*_namespace functions.""" def test_option_namespace(self): from certbot.plugins.common import option_namespace self.assertEqual("foo-", option_namespace("foo"))
class HttpPerformTest(util.NginxTest): """Test the NginxHttp01 challenge.""" account_key = common_test.AUTH_KEY achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjwOeX0I_A8DXt9Msmg"), "pending"), domain="www.example.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01( token=b"\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y" b"\x80\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945" ), "pending"), domain="ipv6.com", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01( token=b"\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd" b"\xeb9\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4" ), "pending"), domain="www.example.org", account_key=account_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.HTTP01(token=b"kNdwjxOeX0I_A8DXt9Msmg"), "pending"), domain="migration.com", account_key=account_key), ] def setUp(self): super(HttpPerformTest, self).setUp() config = self.get_nginx_configurator( self.config_path, self.config_dir, self.work_dir, self.logs_dir) from certbot_nginx import http_01 self.http01 = http_01.NginxHttp01(config) def test_perform0(self): responses = self.http01.perform() self.assertEqual([], responses) @mock.patch("certbot_nginx.configurator.NginxConfigurator.save") def test_perform1(self, mock_save): self.http01.add_chall(self.achalls[0]) response = self.achalls[0].response(self.account_key) responses = self.http01.perform() self.assertEqual([response], responses) self.assertEqual(mock_save.call_count, 1) def test_perform2(self): acme_responses = [] for achall in self.achalls: self.http01.add_chall(achall) acme_responses.append(achall.response(self.account_key)) http_responses = self.http01.perform() self.assertEqual(len(http_responses), 4) for i in six.moves.range(4): self.assertEqual(http_responses[i], acme_responses[i]) def test_mod_config(self): self.http01.add_chall(self.achalls[0]) self.http01.add_chall(self.achalls[2]) self.http01._mod_config() # pylint: disable=protected-access self.http01.configurator.save() self.http01.configurator.parser.load() # vhosts = self.http01.configurator.parser.get_vhosts() # for vhost in vhosts: # pass # if the name matches # check that the location block is in there and is correct # if vhost.addrs == set(v_addr1): # response = self.achalls[0].response(self.account_key) # else: # response = self.achalls[2].response(self.account_key) # self.assertEqual(vhost.addrs, set(v_addr2_print)) # self.assertEqual(vhost.names, set([response.z_domain.decode('ascii')])) @mock.patch("certbot_nginx.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_no_memoization(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (True, True) self.http01._default_listen_addresses() self.assertEqual(ipv6_info.call_count, 1) ipv6_info.return_value = (False, False) self.http01._default_listen_addresses() self.assertEqual(ipv6_info.call_count, 2) @mock.patch("certbot_nginx.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_t_t(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (True, True) addrs = self.http01._default_listen_addresses() http_addr = Addr.fromstring("80") http_ipv6_addr = Addr.fromstring("[::]:80") self.assertEqual(addrs, [http_addr, http_ipv6_addr]) @mock.patch("certbot_nginx.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_t_f(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (True, False) addrs = self.http01._default_listen_addresses() http_addr = Addr.fromstring("80") http_ipv6_addr = Addr.fromstring("[::]:80 ipv6only=on") self.assertEqual(addrs, [http_addr, http_ipv6_addr]) @mock.patch("certbot_nginx.configurator.NginxConfigurator.ipv6_info") def test_default_listen_addresses_f_f(self, ipv6_info): # pylint: disable=protected-access ipv6_info.return_value = (False, False) addrs = self.http01._default_listen_addresses() http_addr = Addr.fromstring("80") self.assertEqual(addrs, [http_addr])
class TLSSNI01Test(unittest.TestCase): """Tests for certbot.plugins.common.TLSSNI01.""" auth_key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem")) achalls = [ achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01(token=b'token1'), "pending"), domain="encryption-example.demo", account_key=auth_key), achallenges.KeyAuthorizationAnnotatedChallenge( challb=acme_util.chall_to_challb( challenges.TLSSNI01(token=b'token2'), "pending"), domain="certbot.demo", account_key=auth_key), ] def setUp(self): self.tempdir = tempfile.mkdtemp() configurator = mock.MagicMock() configurator.config.config_dir = os.path.join(self.tempdir, "config") configurator.config.work_dir = os.path.join(self.tempdir, "work") from certbot.plugins.common import TLSSNI01 self.sni = TLSSNI01(configurator=configurator) def tearDown(self): shutil.rmtree(self.tempdir) def test_add_chall(self): self.sni.add_chall(self.achalls[0], 0) self.assertEqual(1, len(self.sni.achalls)) self.assertEqual([0], self.sni.indices) def test_setup_challenge_cert(self): # This is a helper function that can be used for handling # open context managers more elegantly. It avoids dealing with # __enter__ and __exit__ calls. # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open mock_open, mock_safe_open = mock.mock_open(), mock.mock_open() response = challenges.TLSSNI01Response() achall = mock.MagicMock() achall.chall.encode.return_value = "token" key = test_util.load_pyopenssl_private_key("rsa512_key.pem") achall.response_and_validation.return_value = (response, ( test_util.load_cert("cert_512.pem"), key)) with mock.patch("certbot.plugins.common.open", mock_open, create=True): with mock.patch("certbot.plugins.common.util.safe_open", mock_safe_open): # pylint: disable=protected-access self.assertEqual( response, self.sni._setup_challenge_cert(achall, "randomS1")) # pylint: disable=no-member mock_open.assert_called_once_with(self.sni.get_cert_path(achall), "wb") mock_open.return_value.write.assert_called_once_with( test_util.load_vector("cert_512.pem")) mock_safe_open.assert_called_once_with(self.sni.get_key_path(achall), "wb", chmod=0o400) mock_safe_open.return_value.write.assert_called_once_with( OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key)) def test_get_z_domain(self): achall = self.achalls[0] self.assertEqual( self.sni.get_z_domain(achall), achall.response(achall.account_key).z_domain.decode("utf-8"))