def test_perform(self, mock_restart, mock_dvsni_perform):
        # Only tests functionality specific to configurator.perform
        # Note: As more challenges are offered this will have to be expanded
        auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem)
        achall1 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q",
                    nonce="37bc5eb75d3e00a19b4f6355845e5a18"),
                "pending"),
            domain="encryption-example.demo", key=auth_key)
        achall2 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU",
                    nonce="59ed014cac95f77057b1d7a1b2c596ba"),
                "pending"),
            domain="letsencrypt.demo", key=auth_key)

        dvsni_ret_val = [
            challenges.DVSNIResponse(s="randomS1"),
            challenges.DVSNIResponse(s="randomS2"),
        ]

        mock_dvsni_perform.return_value = dvsni_ret_val
        responses = self.config.perform([achall1, achall2])

        self.assertEqual(mock_dvsni_perform.call_count, 1)
        self.assertEqual(responses, dvsni_ret_val)

        self.assertEqual(mock_restart.call_count, 1)
示例#2
0
class TLSSNI01Test(unittest.TestCase):
    """Tests for letsencrypt.plugins.common.TLSSNI01."""

    auth_key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
    achalls = [
        achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.chall_to_challb(
                challenges.TLSSNI01(token=b'token1'), "pending"),
            domain="encryption-example.demo",
            account_key=auth_key),
        achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.chall_to_challb(
                challenges.TLSSNI01(token=b'token2'), "pending"),
            domain="letsencrypt.demo",
            account_key=auth_key),
    ]

    def setUp(self):
        from letsencrypt.plugins.common import TLSSNI01
        self.sni = TLSSNI01(configurator=mock.MagicMock())

    def test_add_chall(self):
        self.sni.add_chall(self.achalls[0], 0)
        self.assertEqual(1, len(self.sni.achalls))
        self.assertEqual([0], self.sni.indices)

    def test_setup_challenge_cert(self):
        # This is a helper function that can be used for handling
        # open context managers more elegantly. It avoids dealing with
        # __enter__ and __exit__ calls.
        # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open
        mock_open, mock_safe_open = mock.mock_open(), mock.mock_open()

        response = challenges.TLSSNI01Response()
        achall = mock.MagicMock()
        key = test_util.load_pyopenssl_private_key("rsa512_key.pem")
        achall.response_and_validation.return_value = (response, (
            test_util.load_cert("cert.pem"), key))

        with mock.patch("letsencrypt.plugins.common.open",
                        mock_open,
                        create=True):
            with mock.patch("letsencrypt.plugins.common.le_util.safe_open",
                            mock_safe_open):
                # pylint: disable=protected-access
                self.assertEqual(
                    response,
                    self.sni._setup_challenge_cert(achall, "randomS1"))

        # pylint: disable=no-member
        mock_open.assert_called_once_with(self.sni.get_cert_path(achall), "wb")
        mock_open.return_value.write.assert_called_once_with(
            test_util.load_vector("cert.pem"))
        mock_safe_open.assert_called_once_with(self.sni.get_key_path(achall),
                                               "wb",
                                               chmod=0o400)
        mock_safe_open.return_value.write.assert_called_once_with(
            OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key))
示例#3
0
class DvsniTest(unittest.TestCase):
    """Tests for letsencrypt.plugins.common.DvsniTest."""

    rsa256_file = pkg_resources.resource_filename(
        "acme.jose", "testdata/rsa256_key.pem")
    rsa256_pem = pkg_resources.resource_string(
        "acme.jose", "testdata/rsa256_key.pem")

    auth_key = le_util.Key(rsa256_file, rsa256_pem)
    achalls = [
        achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd\xeb9"
                      "\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4",
                    nonce="7\xbc^\xb7]>\x00\xa1\x9bOcU\x84^Z\x18",
                ), "pending"),
            domain="encryption-example.demo", key=auth_key),
        achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y\x80"
                    "\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945",
                    nonce="Y\xed\x01L\xac\x95\xf7pW\xb1\xd7\xa1\xb2\xc5"
                          "\x96\xba",
                ), "pending"),
            domain="letsencrypt.demo", key=auth_key),
    ]

    def setUp(self):
        from letsencrypt.plugins.common import Dvsni
        self.sni = Dvsni(configurator=mock.MagicMock())

    def test_setup_challenge_cert(self):
        # This is a helper function that can be used for handling
        # open context managers more elegantly. It avoids dealing with
        # __enter__ and __exit__ calls.
        # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open
        m_open = mock.mock_open()

        response = challenges.DVSNIResponse(s="randomS1")
        achall = mock.MagicMock(nonce=self.achalls[0].nonce,
                                nonce_domain=self.achalls[0].nonce_domain)
        achall.gen_cert_and_response.return_value = ("pem", response)

        with mock.patch("letsencrypt.plugins.common.open", m_open, create=True):
            # pylint: disable=protected-access
            self.assertEqual(response, self.sni._setup_challenge_cert(
                achall, "randomS1"))

            self.assertTrue(m_open.called)
            self.assertEqual(
                m_open.call_args[0], (self.sni.get_cert_file(achall), "w"))
            self.assertEqual(m_open().write.call_args[0][0], "pem")
示例#4
0
class DvsniTest(unittest.TestCase):
    """Tests for letsencrypt.plugins.common.DvsniTest."""

    auth_key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
    achalls = [
        achallenges.DVSNI(challb=acme_util.chall_to_challb(
            challenges.DVSNI(token=b'dvsni1'), "pending"),
                          domain="encryption-example.demo",
                          account_key=auth_key),
        achallenges.DVSNI(challb=acme_util.chall_to_challb(
            challenges.DVSNI(token=b'dvsni2'), "pending"),
                          domain="letsencrypt.demo",
                          account_key=auth_key),
    ]

    def setUp(self):
        from letsencrypt.plugins.common import Dvsni
        self.sni = Dvsni(configurator=mock.MagicMock())

    def test_add_chall(self):
        self.sni.add_chall(self.achalls[0], 0)
        self.assertEqual(1, len(self.sni.achalls))
        self.assertEqual([0], self.sni.indices)

    def test_setup_challenge_cert(self):
        # This is a helper function that can be used for handling
        # open context managers more elegantly. It avoids dealing with
        # __enter__ and __exit__ calls.
        # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open
        mock_open, mock_safe_open = mock.mock_open(), mock.mock_open()

        response = challenges.DVSNIResponse(validation=mock.Mock())
        achall = mock.MagicMock()
        achall.gen_cert_and_response.return_value = (response, "cert", "key")

        with mock.patch("letsencrypt.plugins.common.open",
                        mock_open,
                        create=True):
            with mock.patch("letsencrypt.plugins.common.le_util.safe_open",
                            mock_safe_open):
                # pylint: disable=protected-access
                self.assertEqual(
                    response,
                    self.sni._setup_challenge_cert(achall, "randomS1"))

        # pylint: disable=no-member
        mock_open.assert_called_once_with(self.sni.get_cert_path(achall), "wb")
        mock_open.return_value.write.assert_called_once_with("cert")
        mock_safe_open.assert_called_once_with(self.sni.get_key_path(achall),
                                               "wb",
                                               chmod=0o400)
        mock_safe_open.return_value.write.assert_called_once_with("key")
    def setUp(self):
        from letsencrypt.plugins.standalone.authenticator import \
            StandaloneAuthenticator
        self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)

        self.achall1 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(r="whee", nonce="foo"), "pending"),
            domain="foo.example.com", key=KEY)
        self.achall2 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(r="whee", nonce="bar"), "pending"),
            domain="bar.example.com", key=KEY)
        bad_achall = ("This", "Represents", "A Non-DVSNI", "Challenge")
        self.achalls = [self.achall1, self.achall2, bad_achall]
示例#6
0
    def setUp(self):
        from letsencrypt.plugins.standalone.authenticator import \
            StandaloneAuthenticator
        self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)

        self.achall1 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(r="whee", nonce="foo"), "pending"),
            domain="foo.example.com", key=KEY)
        self.achall2 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(r="whee", nonce="bar"), "pending"),
            domain="bar.example.com", key=KEY)
        bad_achall = ("This", "Represents", "A Non-DVSNI", "Challenge")
        self.achalls = [self.achall1, self.achall2, bad_achall]
示例#7
0
 def setUp(self):
     self.challb = acme_util.chall_to_challb(acme_util.DVSNI, "pending")
     key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
     from letsencrypt.achallenges import DVSNI
     self.achall = DVSNI(challb=self.challb,
                         domain="example.com",
                         account_key=key)
 def test_bad_cleanup(self):
     self.assertRaises(ValueError, self.authenticator.cleanup, [
         achallenges.DVSNI(challb=acme_util.chall_to_challb(
             challenges.DVSNI(token=b"badtoken"), "pending"),
                           domain="bad.example.com",
                           account_key="key")
     ])
示例#9
0
    def _mock_poll_solve_one_chall(self, authzr, desired_status):
        # pylint: disable=no-self-use
        """Dummy method that solves one chall at a time to desired_status.

        When all are solved.. it changes authzr.status to desired_status

        """
        new_challbs = authzr.body.challenges
        for challb in authzr.body.challenges:
            if challb.status != desired_status:
                new_challbs = tuple(
                    challb_temp if challb_temp != challb
                    else acme_util.chall_to_challb(challb.chall, desired_status)
                    for challb_temp in authzr.body.challenges
                )
                break

        if all(test_challb.status == desired_status
               for test_challb in new_challbs):
            status_ = desired_status
        else:
            status_ = authzr.body.status

        new_authzr = messages.AuthorizationResource(
            uri=authzr.uri,
            new_cert_uri=authzr.new_cert_uri,
            body=messages.Authorization(
                identifier=authzr.body.identifier,
                challenges=new_challbs,
                combinations=authzr.body.combinations,
                status=status_,
            ),
        )
        return (new_authzr, "response")
    def _mock_poll_solve_one_chall(self, authzr, desired_status):
        # pylint: disable=no-self-use
        """Dummy method that solves one chall at a time to desired_status.

        When all are solved.. it changes authzr.status to desired_status

        """
        new_challbs = authzr.body.challenges
        for challb in authzr.body.challenges:
            if challb.status != desired_status:
                new_challbs = tuple(
                    challb_temp if challb_temp != challb
                    else acme_util.chall_to_challb(challb.chall, desired_status)
                    for challb_temp in authzr.body.challenges
                )
                break

        if all(test_challb.status == desired_status
               for test_challb in new_challbs):
            status_ = desired_status
        else:
            status_ = authzr.body.status

        new_authzr = messages.AuthorizationResource(
            uri=authzr.uri,
            new_cert_uri=authzr.new_cert_uri,
            body=messages.Authorization(
                identifier=authzr.body.identifier,
                challenges=new_challbs,
                combinations=authzr.body.combinations,
                status=status_,
            ),
        )
        return (new_authzr, "response")
示例#11
0
 def test_bad_cleanup(self):
     self.assertRaises(ValueError, self.authenticator.cleanup, [
         achallenges.DVSNI(challb=acme_util.chall_to_challb(
             challenges.DVSNI(r="whee", nonce="badnonce"), "pending"),
                           domain="bad.example.com",
                           key="key")
     ])
示例#12
0
    def get_achalls(self):
        """Return testing achallenges."""
        account_key = self.rsa512jwk
        achall1 = achallenges.DVSNI(challb=acme_util.chall_to_challb(
            challenges.DVSNI(
                token="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q"),
            "pending"),
                                    domain="encryption-example.demo",
                                    account_key=account_key)
        achall2 = achallenges.DVSNI(challb=acme_util.chall_to_challb(
            challenges.DVSNI(
                token="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU"),
            "pending"),
                                    domain="letsencrypt.demo",
                                    account_key=account_key)

        return account_key, achall1, achall2
    def setUp(self):
        self.chall = acme_util.chall_to_challb(
            challenges.DVSNI(r="r_value", nonce="12345ABCDE"), "pending")
        self.response = challenges.DVSNIResponse()
        key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))

        from letsencrypt.achallenges import DVSNI
        self.achall = DVSNI(challb=self.chall, domain="example.com", key=key)
示例#14
0
    def get_achalls(self):
        """Return testing achallenges."""
        account = mock.MagicMock(key=self.rsa512jwk)
        achall1 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    token="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q"),
                "pending"),
            domain="encryption-example.demo", account=account)
        achall2 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    token="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU"),
                "pending"),
            domain="letsencrypt.demo", account=account)

        return account, achall1, achall2
示例#15
0
    def get_achalls(self):
        """Return testing achallenges."""
        account_key = self.rsa512jwk
        achall1 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.chall_to_challb(
                challenges.TLSSNI01(
                    token="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q"),
                "pending"),
            domain="encryption-example.demo", account_key=account_key)
        achall2 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.chall_to_challb(
                challenges.TLSSNI01(
                    token="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU"),
                "pending"),
            domain="letsencrypt.demo", account_key=account_key)

        return account_key, achall1, achall2
    def setUp(self):
        self.chall = acme_util.chall_to_challb(
            challenges.DVSNI(r="r_value", nonce="12345ABCDE"), "pending")
        self.response = challenges.DVSNIResponse()
        key = le_util.Key("path", pkg_resources.resource_string(
            "acme.jose", os.path.join("testdata", "rsa512_key.pem")))

        from letsencrypt.achallenges import DVSNI
        self.achall = DVSNI(challb=self.chall, domain="example.com", key=key)
示例#17
0
 def setUp(self):
     from letsencrypt.plugins.standalone.authenticator import \
         StandaloneAuthenticator
     self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)
     self.achall = achallenges.DVSNI(
         challb=acme_util.chall_to_challb(
             challenges.DVSNI(r="whee", nonce="foononce"), "pending"),
         domain="foo.example.com", key="key")
     self.authenticator.tasks = {self.achall.nonce_domain: "stuff"}
     self.authenticator.child_pid = 12345
示例#18
0
 def setUp(self):
     from letsencrypt.plugins.standalone.authenticator import \
         StandaloneAuthenticator
     self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)
     self.achall = achallenges.DVSNI(
         challb=acme_util.chall_to_challb(
             challenges.DVSNI(token=b"footoken"), "pending"),
         domain="foo.example.com", account=mock.Mock(key="key"))
     self.authenticator.tasks = {self.achall.token: "stuff"}
     self.authenticator.child_pid = 12345
 def setUp(self):
     from letsencrypt.plugins.standalone.authenticator import \
         StandaloneAuthenticator
     self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)
     self.achall = achallenges.DVSNI(
         challb=acme_util.chall_to_challb(
             challenges.DVSNI(r="whee", nonce="foononce"), "pending"),
         domain="foo.example.com", key="key")
     self.authenticator.tasks = {self.achall.nonce_domain: "stuff"}
     self.authenticator.child_pid = 12345
    def setUp(self):
        super(DvsniPerformTest, self).setUp()

        config = util.get_nginx_configurator(
            self.config_path, self.config_dir, self.work_dir,
            self.ssl_options)

        rsa256_file = pkg_resources.resource_filename(
            "acme.jose", "testdata/rsa256_key.pem")
        rsa256_pem = pkg_resources.resource_string(
            "acme.jose", "testdata/rsa256_key.pem")

        auth_key = le_util.Key(rsa256_file, rsa256_pem)

        from letsencrypt_nginx import dvsni
        self.sni = dvsni.NginxDvsni(config)

        self.achalls = [
            achallenges.DVSNI(
                challb=acme_util.chall_to_challb(
                    challenges.DVSNI(
                        r="foo",
                        nonce="bar"
                    ), "pending"),
                domain="www.example.com", key=auth_key),
            achallenges.DVSNI(
                challb=acme_util.chall_to_challb(
                    challenges.DVSNI(
                        r="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y\x80"
                          "\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945",
                        nonce="Y\xed\x01L\xac\x95\xf7pW\xb1\xd7"
                              "\xa1\xb2\xc5\x96\xba"
                    ), "pending"),
                domain="blah", key=auth_key),
            achallenges.DVSNI(
                challb=acme_util.chall_to_challb(
                    challenges.DVSNI(
                        r="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd\xeb9"
                          "\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4",
                        nonce="7\xbc^\xb7]>\x00\xa1\x9bOcU\x84^Z\x18"
                    ), "pending"),
                domain="www.example.org", key=auth_key)
        ]
示例#21
0
    def get_achalls(self):
        """Return testing achallenges."""
        auth_key = le_util.Key(self.rsa256_file, self.rsa256_pem)
        achall1 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="jIq_Xy1mXGN37tb4L6Xj_es58fW571ZNyXekdZzhh7Q",
                    nonce="37bc5eb75d3e00a19b4f6355845e5a18"),
                "pending"),
            domain="encryption-example.demo", key=auth_key)
        achall2 = achallenges.DVSNI(
            challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="uqnaPzxtrndteOqtrXb0Asl5gOJfWAnnx6QJyvcmlDU",
                    nonce="59ed014cac95f77057b1d7a1b2c596ba"),
                "pending"),
            domain="letsencrypt.demo", key=auth_key)

        return auth_key, achall1, achall2
 def setUp(self):
     from letsencrypt.plugins.standalone.authenticator import \
         StandaloneAuthenticator
     self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)
     self.cert = achallenges.DVSNI(
         challb=acme_util.chall_to_challb(
             challenges.DVSNI(r=("x" * 32), nonce="abcdef"), "pending"),
         domain="example.com", key=KEY).gen_cert_and_response()[0]
     self.authenticator.private_key = PRIVATE_KEY
     self.authenticator.tasks = {"abcdef.acme.invalid": self.cert}
     self.authenticator.parent_pid = 12345
示例#23
0
 def setUp(self):
     from letsencrypt.plugins.standalone.authenticator import \
         StandaloneAuthenticator
     self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)
     self.cert = achallenges.DVSNI(
         challb=acme_util.chall_to_challb(
             challenges.DVSNI(r=("x" * 32), nonce="abcdef"), "pending"),
         domain="example.com", key=KEY).gen_cert_and_response()[0]
     self.authenticator.private_key = PRIVATE_KEY
     self.authenticator.tasks = {"abcdef.acme.invalid": self.cert}
     self.authenticator.parent_pid = 12345
    def setUp(self):
        self.chall = acme_util.chall_to_challb(
            challenges.DVSNI(r="r_value", nonce="12345ABCDE"), "pending")
        self.response = challenges.DVSNIResponse()
        key = le_util.Key(
            "path",
            pkg_resources.resource_string(
                "acme.jose", os.path.join("testdata", "rsa512_key.pem")))

        from letsencrypt.achallenges import DVSNI
        self.achall = DVSNI(challb=self.chall, domain="example.com", key=key)
示例#25
0
 def setUp(self):
     from letsencrypt.plugins.standalone.authenticator import \
         StandaloneAuthenticator
     self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)
     self.cert = achallenges.DVSNI(
         challb=acme_util.chall_to_challb(
             challenges.DVSNI(token=b"abcdef"), "pending"),
         domain="example.com", account_key=ACCOUNT_KEY).gen_cert_and_response(
             key_pem=CHALL_KEY_PEM)[1]
     self.authenticator.private_key = CHALL_KEY
     self.authenticator.tasks = {"abcdef.acme.invalid": self.cert}
     self.authenticator.parent_pid = 12345
示例#26
0
 def setUp(self):
     from letsencrypt.plugins.standalone.authenticator import \
         StandaloneAuthenticator
     self.authenticator = StandaloneAuthenticator(config=CONFIG, name=None)
     self.cert = achallenges.DVSNI(
         challb=acme_util.chall_to_challb(
             challenges.DVSNI(token=b"abcdef"), "pending"),
         domain="example.com", account=ACCOUNT).gen_cert_and_response(
             key_pem=CHALL_KEY_PEM)[1]
     self.authenticator.private_key = CHALL_KEY
     self.authenticator.tasks = {"abcdef.acme.invalid": self.cert}
     self.authenticator.parent_pid = 12345
示例#27
0
 def test_bad_cleanup(self):
     self.assertRaises(
         ValueError,
         self.authenticator.cleanup,
         [
             achallenges.DVSNI(
                 challb=acme_util.chall_to_challb(challenges.DVSNI(token=b"badtoken"), "pending"),
                 domain="bad.example.com",
                 account_key="key",
             )
         ],
     )
示例#28
0
    def setUp(self):
        super(DvsniPerformTest, self).setUp()

        with mock.patch("letsencrypt_apache.configurator."
                        "mod_loaded") as mock_load:
            mock_load.return_value = True
            config = util.get_apache_configurator(
                self.config_path, self.config_dir, self.work_dir,
                self.ssl_options)

        from letsencrypt_apache import dvsni
        self.sni = dvsni.ApacheDvsni(config)

        rsa256_file = pkg_resources.resource_filename(
            "acme.jose", "testdata/rsa256_key.pem")
        rsa256_pem = pkg_resources.resource_string(
            "acme.jose", "testdata/rsa256_key.pem")

        auth_key = le_util.Key(rsa256_file, rsa256_pem)
        self.achalls = [
            achallenges.DVSNI(
                challb=acme_util.chall_to_challb(
                    challenges.DVSNI(
                        r="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd\xeb9"
                          "\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4",
                        nonce="7\xbc^\xb7]>\x00\xa1\x9bOcU\x84^Z\x18",
                    ), "pending"),
                domain="encryption-example.demo", key=auth_key),
            achallenges.DVSNI(
                challb=acme_util.chall_to_challb(
                    challenges.DVSNI(
                        r="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y\x80"
                        "\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945",
                        nonce="Y\xed\x01L\xac\x95\xf7pW\xb1\xd7\xa1\xb2\xc5"
                              "\x96\xba",
                    ), "pending"),
                domain="letsencrypt.demo", key=auth_key),
        ]
    def setUp(self):
        super(DvsniPerformTest, self).setUp()

        config = util.get_nginx_configurator(self.config_path, self.config_dir,
                                             self.work_dir, self.ssl_options)

        rsa256_file = pkg_resources.resource_filename(
            "acme.jose", "testdata/rsa256_key.pem")
        rsa256_pem = pkg_resources.resource_string("acme.jose",
                                                   "testdata/rsa256_key.pem")

        auth_key = le_util.Key(rsa256_file, rsa256_pem)

        from letsencrypt_nginx import dvsni
        self.sni = dvsni.NginxDvsni(config)

        self.achalls = [
            achallenges.DVSNI(challb=acme_util.chall_to_challb(
                challenges.DVSNI(r="foo", nonce="bar"), "pending"),
                              domain="www.example.com",
                              key=auth_key),
            achallenges.DVSNI(challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y\x80"
                    "\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945",
                    nonce="Y\xed\x01L\xac\x95\xf7pW\xb1\xd7"
                    "\xa1\xb2\xc5\x96\xba"), "pending"),
                              domain="blah",
                              key=auth_key),
            achallenges.DVSNI(challb=acme_util.chall_to_challb(
                challenges.DVSNI(
                    r="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd\xeb9"
                    "\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4",
                    nonce="7\xbc^\xb7]>\x00\xa1\x9bOcU\x84^Z\x18"), "pending"),
                              domain="www.example.org",
                              key=auth_key)
        ]
def _create_achalls(plugin):
    """Returns a list of annotated challenges to test on plugin"""
    achalls = list()
    names = plugin.get_testable_domain_names()
    for domain in names:
        prefs = plugin.get_chall_pref(domain)
        for chall_type in prefs:
            if chall_type == challenges.TLSSNI01:
                chall = challenges.TLSSNI01(
                    token=os.urandom(challenges.TLSSNI01.TOKEN_SIZE))
                challb = acme_util.chall_to_challb(chall,
                                                   messages.STATUS_PENDING)
                achall = achallenges.KeyAuthorizationAnnotatedChallenge(
                    challb=challb, domain=domain, account_key=util.JWK)
                achalls.append(achall)

    return achalls
def _create_achalls(plugin):
    """Returns a list of annotated challenges to test on plugin"""
    achalls = list()
    names = plugin.get_testable_domain_names()
    for domain in names:
        prefs = plugin.get_chall_pref(domain)
        for chall_type in prefs:
            if chall_type == challenges.DVSNI:
                chall = challenges.DVSNI(
                    token=os.urandom(challenges.DVSNI.TOKEN_SIZE))
                challb = acme_util.chall_to_challb(
                    chall, messages.STATUS_PENDING)
                achall = achallenges.DVSNI(
                    challb=challb, domain=domain, account_key=util.JWK)
                achalls.append(achall)

    return achalls
示例#32
0
def _create_achalls(plugin):
    """Returns a list of annotated challenges to test on plugin"""
    achalls = list()
    names = plugin.get_testable_domain_names()
    for domain in names:
        prefs = plugin.get_chall_pref(domain)
        for chall_type in prefs:
            if chall_type == challenges.DVSNI:
                chall = challenges.DVSNI(r=os.urandom(challenges.DVSNI.R_SIZE),
                                         nonce=os.urandom(
                                             challenges.DVSNI.NONCE_SIZE))
                challb = acme_util.chall_to_challb(chall,
                                                   messages.STATUS_PENDING)
                achall = achallenges.DVSNI(challb=challb,
                                           domain=domain,
                                           key=util.JWK)
                achalls.append(achall)

    return achalls
示例#33
0
 def setUp(self):
     self.challb = acme_util.chall_to_challb(acme_util.DVSNI, "pending")
     key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
     from letsencrypt.achallenges import DVSNI
     self.achall = DVSNI(
         challb=self.challb, domain="example.com", account_key=key)
class TlsSniPerformTest(util.NginxTest):
    """Test the NginxTlsSni01 challenge."""

    account_key = common_test.TLSSNI01Test.auth_key
    achalls = [
        achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.chall_to_challb(
                challenges.TLSSNI01(token="kNdwjwOeX0I_A8DXt9Msmg"), "pending"),
            domain="www.example.com", account_key=account_key),
        achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.chall_to_challb(
                challenges.TLSSNI01(
                    token="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y"
                          "\x80\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945"
                ), "pending"),
            domain="blah", account_key=account_key),
        achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.chall_to_challb(
                challenges.TLSSNI01(
                    token="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd"
                          "\xeb9\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4"
                ), "pending"),
            domain="www.example.org", account_key=account_key),
    ]

    def setUp(self):
        super(TlsSniPerformTest, self).setUp()

        config = util.get_nginx_configurator(
            self.config_path, self.config_dir, self.work_dir)

        from letsencrypt_nginx import tls_sni_01
        self.sni = tls_sni_01.NginxTlsSni01(config)

    def tearDown(self):
        shutil.rmtree(self.temp_dir)
        shutil.rmtree(self.config_dir)
        shutil.rmtree(self.work_dir)

    @mock.patch("letsencrypt_nginx.configurator"
                ".NginxConfigurator.choose_vhost")
    def test_perform(self, mock_choose):
        self.sni.add_chall(self.achalls[1])
        mock_choose.return_value = None
        result = self.sni.perform()
        self.assertTrue(result is None)

    def test_perform0(self):
        responses = self.sni.perform()
        self.assertEqual([], responses)

    @mock.patch("letsencrypt_nginx.configurator.NginxConfigurator.save")
    def test_perform1(self, mock_save):
        self.sni.add_chall(self.achalls[0])
        response = self.achalls[0].response(self.account_key)
        mock_setup_cert = mock.MagicMock(return_value=response)

        # pylint: disable=protected-access
        self.sni._setup_challenge_cert = mock_setup_cert

        responses = self.sni.perform()

        mock_setup_cert.assert_called_once_with(self.achalls[0])
        self.assertEqual([response], responses)
        self.assertEqual(mock_save.call_count, 2)

        # Make sure challenge config is included in main config
        http = self.sni.configurator.parser.parsed[
            self.sni.configurator.parser.loc["root"]][-1]
        self.assertTrue(
            util.contains_at_depth(http, ['include', self.sni.challenge_conf], 1))

    def test_perform2(self):
        acme_responses = []
        for achall in self.achalls:
            self.sni.add_chall(achall)
            acme_responses.append(achall.response(self.account_key))

        mock_setup_cert = mock.MagicMock(side_effect=acme_responses)
        # pylint: disable=protected-access
        self.sni._setup_challenge_cert = mock_setup_cert

        sni_responses = self.sni.perform()

        self.assertEqual(mock_setup_cert.call_count, 3)

        for index, achall in enumerate(self.achalls):
            self.assertEqual(
                mock_setup_cert.call_args_list[index], mock.call(achall))

        http = self.sni.configurator.parser.parsed[
            self.sni.configurator.parser.loc["root"]][-1]
        self.assertTrue(['include', self.sni.challenge_conf] in http[1])
        self.assertTrue(
            util.contains_at_depth(http, ['server_name', 'blah'], 3))

        self.assertEqual(len(sni_responses), 3)
        for i in xrange(3):
            self.assertEqual(sni_responses[i], acme_responses[i])

    def test_mod_config(self):
        self.sni.add_chall(self.achalls[0])
        self.sni.add_chall(self.achalls[2])

        v_addr1 = [obj.Addr("69.50.225.155", "9000", True, False),
                   obj.Addr("127.0.0.1", "", False, False)]
        v_addr2 = [obj.Addr("myhost", "", False, True)]
        ll_addr = [v_addr1, v_addr2]
        self.sni._mod_config(ll_addr)  # pylint: disable=protected-access

        self.sni.configurator.save()

        self.sni.configurator.parser.load()

        http = self.sni.configurator.parser.parsed[
            self.sni.configurator.parser.loc["root"]][-1]
        self.assertTrue(['include', self.sni.challenge_conf] in http[1])

        vhosts = self.sni.configurator.parser.get_vhosts()
        vhs = [vh for vh in vhosts if vh.filep == self.sni.challenge_conf]

        for vhost in vhs:
            if vhost.addrs == set(v_addr1):
                response = self.achalls[0].response(self.account_key)
            else:
                response = self.achalls[2].response(self.account_key)
                self.assertEqual(vhost.addrs, set(v_addr2))
            self.assertEqual(vhost.names, set([response.z_domain]))

        self.assertEqual(len(vhs), 2)

    def test_mod_config_fail(self):
        root = self.sni.configurator.parser.loc["root"]
        self.sni.configurator.parser.parsed[root] = [['include', 'foo.conf']]
        # pylint: disable=protected-access
        self.assertRaises(
            errors.MisconfigurationError, self.sni._mod_config, [])
 def test_bad_cleanup(self):
     self.assertRaises(
         ValueError, self.authenticator.cleanup, [achallenges.DVSNI(
             challb=acme_util.chall_to_challb(
                 challenges.DVSNI(r="whee", nonce="badnonce"), "pending"),
             domain="bad.example.com", key="key")])
示例#36
0
class DvsniPerformTest(util.NginxTest):
    """Test the NginxDVSNI challenge."""

    achalls = [
        achallenges.DVSNI(challb=acme_util.chall_to_challb(
            challenges.DVSNI(r="foo", nonce="bar"), "pending"),
                          domain="www.example.com",
                          key=common_test.DvsniTest.auth_key),
        achallenges.DVSNI(challb=acme_util.chall_to_challb(
            challenges.DVSNI(
                r="\xba\xa9\xda?<m\xaewmx\xea\xad\xadv\xf4\x02\xc9y\x80"
                "\xe2_X\t\xe7\xc7\xa4\t\xca\xf7&\x945",
                nonce="Y\xed\x01L\xac\x95\xf7pW\xb1\xd7"
                "\xa1\xb2\xc5\x96\xba"), "pending"),
                          domain="blah",
                          key=common_test.DvsniTest.auth_key),
        achallenges.DVSNI(challb=acme_util.chall_to_challb(
            challenges.DVSNI(
                r="\x8c\x8a\xbf_-f\\cw\xee\xd6\xf8/\xa5\xe3\xfd\xeb9"
                "\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4",
                nonce="7\xbc^\xb7]>\x00\xa1\x9bOcU\x84^Z\x18"), "pending"),
                          domain="www.example.org",
                          key=common_test.DvsniTest.auth_key)
    ]

    def setUp(self):
        super(DvsniPerformTest, self).setUp()

        config = util.get_nginx_configurator(self.config_path, self.config_dir,
                                             self.work_dir)

        from letsencrypt_nginx import dvsni
        self.sni = dvsni.NginxDvsni(config)

    def tearDown(self):
        shutil.rmtree(self.temp_dir)
        shutil.rmtree(self.config_dir)
        shutil.rmtree(self.work_dir)

    def test_add_chall(self):
        self.sni.add_chall(self.achalls[0], 0)
        self.assertEqual(1, len(self.sni.achalls))
        self.assertEqual([0], self.sni.indices)

    @mock.patch("letsencrypt_nginx.configurator"
                ".NginxConfigurator.choose_vhost")
    def test_perform(self, mock_choose):
        self.sni.add_chall(self.achalls[1])
        mock_choose.return_value = None
        result = self.sni.perform()
        self.assertTrue(result is None)

    def test_perform0(self):
        responses = self.sni.perform()
        self.assertEqual([], responses)

    @mock.patch("letsencrypt_nginx.configurator.NginxConfigurator.save")
    def test_perform1(self, mock_save):
        self.sni.add_chall(self.achalls[0])
        mock_setup_cert = mock.MagicMock(return_value=challenges.DVSNIResponse(
            s="nginxS1"))

        # pylint: disable=protected-access
        self.sni._setup_challenge_cert = mock_setup_cert

        responses = self.sni.perform()

        mock_setup_cert.assert_called_once_with(self.achalls[0])
        self.assertEqual([challenges.DVSNIResponse(s="nginxS1")], responses)
        self.assertEqual(mock_save.call_count, 2)

        # Make sure challenge config is included in main config
        http = self.sni.configurator.parser.parsed[
            self.sni.configurator.parser.loc["root"]][-1]
        self.assertTrue(['include', self.sni.challenge_conf] in http[1])

    def test_perform2(self):
        for achall in self.achalls:
            self.sni.add_chall(achall)

        mock_setup_cert = mock.MagicMock(side_effect=[
            challenges.DVSNIResponse(s="nginxS0"),
            challenges.DVSNIResponse(s="nginxS1"),
            challenges.DVSNIResponse(s="nginxS2")
        ])
        # pylint: disable=protected-access
        self.sni._setup_challenge_cert = mock_setup_cert

        responses = self.sni.perform()

        self.assertEqual(mock_setup_cert.call_count, 3)

        for index, achall in enumerate(self.achalls):
            self.assertEqual(mock_setup_cert.call_args_list[index],
                             mock.call(achall))

        http = self.sni.configurator.parser.parsed[
            self.sni.configurator.parser.loc["root"]][-1]
        self.assertTrue(['include', self.sni.challenge_conf] in http[1])
        self.assertTrue(['server_name', 'blah'] in http[1][-2][1])

        self.assertEqual(len(responses), 3)
        for i in xrange(3):
            self.assertEqual(responses[i].s, "nginxS%d" % i)

    def test_mod_config(self):
        self.sni.add_chall(self.achalls[0])
        self.sni.add_chall(self.achalls[2])

        v_addr1 = [
            obj.Addr("69.50.225.155", "9000", True, False),
            obj.Addr("127.0.0.1", "", False, False)
        ]
        v_addr2 = [obj.Addr("myhost", "", False, True)]
        ll_addr = [v_addr1, v_addr2]
        self.sni._mod_config(ll_addr)  # pylint: disable=protected-access

        self.sni.configurator.save()

        self.sni.configurator.parser.load()

        http = self.sni.configurator.parser.parsed[
            self.sni.configurator.parser.loc["root"]][-1]
        self.assertTrue(['include', self.sni.challenge_conf] in http[1])

        vhosts = self.sni.configurator.parser.get_vhosts()
        vhs = [vh for vh in vhosts if vh.filep == self.sni.challenge_conf]

        for vhost in vhs:
            if vhost.addrs == set(v_addr1):
                self.assertEqual(vhost.names,
                                 set([self.achalls[0].nonce_domain]))
            else:
                self.assertEqual(vhost.addrs, set(v_addr2))
                self.assertEqual(vhost.names,
                                 set([self.achalls[2].nonce_domain]))

        self.assertEqual(len(vhs), 2)

    def test_mod_config_fail(self):
        root = self.sni.configurator.parser.loc["root"]
        self.sni.configurator.parser.parsed[root] = [['include', 'foo.conf']]
        # pylint: disable=protected-access
        self.assertRaises(errors.MisconfigurationError, self.sni._mod_config,
                          [])