示例#1
0
    def test_save_certificate(self):
        certs = ["matching_cert.pem", "cert.pem", "cert-san.pem"]
        tmp_path = tempfile.mkdtemp()
        os.chmod(tmp_path, 0o755)  # TODO: really??

        certr = mock.MagicMock(body=test_util.load_comparable_cert(certs[0]))
        chain_cert = [test_util.load_comparable_cert(certs[1]),
                      test_util.load_comparable_cert(certs[2])]
        candidate_cert_path = os.path.join(tmp_path, "certs", "cert.pem")
        candidate_chain_path = os.path.join(tmp_path, "chains", "chain.pem")
        candidate_fullchain_path = os.path.join(tmp_path, "chains", "fullchain.pem")

        cert_path, chain_path, fullchain_path = self.client.save_certificate(
            certr, chain_cert, candidate_cert_path, candidate_chain_path,
            candidate_fullchain_path)

        self.assertEqual(os.path.dirname(cert_path),
                         os.path.dirname(candidate_cert_path))
        self.assertEqual(os.path.dirname(chain_path),
                         os.path.dirname(candidate_chain_path))
        self.assertEqual(os.path.dirname(fullchain_path),
                         os.path.dirname(candidate_fullchain_path))

        with open(cert_path, "r") as cert_file:
            cert_contents = cert_file.read()
        self.assertEqual(cert_contents, test_util.load_vector(certs[0]))

        with open(chain_path, "r") as chain_file:
            chain_contents = chain_file.read()
        self.assertEqual(chain_contents, test_util.load_vector(certs[1]) +
                         test_util.load_vector(certs[2]))

        shutil.rmtree(tmp_path)
    def test_names(self):
        # Trying the current version
        test_cert = test_util.load_vector("cert-san.pem")
        os.symlink(os.path.join("..", "..", "archive", "example.org", "cert12.pem"), self.test_rc.cert)
        with open(self.test_rc.cert, "w") as f:
            f.write(test_cert)
        self.assertEqual(self.test_rc.names(), ["example.com", "www.example.com"])

        # Trying a non-current version
        test_cert = test_util.load_vector("cert.pem")
        os.unlink(self.test_rc.cert)
        os.symlink(os.path.join("..", "..", "archive", "example.org", "cert15.pem"), self.test_rc.cert)
        with open(self.test_rc.cert, "w") as f:
            f.write(test_cert)
        self.assertEqual(self.test_rc.names(12), ["example.com", "www.example.com"])
示例#3
0
    def test_find_duplicative_names(self):
        from letsencrypt.cli import _find_duplicative_certs
        test_cert = test_util.load_vector("cert-san.pem")
        with open(self.test_rc.cert, "w") as f:
            f.write(test_cert)

        # No overlap at all
        result = _find_duplicative_certs(["wow.net", "hooray.org"],
                                         self.config, self.cli_config)
        self.assertEqual(result, (None, None))

        # Totally identical
        result = _find_duplicative_certs(["example.com", "www.example.com"],
                                         self.config, self.cli_config)
        self.assertTrue(result[0].configfile.filename.endswith("example.org.conf"))
        self.assertEqual(result[1], None)

        # Superset
        result = _find_duplicative_certs(["example.com", "www.example.com",
                                          "something.new"], self.config,
                                         self.cli_config)
        self.assertEqual(result[0], None)
        self.assertTrue(result[1].configfile.filename.endswith("example.org.conf"))

        # Partial overlap doesn't count
        result = _find_duplicative_certs(["example.com", "something.new"],
                                         self.config, self.cli_config)
        self.assertEqual(result, (None, None))
    def test_setup_challenge_cert(self):
        # This is a helper function that can be used for handling
        # open context managers more elegantly. It avoids dealing with
        # __enter__ and __exit__ calls.
        # http://www.voidspace.org.uk/python/mock/helpers.html#mock.mock_open
        mock_open, mock_safe_open = mock.mock_open(), mock.mock_open()

        response = challenges.TLSSNI01Response()
        achall = mock.MagicMock()
        key = test_util.load_pyopenssl_private_key("rsa512_key.pem")
        achall.response_and_validation.return_value = (
            response, (test_util.load_cert("cert.pem"), key))

        with mock.patch("letsencrypt.plugins.common.open",
                        mock_open, create=True):
            with mock.patch("letsencrypt.plugins.common.le_util.safe_open",
                            mock_safe_open):
                # pylint: disable=protected-access
                self.assertEqual(response, self.sni._setup_challenge_cert(
                    achall, "randomS1"))

        # pylint: disable=no-member
        mock_open.assert_called_once_with(self.sni.get_cert_path(achall), "wb")
        mock_open.return_value.write.assert_called_once_with(
            test_util.load_vector("cert.pem"))
        mock_safe_open.assert_called_once_with(
            self.sni.get_key_path(achall), "wb", chmod=0o400)
        mock_safe_open.return_value.write.assert_called_once_with(
            OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key))
示例#5
0
    def test_perform2(self):
        domain = b'localhost'
        key = jose.JWK.load(test_util.load_vector('rsa512_key.pem'))
        simple_http = achallenges.SimpleHTTP(
            challb=acme_util.SIMPLE_HTTP_P, domain=domain, account_key=key)
        dvsni = achallenges.DVSNI(
            challb=acme_util.DVSNI_P, domain=domain, account_key=key)

        self.auth.servers = mock.MagicMock()

        def _run(port, tls):  # pylint: disable=unused-argument
            return "server{0}".format(port)

        self.auth.servers.run.side_effect = _run
        responses = self.auth.perform2([simple_http, dvsni])

        self.assertTrue(isinstance(responses, list))
        self.assertEqual(2, len(responses))
        self.assertTrue(isinstance(responses[0], challenges.SimpleHTTPResponse))
        self.assertTrue(isinstance(responses[1], challenges.DVSNIResponse))

        self.assertEqual(self.auth.servers.run.mock_calls, [
            mock.call(4321, challenges.SimpleHTTP),
            mock.call(1234, challenges.DVSNI),
        ])
        self.assertEqual(self.auth.served, {
            "server1234": set([dvsni]),
            "server4321": set([simple_http]),
        })
        self.assertEqual(1, len(self.auth.simple_http_resources))
        self.assertEqual(2, len(self.auth.certs))
        self.assertEqual(list(self.auth.simple_http_resources), [
            acme_standalone.SimpleHTTPRequestHandler.SimpleHTTPResource(
                acme_util.SIMPLE_HTTP, responses[0], mock.ANY)])
示例#6
0
    def test_find_duplicative_names(self, unused_makedir):
        from letsencrypt.cli import _find_duplicative_certs
        test_cert = test_util.load_vector('cert-san.pem')
        with open(self.test_rc.cert, 'w') as f:
            f.write(test_cert)

        # No overlap at all
        result = _find_duplicative_certs(['wow.net', 'hooray.org'],
                                         self.config, self.cli_config)
        self.assertEqual(result, (None, None))

        # Totally identical
        result = _find_duplicative_certs(['example.com', 'www.example.com'],
                                         self.config, self.cli_config)
        self.assertTrue(result[0].configfile.filename.endswith('example.org.conf'))
        self.assertEqual(result[1], None)

        # Superset
        result = _find_duplicative_certs(['example.com', 'www.example.com',
                                          'something.new'], self.config,
                                         self.cli_config)
        self.assertEqual(result[0], None)
        self.assertTrue(result[1].configfile.filename.endswith('example.org.conf'))

        # Partial overlap doesn't count
        result = _find_duplicative_certs(['example.com', 'something.new'],
                                         self.config, self.cli_config)
        self.assertEqual(result, (None, None))
    def test_perform2(self):
        domain = b'localhost'
        key = jose.JWK.load(test_util.load_vector('rsa512_key.pem'))
        http_01 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.HTTP01_P, domain=domain, account_key=key)
        tls_sni_01 = achallenges.KeyAuthorizationAnnotatedChallenge(
            challb=acme_util.TLSSNI01_P, domain=domain, account_key=key)

        self.auth.servers = mock.MagicMock()

        def _run(port, tls):  # pylint: disable=unused-argument
            return "server{0}".format(port)

        self.auth.servers.run.side_effect = _run
        responses = self.auth.perform2([http_01, tls_sni_01])

        self.assertTrue(isinstance(responses, list))
        self.assertEqual(2, len(responses))
        self.assertTrue(isinstance(responses[0], challenges.HTTP01Response))
        self.assertTrue(isinstance(responses[1], challenges.TLSSNI01Response))

        self.assertEqual(self.auth.servers.run.mock_calls, [
            mock.call(4321, challenges.HTTP01),
            mock.call(1234, challenges.TLSSNI01),
        ])
        self.assertEqual(self.auth.served, {
            "server1234": set([tls_sni_01]),
            "server4321": set([http_01]),
        })
        self.assertEqual(1, len(self.auth.http_01_resources))
        self.assertEqual(1, len(self.auth.certs))
        self.assertEqual(list(self.auth.http_01_resources), [
            acme_standalone.HTTP01RequestHandler.HTTP01Resource(
                acme_util.HTTP01, responses[0], mock.ANY)])
示例#8
0
    def setUp(self, test_dir="debian_apache_2_4/multiple_vhosts",
              config_root="debian_apache_2_4/multiple_vhosts/apache2",
              vhost_root="debian_apache_2_4/multiple_vhosts/apache2/sites-available"):
        # pylint: disable=arguments-differ
        super(ApacheTest, self).setUp()

        self.temp_dir, self.config_dir, self.work_dir = common.dir_setup(
            test_dir=test_dir,
            pkg="letsencrypt_apache.tests")

        self.ssl_options = common.setup_ssl_options(
            self.config_dir, constants.os_constant("MOD_SSL_CONF_SRC"),
            constants.MOD_SSL_CONF_DEST)

        self.config_path = os.path.join(self.temp_dir, config_root)
        self.vhost_path = os.path.join(self.temp_dir, vhost_root)

        self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector(
            "rsa512_key.pem"))

        # Make sure all vhosts in sites-enabled are symlinks (Python packaging
        # does not preserve symlinks)
        sites_enabled = os.path.join(self.config_path, "sites-enabled")
        if not os.path.exists(sites_enabled):
            return

        for vhost_basename in os.listdir(sites_enabled):
            vhost = os.path.join(sites_enabled, vhost_basename)
            if not os.path.islink(vhost):  # pragma: no cover
                os.remove(vhost)
                target = os.path.join(
                    os.path.pardir, "sites-available", vhost_basename)
                os.symlink(target, vhost)
示例#9
0
    def setUp(self):
        self.chall = acme_util.chall_to_challb(
            challenges.DVSNI(r="r_value", nonce="12345ABCDE"), "pending")
        self.response = challenges.DVSNIResponse()
        key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))

        from letsencrypt.achallenges import DVSNI
        self.achall = DVSNI(challb=self.chall, domain="example.com", key=key)
示例#10
0
 def _test_notafterbefore(self, function, timestamp):
     test_cert = test_util.load_vector("cert.pem")
     os.symlink(os.path.join("..", "..", "archive", "example.org", "cert12.pem"), self.test_rc.cert)
     with open(self.test_rc.cert, "w") as f:
         f.write(test_cert)
     desired_time = datetime.datetime.utcfromtimestamp(timestamp)
     desired_time = desired_time.replace(tzinfo=pytz.UTC)
     for result in (function(), function(12)):
         self.assertEqual(result, desired_time)
         self.assertEqual(result.utcoffset(), datetime.timedelta(0))
示例#11
0
    def test_time_interval_judgments(self, mock_datetime):
        """Test should_autodeploy() and should_autorenew() on the basis
        of expiry time windows."""
        test_cert = test_util.load_vector("cert.pem")
        for kind in ALL_FOUR:
            where = getattr(self.test_rc, kind)
            os.symlink(os.path.join("..", "..", "archive", "example.org", "{0}12.pem".format(kind)), where)
            with open(where, "w") as f:
                f.write(kind)
            os.unlink(where)
            os.symlink(os.path.join("..", "..", "archive", "example.org", "{0}11.pem".format(kind)), where)
            with open(where, "w") as f:
                f.write(kind)
        self.test_rc.update_all_links_to(12)
        with open(self.test_rc.cert, "w") as f:
            f.write(test_cert)
        self.test_rc.update_all_links_to(11)
        with open(self.test_rc.cert, "w") as f:
            f.write(test_cert)

        mock_datetime.timedelta = datetime.timedelta

        for (current_time, interval, result) in [
            # 2014-12-13 12:00:00+00:00 (about 5 days prior to expiry)
            # Times that should result in autorenewal/autodeployment
            (1418472000, "2 months", True),
            (1418472000, "1 week", True),
            # Times that should not
            (1418472000, "4 days", False),
            (1418472000, "2 days", False),
            # 2009-05-01 12:00:00+00:00 (about 5 years prior to expiry)
            # Times that should result in autorenewal/autodeployment
            (1241179200, "7 years", True),
            (1241179200, "11 years 2 months", True),
            # Times that should not
            (1241179200, "8 hours", False),
            (1241179200, "2 days", False),
            (1241179200, "40 days", False),
            (1241179200, "9 months", False),
            # 2015-01-01 (after expiry has already happened, so all
            #            intervals should cause autorenewal/autodeployment)
            (1420070400, "0 seconds", True),
            (1420070400, "10 seconds", True),
            (1420070400, "10 minutes", True),
            (1420070400, "10 weeks", True),
            (1420070400, "10 months", True),
            (1420070400, "10 years", True),
            (1420070400, "99 months", True),
        ]:
            sometime = datetime.datetime.utcfromtimestamp(current_time)
            mock_datetime.datetime.utcnow.return_value = sometime
            self.test_rc.configuration["deploy_before_expiry"] = interval
            self.test_rc.configuration["renew_before_expiry"] = interval
            self.assertEqual(self.test_rc.should_autodeploy(), result)
            self.assertEqual(self.test_rc.should_autorenew(), result)
示例#12
0
    def setUp(self):
        super(NginxTest, self).setUp()

        self.temp_dir, self.config_dir, self.work_dir = common.dir_setup(
            "etc_nginx", "letsencrypt_nginx.tests")

        self.ssl_options = common.setup_ssl_options(
            self.config_dir, constants.MOD_SSL_CONF_SRC,
            constants.MOD_SSL_CONF_DEST)

        self.config_path = os.path.join(self.temp_dir, "etc_nginx")

        self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector(
            "rsa512_key.pem"))
示例#13
0
    def setUp(self, test_dir="debian_apache_2_4/two_vhost_80", config_root="debian_apache_2_4/two_vhost_80/apache2"):
        # pylint: disable=arguments-differ
        super(ApacheTest, self).setUp()

        self.temp_dir, self.config_dir, self.work_dir = common.dir_setup(
            test_dir=test_dir, pkg="letsencrypt_apache.tests"
        )

        self.ssl_options = common.setup_ssl_options(
            self.config_dir, constants.MOD_SSL_CONF_SRC, constants.MOD_SSL_CONF_DEST
        )

        self.config_path = os.path.join(self.temp_dir, config_root)

        self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
示例#14
0
    def test_renew(self, mock_c, mock_acc_storage, mock_pd):
        from letsencrypt import renewer

        test_cert = test_util.load_vector("cert-san.pem")
        for kind in ALL_FOUR:
            os.symlink(os.path.join("..", "..", "archive", "example.org",
                                    kind + "1.pem"),
                       getattr(self.test_rc, kind))
        fill_with_sample_data(self.test_rc)
        with open(self.test_rc.cert, "w") as f:
            f.write(test_cert)

        # Fails because renewalparams are missing
        self.assertFalse(renewer.renew(self.test_rc, 1))
        self.test_rc.configfile["renewalparams"] = {"some": "stuff"}
        # Fails because there's no authenticator specified
        self.assertFalse(renewer.renew(self.test_rc, 1))
        self.test_rc.configfile["renewalparams"]["rsa_key_size"] = "2048"
        self.test_rc.configfile["renewalparams"]["server"] = "acme.example.com"
        self.test_rc.configfile["renewalparams"]["authenticator"] = "fake"
        self.test_rc.configfile["renewalparams"]["tls_sni_01_port"] = "4430"
        self.test_rc.configfile["renewalparams"]["http01_port"] = "1234"
        self.test_rc.configfile["renewalparams"]["account"] = "abcde"
        self.test_rc.configfile["renewalparams"]["domains"] = ["example.com"]
        self.test_rc.configfile["renewalparams"]["config_dir"] = "config"
        self.test_rc.configfile["renewalparams"]["work_dir"] = "work"
        self.test_rc.configfile["renewalparams"]["logs_dir"] = "logs"
        mock_auth = mock.MagicMock()
        mock_pd.PluginsRegistry.find_all.return_value = {"apache": mock_auth}
        # Fails because "fake" != "apache"
        self.assertFalse(renewer.renew(self.test_rc, 1))
        self.test_rc.configfile["renewalparams"]["authenticator"] = "apache"
        mock_client = mock.MagicMock()
        # pylint: disable=star-args
        comparable_cert = jose.ComparableX509(CERT)
        mock_client.obtain_certificate.return_value = (
            mock.MagicMock(body=comparable_cert), [comparable_cert],
            mock.Mock(pem="key"), mock.sentinel.csr)
        mock_c.return_value = mock_client
        self.assertEqual(2, renewer.renew(self.test_rc, 1))
        # TODO: We could also make several assertions about calls that should
        #       have been made to the mock functions here.
        mock_acc_storage().load.assert_called_once_with(account_id="abcde")
        mock_client.obtain_certificate.return_value = (
            mock.sentinel.certr, [], mock.sentinel.key, mock.sentinel.csr)
        # This should fail because the renewal itself appears to fail
        self.assertFalse(renewer.renew(self.test_rc, 1))
示例#15
0
import shutil
import tempfile
import unittest

import mock

from acme import challenges
from acme import jose

from letsencrypt import achallenges
from letsencrypt import errors

from letsencrypt.tests import acme_util
from letsencrypt.tests import test_util

KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))


class AuthenticatorTest(unittest.TestCase):
    """Tests for letsencrypt.plugins.webroot.Authenticator."""

    achall = achallenges.KeyAuthorizationAnnotatedChallenge(
        challb=acme_util.HTTP01_P, domain=None, account_key=KEY)

    def setUp(self):
        from letsencrypt.plugins.webroot import Authenticator
        self.path = tempfile.mkdtemp()
        self.validation_path = os.path.join(
            self.path, ".well-known", "acme-challenge",
            "ZXZhR3hmQURzNnBTUmIyTEF2OUlaZjE3RHQzanV4R0orUEN0OTJ3citvQQ")
        self.config = mock.MagicMock(webroot_path=self.path)
 def test_parse_no_sans(self):
     self.assertEqual(
         [], self._call(test_util.load_vector('csr-nosans.pem')))
 def test_extract_two_sans(self):
     self.assertEqual(['example.com', 'www.example.com'], self._call(
         test_util.load_vector('csr-san.pem')))
 def test_san(self):
     self.assertEqual(
         ['example.com', 'www.example.com'],
         self._call(test_util.load_vector('cert-san.pem')))
 def test_invalid_false(self):
     self.assertFalse(self._call(
         test_util.load_vector('csr.pem'), RSA256_KEY))
 def test_valid_der_san_false(self):
     self.assertFalse(self._call(test_util.load_vector('csr-san.der')))
"""Tests for letsencrypt.crypto_util."""
import logging
import shutil
import tempfile
import unittest

import OpenSSL
import mock
import zope.component

from letsencrypt import errors
from letsencrypt import interfaces
from letsencrypt.tests import test_util


RSA256_KEY = test_util.load_vector('rsa256_key.pem')
RSA512_KEY = test_util.load_vector('rsa512_key.pem')
CERT = test_util.load_vector('cert.pem')
SAN_CERT = test_util.load_vector('cert-san.pem')


class InitSaveKeyTest(unittest.TestCase):
    """Tests for letsencrypt.crypto_util.init_save_key."""
    def setUp(self):
        logging.disable(logging.CRITICAL)
        zope.component.provideUtility(
            mock.Mock(strict_permissions=True), interfaces.IConfig)
        self.key_dir = tempfile.mkdtemp('key_dir')

    def tearDown(self):
        logging.disable(logging.NOTSET)
示例#22
0
import unittest

import mock
import OpenSSL

from acme import challenges
from acme import jose

from letsencrypt import achallenges

from letsencrypt.tests import acme_util
from letsencrypt.tests import test_util


ACCOUNT = mock.Mock(key=jose.JWKRSA.load(
    test_util.load_vector("rsa512_key.pem")))
CHALL_KEY_PEM = test_util.load_vector("rsa512_key_2.pem")
CHALL_KEY = OpenSSL.crypto.load_privatekey(
    OpenSSL.crypto.FILETYPE_PEM, CHALL_KEY_PEM)
CONFIG = mock.Mock(dvsni_port=5001)


# Classes based on to allow interrupting infinite loop under test
# after one iteration, based on.
# http://igorsobreira.com/2013/03/17/testing-infinite-loops.html

class _SocketAcceptOnlyNTimes(object):
    # pylint: disable=too-few-public-methods
    """
    Callable that will raise `CallableExhausted`
    exception after `limit` calls, modified to also return
 def test_extract_six_sans(self):
     self.assertEqual(self._call(test_util.load_vector('csr-6sans.pem')),
                      ["example.com", "example.org", "example.net",
                       "example.info", "subdomain.example.com",
                       "other.subdomain.example.com"])
示例#24
0
import socket
import unittest

import mock
import OpenSSL

from acme import challenges
from acme import jose

from letsencrypt import achallenges

from letsencrypt.tests import acme_util
from letsencrypt.tests import test_util


ACCOUNT_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
CHALL_KEY_PEM = test_util.load_vector("rsa512_key_2.pem")
CHALL_KEY = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, CHALL_KEY_PEM)
CONFIG = mock.Mock(dvsni_port=5001)


# Classes based on to allow interrupting infinite loop under test
# after one iteration, based on.
# http://igorsobreira.com/2013/03/17/testing-infinite-loops.html


class _SocketAcceptOnlyNTimes(object):
    # pylint: disable=too-few-public-methods
    """
    Callable that will raise `CallableExhausted`
    exception after `limit` calls, modified to also return
 def test_parse_no_sans(self):
     self.assertEqual(
         [], self._call(test_util.load_vector('csr-nosans.pem')))
 def test_valid_pem_true(self):
     self.assertTrue(self._call(test_util.load_vector('csr.pem')))
示例#27
0
import shutil
import tempfile
import unittest

import mock
import OpenSSL

from letsencrypt import errors
from letsencrypt import le_util
from letsencrypt.display import util as display_util

from letsencrypt.tests import test_util


KEY = OpenSSL.crypto.load_privatekey(
    OpenSSL.crypto.FILETYPE_PEM, test_util.load_vector("rsa512_key.pem"))


class RevokerBase(unittest.TestCase):  # pylint: disable=too-few-public-methods
    """Base Class for Revoker Tests."""
    def setUp(self):
        self.paths, self.certs, self.key_path = create_revoker_certs()

        self.backup_dir = tempfile.mkdtemp("cert_backup")
        self.mock_config = mock.MagicMock(cert_key_backup=self.backup_dir)

        self.list_path = os.path.join(self.backup_dir, "LIST")

    def _store_certs(self):
        # pylint: disable=protected-access
        from letsencrypt.revoker import Revoker
 def test_invalid_false(self):
     self.assertFalse(self._call(
         test_util.load_vector('csr.pem'), RSA256_KEY))
 def test_valid_true(self):
     self.assertTrue(self._call(
         test_util.load_vector('csr.pem'), RSA512_KEY))
示例#30
0
import signal
import unittest

import mock

from acme import challenges
from acme import jose

from letsencrypt import achallenges
from letsencrypt import errors

from letsencrypt.tests import acme_util
from letsencrypt.tests import test_util


KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))


class ManualAuthenticatorTest(unittest.TestCase):
    """Tests for letsencrypt.plugins.manual.ManualAuthenticator."""

    def setUp(self):
        from letsencrypt.plugins.manual import ManualAuthenticator
        self.config = mock.MagicMock(
            no_simple_http_tls=True, simple_http_port=4430,
            manual_test_mode=False)
        self.auth = ManualAuthenticator(config=self.config, name="manual")
        account = mock.MagicMock(key=KEY)
        self.achalls = [achallenges.SimpleHTTP(
            challb=acme_util.SIMPLE_HTTP_P, domain="foo.com", account=account)]
 def test_valid_pem_san_true(self):
     self.assertTrue(self._call(test_util.load_vector('csr-san.pem')))
 def test_valid_der_san_false(self):
     self.assertFalse(self._call(test_util.load_vector('csr-san.der')))
 def test_valid_true(self):
     self.assertTrue(self._call(
         test_util.load_vector('csr.pem'), RSA512_KEY))
 def test_extract_two_sans(self):
     self.assertEqual(['example.com', 'www.example.com'], self._call(
         test_util.load_vector('csr-san.pem')))
 def test_single(self):
     self.assertEqual([], self._call(test_util.load_vector('cert.pem')))
 def test_extract_one_san(self):
     self.assertEqual(['example.com'], self._call(
         test_util.load_vector('csr.pem')))
 def test_extract_one_san(self):
     self.assertEqual(['example.com'], self._call(
         test_util.load_vector('csr.pem')))
 def test_san(self):
     self.assertEqual(
         ['example.com', 'www.example.com'],
         self._call(test_util.load_vector('cert-san.pem')))
 def test_extract_six_sans(self):
     self.assertEqual(self._call(test_util.load_vector('csr-6sans.pem')),
                      ["example.com", "example.org", "example.net",
                       "example.info", "subdomain.example.com",
                       "other.subdomain.example.com"])
示例#40
0
import tempfile
import unittest

import OpenSSL
import mock

from acme import jose

from letsencrypt import account
from letsencrypt import errors
from letsencrypt import le_util

from letsencrypt.tests import test_util


KEY = test_util.load_vector("rsa512_key.pem")
CSR_SAN = test_util.load_vector("csr-san.der")


class ConfigHelper(object):
    """Creates a dummy object to imitate a namespace object

        Example: cfg = ConfigHelper(redirect=True, hsts=False, uir=False)
        will result in: cfg.redirect=True, cfg.hsts=False, etc.
    """
    def __init__(self, **kwds):
        self.__dict__.update(kwds)

class RegisterTest(unittest.TestCase):
    """Tests for letsencrypt.client.register."""
 def test_single(self):
     self.assertEqual([], self._call(test_util.load_vector('cert.pem')))
示例#42
0
import shutil
import tempfile
import unittest

import OpenSSL
import mock

from acme import jose

from letsencrypt import account
from letsencrypt import errors
from letsencrypt import le_util

from letsencrypt.tests import test_util

KEY = test_util.load_vector("rsa512_key.pem")
CSR_SAN = test_util.load_vector("csr-san.der")


class ConfigHelper(object):
    """Creates a dummy object to imitate a namespace object

        Example: cfg = ConfigHelper(redirect=True, hsts=False, uir=False)
        will result in: cfg.redirect=True, cfg.hsts=False, etc.
    """
    def __init__(self, **kwds):
        self.__dict__.update(kwds)


class RegisterTest(unittest.TestCase):
    """Tests for letsencrypt.client.register."""
示例#43
0
 def setUp(self):
     self.challb = acme_util.chall_to_challb(acme_util.DVSNI, "pending")
     key = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
     from letsencrypt.achallenges import DVSNI
     self.achall = DVSNI(
         challb=self.challb, domain="example.com", account_key=key)
"""Tests for letsencrypt.crypto_util."""
import logging
import shutil
import tempfile
import unittest

import OpenSSL
import mock

from letsencrypt.tests import test_util


RSA256_KEY = test_util.load_vector('rsa256_key.pem')
RSA512_KEY = test_util.load_vector('rsa512_key.pem')
CERT = test_util.load_vector('cert.pem')
SAN_CERT = test_util.load_vector('cert-san.pem')


class InitSaveKeyTest(unittest.TestCase):
    """Tests for letsencrypt.crypto_util.init_save_key."""
    def setUp(self):
        logging.disable(logging.CRITICAL)
        self.key_dir = tempfile.mkdtemp('key_dir')

    def tearDown(self):
        logging.disable(logging.NOTSET)
        shutil.rmtree(self.key_dir)

    @classmethod
    def _call(cls, key_size, key_dir):
        from letsencrypt.crypto_util import init_save_key