mirror of
https://github.com/go-acme/lego
synced 2026-03-14 14:35:48 +01:00
tests: add EAB e2e tests
This commit is contained in:
Fernandez Ludovic
parent
3570a4c312
commit
2f42e47de9
3 changed files with 149 additions and 1 deletions
|
|
@ -211,7 +211,7 @@ linters:
|
|||
text: Logger is a global variable
|
||||
linters:
|
||||
- gochecknoglobals
|
||||
- path: e2e/(dnschallenge/)?[\d\w]+_test.go
|
||||
- path: e2e/(dnschallenge/|eab/)?[\d\w]+_test.go
|
||||
text: load is a global variable
|
||||
linters:
|
||||
- gochecknoglobals
|
||||
|
|
|
|||
123
e2e/eab/eab_test.go
Normal file
123
e2e/eab/eab_test.go
Normal file
|
|
@ -0,0 +1,123 @@
|
|||
package eab
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/go-acme/lego/v5/acme"
|
||||
"github.com/go-acme/lego/v5/certificate"
|
||||
"github.com/go-acme/lego/v5/challenge/http01"
|
||||
"github.com/go-acme/lego/v5/e2e/loader"
|
||||
"github.com/go-acme/lego/v5/lego"
|
||||
"github.com/go-acme/lego/v5/registration"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
const (
|
||||
testDomain1 = "acme.localhost"
|
||||
)
|
||||
|
||||
const (
|
||||
testEmail1 = "lego@example.com"
|
||||
)
|
||||
|
||||
const caDirectory = "https://localhost:16000/dir"
|
||||
|
||||
var load = loader.EnvLoader{
|
||||
PebbleOptions: &loader.CmdOption{
|
||||
HealthCheckURL: caDirectory,
|
||||
Args: []string{"-strict", "-config", "fixtures/pebble-config-eab.json"},
|
||||
Env: []string{"PEBBLE_VA_NOSLEEP=1", "PEBBLE_WFE_NONCEREJECT=20"},
|
||||
Dir: "../",
|
||||
},
|
||||
LegoOptions: []string{
|
||||
"LEGO_CA_CERTIFICATES=../fixtures/certs/pebble.minica.pem",
|
||||
"LEGO_DEBUG_ACME_HTTP_CLIENT=1",
|
||||
},
|
||||
}
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
os.Exit(load.MainTest(context.Background(), m))
|
||||
}
|
||||
|
||||
func TestChallengeHTTP_Run_EAB(t *testing.T) {
|
||||
loader.CleanLegoFiles(t.Context())
|
||||
|
||||
err := load.RunLego(t.Context(),
|
||||
"run",
|
||||
"-m", testEmail1,
|
||||
"--accept-tos",
|
||||
"-s", caDirectory,
|
||||
"-d", testDomain1,
|
||||
"--http",
|
||||
"--http.port", ":5006",
|
||||
"--eab",
|
||||
"--eab.kid", "kid-3",
|
||||
"--eab.hmac", "HjudV5qnbreN-n9WyFSH-t4HXuEx_XFen45zuxY-G1h6fr74V3cUM_dVlwQZBWmc",
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestChallengeHTTP_Client_Obtain_EAB(t *testing.T) {
|
||||
t.Setenv("LEGO_CA_CERTIFICATES", "../fixtures/certs/pebble.minica.pem")
|
||||
|
||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
require.NoError(t, err, "Could not generate test key")
|
||||
|
||||
user := &fakeUser{privateKey: privateKey}
|
||||
config := lego.NewConfig(user)
|
||||
config.CADirURL = load.PebbleOptions.HealthCheckURL
|
||||
|
||||
client, err := lego.NewClient(config)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "5006"))
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx := t.Context()
|
||||
|
||||
options := registration.RegisterEABOptions{
|
||||
TermsOfServiceAgreed: true,
|
||||
Kid: "kid-3",
|
||||
HmacEncoded: "HjudV5qnbreN-n9WyFSH-t4HXuEx_XFen45zuxY-G1h6fr74V3cUM_dVlwQZBWmc",
|
||||
}
|
||||
|
||||
reg, err := client.Registration.RegisterWithExternalAccountBinding(ctx, options)
|
||||
require.NoError(t, err)
|
||||
|
||||
user.registration = reg
|
||||
|
||||
request := certificate.ObtainRequest{
|
||||
Domains: []string{testDomain1},
|
||||
Bundle: true,
|
||||
}
|
||||
|
||||
resource, err := client.Certificate.Obtain(ctx, request)
|
||||
require.NoError(t, err)
|
||||
|
||||
require.NotNil(t, resource)
|
||||
assert.Equal(t, testDomain1, resource.ID)
|
||||
assert.Equal(t, []string{testDomain1}, resource.Domains)
|
||||
assert.Regexp(t, `https://localhost:16000/certZ/[\w\d]{14,}`, resource.CertURL)
|
||||
assert.Regexp(t, `https://localhost:16000/certZ/[\w\d]{14,}`, resource.CertStableURL)
|
||||
assert.NotEmpty(t, resource.Certificate)
|
||||
assert.NotEmpty(t, resource.IssuerCertificate)
|
||||
assert.Empty(t, resource.CSR)
|
||||
}
|
||||
|
||||
type fakeUser struct {
|
||||
email string
|
||||
privateKey crypto.PrivateKey
|
||||
registration *acme.ExtendedAccount
|
||||
}
|
||||
|
||||
func (f *fakeUser) GetEmail() string { return f.email }
|
||||
func (f *fakeUser) GetRegistration() *acme.ExtendedAccount { return f.registration }
|
||||
func (f *fakeUser) GetPrivateKey() crypto.PrivateKey { return f.privateKey }
|
||||
25
e2e/fixtures/pebble-config-eab.json
Normal file
25
e2e/fixtures/pebble-config-eab.json
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
{
|
||||
"pebble": {
|
||||
"listenAddress": "0.0.0.0:16000",
|
||||
"certificate": "fixtures/certs/localhost/cert.pem",
|
||||
"privateKey": "fixtures/certs/localhost/key.pem",
|
||||
"httpPort": 5006,
|
||||
"tlsPort": 5005,
|
||||
"externalAccountBindingRequired": true,
|
||||
"externalAccountMACKeys": {
|
||||
"kid-1": "zWNDZM6eQGHWpSRTPal5eIUYFTu7EajVIoguysqZ9wG44nMEtx3MUAsUDkMTQ12W",
|
||||
"kid-2": "b10lLJs8l1GPIzsLP0s6pMt8O0XVGnfTaCeROxQM0BIt2XrJMDHJZBM5NuQmQJQH",
|
||||
"kid-3": "HjudV5qnbreN-n9WyFSH-t4HXuEx_XFen45zuxY-G1h6fr74V3cUM_dVlwQZBWmc"
|
||||
},
|
||||
"profiles": {
|
||||
"default": {
|
||||
"description": "The profile you know and love",
|
||||
"validityPeriod": 7776000
|
||||
},
|
||||
"shortlived": {
|
||||
"description": "A short-lived cert profile, without actual enforcement",
|
||||
"validityPeriod": 518400
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue