mirror of
https://github.com/go-acme/lego
synced 2024-06-01 09:42:11 +02:00
42941ccea6
- Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns
286 lines
7.6 KiB
Go
286 lines
7.6 KiB
Go
package dns01
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"errors"
|
|
"net/http"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
"github.com/xenolf/lego/acme"
|
|
"github.com/xenolf/lego/acme/api"
|
|
"github.com/xenolf/lego/challenge"
|
|
"github.com/xenolf/lego/platform/tester"
|
|
)
|
|
|
|
type providerMock struct {
|
|
present, cleanUp error
|
|
}
|
|
|
|
func (p *providerMock) Present(domain, token, keyAuth string) error { return p.present }
|
|
func (p *providerMock) CleanUp(domain, token, keyAuth string) error { return p.cleanUp }
|
|
|
|
type providerTimeoutMock struct {
|
|
present, cleanUp error
|
|
timeout, interval time.Duration
|
|
}
|
|
|
|
func (p *providerTimeoutMock) Present(domain, token, keyAuth string) error { return p.present }
|
|
func (p *providerTimeoutMock) CleanUp(domain, token, keyAuth string) error { return p.cleanUp }
|
|
func (p *providerTimeoutMock) Timeout() (time.Duration, time.Duration) { return p.timeout, p.interval }
|
|
|
|
func TestChallenge_PreSolve(t *testing.T) {
|
|
_, apiURL, tearDown := tester.SetupFakeAPI()
|
|
defer tearDown()
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 512)
|
|
require.NoError(t, err)
|
|
|
|
core, err := api.New(http.DefaultClient, "lego-test", apiURL+"/dir", "", privateKey)
|
|
require.NoError(t, err)
|
|
|
|
testCases := []struct {
|
|
desc string
|
|
validate ValidateFunc
|
|
preCheck PreCheckFunc
|
|
provider challenge.Provider
|
|
expectError bool
|
|
}{
|
|
{
|
|
desc: "success",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{},
|
|
},
|
|
{
|
|
desc: "validate fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return errors.New("OOPS") },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
present: nil,
|
|
cleanUp: nil,
|
|
},
|
|
},
|
|
{
|
|
desc: "preCheck fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return false, errors.New("OOPS") },
|
|
provider: &providerTimeoutMock{
|
|
timeout: 2 * time.Second,
|
|
interval: 500 * time.Millisecond,
|
|
},
|
|
},
|
|
{
|
|
desc: "present fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
present: errors.New("OOPS"),
|
|
},
|
|
expectError: true,
|
|
},
|
|
{
|
|
desc: "cleanUp fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
cleanUp: errors.New("OOPS"),
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range testCases {
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
chlg := NewChallenge(core, test.validate, test.provider, AddPreCheck(test.preCheck))
|
|
|
|
authz := acme.Authorization{
|
|
Identifier: acme.Identifier{
|
|
Value: "example.com",
|
|
},
|
|
Challenges: []acme.Challenge{
|
|
{Type: challenge.DNS01.String()},
|
|
},
|
|
}
|
|
|
|
err = chlg.PreSolve(authz)
|
|
if test.expectError {
|
|
require.Error(t, err)
|
|
} else {
|
|
require.NoError(t, err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestChallenge_Solve(t *testing.T) {
|
|
_, apiURL, tearDown := tester.SetupFakeAPI()
|
|
defer tearDown()
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 512)
|
|
require.NoError(t, err)
|
|
|
|
core, err := api.New(http.DefaultClient, "lego-test", apiURL+"/dir", "", privateKey)
|
|
require.NoError(t, err)
|
|
|
|
testCases := []struct {
|
|
desc string
|
|
validate ValidateFunc
|
|
preCheck PreCheckFunc
|
|
provider challenge.Provider
|
|
expectError bool
|
|
}{
|
|
{
|
|
desc: "success",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{},
|
|
},
|
|
{
|
|
desc: "validate fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return errors.New("OOPS") },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
present: nil,
|
|
cleanUp: nil,
|
|
},
|
|
expectError: true,
|
|
},
|
|
{
|
|
desc: "preCheck fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return false, errors.New("OOPS") },
|
|
provider: &providerTimeoutMock{
|
|
timeout: 2 * time.Second,
|
|
interval: 500 * time.Millisecond,
|
|
},
|
|
expectError: true,
|
|
},
|
|
{
|
|
desc: "present fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
present: errors.New("OOPS"),
|
|
},
|
|
},
|
|
{
|
|
desc: "cleanUp fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
cleanUp: errors.New("OOPS"),
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, test := range testCases {
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
chlg := NewChallenge(core, test.validate, test.provider, AddPreCheck(test.preCheck))
|
|
|
|
authz := acme.Authorization{
|
|
Identifier: acme.Identifier{
|
|
Value: "example.com",
|
|
},
|
|
Challenges: []acme.Challenge{
|
|
{Type: challenge.DNS01.String()},
|
|
},
|
|
}
|
|
|
|
err = chlg.Solve(authz)
|
|
if test.expectError {
|
|
require.Error(t, err)
|
|
} else {
|
|
require.NoError(t, err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestChallenge_CleanUp(t *testing.T) {
|
|
_, apiURL, tearDown := tester.SetupFakeAPI()
|
|
defer tearDown()
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 512)
|
|
require.NoError(t, err)
|
|
|
|
core, err := api.New(http.DefaultClient, "lego-test", apiURL+"/dir", "", privateKey)
|
|
require.NoError(t, err)
|
|
|
|
testCases := []struct {
|
|
desc string
|
|
validate ValidateFunc
|
|
preCheck PreCheckFunc
|
|
provider challenge.Provider
|
|
expectError bool
|
|
}{
|
|
{
|
|
desc: "success",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{},
|
|
},
|
|
{
|
|
desc: "validate fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return errors.New("OOPS") },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
present: nil,
|
|
cleanUp: nil,
|
|
},
|
|
},
|
|
{
|
|
desc: "preCheck fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return false, errors.New("OOPS") },
|
|
provider: &providerTimeoutMock{
|
|
timeout: 2 * time.Second,
|
|
interval: 500 * time.Millisecond,
|
|
},
|
|
},
|
|
{
|
|
desc: "present fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
present: errors.New("OOPS"),
|
|
},
|
|
},
|
|
{
|
|
desc: "cleanUp fail",
|
|
validate: func(_ *api.Core, _ string, _ acme.Challenge) error { return nil },
|
|
preCheck: func(_, _ string) (bool, error) { return true, nil },
|
|
provider: &providerMock{
|
|
cleanUp: errors.New("OOPS"),
|
|
},
|
|
expectError: true,
|
|
},
|
|
}
|
|
|
|
for _, test := range testCases {
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
chlg := NewChallenge(core, test.validate, test.provider, AddPreCheck(test.preCheck))
|
|
|
|
authz := acme.Authorization{
|
|
Identifier: acme.Identifier{
|
|
Value: "example.com",
|
|
},
|
|
Challenges: []acme.Challenge{
|
|
{Type: challenge.DNS01.String()},
|
|
},
|
|
}
|
|
|
|
err = chlg.CleanUp(authz)
|
|
if test.expectError {
|
|
require.Error(t, err)
|
|
} else {
|
|
require.NoError(t, err)
|
|
}
|
|
})
|
|
}
|
|
}
|