forked from letsencrypt/boulder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
objects_test.go
146 lines (127 loc) · 5.07 KB
/
objects_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
package core
import (
"crypto/rsa"
"encoding/json"
"math/big"
"net"
"testing"
"gopkg.in/square/go-jose.v2"
"github.com/letsencrypt/boulder/test"
)
func TestExpectedKeyAuthorization(t *testing.T) {
ch := Challenge{Token: "hi"}
jwk1 := &jose.JSONWebKey{Key: &rsa.PublicKey{N: big.NewInt(1234), E: 1234}}
jwk2 := &jose.JSONWebKey{Key: &rsa.PublicKey{N: big.NewInt(5678), E: 5678}}
ka1, err := ch.ExpectedKeyAuthorization(jwk1)
test.AssertNotError(t, err, "Failed to calculate expected key authorization 1")
ka2, err := ch.ExpectedKeyAuthorization(jwk2)
test.AssertNotError(t, err, "Failed to calculate expected key authorization 2")
expected1 := "hi.sIMEyhkWCCSYqDqZqPM1bKkvb5T9jpBOb7_w5ZNorF4"
expected2 := "hi.FPoiyqWPod2T0fKqkPI1uXPYUsRK1DSyzsQsv0oMuGg"
if ka1 != expected1 {
t.Errorf("Incorrect ka1. Expected [%s], got [%s]", expected1, ka1)
}
if ka2 != expected2 {
t.Errorf("Incorrect ka2. Expected [%s], got [%s]", expected2, ka2)
}
}
func TestRecordSanityCheckOnUnsupportChallengeType(t *testing.T) {
rec := []ValidationRecord{
{
URL: "http://localhost/test",
Hostname: "localhost",
Port: "80",
AddressesResolved: []net.IP{{127, 0, 0, 1}},
AddressUsed: net.IP{127, 0, 0, 1},
},
}
chall := Challenge{Type: "obsoletedChallenge", ValidationRecord: rec}
test.Assert(t, !chall.RecordsSane(), "Record with unsupported challenge type should not be sane")
}
func TestChallengeSanityCheck(t *testing.T) {
// Make a temporary account key
var accountKey *jose.JSONWebKey
err := json.Unmarshal([]byte(`{
"kty":"RSA",
"n":"yNWVhtYEKJR21y9xsHV-PD_bYwbXSeNuFal46xYxVfRL5mqha7vttvjB_vc7Xg2RvgCxHPCqoxgMPTzHrZT75LjCwIW2K_klBYN8oYvTwwmeSkAz6ut7ZxPv-nZaT5TJhGk0NT2kh_zSpdriEJ_3vW-mqxYbbBmpvHqsa1_zx9fSuHYctAZJWzxzUZXykbWMWQZpEiE0J4ajj51fInEzVn7VxV-mzfMyboQjujPh7aNJxAWSq4oQEJJDgWwSh9leyoJoPpONHxh5nEE5AjE01FkGICSxjpZsF-w8hOTI3XXohUdu29Se26k2B0PolDSuj0GIQU6-W9TdLXSjBb2SpQ",
"e":"AQAB"
}`), &accountKey)
test.AssertNotError(t, err, "Error unmarshaling JWK")
types := []string{ChallengeTypeHTTP01, ChallengeTypeTLSSNI01, ChallengeTypeDNS01, ChallengeTypeTLSALPN01}
for _, challengeType := range types {
chall := Challenge{
Type: challengeType,
Status: StatusInvalid,
}
test.AssertError(t, chall.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer didn't return an error")
chall.Status = StatusPending
test.AssertError(t, chall.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer didn't return an error")
chall.Token = "KQqLsiS5j0CONR_eUXTUSUDNVaHODtc-0pD6ACif7U4"
test.AssertNotError(t, chall.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer returned an error")
chall.ProvidedKeyAuthorization = chall.Token + ".AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
test.AssertNotError(t, chall.CheckConsistencyForValidation(), "CheckConsistencyForValidation returned an error")
chall.ProvidedKeyAuthorization = "aaaa.aaaa"
test.AssertError(t, chall.CheckConsistencyForValidation(), "CheckConsistencyForValidation didn't return an error")
}
chall := Challenge{Type: "bogus", Status: StatusPending}
test.AssertError(t, chall.CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer didn't return an error")
test.AssertError(t, chall.CheckConsistencyForValidation(), "CheckConsistencyForValidation didn't return an error")
}
func TestJSONBufferUnmarshal(t *testing.T) {
testStruct := struct {
Buffer JSONBuffer
}{}
notValidBase64 := []byte(`{"Buffer":"!!!!"}`)
err := json.Unmarshal(notValidBase64, &testStruct)
test.Assert(t, err != nil, "Should have choked on invalid base64")
}
func TestAuthorizationSolvedBy(t *testing.T) {
validHTTP01 := HTTPChallenge01()
validHTTP01.Status = StatusValid
validDNS01 := DNSChallenge01()
validDNS01.Status = StatusValid
testCases := []struct {
Name string
Authz Authorization
ExpectedResult string
}{
// An authz with no challenges should return nil
{
Name: "No challenges",
Authz: Authorization{},
},
// An authz with all non-valid challenges should return nil
{
Name: "All non-valid challenges",
Authz: Authorization{
Challenges: []Challenge{HTTPChallenge01(), DNSChallenge01()},
},
},
// An authz with one valid HTTP01 challenge amongst other challenges should
// return the HTTP01 challenge
{
Name: "Valid HTTP01 challenge",
Authz: Authorization{
Challenges: []Challenge{HTTPChallenge01(), validHTTP01, DNSChallenge01()},
},
ExpectedResult: "http-01",
},
// An authz with both a valid HTTP01 challenge and a valid DNS01 challenge
// among other challenges should return whichever valid challenge is first
// (in this case DNS01)
{
Name: "Valid HTTP01 and DNS01 challenge",
Authz: Authorization{
Challenges: []Challenge{validDNS01, HTTPChallenge01(), validHTTP01, DNSChallenge01()},
},
ExpectedResult: "dns-01",
},
}
for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
result := tc.Authz.SolvedBy()
// Make sure the result was the correct challenge type
test.AssertEquals(t, result, tc.ExpectedResult)
})
}
}