Remove explicit account key from VA calls
This commit is contained in:
Richard Barnes
parent
9f756a692a
commit
8868ac9dad
|
|
@ -80,7 +80,7 @@ type RegistrationAuthority interface {
|
|||
// ValidationAuthority defines the public interface for the Boulder VA
|
||||
type ValidationAuthority interface {
|
||||
// [RegistrationAuthority]
|
||||
UpdateValidations(Authorization, int, jose.JsonWebKey) error
|
||||
UpdateValidations(Authorization, int) error
|
||||
CheckCAARecords(AcmeIdentifier) (bool, bool, error)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -159,7 +159,7 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization
|
|||
}
|
||||
|
||||
// Create validations, but we have to update them with URIs later
|
||||
challenges, combinations := ra.PA.ChallengesFor(identifier, reg.Key)
|
||||
challenges, combinations := ra.PA.ChallengesFor(identifier)
|
||||
|
||||
// Partially-filled object
|
||||
authz = core.Authorization{
|
||||
|
|
@ -186,7 +186,7 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization
|
|||
authz.Challenges[i].URI = challengeURI
|
||||
|
||||
// Add the account key used to generate the challenge
|
||||
authz.Challenges[i].AccountKey = reg.Key
|
||||
authz.Challenges[i].AccountKey = ®.Key
|
||||
|
||||
if !authz.Challenges[i].IsSane(false) {
|
||||
// InternalServerError because we generated these challenges, they should
|
||||
|
|
@ -371,15 +371,8 @@ func (ra *RegistrationAuthorityImpl) UpdateAuthorization(base core.Authorization
|
|||
return
|
||||
}
|
||||
|
||||
// Look up the account key for this authorization
|
||||
reg, err := ra.SA.GetRegistration(authz.RegistrationID)
|
||||
if err != nil {
|
||||
err = core.InternalServerError(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
// Dispatch to the VA for service
|
||||
ra.VA.UpdateValidations(authz, challengeIndex, reg.Key)
|
||||
ra.VA.UpdateValidations(authz, challengeIndex)
|
||||
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ type DummyValidationAuthority struct {
|
|||
Argument core.Authorization
|
||||
}
|
||||
|
||||
func (dva *DummyValidationAuthority) UpdateValidations(authz core.Authorization, index int, key jose.JsonWebKey) (err error) {
|
||||
func (dva *DummyValidationAuthority) UpdateValidations(authz core.Authorization, index int) (err error) {
|
||||
dva.Called = true
|
||||
dva.Argument = authz
|
||||
return
|
||||
|
|
|
|||
|
|
@ -179,7 +179,7 @@ func (va ValidationAuthorityImpl) resolveAndConstructDialer(name, defaultPort st
|
|||
|
||||
// Validation methods
|
||||
|
||||
func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) {
|
||||
func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentifier, input core.Challenge) (core.Challenge, error) {
|
||||
challenge := input
|
||||
|
||||
if identifier.Type != core.IdentifierDNS {
|
||||
|
|
@ -344,7 +344,7 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif
|
|||
"token": challenge.Token,
|
||||
"tls": (challenge.TLS == nil) || *challenge.TLS,
|
||||
}
|
||||
err = verifyValidationJWS(parsedJws, &accountKey, target)
|
||||
err = verifyValidationJWS(parsedJws, challenge.AccountKey, target)
|
||||
if err != nil {
|
||||
va.log.Debug(err.Error())
|
||||
challenge.Status = core.StatusInvalid
|
||||
|
|
@ -359,7 +359,7 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif
|
|||
return challenge, nil
|
||||
}
|
||||
|
||||
func (va ValidationAuthorityImpl) validateDvsni(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) {
|
||||
func (va ValidationAuthorityImpl) validateDvsni(identifier core.AcmeIdentifier, input core.Challenge) (core.Challenge, error) {
|
||||
challenge := input
|
||||
|
||||
if identifier.Type != "dns" {
|
||||
|
|
@ -379,7 +379,7 @@ func (va ValidationAuthorityImpl) validateDvsni(identifier core.AcmeIdentifier,
|
|||
"type": core.ChallengeTypeDVSNI,
|
||||
"token": challenge.Token,
|
||||
}
|
||||
err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), &accountKey, target)
|
||||
err := verifyValidationJWS(challenge.Validation, challenge.AccountKey, target)
|
||||
if err != nil {
|
||||
va.log.Debug(err.Error())
|
||||
challenge.Status = core.StatusInvalid
|
||||
|
|
@ -483,7 +483,7 @@ func parseHTTPConnError(err error) core.ProblemType {
|
|||
return core.ConnectionProblem
|
||||
}
|
||||
|
||||
func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) {
|
||||
func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, input core.Challenge) (core.Challenge, error) {
|
||||
challenge := input
|
||||
|
||||
if identifier.Type != core.IdentifierDNS {
|
||||
|
|
@ -503,7 +503,7 @@ func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, in
|
|||
"type": core.ChallengeTypeDNS,
|
||||
"token": challenge.Token,
|
||||
}
|
||||
err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), &accountKey, target)
|
||||
err := verifyValidationJWS(challenge.Validation, challenge.AccountKey, target)
|
||||
if err != nil {
|
||||
va.log.Debug(err.Error())
|
||||
challenge.Status = core.StatusInvalid
|
||||
|
|
@ -543,7 +543,7 @@ func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, in
|
|||
|
||||
// Overall validation process
|
||||
|
||||
func (va ValidationAuthorityImpl) validate(authz core.Authorization, challengeIndex int, accountKey jose.JsonWebKey) {
|
||||
func (va ValidationAuthorityImpl) validate(authz core.Authorization, challengeIndex int) {
|
||||
logEvent := verificationRequestEvent{
|
||||
ID: authz.ID,
|
||||
Requester: authz.RegistrationID,
|
||||
|
|
@ -561,11 +561,11 @@ func (va ValidationAuthorityImpl) validate(authz core.Authorization, challengeIn
|
|||
|
||||
switch authz.Challenges[challengeIndex].Type {
|
||||
case core.ChallengeTypeSimpleHTTP:
|
||||
authz.Challenges[challengeIndex], err = va.validateSimpleHTTP(authz.Identifier, authz.Challenges[challengeIndex], accountKey)
|
||||
authz.Challenges[challengeIndex], err = va.validateSimpleHTTP(authz.Identifier, authz.Challenges[challengeIndex])
|
||||
case core.ChallengeTypeDVSNI:
|
||||
authz.Challenges[challengeIndex], err = va.validateDvsni(authz.Identifier, authz.Challenges[challengeIndex], accountKey)
|
||||
authz.Challenges[challengeIndex], err = va.validateDvsni(authz.Identifier, authz.Challenges[challengeIndex])
|
||||
case core.ChallengeTypeDNS:
|
||||
authz.Challenges[challengeIndex], err = va.validateDNS(authz.Identifier, authz.Challenges[challengeIndex], accountKey)
|
||||
authz.Challenges[challengeIndex], err = va.validateDNS(authz.Identifier, authz.Challenges[challengeIndex])
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
|
|
@ -589,8 +589,8 @@ func (va ValidationAuthorityImpl) validate(authz core.Authorization, challengeIn
|
|||
}
|
||||
|
||||
// UpdateValidations runs the validate() method asynchronously using goroutines.
|
||||
func (va ValidationAuthorityImpl) UpdateValidations(authz core.Authorization, challengeIndex int, accountKey jose.JsonWebKey) error {
|
||||
go va.validate(authz, challengeIndex, accountKey)
|
||||
func (va ValidationAuthorityImpl) UpdateValidations(authz core.Authorization, challengeIndex int) error {
|
||||
go va.validate(authz, challengeIndex)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ var TheKey = rsa.PrivateKey{
|
|||
Primes: []*big.Int{p, q},
|
||||
}
|
||||
|
||||
var AccountKey = jose.JsonWebKey{Key: TheKey.Public()}
|
||||
var accountKey = &jose.JsonWebKey{Key: TheKey.Public()}
|
||||
|
||||
var ident = core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "localhost"}
|
||||
|
||||
|
|
@ -261,7 +261,12 @@ func TestSimpleHttpTLS(t *testing.T) {
|
|||
va := NewValidationAuthorityImpl(true)
|
||||
va.DNSResolver = &mocks.MockDNS{}
|
||||
|
||||
chall := core.Challenge{Type: core.ChallengeTypeSimpleHTTP, Token: expectedToken, ValidationRecord: []core.ValidationRecord{}}
|
||||
chall := core.Challenge{
|
||||
Type: core.ChallengeTypeSimpleHTTP,
|
||||
Token: expectedToken,
|
||||
ValidationRecord: []core.ValidationRecord{},
|
||||
AccountKey: accountKey,
|
||||
}
|
||||
|
||||
stopChan := make(chan bool, 1)
|
||||
waitChan := make(chan bool, 1)
|
||||
|
|
@ -270,7 +275,7 @@ func TestSimpleHttpTLS(t *testing.T) {
|
|||
<-waitChan
|
||||
|
||||
log.Clear()
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, "Error validating simpleHttp")
|
||||
logs := log.GetAllMatching(`^\[AUDIT\] Attempting to validate SimpleHTTPS for `)
|
||||
|
|
@ -283,9 +288,15 @@ func TestSimpleHttp(t *testing.T) {
|
|||
va.DNSResolver = &mocks.MockDNS{}
|
||||
|
||||
tls := false
|
||||
chall := core.Challenge{Type: core.ChallengeTypeSimpleHTTP, Token: expectedToken, TLS: &tls, ValidationRecord: []core.ValidationRecord{}}
|
||||
chall := core.Challenge{
|
||||
Type: core.ChallengeTypeSimpleHTTP,
|
||||
Token: expectedToken,
|
||||
TLS: &tls,
|
||||
ValidationRecord: []core.ValidationRecord{},
|
||||
AccountKey: accountKey,
|
||||
}
|
||||
|
||||
invalidChall, err := va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
invalidChall, err := va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "Server's not up yet; expected refusal. Where did we connect?")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.ConnectionProblem)
|
||||
|
|
@ -297,14 +308,14 @@ func TestSimpleHttp(t *testing.T) {
|
|||
<-waitChan
|
||||
|
||||
log.Clear()
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, "Error validating simpleHttp")
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`^\[AUDIT\] `)), 1)
|
||||
|
||||
log.Clear()
|
||||
chall.Token = path404
|
||||
invalidChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
invalidChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "Should have found a 404 for the challenge.")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.UnauthorizedProblem)
|
||||
|
|
@ -314,7 +325,7 @@ func TestSimpleHttp(t *testing.T) {
|
|||
chall.Token = pathWrongToken
|
||||
// The "wrong token" will actually be the expectedToken. It's wrong
|
||||
// because it doesn't match pathWrongToken.
|
||||
invalidChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
invalidChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "Should have found the wrong token value.")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.UnauthorizedProblem)
|
||||
|
|
@ -322,27 +333,27 @@ func TestSimpleHttp(t *testing.T) {
|
|||
|
||||
log.Clear()
|
||||
chall.Token = pathMoved
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, "Failed to follow 301 redirect")
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/301" to ".*/valid"`)), 1)
|
||||
|
||||
log.Clear()
|
||||
chall.Token = pathFound
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, "Failed to follow 302 redirect")
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/302" to ".*/301"`)), 1)
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/301" to ".*/valid"`)), 1)
|
||||
|
||||
ipIdentifier := core.AcmeIdentifier{Type: core.IdentifierType("ip"), Value: "127.0.0.1"}
|
||||
invalidChall, err = va.validateSimpleHTTP(ipIdentifier, chall, AccountKey)
|
||||
invalidChall, err = va.validateSimpleHTTP(ipIdentifier, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "IdentifierType IP shouldn't have worked.")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.MalformedProblem)
|
||||
|
||||
va.TestMode = false
|
||||
invalidChall, err = va.validateSimpleHTTP(core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "always.invalid"}, chall, AccountKey)
|
||||
invalidChall, err = va.validateSimpleHTTP(core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "always.invalid"}, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "Domain name is invalid.")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.UnknownHostProblem)
|
||||
|
|
@ -350,7 +361,7 @@ func TestSimpleHttp(t *testing.T) {
|
|||
|
||||
chall.Token = "wait-long"
|
||||
started := time.Now()
|
||||
invalidChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
invalidChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
took := time.Since(started)
|
||||
// Check that the HTTP connection times out after 5 seconds and doesn't block for 10 seconds
|
||||
test.Assert(t, (took > (time.Second * 5)), "HTTP timed out before 5 seconds")
|
||||
|
|
@ -365,7 +376,12 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
|
|||
va.DNSResolver = &mocks.MockDNS{}
|
||||
|
||||
tls := false
|
||||
chall := core.Challenge{Token: expectedToken, TLS: &tls, ValidationRecord: []core.ValidationRecord{}}
|
||||
chall := core.Challenge{
|
||||
Token: expectedToken,
|
||||
TLS: &tls,
|
||||
ValidationRecord: []core.ValidationRecord{},
|
||||
AccountKey: accountKey,
|
||||
}
|
||||
|
||||
stopChan := make(chan bool, 1)
|
||||
waitChan := make(chan bool, 1)
|
||||
|
|
@ -375,7 +391,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
|
|||
|
||||
log.Clear()
|
||||
chall.Token = pathMoved
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, chall.Token)
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/301" to ".*/valid"`)), 1)
|
||||
|
|
@ -383,7 +399,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
|
|||
|
||||
log.Clear()
|
||||
chall.Token = pathFound
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, chall.Token)
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/302" to ".*/301"`)), 1)
|
||||
|
|
@ -392,7 +408,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
|
|||
|
||||
log.Clear()
|
||||
chall.Token = pathRedirectLookupInvalid
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, chall.Token)
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`Resolved addresses for localhost \[using 127.0.0.1\]: \[127.0.0.1\]`)), 1)
|
||||
|
|
@ -400,7 +416,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
|
|||
|
||||
log.Clear()
|
||||
chall.Token = pathRedirectLookup
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, chall.Token)
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/re-lookup" to ".*other.valid/path"`)), 1)
|
||||
|
|
@ -409,7 +425,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) {
|
|||
|
||||
log.Clear()
|
||||
chall.Token = pathRedirectPort
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err = va.validateSimpleHTTP(ident, chall)
|
||||
fmt.Println(finChall.ValidationRecord)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, chall.Token)
|
||||
|
|
@ -423,7 +439,11 @@ func TestSimpleHttpRedirectLoop(t *testing.T) {
|
|||
va.DNSResolver = &mocks.MockDNS{}
|
||||
|
||||
tls := false
|
||||
chall := core.Challenge{Token: "looper", TLS: &tls, ValidationRecord: []core.ValidationRecord{}}
|
||||
chall := core.Challenge{
|
||||
Token: "looper",
|
||||
TLS: &tls,
|
||||
ValidationRecord: []core.ValidationRecord{},
|
||||
}
|
||||
|
||||
stopChan := make(chan bool, 1)
|
||||
waitChan := make(chan bool, 1)
|
||||
|
|
@ -432,7 +452,7 @@ func TestSimpleHttpRedirectLoop(t *testing.T) {
|
|||
<-waitChan
|
||||
|
||||
log.Clear()
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall, AccountKey)
|
||||
finChall, err := va.validateSimpleHTTP(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, chall.Token)
|
||||
fmt.Println(finChall)
|
||||
|
|
@ -445,7 +465,7 @@ func TestDvsni(t *testing.T) {
|
|||
chall := createChallenge(core.ChallengeTypeDVSNI)
|
||||
|
||||
log.Clear()
|
||||
invalidChall, err := va.validateDvsni(ident, chall, AccountKey)
|
||||
invalidChall, err := va.validateDvsni(ident, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "Server's not up yet; expected refusal. Where did we connect?")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.ConnectionProblem)
|
||||
|
|
@ -458,20 +478,20 @@ func TestDvsni(t *testing.T) {
|
|||
<-waitChan
|
||||
|
||||
log.Clear()
|
||||
finChall, err := va.validateDvsni(ident, chall, AccountKey)
|
||||
finChall, err := va.validateDvsni(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
test.AssertNotError(t, err, "")
|
||||
test.AssertEquals(t, len(log.GetAllMatching(`Resolved addresses for localhost \[using 127.0.0.1\]: \[127.0.0.1\]`)), 1)
|
||||
|
||||
log.Clear()
|
||||
invalidChall, err = va.validateDvsni(core.AcmeIdentifier{Type: core.IdentifierType("ip"), Value: "127.0.0.1"}, chall, AccountKey)
|
||||
invalidChall, err = va.validateDvsni(core.AcmeIdentifier{Type: core.IdentifierType("ip"), Value: "127.0.0.1"}, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "IdentifierType IP shouldn't have worked.")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.MalformedProblem)
|
||||
|
||||
log.Clear()
|
||||
va.TestMode = false
|
||||
invalidChall, err = va.validateDvsni(core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "always.invalid"}, chall, AccountKey)
|
||||
invalidChall, err = va.validateDvsni(core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "always.invalid"}, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "Domain name is invalid.")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.UnknownHostProblem)
|
||||
|
|
@ -489,7 +509,7 @@ func TestDvsni(t *testing.T) {
|
|||
|
||||
log.Clear()
|
||||
started := time.Now()
|
||||
invalidChall, err = va.validateDvsni(ident, chall, AccountKey)
|
||||
invalidChall, err = va.validateDvsni(ident, chall)
|
||||
took := time.Since(started)
|
||||
// Check that the HTTP connection times out after 5 seconds and doesn't block for 10 seconds
|
||||
test.Assert(t, (took > (time.Second * 5)), "HTTP timed out before 5 seconds")
|
||||
|
|
@ -511,7 +531,7 @@ func TestTLSError(t *testing.T) {
|
|||
defer func() { stopChan <- true }()
|
||||
<-waitChan
|
||||
|
||||
invalidChall, err := va.validateDvsni(ident, chall, AccountKey)
|
||||
invalidChall, err := va.validateDvsni(ident, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "What cert was used?")
|
||||
test.AssertEquals(t, invalidChall.Error.Type, core.TLSProblem)
|
||||
|
|
@ -527,6 +547,7 @@ func TestValidateHTTP(t *testing.T) {
|
|||
challHTTP := core.SimpleHTTPChallenge()
|
||||
challHTTP.TLS = &tls
|
||||
challHTTP.ValidationRecord = []core.ValidationRecord{}
|
||||
challHTTP.AccountKey = accountKey
|
||||
|
||||
stopChanHTTP := make(chan bool, 1)
|
||||
waitChanHTTP := make(chan bool, 1)
|
||||
|
|
@ -546,7 +567,7 @@ func TestValidateHTTP(t *testing.T) {
|
|||
Identifier: ident,
|
||||
Challenges: []core.Challenge{challHTTP},
|
||||
}
|
||||
va.validate(authz, 0, AccountKey)
|
||||
va.validate(authz, 0)
|
||||
|
||||
test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status)
|
||||
}
|
||||
|
|
@ -558,6 +579,7 @@ func createChallenge(challengeType string) core.Challenge {
|
|||
Status: core.StatusPending,
|
||||
Token: core.NewToken(),
|
||||
ValidationRecord: []core.ValidationRecord{},
|
||||
AccountKey: accountKey,
|
||||
}
|
||||
|
||||
validationPayload, _ := json.Marshal(map[string]interface{}{
|
||||
|
|
@ -595,7 +617,7 @@ func TestValidateDvsni(t *testing.T) {
|
|||
Identifier: ident,
|
||||
Challenges: []core.Challenge{chall},
|
||||
}
|
||||
va.validate(authz, 0, AccountKey)
|
||||
va.validate(authz, 0)
|
||||
|
||||
test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status)
|
||||
}
|
||||
|
|
@ -627,7 +649,7 @@ func TestValidateDvsniNotSane(t *testing.T) {
|
|||
Identifier: ident,
|
||||
Challenges: []core.Challenge{chall},
|
||||
}
|
||||
va.validate(authz, 0, AccountKey)
|
||||
va.validate(authz, 0)
|
||||
|
||||
test.AssertEquals(t, core.StatusInvalid, mockRA.lastAuthz.Challenges[0].Status)
|
||||
}
|
||||
|
|
@ -663,7 +685,7 @@ func TestUpdateValidations(t *testing.T) {
|
|||
}
|
||||
|
||||
started := time.Now()
|
||||
va.UpdateValidations(authz, 0, AccountKey)
|
||||
va.UpdateValidations(authz, 0)
|
||||
took := time.Since(started)
|
||||
|
||||
// Check that the call to va.UpdateValidations didn't block for 3 seconds
|
||||
|
|
@ -745,7 +767,7 @@ func TestDNSValidationFailure(t *testing.T) {
|
|||
Identifier: ident,
|
||||
Challenges: []core.Challenge{chalDNS},
|
||||
}
|
||||
va.validate(authz, 0, AccountKey)
|
||||
va.validate(authz, 0)
|
||||
|
||||
t.Logf("Resulting Authz: %+v", authz)
|
||||
test.AssertNotNil(t, mockRA.lastAuthz, "Should have gotten an authorization")
|
||||
|
|
@ -773,7 +795,7 @@ func TestDNSValidationInvalid(t *testing.T) {
|
|||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
va.validate(authz, 0, AccountKey)
|
||||
va.validate(authz, 0)
|
||||
|
||||
test.AssertNotNil(t, mockRA.lastAuthz, "Should have gotten an authorization")
|
||||
test.Assert(t, authz.Challenges[0].Status == core.StatusInvalid, "Should be invalid.")
|
||||
|
|
@ -804,7 +826,7 @@ func TestDNSValidationNotSane(t *testing.T) {
|
|||
}
|
||||
|
||||
for i := 0; i < len(authz.Challenges); i++ {
|
||||
va.validate(authz, i, AccountKey)
|
||||
va.validate(authz, i)
|
||||
test.AssertEquals(t, authz.Challenges[i].Status, core.StatusInvalid)
|
||||
test.AssertEquals(t, authz.Challenges[i].Error.Type, core.MalformedProblem)
|
||||
}
|
||||
|
|
@ -828,7 +850,7 @@ func TestDNSValidationServFail(t *testing.T) {
|
|||
Identifier: badIdent,
|
||||
Challenges: []core.Challenge{chalDNS},
|
||||
}
|
||||
va.validate(authz, 0, AccountKey)
|
||||
va.validate(authz, 0)
|
||||
|
||||
test.AssertNotNil(t, mockRA.lastAuthz, "Should have gotten an authorization")
|
||||
test.Assert(t, authz.Challenges[0].Status == core.StatusInvalid, "Should be invalid.")
|
||||
|
|
@ -849,7 +871,7 @@ func TestDNSValidationNoServer(t *testing.T) {
|
|||
Identifier: ident,
|
||||
Challenges: []core.Challenge{chalDNS},
|
||||
}
|
||||
va.validate(authz, 0, AccountKey)
|
||||
va.validate(authz, 0)
|
||||
|
||||
test.AssertNotNil(t, mockRA.lastAuthz, "Should have gotten an authorization")
|
||||
test.Assert(t, authz.Challenges[0].Status == core.StatusInvalid, "Should be invalid.")
|
||||
|
|
@ -886,7 +908,7 @@ func TestDNSValidationLive(t *testing.T) {
|
|||
Challenges: []core.Challenge{goodChalDNS},
|
||||
}
|
||||
|
||||
va.validate(authzGood, 0, AccountKey)
|
||||
va.validate(authzGood, 0)
|
||||
|
||||
if authzGood.Challenges[0].Status != core.StatusValid {
|
||||
t.Logf("TestDNSValidationLive on Good did not succeed.")
|
||||
|
|
@ -903,7 +925,7 @@ func TestDNSValidationLive(t *testing.T) {
|
|||
Challenges: []core.Challenge{badChalDNS},
|
||||
}
|
||||
|
||||
va.validate(authzBad, 0, AccountKey)
|
||||
va.validate(authzBad, 0)
|
||||
if authzBad.Challenges[0].Status != core.StatusInvalid {
|
||||
t.Logf("TestDNSValidationLive on Bad did succeed inappropriately.")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue