Merge pull request #421 from kuba/simplehttp-test-mode

Allow TLS simpleHttp in test mode.
2015-07-01 10:02:42 -07:00 · 2015-07-01 10:02:42 -07:00 · c41c0a6b41
parent 53e1722a63 c48f6dfecf
commit c41c0a6b41
2 changed files with 63 additions and 18 deletions
--- a/va/validation-authority.go
+++ b/va/validation-authority.go
@ -87,7 +87,6 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif
 	}
 	if va.TestMode {
 		hostName = "localhost:5001"
-		scheme = "http"
 	}

 	url := fmt.Sprintf("%s://%s/.well-known/acme-challenge/%s", scheme, hostName, challenge.Path)
--- a/va/validation-authority_test.go
+++ b/va/validation-authority_test.go
@ -54,7 +54,7 @@ const expectedToken = "THETOKEN"
 const pathWrongToken = "wrongtoken"
 const path404 = "404"

-func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
+func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool, enableTLS bool) {
 	// Reset any existing handlers
 	http.DefaultServeMux = http.NewServeMux()

@ -77,11 +77,11 @@ func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
 		}
 	})

-	httpsServer := &http.Server{Addr: "localhost:5001"}
-	conn, err := net.Listen("tcp", httpsServer.Addr)
+	server := &http.Server{Addr: "localhost:5001"}
+	conn, err := net.Listen("tcp", server.Addr)
 	if err != nil {
 		waitChan <- true
-		t.Fatalf("Couldn't listen on %s: %s", httpsServer.Addr, err)
+		t.Fatalf("Couldn't listen on %s: %s", server.Addr, err)
 	}

 	go func() {
@ -89,8 +89,40 @@ func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
 		conn.Close()
 	}()

+	var listener net.Listener
+	if !enableTLS {
+		listener = conn
+	} else {
+		template := &x509.Certificate{
+			SerialNumber: big.NewInt(1337),
+			Subject: pkix.Name{
+				Organization: []string{"tests"},
+			},
+			NotBefore: time.Now(),
+			NotAfter:  time.Now().AddDate(0, 0, 1),
+
+			KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+			ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+			BasicConstraintsValid: true,
+
+			DNSNames: []string{"example.com"},
+		}
+
+		certBytes, _ := x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
+		cert := &tls.Certificate{
+			Certificate: [][]byte{certBytes},
+			PrivateKey:  &TheKey,
+		}
+
+		tlsConfig := &tls.Config{
+			Certificates: []tls.Certificate{*cert},
+		}
+
+		listener = tls.NewListener(conn, tlsConfig)
+	}
+
 	waitChan <- true
-	httpsServer.Serve(conn)
+	server.Serve(listener)
 }

 func dvsniSrv(t *testing.T, R, S []byte, stopChan, waitChan chan bool) {
@ -166,12 +198,30 @@ func brokenTLSSrv(t *testing.T, stopChan, waitChan chan bool) {
 	httpsServer.Serve(tlsListener)
 }

-func TestSimpleHttp(t *testing.T) {
+func TestSimpleHttpTLS(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = core.NewDNSResolver(time.Second*5, []string{"8.8.8.8:53"})

 	chall := core.Challenge{Path: "test", Token: expectedToken}

+	stopChan := make(chan bool, 1)
+	waitChan := make(chan bool, 1)
+	go simpleSrv(t, expectedToken, stopChan, waitChan, true)
+	defer func() { stopChan <- true }()
+	<-waitChan
+
+	finChall, err := va.validateSimpleHTTP(ident, chall)
+	test.AssertEquals(t, finChall.Status, core.StatusValid)
+	test.AssertNotError(t, err, chall.Path)
+}
+
+func TestSimpleHttp(t *testing.T) {
+	va := NewValidationAuthorityImpl(true)
+	va.DNSResolver = core.NewDNSResolver(time.Second*5, []string{"8.8.8.8:53"})
+
+	tls := false
+	chall := core.Challenge{Path: "test", Token: expectedToken, TLS: &tls}
+
 	invalidChall, err := va.validateSimpleHTTP(ident, chall)
 	test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
 	test.AssertError(t, err, "Server's not up yet; expected refusal. Where did we connect?")
@ -179,7 +229,7 @@ func TestSimpleHttp(t *testing.T) {

 	stopChan := make(chan bool, 1)
 	waitChan := make(chan bool, 1)
-	go simpleSrv(t, expectedToken, stopChan, waitChan)
+	go simpleSrv(t, expectedToken, stopChan, waitChan, tls)
 	defer func() { stopChan <- true }()
 	<-waitChan

@ -187,14 +237,6 @@ func TestSimpleHttp(t *testing.T) {
 	test.AssertEquals(t, finChall.Status, core.StatusValid)
 	test.AssertNotError(t, err, chall.Path)

-	tls := false
-	chall.TLS = &tls
-	finChall, err = va.validateSimpleHTTP(ident, chall)
-	test.AssertEquals(t, finChall.Status, core.StatusValid)
-	test.AssertNotError(t, err, chall.Path)
-
-	tls = true
-	chall.TLS = &tls
 	chall.Path = path404
 	invalidChall, err = va.validateSimpleHTTP(ident, chall)
 	test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
@ -332,12 +374,14 @@ func TestValidateHTTP(t *testing.T) {
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA

+	tls := false
 	challHTTP := core.SimpleHTTPChallenge()
 	challHTTP.Path = "test"
+	challHTTP.TLS = &tls

 	stopChanHTTP := make(chan bool, 1)
 	waitChanHTTP := make(chan bool, 1)
-	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP)
+	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP, tls)

 	// Let them start
 	<-waitChanHTTP
@ -432,12 +476,14 @@ func TestUpdateValidations(t *testing.T) {
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA

+	tls := false
 	challHTTP := core.SimpleHTTPChallenge()
 	challHTTP.Path = "wait"
+	challHTTP.TLS = &tls

 	stopChanHTTP := make(chan bool, 1)
 	waitChanHTTP := make(chan bool, 1)
-	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP)
+	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP, tls)

 	// Let them start
 	<-waitChanHTTP