Merge pull request #421 from kuba/simplehttp-test-mode

Allow TLS simpleHttp in test mode.
2015-07-01 10:02:42 -07:00 · 2015-07-01 10:02:42 -07:00 · c41c0a6b41
parent 53e1722a63 c48f6dfecf
commit c41c0a6b41
2 changed files with 63 additions and 18 deletions
--- a/va/validation-authority.go
+++ b/va/validation-authority.go
@ -87,7 +87,6 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif
 	}
 	if va.TestMode {
 		hostName = "localhost:5001"
 		scheme = "http"
 	}
 	url := fmt.Sprintf("%s://%s/.well-known/acme-challenge/%s", scheme, hostName, challenge.Path)
--- a/va/validation-authority_test.go
+++ b/va/validation-authority_test.go
@ -54,7 +54,7 @@ const expectedToken = "THETOKEN"
 const pathWrongToken = "wrongtoken"
 const path404 = "404"
-func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
+func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool, enableTLS bool) {
 	// Reset any existing handlers
 	http.DefaultServeMux = http.NewServeMux()
@ -77,11 +77,11 @@ func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
 		}
 	})
-	httpsServer := &http.Server{Addr: "localhost:5001"}
+	server := &http.Server{Addr: "localhost:5001"}
-	conn, err := net.Listen("tcp", httpsServer.Addr)
+	conn, err := net.Listen("tcp", server.Addr)
 	if err != nil {
 		waitChan <- true
-		t.Fatalf("Couldn't listen on %s: %s", httpsServer.Addr, err)
+		t.Fatalf("Couldn't listen on %s: %s", server.Addr, err)
 	}
 	go func() {
@ -89,8 +89,40 @@ func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
 		conn.Close()
 	}()
 	var listener net.Listener
 	if !enableTLS {
 		listener = conn
 	} else {
 		template := &x509.Certificate{
 			SerialNumber: big.NewInt(1337),
 			Subject: pkix.Name{
 				Organization: []string{"tests"},
 			},
 			NotBefore: time.Now(),
 			NotAfter:  time.Now().AddDate(0, 0, 1),
 			KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
 			ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 			BasicConstraintsValid: true,
 			DNSNames: []string{"example.com"},
 		}
 		certBytes, _ := x509.CreateCertificate(rand.Reader, template, template, &TheKey.PublicKey, &TheKey)
 		cert := &tls.Certificate{
 			Certificate: [][]byte{certBytes},
 			PrivateKey:  &TheKey,
 		}
 		tlsConfig := &tls.Config{
 			Certificates: []tls.Certificate{*cert},
 		}
 		listener = tls.NewListener(conn, tlsConfig)
 	}
 	waitChan <- true
-	httpsServer.Serve(conn)
+	server.Serve(listener)
 }
 func dvsniSrv(t *testing.T, R, S []byte, stopChan, waitChan chan bool) {
@ -166,12 +198,30 @@ func brokenTLSSrv(t *testing.T, stopChan, waitChan chan bool) {
 	httpsServer.Serve(tlsListener)
 }
-func TestSimpleHttp(t *testing.T) {
+func TestSimpleHttpTLS(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = core.NewDNSResolver(time.Second*5, []string{"8.8.8.8:53"})
 	chall := core.Challenge{Path: "test", Token: expectedToken}
 	stopChan := make(chan bool, 1)
 	waitChan := make(chan bool, 1)
 	go simpleSrv(t, expectedToken, stopChan, waitChan, true)
 	defer func() { stopChan <- true }()
 	<-waitChan
 	finChall, err := va.validateSimpleHTTP(ident, chall)
 	test.AssertEquals(t, finChall.Status, core.StatusValid)
 	test.AssertNotError(t, err, chall.Path)
 }
 func TestSimpleHttp(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = core.NewDNSResolver(time.Second*5, []string{"8.8.8.8:53"})
 	tls := false
 	chall := core.Challenge{Path: "test", Token: expectedToken, TLS: &tls}
 	invalidChall, err := va.validateSimpleHTTP(ident, chall)
 	test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
 	test.AssertError(t, err, "Server's not up yet; expected refusal. Where did we connect?")
@ -179,7 +229,7 @@ func TestSimpleHttp(t *testing.T) {
 	stopChan := make(chan bool, 1)
 	waitChan := make(chan bool, 1)
-	go simpleSrv(t, expectedToken, stopChan, waitChan)
+	go simpleSrv(t, expectedToken, stopChan, waitChan, tls)
 	defer func() { stopChan <- true }()
 	<-waitChan
@ -187,14 +237,6 @@ func TestSimpleHttp(t *testing.T) {
 	test.AssertEquals(t, finChall.Status, core.StatusValid)
 	test.AssertNotError(t, err, chall.Path)
 	tls := false
 	chall.TLS = &tls
 	finChall, err = va.validateSimpleHTTP(ident, chall)
 	test.AssertEquals(t, finChall.Status, core.StatusValid)
 	test.AssertNotError(t, err, chall.Path)
 	tls = true
 	chall.TLS = &tls
 	chall.Path = path404
 	invalidChall, err = va.validateSimpleHTTP(ident, chall)
 	test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
@ -332,12 +374,14 @@ func TestValidateHTTP(t *testing.T) {
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 	tls := false
 	challHTTP := core.SimpleHTTPChallenge()
 	challHTTP.Path = "test"
 	challHTTP.TLS = &tls
 	stopChanHTTP := make(chan bool, 1)
 	waitChanHTTP := make(chan bool, 1)
-	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP)
+	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP, tls)
 	// Let them start
 	<-waitChanHTTP
@ -432,12 +476,14 @@ func TestUpdateValidations(t *testing.T) {
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 	tls := false
 	challHTTP := core.SimpleHTTPChallenge()
 	challHTTP.Path = "wait"
 	challHTTP.TLS = &tls
 	stopChanHTTP := make(chan bool, 1)
 	waitChanHTTP := make(chan bool, 1)
-	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP)
+	go simpleSrv(t, challHTTP.Token, stopChanHTTP, waitChanHTTP, tls)
 	// Let them start
 	<-waitChanHTTP