Improve unit testing to resolve Issue #217
- Support multiple HTTPserver instances in `validation-authority_test.go` - Improve coverage of ValidateDvsni and ValidateHttps - Cover UpdateValidations
This commit is contained in:
J.C. Jones
parent
1c9837ddf8
commit
cecd097f68
|
|
@ -196,7 +196,7 @@ func (va ValidationAuthorityImpl) validate(authz core.Authorization) {
|
|||
}
|
||||
|
||||
if !challenge.IsSane(true) {
|
||||
challenge.Status = core.StatusInvalid
|
||||
authz.Challenges[i].Status = core.StatusInvalid
|
||||
logEvent.Error = fmt.Sprintf("Challenge failed sanity check.")
|
||||
logEvent.Challenge = challenge
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -56,6 +56,9 @@ const pathWrongToken = "wrongtoken"
|
|||
const path404 = "404"
|
||||
|
||||
func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
|
||||
// Reset any existing handlers
|
||||
http.DefaultServeMux = http.NewServeMux()
|
||||
|
||||
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
if strings.HasSuffix(r.URL.Path, path404) {
|
||||
t.Logf("SIMPLESRV: Got a 404 req\n")
|
||||
|
|
@ -85,7 +88,7 @@ func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) {
|
|||
t.Fatalf("%s", httpsServer.Serve(conn))
|
||||
}
|
||||
|
||||
func dvsniSrv(t *testing.T, R, S []byte, waitChan chan bool) {
|
||||
func dvsniSrv(t *testing.T, R, S []byte, stopChan, waitChan chan bool) {
|
||||
RS := append(R, S...)
|
||||
z := sha256.Sum256(RS)
|
||||
zName := fmt.Sprintf("%064x.acme.invalid", z)
|
||||
|
|
@ -127,6 +130,12 @@ func dvsniSrv(t *testing.T, R, S []byte, waitChan chan bool) {
|
|||
t.Fatalf("Couldn't listen on %s: %s", httpsServer.Addr, err)
|
||||
}
|
||||
tlsListener := tls.NewListener(conn, tlsConfig)
|
||||
|
||||
go func() {
|
||||
<-stopChan
|
||||
conn.Close()
|
||||
}()
|
||||
|
||||
waitChan <- true
|
||||
t.Fatalf("%s", httpsServer.Serve(tlsListener))
|
||||
}
|
||||
|
|
@ -143,6 +152,8 @@ func TestSimpleHttps(t *testing.T) {
|
|||
stopChan := make(chan bool, 1)
|
||||
waitChan := make(chan bool, 1)
|
||||
go simpleSrv(t, expectedToken, stopChan, waitChan)
|
||||
defer func() { stopChan <- true }()
|
||||
<-waitChan
|
||||
|
||||
finChall, err := va.validateSimpleHTTPS(ident, chall)
|
||||
test.AssertEquals(t, finChall.Status, core.StatusValid)
|
||||
|
|
@ -167,8 +178,6 @@ func TestSimpleHttps(t *testing.T) {
|
|||
invalidChall, err = va.validateSimpleHTTPS(core.AcmeIdentifier{Type: core.IdentifierType("ip"), Value: "127.0.0.1"}, chall)
|
||||
test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
|
||||
test.AssertError(t, err, "IdentifierType IP shouldn't have worked.")
|
||||
|
||||
stopChan <- true
|
||||
}
|
||||
|
||||
func TestDvsni(t *testing.T) {
|
||||
|
|
@ -183,7 +192,9 @@ func TestDvsni(t *testing.T) {
|
|||
test.AssertError(t, err, "Server's not up yet; expected refusal. Where did we connect?")
|
||||
|
||||
waitChan := make(chan bool, 1)
|
||||
go dvsniSrv(t, a, a, waitChan)
|
||||
stopChan := make(chan bool, 1)
|
||||
go dvsniSrv(t, a, a, stopChan, waitChan)
|
||||
defer func() { stopChan <- true }()
|
||||
<-waitChan
|
||||
|
||||
finChall, err := va.validateDvsni(ident, chall)
|
||||
|
|
@ -206,30 +217,123 @@ func TestDvsni(t *testing.T) {
|
|||
test.AssertError(t, err, "S Should be illegal Base64")
|
||||
}
|
||||
|
||||
func TestValidate(t *testing.T) {
|
||||
func TestValidateHTTPS(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
va.RA = &MockRegistrationAuthority{}
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
challHTTPS := core.SimpleHTTPSChallenge()
|
||||
challHTTPS.Path = "test"
|
||||
challDvsni := core.DvsniChallenge()
|
||||
challDvsni.S = challDvsni.R
|
||||
|
||||
stopChanHTTPS := make(chan bool, 1)
|
||||
waitChanHTTPS := make(chan bool, 1)
|
||||
go simpleSrv(t, challHTTPS.Token, stopChanHTTPS, waitChanHTTPS)
|
||||
|
||||
// Let them start
|
||||
<-waitChanHTTPS
|
||||
|
||||
// shutdown cleanly
|
||||
defer func() {
|
||||
stopChanHTTPS <- true
|
||||
}()
|
||||
|
||||
var authz = core.Authorization{
|
||||
ID: core.NewToken(),
|
||||
RegistrationID: 1,
|
||||
Identifier: ident,
|
||||
Challenges: []core.Challenge{challHTTPS, challDvsni},
|
||||
Challenges: []core.Challenge{challHTTPS},
|
||||
}
|
||||
va.validate(authz)
|
||||
|
||||
// Disabled per Issue #217.
|
||||
// for _, c := range(authz.Challenges) {
|
||||
// test.AssertNotEquals(t, core.StatusInvalid, c.Status)
|
||||
// }
|
||||
test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status)
|
||||
}
|
||||
|
||||
type MockRegistrationAuthority struct{}
|
||||
func TestValidateDvsni(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
challDvsni := core.DvsniChallenge()
|
||||
challDvsni.S = challDvsni.R
|
||||
|
||||
waitChanDvsni := make(chan bool, 1)
|
||||
stopChanDvsni := make(chan bool, 1)
|
||||
ar, _ := core.B64dec(challDvsni.R)
|
||||
as, _ := core.B64dec(challDvsni.S)
|
||||
go dvsniSrv(t, ar, as, stopChanDvsni, waitChanDvsni)
|
||||
|
||||
// Let them start
|
||||
<-waitChanDvsni
|
||||
|
||||
// shutdown cleanly
|
||||
defer func() {
|
||||
stopChanDvsni <- true
|
||||
}()
|
||||
|
||||
var authz = core.Authorization{
|
||||
ID: core.NewToken(),
|
||||
RegistrationID: 1,
|
||||
Identifier: ident,
|
||||
Challenges: []core.Challenge{challDvsni},
|
||||
}
|
||||
va.validate(authz)
|
||||
|
||||
test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status)
|
||||
}
|
||||
|
||||
func TestValidateDvsniNotSane(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
challDvsni := core.DvsniChallenge()
|
||||
challDvsni.R = "boulder" // Not a sane thing to do.
|
||||
|
||||
waitChanDvsni := make(chan bool, 1)
|
||||
stopChanDvsni := make(chan bool, 1)
|
||||
ar, _ := core.B64dec(challDvsni.R)
|
||||
as, _ := core.B64dec(challDvsni.S)
|
||||
go dvsniSrv(t, ar, as, stopChanDvsni, waitChanDvsni)
|
||||
|
||||
// Let them start
|
||||
<-waitChanDvsni
|
||||
|
||||
// shutdown cleanly
|
||||
defer func() {
|
||||
stopChanDvsni <- true
|
||||
}()
|
||||
|
||||
var authz = core.Authorization{
|
||||
ID: core.NewToken(),
|
||||
RegistrationID: 1,
|
||||
Identifier: ident,
|
||||
Challenges: []core.Challenge{challDvsni},
|
||||
}
|
||||
va.validate(authz)
|
||||
|
||||
test.AssertEquals(t, core.StatusInvalid, mockRA.lastAuthz.Challenges[0].Status)
|
||||
}
|
||||
|
||||
func TestUpdateValidations(t *testing.T) {
|
||||
va := NewValidationAuthorityImpl(true)
|
||||
mockRA := &MockRegistrationAuthority{}
|
||||
va.RA = mockRA
|
||||
|
||||
var authz = core.Authorization{
|
||||
ID: core.NewToken(),
|
||||
RegistrationID: 1,
|
||||
Identifier: ident,
|
||||
Challenges: []core.Challenge{},
|
||||
}
|
||||
|
||||
va.UpdateValidations(authz)
|
||||
|
||||
// Nothing to assert.
|
||||
}
|
||||
|
||||
type MockRegistrationAuthority struct {
|
||||
lastAuthz *core.Authorization
|
||||
}
|
||||
|
||||
func (ra *MockRegistrationAuthority) NewRegistration(reg core.Registration, jwk jose.JsonWebKey) (core.Registration, error) {
|
||||
return reg, nil
|
||||
|
|
@ -256,5 +360,6 @@ func (ra *MockRegistrationAuthority) RevokeCertificate(cert x509.Certificate) er
|
|||
}
|
||||
|
||||
func (ra *MockRegistrationAuthority) OnValidationUpdate(authz core.Authorization) error {
|
||||
ra.lastAuthz = &authz
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue