diff --git a/va/validation-authority.go b/va/validation-authority.go index 38acf1f89..340bff2e4 100644 --- a/va/validation-authority.go +++ b/va/validation-authority.go @@ -196,7 +196,7 @@ func (va ValidationAuthorityImpl) validate(authz core.Authorization) { } if !challenge.IsSane(true) { - challenge.Status = core.StatusInvalid + authz.Challenges[i].Status = core.StatusInvalid logEvent.Error = fmt.Sprintf("Challenge failed sanity check.") logEvent.Challenge = challenge } else { diff --git a/va/validation-authority_test.go b/va/validation-authority_test.go index b980c49dc..209e07438 100644 --- a/va/validation-authority_test.go +++ b/va/validation-authority_test.go @@ -56,6 +56,9 @@ const pathWrongToken = "wrongtoken" const path404 = "404" func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) { + // Reset any existing handlers + http.DefaultServeMux = http.NewServeMux() + http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { if strings.HasSuffix(r.URL.Path, path404) { t.Logf("SIMPLESRV: Got a 404 req\n") @@ -85,7 +88,7 @@ func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool) { t.Fatalf("%s", httpsServer.Serve(conn)) } -func dvsniSrv(t *testing.T, R, S []byte, waitChan chan bool) { +func dvsniSrv(t *testing.T, R, S []byte, stopChan, waitChan chan bool) { RS := append(R, S...) z := sha256.Sum256(RS) zName := fmt.Sprintf("%064x.acme.invalid", z) @@ -127,6 +130,12 @@ func dvsniSrv(t *testing.T, R, S []byte, waitChan chan bool) { t.Fatalf("Couldn't listen on %s: %s", httpsServer.Addr, err) } tlsListener := tls.NewListener(conn, tlsConfig) + + go func() { + <-stopChan + conn.Close() + }() + waitChan <- true t.Fatalf("%s", httpsServer.Serve(tlsListener)) } @@ -143,6 +152,8 @@ func TestSimpleHttps(t *testing.T) { stopChan := make(chan bool, 1) waitChan := make(chan bool, 1) go simpleSrv(t, expectedToken, stopChan, waitChan) + defer func() { stopChan <- true }() + <-waitChan finChall, err := va.validateSimpleHTTPS(ident, chall) test.AssertEquals(t, finChall.Status, core.StatusValid) @@ -167,8 +178,6 @@ func TestSimpleHttps(t *testing.T) { invalidChall, err = va.validateSimpleHTTPS(core.AcmeIdentifier{Type: core.IdentifierType("ip"), Value: "127.0.0.1"}, chall) test.AssertEquals(t, invalidChall.Status, core.StatusInvalid) test.AssertError(t, err, "IdentifierType IP shouldn't have worked.") - - stopChan <- true } func TestDvsni(t *testing.T) { @@ -183,7 +192,9 @@ func TestDvsni(t *testing.T) { test.AssertError(t, err, "Server's not up yet; expected refusal. Where did we connect?") waitChan := make(chan bool, 1) - go dvsniSrv(t, a, a, waitChan) + stopChan := make(chan bool, 1) + go dvsniSrv(t, a, a, stopChan, waitChan) + defer func() { stopChan <- true }() <-waitChan finChall, err := va.validateDvsni(ident, chall) @@ -206,30 +217,123 @@ func TestDvsni(t *testing.T) { test.AssertError(t, err, "S Should be illegal Base64") } -func TestValidate(t *testing.T) { +func TestValidateHTTPS(t *testing.T) { va := NewValidationAuthorityImpl(true) - va.RA = &MockRegistrationAuthority{} + mockRA := &MockRegistrationAuthority{} + va.RA = mockRA challHTTPS := core.SimpleHTTPSChallenge() challHTTPS.Path = "test" - challDvsni := core.DvsniChallenge() - challDvsni.S = challDvsni.R + + stopChanHTTPS := make(chan bool, 1) + waitChanHTTPS := make(chan bool, 1) + go simpleSrv(t, challHTTPS.Token, stopChanHTTPS, waitChanHTTPS) + + // Let them start + <-waitChanHTTPS + + // shutdown cleanly + defer func() { + stopChanHTTPS <- true + }() var authz = core.Authorization{ ID: core.NewToken(), RegistrationID: 1, Identifier: ident, - Challenges: []core.Challenge{challHTTPS, challDvsni}, + Challenges: []core.Challenge{challHTTPS}, } va.validate(authz) - // Disabled per Issue #217. - // for _, c := range(authz.Challenges) { - // test.AssertNotEquals(t, core.StatusInvalid, c.Status) - // } + test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status) } -type MockRegistrationAuthority struct{} +func TestValidateDvsni(t *testing.T) { + va := NewValidationAuthorityImpl(true) + mockRA := &MockRegistrationAuthority{} + va.RA = mockRA + + challDvsni := core.DvsniChallenge() + challDvsni.S = challDvsni.R + + waitChanDvsni := make(chan bool, 1) + stopChanDvsni := make(chan bool, 1) + ar, _ := core.B64dec(challDvsni.R) + as, _ := core.B64dec(challDvsni.S) + go dvsniSrv(t, ar, as, stopChanDvsni, waitChanDvsni) + + // Let them start + <-waitChanDvsni + + // shutdown cleanly + defer func() { + stopChanDvsni <- true + }() + + var authz = core.Authorization{ + ID: core.NewToken(), + RegistrationID: 1, + Identifier: ident, + Challenges: []core.Challenge{challDvsni}, + } + va.validate(authz) + + test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status) +} + +func TestValidateDvsniNotSane(t *testing.T) { + va := NewValidationAuthorityImpl(true) + mockRA := &MockRegistrationAuthority{} + va.RA = mockRA + + challDvsni := core.DvsniChallenge() + challDvsni.R = "boulder" // Not a sane thing to do. + + waitChanDvsni := make(chan bool, 1) + stopChanDvsni := make(chan bool, 1) + ar, _ := core.B64dec(challDvsni.R) + as, _ := core.B64dec(challDvsni.S) + go dvsniSrv(t, ar, as, stopChanDvsni, waitChanDvsni) + + // Let them start + <-waitChanDvsni + + // shutdown cleanly + defer func() { + stopChanDvsni <- true + }() + + var authz = core.Authorization{ + ID: core.NewToken(), + RegistrationID: 1, + Identifier: ident, + Challenges: []core.Challenge{challDvsni}, + } + va.validate(authz) + + test.AssertEquals(t, core.StatusInvalid, mockRA.lastAuthz.Challenges[0].Status) +} + +func TestUpdateValidations(t *testing.T) { + va := NewValidationAuthorityImpl(true) + mockRA := &MockRegistrationAuthority{} + va.RA = mockRA + + var authz = core.Authorization{ + ID: core.NewToken(), + RegistrationID: 1, + Identifier: ident, + Challenges: []core.Challenge{}, + } + + va.UpdateValidations(authz) + + // Nothing to assert. +} + +type MockRegistrationAuthority struct { + lastAuthz *core.Authorization +} func (ra *MockRegistrationAuthority) NewRegistration(reg core.Registration, jwk jose.JsonWebKey) (core.Registration, error) { return reg, nil @@ -256,5 +360,6 @@ func (ra *MockRegistrationAuthority) RevokeCertificate(cert x509.Certificate) er } func (ra *MockRegistrationAuthority) OnValidationUpdate(authz core.Authorization) error { + ra.lastAuthz = &authz return nil }