letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleans up duplicated port management code.

This commit is contained in:
Daniel 2017-05-10 10:50:02 -04:00
parent bd045b9325
commit d0029fcc41
No known key found for this signature in database
GPG Key ID: 08FB2BFC470E75B4
1 changed files with 55 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
va/va_test.go
View File

@ -235,8 +235,7 @@ func TestHTTP(t *testing.T) {
// TODO(#1989): close hs
hs := httpSrv(t, chall.Token)
goodPort, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, goodPort, _, log := setup(t, hs)
// Attempt to fail a challenge by telling the VA to connect to a port we are
// not listening on.
@ -244,7 +243,6 @@ func TestHTTP(t *testing.T) {
if badPort == 65536 {
badPort = goodPort - 1
}
va, _, log := setup()
va.httpPort = badPort
_, prob := va.validateHTTP01(ctx, ident, chall)
@ -331,10 +329,7 @@ func TestHTTPRedirectLookup(t *testing.T) {
hs := httpSrv(t, expectedToken)
defer hs.Close()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, log := setup()
va.httpPort = port
va, _, _, log := setup(t, hs)
setChallengeToken(&chall, pathMoved)
_, prob := va.validateHTTP01(ctx, ident, chall)
@ -356,7 +351,7 @@ func TestHTTPRedirectLookup(t *testing.T) {
log.Clear()
setChallengeToken(&chall, pathReLookupInvalid)
_, err = va.validateHTTP01(ctx, ident, chall)
_, err := va.validateHTTP01(ctx, ident, chall)
test.AssertError(t, err, chall.Token)
test.AssertEquals(t, len(log.GetAllMatching(`Resolved addresses for localhost \[using 127.0.0.1\]: \[127.0.0.1\]`)), 1)
test.AssertEquals(t, len(log.GetAllMatching(`No valid IP addresses found for invalid.invalid`)), 1)
@ -395,10 +390,7 @@ func TestHTTPRedirectLoop(t *testing.T) {
hs := httpSrv(t, expectedToken)
defer hs.Close()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va.httpPort = port
va, _, _, _ := setup(t, hs)
_, prob := va.validateHTTP01(ctx, ident, chall)
if prob == nil {
@ -412,11 +404,8 @@ func TestHTTPRedirectUserAgent(t *testing.T) {
hs := httpSrv(t, expectedToken)
defer hs.Close()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va, _, _, _ := setup(t, hs)
va.userAgent = rejectUserAgent
va.httpPort = port
setChallengeToken(&chall, pathMoved)
_, prob := va.validateHTTP01(ctx, ident, chall)
@ -451,11 +440,8 @@ func TestTLSSNI01(t *testing.T) {
chall := createChallenge(core.ChallengeTypeTLSSNI01)
hs := tlssni01Srv(t, chall)
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, log := setup()
va.tlsPort = port
va, port, _, log := setup(t, hs)
_, prob := va.validateTLSSNI01(ctx, ident, chall)
if prob != nil {
@ -503,16 +489,15 @@ func TestTLSSNI01(t *testing.T) {
// Take down validation server and check that validation fails.
hs.Close()
_, err = va.validateTLSSNI01(ctx, ident, chall)
_, err := va.validateTLSSNI01(ctx, ident, chall)
if err == nil {
t.Fatalf("Server's down; expected refusal. Where did we connect?")
}
test.AssertEquals(t, prob.Type, probs.ConnectionProblem)
httpOnly := httpSrv(t, "")
defer httpOnly.Close()
port, err = getPort(httpOnly)
test.AssertNotError(t, err, "failed to get test server port")
port, portErr := getPort(httpOnly)
test.AssertNotError(t, portErr, "failed to get test server port")
va.tlsPort = port
log.Clear()
@ -528,11 +513,8 @@ func TestTLSSNI02(t *testing.T) {
chall := createChallenge(core.ChallengeTypeTLSSNI02)
hs := tlssni02Srv(t, chall)
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, log := setup()
va.tlsPort = port
va, port, _, log := setup(t, hs)
_, prob := va.validateTLSSNI02(ctx, ident, chall)
if prob != nil {
@ -580,7 +562,7 @@ func TestTLSSNI02(t *testing.T) {
// Take down validation server and check that validation fails.
hs.Close()
_, err = va.validateTLSSNI02(ctx, ident, chall)
_, err := va.validateTLSSNI02(ctx, ident, chall)
if err == nil {
t.Fatalf("Server's down; expected refusal. Where did we connect?")
}
@ -588,8 +570,8 @@ func TestTLSSNI02(t *testing.T) {
httpOnly := httpSrv(t, "")
defer httpOnly.Close()
port, err = getPort(httpOnly)
test.AssertNotError(t, err, "failed to get test server port")
port, portErr := getPort(httpOnly)
test.AssertNotError(t, portErr, "failed to get test server port")
va.tlsPort = port
log.Clear()
@ -616,10 +598,7 @@ func TestTLSError(t *testing.T) {
chall := createChallenge(core.ChallengeTypeTLSSNI01)
hs := brokenTLSSrv()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va.tlsPort = port
va, _, _, _ := setup(t, hs)
_, prob := va.validateTLSSNI01(ctx, ident, chall)
if prob == nil {
@ -700,10 +679,7 @@ func TestSNIErrInvalidChain(t *testing.T) {
chall := createChallenge(core.ChallengeTypeTLSSNI01)
hs := misconfiguredTLSSrv()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va.tlsPort = port
va, _, _, _ := setup(t, hs)
// Validate the SNI challenge with the test server, expecting it to fail
_, prob := va.validateTLSSNI01(ctx, ident, chall)
@ -724,13 +700,10 @@ func TestValidateHTTP(t *testing.T) {
setChallengeToken(&chall, core.NewToken())
hs := httpSrv(t, chall.Token)
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va.httpPort = port
defer hs.Close()
va, _, _, _ := setup(t, hs)
_, prob := va.validateChallenge(ctx, ident, chall)
test.Assert(t, prob == nil, "validation failed")
}
@ -760,11 +733,7 @@ func TestValidateTLSSNI01(t *testing.T) {
hs := tlssni01Srv(t, chall)
defer hs.Close()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va.tlsPort = port
va, _, _, _ := setup(t, hs)
_, prob := va.validateChallenge(ctx, ident, chall)
@ -772,7 +741,7 @@ func TestValidateTLSSNI01(t *testing.T) {
}
func TestValidateTLSSNI01NotSane(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
chall := createChallenge(core.ChallengeTypeTLSSNI01)
@ -784,7 +753,7 @@ func TestValidateTLSSNI01NotSane(t *testing.T) {
}
func TestCAATimeout(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
err := va.checkCAA(ctx, core.AcmeIdentifier{Type: core.IdentifierDNS, Value: "caa-timeout.com"})
if err.Type != probs.ConnectionProblem {
t.Errorf("Expected timeout error type %s, got %s", probs.ConnectionProblem, err.Type)
@ -826,7 +795,7 @@ func TestCAAChecking(t *testing.T) {
{"unsatisfiable.com", true, false},
}
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
for _, caaTest := range tests {
present, valid, err := va.checkCAARecords(ctx, core.AcmeIdentifier{Type: "dns", Value: caaTest.Domain})
if err != nil {
@ -862,7 +831,7 @@ func TestCAAChecking(t *testing.T) {
}
func TestPerformValidationInvalid(t *testing.T) {
va, stats, _ := setup()
va, _, stats, _ := setup(t, nil)
chalDNS := createChallenge(core.ChallengeTypeDNS01)
_, prob := va.PerformValidation(context.Background(), "foo.com", chalDNS, core.Authorization{})
test.Assert(t, prob != nil, "validation succeeded")
@ -870,7 +839,7 @@ func TestPerformValidationInvalid(t *testing.T) {
}
func TestDNSValidationEmpty(t *testing.T) {
va, stats, _ := setup()
va, _, stats, _ := setup(t, nil)
chalDNS := createChallenge(core.ChallengeTypeDNS01)
_, prob := va.PerformValidation(
context.Background(),
@ -882,7 +851,7 @@ func TestDNSValidationEmpty(t *testing.T) {
}
func TestPerformValidationValid(t *testing.T) {
va, stats, _ := setup()
va, _, stats, _ := setup(t, nil)
// create a challenge with well known token
chalDNS := core.DNSChallenge01()
chalDNS.Token = expectedToken
@ -893,7 +862,7 @@ func TestPerformValidationValid(t *testing.T) {
}
func TestDNSValidationFailure(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
chalDNS := createChallenge(core.ChallengeTypeDNS01)
@ -911,7 +880,7 @@ func TestDNSValidationInvalid(t *testing.T) {
chalDNS := core.DNSChallenge01()
chalDNS.ProvidedKeyAuthorization = expectedKeyAuthorization
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
_, prob := va.validateChallenge(ctx, notDNS, chalDNS)
@ -919,7 +888,7 @@ func TestDNSValidationInvalid(t *testing.T) {
}
func TestDNSValidationNotSane(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
chal0 := core.DNSChallenge01()
chal0.Token = ""
@ -950,7 +919,7 @@ func TestDNSValidationNotSane(t *testing.T) {
}
func TestDNSValidationServFail(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
chalDNS := createChallenge(core.ChallengeTypeDNS01)
@ -964,7 +933,7 @@ func TestDNSValidationServFail(t *testing.T) {
}
func TestDNSValidationNoServer(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
va.dnsResolver = bdns.NewTestDNSResolverImpl(
time.Second*5,
nil,
@ -980,7 +949,7 @@ func TestDNSValidationNoServer(t *testing.T) {
}
func TestDNSValidationOK(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
// create a challenge with well known token
chalDNS := core.DNSChallenge01()
@ -998,7 +967,7 @@ func TestDNSValidationOK(t *testing.T) {
}
func TestDNSValidationNoAuthorityOK(t *testing.T) {
va, _, _ := setup()
va, _, _, _ := setup(t, nil)
// create a challenge with well known token
chalDNS := core.DNSChallenge01()
@ -1021,11 +990,7 @@ func TestCAAFailure(t *testing.T) {
hs := tlssni01Srv(t, chall)
defer hs.Close()
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va.tlsPort = port
va, _, _, _ := setup(t, hs)
ident.Value = "reserved.com"
_, prob := va.validateChallengeAndCAA(ctx, ident, chall)
@ -1038,10 +1003,7 @@ func TestLimitedReader(t *testing.T) {
ident.Value = "localhost"
hs := httpSrv(t, "01234567890123456789012345678901234567890123456789012345678901234567890123456789")
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va, _, _ := setup()
va.httpPort = port
va, _, _, _ := setup(t, hs)
defer hs.Close()
@ -1052,12 +1014,27 @@ func TestLimitedReader(t *testing.T) {
"Expected failure due to truncation")
}
func setup() (*ValidationAuthorityImpl, *mocks.Statter, *blog.Mock) {
func setup(t *testing.T, srv *httptest.Server) (*ValidationAuthorityImpl, int, *mocks.Statter, *blog.Mock) {
stats := mocks.NewStatter()
scope := metrics.NewStatsdScope(stats, "VA")
logger := blog.NewMock()
var portConfig cmd.PortConfig
if srv != nil {
port, err := getPort(srv)
if err != nil {
// We never expect to fail to get the port for an http server, so treat it
// as a fatal test failure and halt immediately
t.Fatalf("Unable to get port for test server: %s\n", err.Error())
}
portConfig = cmd.PortConfig{
HTTPPort: port,
TLSPort: port,
}
}
va := NewValidationAuthorityImpl(
&cmd.PortConfig{},
// Use the test server's port as both the HTTPPort and the TLSPort for the VA
&portConfig,
nil,
nil,
&bdns.MockDNSResolver{},
@ -1066,7 +1043,7 @@ func setup() (*ValidationAuthorityImpl, *mocks.Statter, *blog.Mock) {
scope,
clock.Default(),
logger)
return va, stats, logger
return va, portConfig.HTTPPort, stats, logger
}
func TestCheckCAAFallback(t *testing.T) {
@ -1205,9 +1182,6 @@ func TestAvailableAddresses(t *testing.T) {
}
func TestFallbackDialer(t *testing.T) {
// Create a test VA
va, _, _ := setup()
// Create a new challenge to use for the httpSrv
chall := core.HTTPChallenge01()
setChallengeToken(&chall, core.NewToken())
@ -1216,11 +1190,8 @@ func TestFallbackDialer(t *testing.T) {
hs := httpSrv(t, chall.Token)
defer hs.Close()
// Figure out what port the test server is on, and configure the VA to use
// that for HTTP challenges
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va.httpPort = port
// Create a test VA
va, _, _, _ := setup(t, hs)
// Create an identifier for a host that has an IPv6 and an IPv4 address.
// Since the IPv6First feature flag is not enabled we expect that the IPv4
@ -1264,9 +1235,6 @@ func TestFallbackDialer(t *testing.T) {
}
func TestFallbackTLS(t *testing.T) {
// Create a test VA
va, _, _ := setup()
// Create a new challenge to use for the httpSrv
chall := createChallenge(core.ChallengeTypeTLSSNI01)
@ -1275,11 +1243,8 @@ func TestFallbackTLS(t *testing.T) {
hs := tlssni01Srv(t, chall)
defer hs.Close()
// Figure out what port the test server is on, and configure the VA to use
// that for TLS challenges
port, err := getPort(hs)
test.AssertNotError(t, err, "failed to get test server port")
va.tlsPort = port
// Create a test VA
va, _, _, _ := setup(t, hs)
// Create an identifier for a host that has an IPv6 and an IPv4 address.
// Since the IPv6First feature flag is not enabled we expect that the IPv4