From de5c50739a986a40263db3f0e06b4bfb733202bb Mon Sep 17 00:00:00 2001 From: Richard Barnes Date: Sat, 18 Jul 2015 19:58:08 +0200 Subject: [PATCH] Mostly fixed tests --- core/objects.go | 23 +++++++---------------- va/validation-authority.go | 9 +++++---- va/validation-authority_test.go | 24 ++++++++++++++---------- 3 files changed, 26 insertions(+), 30 deletions(-) diff --git a/core/objects.go b/core/objects.go index 54a005bd1..8e108d27f 100644 --- a/core/objects.go +++ b/core/objects.go @@ -269,22 +269,8 @@ func (ch Challenge) IsSane(completed bool) bool { return false } case ChallengeTypeDVSNI: - // check extra fields aren't used - if ch.TLS != nil { - return false - } - - // check token is present, corrent length, and contains b64 encoded string - if ch.Token == "" || len(ch.Token) != 43 { - return false - } - if _, err := B64dec(ch.Token); err != nil { - return false - } - - if completed && ch.Validation == nil { - return false - } + // Same as DNS + fallthrough case ChallengeTypeDNS: // check extra fields aren't used if ch.TLS != nil { @@ -299,6 +285,11 @@ func (ch Challenge) IsSane(completed bool) bool { return false } + // If completed, check that there's a validation object + if completed && ch.Validation == nil { + return false + } + default: return false } diff --git a/va/validation-authority.go b/va/validation-authority.go index 53aa57fdf..73343a75a 100644 --- a/va/validation-authority.go +++ b/va/validation-authority.go @@ -62,7 +62,8 @@ type verificationRequestEvent struct { Error string `json:",omitempty"` } -func verifyValidationJWS(validation *jose.JsonWebSignature, accountKey jose.JsonWebKey, target map[string]interface{}) error { +// TODO Update jws.go to accept jose.JsonWebKey in newVerifier +func verifyValidationJWS(validation *jose.JsonWebSignature, accountKey *jose.JsonWebKey, target map[string]interface{}) error { if len(validation.Signatures) > 1 { return fmt.Errorf("Too many signatures on validation JWS") @@ -235,7 +236,7 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif "token": challenge.Token, "tls": (challenge.TLS == nil) || *challenge.TLS, } - err = verifyValidationJWS(parsedJws, accountKey, target) + err = verifyValidationJWS(parsedJws, &accountKey, target) if err != nil { va.log.Debug(err.Error()) challenge.Status = core.StatusInvalid @@ -270,7 +271,7 @@ func (va ValidationAuthorityImpl) validateDvsni(identifier core.AcmeIdentifier, "type": core.ChallengeTypeDVSNI, "token": challenge.Token, } - err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), accountKey, target) + err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), &accountKey, target) if err != nil { va.log.Debug(err.Error()) challenge.Status = core.StatusInvalid @@ -378,7 +379,7 @@ func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, in "type": core.ChallengeTypeDNS, "token": challenge.Token, } - err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), accountKey, target) + err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), &accountKey, target) if err != nil { va.log.Debug(err.Error()) challenge.Status = core.StatusInvalid diff --git a/va/validation-authority_test.go b/va/validation-authority_test.go index de8543aef..806476514 100644 --- a/va/validation-authority_test.go +++ b/va/validation-authority_test.go @@ -297,6 +297,7 @@ func TestSimpleHttp(t *testing.T) { test.AssertEquals(t, invalidChall.Error.Type, core.UnknownHostProblem) va.TestMode = true + chall.Token = "wait-long" started := time.Now() invalidChall, err = va.validateSimpleHTTP(ident, chall, AccountKey) took := time.Since(started) @@ -312,7 +313,7 @@ func TestDvsni(t *testing.T) { va := NewValidationAuthorityImpl(true) va.DNSResolver = &mocks.MockDNS{} - chall := staticDVSNIChallenge() + chall := createChallenge(core.ChallengeTypeDVSNI) invalidChall, err := va.validateDvsni(ident, chall, AccountKey) test.AssertEquals(t, invalidChall.Status, core.StatusInvalid) @@ -343,9 +344,10 @@ func TestDvsni(t *testing.T) { va.TestMode = true // Need to re-sign to get an unknown SNI (from the signature value) + chall.Token = core.NewToken() validationPayload, _ := json.Marshal(map[string]interface{}{ "type": chall.Type, - "token": "wait-long", + "token": chall.Token, }) signer, _ := jose.NewSigner(jose.RS256, &TheKey) validationJWS, _ := signer.Sign(validationPayload, "") @@ -366,7 +368,7 @@ func TestTLSError(t *testing.T) { va := NewValidationAuthorityImpl(true) va.DNSResolver = &mocks.MockDNS{} - chall := staticDVSNIChallenge() + chall := createChallenge(core.ChallengeTypeDVSNI) waitChan := make(chan bool, 1) stopChan := make(chan bool, 1) go brokenTLSSrv(t, stopChan, waitChan) @@ -412,10 +414,12 @@ func TestValidateHTTP(t *testing.T) { test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status) } -func staticDVSNIChallenge() core.Challenge { +// challengeType == "dvsni" or "dns", since they're the same +func createChallenge(challengeType string) core.Challenge { chall := core.Challenge{ - Type: core.ChallengeTypeDVSNI, - Token: `qCIRComnWG-6M0z0e2oaXvtmH1f_zlXYkF6ic7lPg3g`, + Type: challengeType, + Status: core.StatusPending, + Token: core.NewToken(), } validationPayload, _ := json.Marshal(map[string]interface{}{ @@ -435,7 +439,7 @@ func TestValidateDvsni(t *testing.T) { mockRA := &MockRegistrationAuthority{} va.RA = mockRA - chall := staticDVSNIChallenge() + chall := createChallenge(core.ChallengeTypeDVSNI) waitChanDvsni := make(chan bool, 1) stopChanDvsni := make(chan bool, 1) go dvsniSrv(t, chall, stopChanDvsni, waitChanDvsni) @@ -465,7 +469,7 @@ func TestValidateDvsniNotSane(t *testing.T) { mockRA := &MockRegistrationAuthority{} va.RA = mockRA - chall := staticDVSNIChallenge() + chall := createChallenge(core.ChallengeTypeDVSNI) waitChanDvsni := make(chan bool, 1) stopChanDvsni := make(chan bool, 1) go dvsniSrv(t, chall, stopChanDvsni, waitChanDvsni) @@ -595,7 +599,7 @@ func TestDNSValidationFailure(t *testing.T) { mockRA := &MockRegistrationAuthority{} va.RA = mockRA - chalDNS := core.DNSChallenge() + chalDNS := createChallenge(core.ChallengeTypeDNS) var authz = core.Authorization{ ID: core.NewToken(), @@ -661,7 +665,7 @@ func TestDNSValidationNotSane(t *testing.T) { Challenges: []core.Challenge{chal0, chal1, chal2}, } - for i := 0; i < 6; i++ { + for i := 0; i < len(authz.Challenges); i++ { va.validate(authz, i, AccountKey) test.AssertEquals(t, authz.Challenges[i].Status, core.StatusInvalid) test.AssertEquals(t, authz.Challenges[i].Error.Type, core.MalformedProblem)