Mostly fixed tests

core/objects.go

@@ -269,22 +269,8 @@ func (ch Challenge) IsSane(completed bool) bool {
 			return false
 		}
 	case ChallengeTypeDVSNI:
-		// check extra fields aren't used
-		if ch.TLS != nil {
-			return false
-		}
-
-		// check token is present, corrent length, and contains b64 encoded string
-		if ch.Token == "" || len(ch.Token) != 43 {
-			return false
-		}
-		if _, err := B64dec(ch.Token); err != nil {
-			return false
-		}
-
-		if completed && ch.Validation == nil {
-			return false
-		}
+		// Same as DNS
+		fallthrough
 	case ChallengeTypeDNS:
 		// check extra fields aren't used
 		if ch.TLS != nil {
@@ -299,6 +285,11 @@ func (ch Challenge) IsSane(completed bool) bool {
 			return false
 		}
 
+		// If completed, check that there's a validation object
+		if completed && ch.Validation == nil {
+			return false
+		}
+
 	default:
 		return false
 	}

va/validation-authority.go

@@ -62,7 +62,8 @@ type verificationRequestEvent struct {
 	Error        string         `json:",omitempty"`
 }
 
-func verifyValidationJWS(validation *jose.JsonWebSignature, accountKey jose.JsonWebKey, target map[string]interface{}) error {
+// TODO Update jws.go to accept jose.JsonWebKey in newVerifier
+func verifyValidationJWS(validation *jose.JsonWebSignature, accountKey *jose.JsonWebKey, target map[string]interface{}) error {
 
 	if len(validation.Signatures) > 1 {
 		return fmt.Errorf("Too many signatures on validation JWS")
@@ -235,7 +236,7 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif
 		"token": challenge.Token,
 		"tls":   (challenge.TLS == nil) || *challenge.TLS,
 	}
-	err = verifyValidationJWS(parsedJws, accountKey, target)
+	err = verifyValidationJWS(parsedJws, &accountKey, target)
 	if err != nil {
 		va.log.Debug(err.Error())
 		challenge.Status = core.StatusInvalid
@@ -270,7 +271,7 @@ func (va ValidationAuthorityImpl) validateDvsni(identifier core.AcmeIdentifier,
 		"type":  core.ChallengeTypeDVSNI,
 		"token": challenge.Token,
 	}
-	err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), accountKey, target)
+	err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), &accountKey, target)
 	if err != nil {
 		va.log.Debug(err.Error())
 		challenge.Status = core.StatusInvalid
@@ -378,7 +379,7 @@ func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, in
 		"type":  core.ChallengeTypeDNS,
 		"token": challenge.Token,
 	}
-	err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), accountKey, target)
+	err := verifyValidationJWS((*jose.JsonWebSignature)(challenge.Validation), &accountKey, target)
 	if err != nil {
 		va.log.Debug(err.Error())
 		challenge.Status = core.StatusInvalid

va/validation-authority_test.go

@@ -297,6 +297,7 @@ func TestSimpleHttp(t *testing.T) {
 	test.AssertEquals(t, invalidChall.Error.Type, core.UnknownHostProblem)
 	va.TestMode = true
 
+	chall.Token = "wait-long"
 	started := time.Now()
 	invalidChall, err = va.validateSimpleHTTP(ident, chall, AccountKey)
 	took := time.Since(started)
@@ -312,7 +313,7 @@ func TestDvsni(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
 
-	chall := staticDVSNIChallenge()
+	chall := createChallenge(core.ChallengeTypeDVSNI)
 
 	invalidChall, err := va.validateDvsni(ident, chall, AccountKey)
 	test.AssertEquals(t, invalidChall.Status, core.StatusInvalid)
@@ -343,9 +344,10 @@ func TestDvsni(t *testing.T) {
 	va.TestMode = true
 
 	// Need to re-sign to get an unknown SNI (from the signature value)
+	chall.Token = core.NewToken()
 	validationPayload, _ := json.Marshal(map[string]interface{}{
 		"type":  chall.Type,
-		"token": "wait-long",
+		"token": chall.Token,
 	})
 	signer, _ := jose.NewSigner(jose.RS256, &TheKey)
 	validationJWS, _ := signer.Sign(validationPayload, "")
@@ -366,7 +368,7 @@ func TestTLSError(t *testing.T) {
 	va := NewValidationAuthorityImpl(true)
 	va.DNSResolver = &mocks.MockDNS{}
 
-	chall := staticDVSNIChallenge()
+	chall := createChallenge(core.ChallengeTypeDVSNI)
 	waitChan := make(chan bool, 1)
 	stopChan := make(chan bool, 1)
 	go brokenTLSSrv(t, stopChan, waitChan)
@@ -412,10 +414,12 @@ func TestValidateHTTP(t *testing.T) {
 	test.AssertEquals(t, core.StatusValid, mockRA.lastAuthz.Challenges[0].Status)
 }
 
-func staticDVSNIChallenge() core.Challenge {
+// challengeType == "dvsni" or "dns", since they're the same
+func createChallenge(challengeType string) core.Challenge {
 	chall := core.Challenge{
-		Type:  core.ChallengeTypeDVSNI,
-		Token: `qCIRComnWG-6M0z0e2oaXvtmH1f_zlXYkF6ic7lPg3g`,
+		Type:   challengeType,
+		Status: core.StatusPending,
+		Token:  core.NewToken(),
 	}
 
 	validationPayload, _ := json.Marshal(map[string]interface{}{
@@ -435,7 +439,7 @@ func TestValidateDvsni(t *testing.T) {
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
-	chall := staticDVSNIChallenge()
+	chall := createChallenge(core.ChallengeTypeDVSNI)
 	waitChanDvsni := make(chan bool, 1)
 	stopChanDvsni := make(chan bool, 1)
 	go dvsniSrv(t, chall, stopChanDvsni, waitChanDvsni)
@@ -465,7 +469,7 @@ func TestValidateDvsniNotSane(t *testing.T) {
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
-	chall := staticDVSNIChallenge()
+	chall := createChallenge(core.ChallengeTypeDVSNI)
 	waitChanDvsni := make(chan bool, 1)
 	stopChanDvsni := make(chan bool, 1)
 	go dvsniSrv(t, chall, stopChanDvsni, waitChanDvsni)
@@ -595,7 +599,7 @@ func TestDNSValidationFailure(t *testing.T) {
 	mockRA := &MockRegistrationAuthority{}
 	va.RA = mockRA
 
-	chalDNS := core.DNSChallenge()
+	chalDNS := createChallenge(core.ChallengeTypeDNS)
 
 	var authz = core.Authorization{
 		ID:             core.NewToken(),
@@ -661,7 +665,7 @@ func TestDNSValidationNotSane(t *testing.T) {
 		Challenges:     []core.Challenge{chal0, chal1, chal2},
 	}
 
-	for i := 0; i < 6; i++ {
+	for i := 0; i < len(authz.Challenges); i++ {
 		va.validate(authz, i, AccountKey)
 		test.AssertEquals(t, authz.Challenges[i].Status, core.StatusInvalid)
 		test.AssertEquals(t, authz.Challenges[i].Error.Type, core.MalformedProblem)