209 lines
7.5 KiB
Go
209 lines
7.5 KiB
Go
// Copyright 2015 ISRG. All rights reserved
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package core
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"encoding/json"
|
|
"net"
|
|
"testing"
|
|
|
|
"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/letsencrypt/go-jose"
|
|
|
|
"github.com/letsencrypt/boulder/test"
|
|
)
|
|
|
|
func TestProblemDetails(t *testing.T) {
|
|
pd := &ProblemDetails{
|
|
Type: MalformedProblem,
|
|
Detail: "Wat? o.O"}
|
|
test.AssertEquals(t, pd.Error(), "urn:acme:error:malformed :: Wat? o.O")
|
|
}
|
|
|
|
func TestRegistrationUpdate(t *testing.T) {
|
|
oldURL, _ := ParseAcmeURL("http://old.invalid")
|
|
newURL, _ := ParseAcmeURL("http://new.invalid")
|
|
reg := Registration{
|
|
ID: 1,
|
|
Contact: []*AcmeURL{oldURL},
|
|
Agreement: "",
|
|
}
|
|
update := Registration{
|
|
Contact: []*AcmeURL{newURL},
|
|
Agreement: "totally!",
|
|
}
|
|
|
|
reg.MergeUpdate(update)
|
|
test.Assert(t, len(reg.Contact) == 1 && reg.Contact[0] == update.Contact[0], "Contact was not updated %v != %v")
|
|
test.Assert(t, reg.Agreement == update.Agreement, "Agreement was not updated")
|
|
}
|
|
|
|
var testKey1, _ = rsa.GenerateKey(rand.Reader, 2048)
|
|
var testKey2, _ = rsa.GenerateKey(rand.Reader, 2048)
|
|
var testKey3, _ = rsa.GenerateKey(rand.Reader, 2048)
|
|
|
|
func TestAuthorizedKeys(t *testing.T) {
|
|
ak1 := AuthorizedKey{
|
|
Token: "99DrlWuy-4Nc82olAy0cK7Shnm4uV32pJovyucGEWME",
|
|
Key: &jose.JsonWebKey{Key: testKey1.Public()},
|
|
}
|
|
ak2 := AuthorizedKey{
|
|
Token: "Iy2_-2OA8lyD0lwhmD8dD3TIL3wlNpiUhLTXPJG5qOM",
|
|
Key: &jose.JsonWebKey{Key: testKey2.Public()},
|
|
}
|
|
|
|
test.Assert(t, ak1.Match(ak1.Token, ak1.Key), "Authorized key should match itself")
|
|
test.Assert(t, !ak1.Match(ak1.Token, ak2.Key), "Authorized key should not match a different key")
|
|
test.Assert(t, !ak1.Match(ak2.Token, ak1.Key), "Authorized key should not match a different token")
|
|
test.Assert(t, !ak1.Match(ak2.Token, ak2.Key), "Authorized key should not match a completely different key")
|
|
|
|
test.Assert(t, ak1.MatchAuthorizedKey(ak1), "Authorized key should match itself")
|
|
test.Assert(t, !ak1.MatchAuthorizedKey(ak2), "Authorized key should not match a completely different key")
|
|
}
|
|
|
|
func TestRecordSanityCheck(t *testing.T) {
|
|
rec := []ValidationRecord{
|
|
ValidationRecord{
|
|
URL: "http://localhost/test",
|
|
Hostname: "localhost",
|
|
Port: "80",
|
|
AddressesResolved: []net.IP{net.IP{127, 0, 0, 1}},
|
|
AddressUsed: net.IP{127, 0, 0, 1},
|
|
},
|
|
}
|
|
|
|
chall := Challenge{Type: ChallengeTypeSimpleHTTP, ValidationRecord: rec}
|
|
test.Assert(t, chall.RecordsSane(), "Record should be sane")
|
|
chall.ValidationRecord[0].URL = ""
|
|
test.Assert(t, !chall.RecordsSane(), "Record should not be sane")
|
|
|
|
chall = Challenge{Type: ChallengeTypeDVSNI, ValidationRecord: rec}
|
|
chall.ValidationRecord[0].URL = ""
|
|
test.Assert(t, chall.RecordsSane(), "Record should be sane")
|
|
chall.ValidationRecord[0].Hostname = ""
|
|
test.Assert(t, !chall.RecordsSane(), "Record should not be sane")
|
|
|
|
chall.ValidationRecord = append(chall.ValidationRecord, rec...)
|
|
test.Assert(t, !chall.RecordsSane(), "Record should not be sane")
|
|
}
|
|
|
|
//-----BEGIN TO DELETE-----
|
|
func TestChallengeSanityCheck_Legacy(t *testing.T) {
|
|
// Make a temporary account key
|
|
var accountKey *jose.JsonWebKey
|
|
err := json.Unmarshal([]byte(`{
|
|
"kty":"RSA",
|
|
"n":"yNWVhtYEKJR21y9xsHV-PD_bYwbXSeNuFal46xYxVfRL5mqha7vttvjB_vc7Xg2RvgCxHPCqoxgMPTzHrZT75LjCwIW2K_klBYN8oYvTwwmeSkAz6ut7ZxPv-nZaT5TJhGk0NT2kh_zSpdriEJ_3vW-mqxYbbBmpvHqsa1_zx9fSuHYctAZJWzxzUZXykbWMWQZpEiE0J4ajj51fInEzVn7VxV-mzfMyboQjujPh7aNJxAWSq4oQEJJDgWwSh9leyoJoPpONHxh5nEE5AjE01FkGICSxjpZsF-w8hOTI3XXohUdu29Se26k2B0PolDSuj0GIQU6-W9TdLXSjBb2SpQ",
|
|
"e":"AQAB"
|
|
}`), &accountKey)
|
|
test.AssertNotError(t, err, "Error unmarshaling JWK")
|
|
|
|
types := []string{ChallengeTypeSimpleHTTP, ChallengeTypeDVSNI}
|
|
for _, challengeType := range types {
|
|
chall := Challenge{
|
|
Type: challengeType,
|
|
Status: StatusInvalid,
|
|
AccountKey: accountKey,
|
|
}
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
chall.Status = StatusPending
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
chall.Token = ""
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
chall.Token = "notlongenough"
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
chall.Token = "evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ+PCt92wr+o!"
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
chall.Token = "KQqLsiS5j0CONR_eUXTUSUDNVaHODtc-0pD6ACif7U4"
|
|
test.Assert(t, chall.IsSane(false), "IsSane should be true")
|
|
|
|
// Post-completion tests differ by type
|
|
if challengeType == ChallengeTypeSimpleHTTP {
|
|
tls := true
|
|
chall.TLS = &tls
|
|
chall.ValidationRecord = []ValidationRecord{ValidationRecord{
|
|
URL: "",
|
|
Hostname: "localhost",
|
|
Port: "80",
|
|
AddressesResolved: []net.IP{net.IP{127, 0, 0, 1}},
|
|
AddressUsed: net.IP{127, 0, 0, 1},
|
|
}}
|
|
test.Assert(t, chall.IsSane(true), "IsSane should be true")
|
|
} else if challengeType == ChallengeTypeDVSNI {
|
|
chall.Validation = new(jose.JsonWebSignature)
|
|
if challengeType == ChallengeTypeDVSNI {
|
|
chall.ValidationRecord = []ValidationRecord{ValidationRecord{
|
|
Hostname: "localhost",
|
|
Port: "80",
|
|
AddressesResolved: []net.IP{net.IP{127, 0, 0, 1}},
|
|
AddressUsed: net.IP{127, 0, 0, 1},
|
|
}}
|
|
} else {
|
|
chall.ValidationRecord = []ValidationRecord{}
|
|
}
|
|
test.Assert(t, chall.IsSane(true), "IsSane should be true")
|
|
}
|
|
}
|
|
|
|
chall := Challenge{Type: "bogus", Status: StatusPending}
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
test.Assert(t, !chall.IsSane(true), "IsSane should be false")
|
|
}
|
|
|
|
//-----END TO DELETE-----
|
|
|
|
func TestChallengeSanityCheck(t *testing.T) {
|
|
// Make a temporary account key
|
|
var accountKey *jose.JsonWebKey
|
|
err := json.Unmarshal([]byte(`{
|
|
"kty":"RSA",
|
|
"n":"yNWVhtYEKJR21y9xsHV-PD_bYwbXSeNuFal46xYxVfRL5mqha7vttvjB_vc7Xg2RvgCxHPCqoxgMPTzHrZT75LjCwIW2K_klBYN8oYvTwwmeSkAz6ut7ZxPv-nZaT5TJhGk0NT2kh_zSpdriEJ_3vW-mqxYbbBmpvHqsa1_zx9fSuHYctAZJWzxzUZXykbWMWQZpEiE0J4ajj51fInEzVn7VxV-mzfMyboQjujPh7aNJxAWSq4oQEJJDgWwSh9leyoJoPpONHxh5nEE5AjE01FkGICSxjpZsF-w8hOTI3XXohUdu29Se26k2B0PolDSuj0GIQU6-W9TdLXSjBb2SpQ",
|
|
"e":"AQAB"
|
|
}`), &accountKey)
|
|
test.AssertNotError(t, err, "Error unmarshaling JWK")
|
|
|
|
ak := AuthorizedKey{
|
|
Token: "KQqLsiS5j0CONR_eUXTUSUDNVaHODtc-0pD6ACif7U4",
|
|
Key: accountKey,
|
|
}
|
|
jsonAK, err := json.Marshal(ak)
|
|
test.AssertNotError(t, err, "Error marshaling authorized key")
|
|
|
|
types := []string{ChallengeTypeHTTP_00, ChallengeTypeTLSSNI_00, ChallengeTypeDNS_00}
|
|
for _, challengeType := range types {
|
|
chall := Challenge{
|
|
Type: challengeType,
|
|
Status: StatusInvalid,
|
|
AccountKey: accountKey,
|
|
}
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
|
|
chall.Status = StatusPending
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
|
|
chall.AuthorizedKey = jsonAK
|
|
test.Assert(t, chall.IsSane(false), "IsSane should be true")
|
|
|
|
chall.Token = ak.Token
|
|
test.Assert(t, chall.IsSane(true), "IsSane should be true")
|
|
}
|
|
|
|
chall := Challenge{Type: "bogus", Status: StatusPending}
|
|
test.Assert(t, !chall.IsSane(false), "IsSane should be false")
|
|
test.Assert(t, !chall.IsSane(true), "IsSane should be false")
|
|
}
|
|
|
|
func TestJSONBufferUnmarshal(t *testing.T) {
|
|
testStruct := struct {
|
|
Buffer JSONBuffer
|
|
}{}
|
|
|
|
notValidBase64 := []byte(`{"Buffer":"!!!!"}`)
|
|
err := json.Unmarshal(notValidBase64, &testStruct)
|
|
test.Assert(t, err != nil, "Should have choked on invalid base64")
|
|
}
|