Small TEST-ONLY server for mock DNS & responding to HTTP-01, DNS-01, and TLS-ALPN-01 ACME challenges.

Go to file

Jacob Hoffman-Andrews 504e5eade5 Merge branch 'master' of github.com:letsencrypt/challtestsrv into update-deps		2021-10-19 15:20:34 -07:00
vendor	Update miekg/dns to latest.	2021-10-13 18:49:27 -07:00
.gitignore	Initial commit	2018-12-05 12:27:19 -05:00
.golangci.yaml	Avoid logging on a clean server shutdown. (#15 )	2021-10-19 15:19:43 -07:00
.travis.yml	Avoid logging on a clean server shutdown. (#15 )	2021-10-19 15:19:43 -07:00
CODE_OF_CONDUCT.md	Add linting, README badges, code coverage, code of conduct. (#5 )	2019-02-27 10:53:31 -08:00
LICENSE	Initial commit	2018-12-05 12:27:19 -05:00
README.md	Add simple support for CNAMEs as DNS aliases (#7 )	2019-03-29 09:10:51 -04:00
challenge-servers.go	Avoid logging on a clean server shutdown. (#15 )	2021-10-19 15:19:43 -07:00
dns.go	dns: add support for mocking SERVFAIL responses. (#10 )	2019-08-27 10:36:20 -07:00
dnsone.go	Comment tweaks and delete fixes.	2018-12-06 12:03:37 -08:00
event.go	Track challenge server request history. (#3 )	2018-12-14 16:44:22 -05:00
go.mod	Update miekg/dns to latest.	2021-10-13 18:49:27 -07:00
go.sum	Update miekg/dns to latest.	2021-10-13 18:49:27 -07:00
httpone.go	fix: don't panic with unknown DNS question type. (#4 )	2019-01-04 11:48:40 -05:00
mockdns.go	dns: add support for mocking SERVFAIL responses. (#10 )	2019-08-27 10:36:20 -07:00
tlsalpnone.go	Add linting, README badges, code coverage, code of conduct. (#5 )	2019-02-27 10:53:31 -08:00

README.md

Challenge Test Server

The challtestsrv package offers a library/command that can be used by test code to respond to HTTP-01, DNS-01, and TLS-ALPN-01 ACME challenges. The challtestsrv package can also be used as a mock DNS server letting developers mock A, AAAA, CNAME, and CAA DNS data for specific hostnames. The mock server will resolve up to one level of CNAME aliasing for accepted DNS request types.

Important note: The challtestsrv command and library are for TEST USAGE ONLY. It is trivially insecure, offering no authentication. Only use challtestsrv in a controlled test environment.

For example this package is used by the Boulder load-generator command to manage its own in-process HTTP-01 challenge server.

Usage

Create a challenge server responding to HTTP-01 challenges on ":8888" and DNS-01 challenges on ":9999" and "10.0.0.1:9998":

  import "github.com/letsencrypt/pebble/challtestsrv"

  challSrv, err := challtestsrv.New(challsrv.Config{
    HTTPOneAddr: []string{":8888"},
    DNSOneAddr: []string{":9999", "10.0.0.1:9998"},
  })
  if err != nil {
    panic(err)
  }

Run the Challenge server and subservers:

  // Start the Challenge server in its own Go routine
  go challSrv.Run()

Add an HTTP-01 response for the token "aaa" and the value "bbb", defer cleaning it up again:

  challSrv.AddHTTPOneChallenge("aaa", "bbb")
  defer challSrv.DeleteHTTPOneChallenge("aaa")

Add a DNS-01 TXT response for the host "_acme-challenge.example.com." and the value "bbb", defer cleaning it up again:

  challSrv.AddDNSOneChallenge("_acme-challenge.example.com.", "bbb")
  defer challSrv.DeleteHTTPOneChallenge("_acme-challenge.example.com.")

Get the history of HTTP requests processed by the challenge server for the host "example.com":

requestHistory := challSrv.RequestHistory("example.com", challtestsrv.HTTPRequestEventType)

Clear the history of HTTP requests processed by the challenge server for the host "example.com":

challSrv.ClearRequestHistory("example.com", challtestsrv.HTTPRequestEventType)

Stop the Challenge server and subservers:

  // Shutdown the Challenge server
  challSrv.Shutdown()

For more information on the package API see Godocs and the associated package sourcecode.