42941ccea6
- Packages - Isolate code used by the CLI into the package `cmd` - (experimental) Add e2e tests for HTTP01, TLS-ALPN-01 and DNS-01, use [Pebble](https://github.com/letsencrypt/pebble) and [challtestsrv](https://github.com/letsencrypt/boulder/tree/master/test/challtestsrv) - Support non-ascii domain name (punnycode) - Check all challenges in a predictable order - No more global exported variables - Archive revoked certificates - Fixes revocation for subdomains and non-ascii domains - Disable pending authorizations - use pointer for RemoteError/ProblemDetails - Poll authz URL instead of challenge URL - The ability for a DNS provider to solve the challenge sequentially - Check all nameservers in a predictable order - Option to disable the complete propagation Requirement - CLI, support for renew with CSR - CLI, add SAN on renew - Add command to list certificates. - Logs every iteration of waiting for the propagation - update DNSimple client - update github.com/miekg/dns
117 lines
2.6 KiB
Go
117 lines
2.6 KiB
Go
package dns01
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestCheckDNSPropagation(t *testing.T) {
|
|
testCases := []struct {
|
|
desc string
|
|
fqdn string
|
|
value string
|
|
expectError bool
|
|
}{
|
|
{
|
|
desc: "success",
|
|
fqdn: "postman-echo.com.",
|
|
value: "postman-domain-verification=c85de626cb79d941310696e06558e2e790223802f3697dfbdcaf65510152d52c",
|
|
},
|
|
{
|
|
desc: "no TXT record",
|
|
fqdn: "acme-staging.api.letsencrypt.org.",
|
|
value: "fe01=",
|
|
expectError: true,
|
|
},
|
|
}
|
|
|
|
for _, test := range testCases {
|
|
test := test
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
t.Parallel()
|
|
ClearFqdnCache()
|
|
|
|
check := newPreCheck()
|
|
|
|
ok, err := check.checkDNSPropagation(test.fqdn, test.value)
|
|
if test.expectError {
|
|
assert.Errorf(t, err, "PreCheckDNS must failed for %s", test.fqdn)
|
|
assert.False(t, ok, "PreCheckDNS must failed for %s", test.fqdn)
|
|
} else {
|
|
assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn)
|
|
assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCheckAuthoritativeNss(t *testing.T) {
|
|
testCases := []struct {
|
|
desc string
|
|
fqdn, value string
|
|
ns []string
|
|
expected bool
|
|
}{
|
|
{
|
|
desc: "TXT RR w/ expected value",
|
|
fqdn: "8.8.8.8.asn.routeviews.org.",
|
|
value: "151698.8.8.024",
|
|
ns: []string{"asnums.routeviews.org."},
|
|
expected: true,
|
|
},
|
|
{
|
|
desc: "No TXT RR",
|
|
fqdn: "ns1.google.com.",
|
|
ns: []string{"ns2.google.com."},
|
|
},
|
|
}
|
|
|
|
for _, test := range testCases {
|
|
test := test
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
t.Parallel()
|
|
ClearFqdnCache()
|
|
|
|
ok, _ := checkAuthoritativeNss(test.fqdn, test.value, test.ns)
|
|
assert.Equal(t, test.expected, ok, test.fqdn)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCheckAuthoritativeNssErr(t *testing.T) {
|
|
testCases := []struct {
|
|
desc string
|
|
fqdn, value string
|
|
ns []string
|
|
error string
|
|
}{
|
|
{
|
|
desc: "TXT RR /w unexpected value",
|
|
fqdn: "8.8.8.8.asn.routeviews.org.",
|
|
value: "fe01=",
|
|
ns: []string{"asnums.routeviews.org."},
|
|
error: "did not return the expected TXT record",
|
|
},
|
|
{
|
|
desc: "No TXT RR",
|
|
fqdn: "ns1.google.com.",
|
|
value: "fe01=",
|
|
ns: []string{"ns2.google.com."},
|
|
error: "did not return the expected TXT record",
|
|
},
|
|
}
|
|
|
|
for _, test := range testCases {
|
|
test := test
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
t.Parallel()
|
|
ClearFqdnCache()
|
|
|
|
_, err := checkAuthoritativeNss(test.fqdn, test.value, test.ns)
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), test.error)
|
|
})
|
|
}
|
|
}
|