forked from TrueCloudLab/lego
Merge pull request #171 from xi2/gandi-add-live-test
Gandi DNS: add live test
This commit is contained in:
commit
4c1e6a183c
1 changed files with 81 additions and 0 deletions
|
@ -1,15 +1,41 @@
|
||||||
package gandi
|
package gandi
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto"
|
||||||
|
"crypto/rand"
|
||||||
|
"crypto/rsa"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
|
"os"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/xenolf/lego/acme"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// stagingServer is the Let's Encrypt staging server used by the live test
|
||||||
|
const stagingServer = "https://acme-staging.api.letsencrypt.org/directory"
|
||||||
|
|
||||||
|
// user implements acme.User and is used by the live test
|
||||||
|
type user struct {
|
||||||
|
Email string
|
||||||
|
Registration *acme.RegistrationResource
|
||||||
|
key crypto.PrivateKey
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *user) GetEmail() string {
|
||||||
|
return u.Email
|
||||||
|
}
|
||||||
|
func (u *user) GetRegistration() *acme.RegistrationResource {
|
||||||
|
return u.Registration
|
||||||
|
}
|
||||||
|
func (u *user) GetPrivateKey() crypto.PrivateKey {
|
||||||
|
return u.key
|
||||||
|
}
|
||||||
|
|
||||||
// TestDNSProvider runs Present and CleanUp against a fake Gandi RPC
|
// TestDNSProvider runs Present and CleanUp against a fake Gandi RPC
|
||||||
// Server, whose responses are predetermined for particular requests.
|
// Server, whose responses are predetermined for particular requests.
|
||||||
func TestDNSProvider(t *testing.T) {
|
func TestDNSProvider(t *testing.T) {
|
||||||
|
@ -66,6 +92,61 @@ func TestDNSProvider(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestDNSProviderLive performs a live test to obtain a certificate
|
||||||
|
// using the Let's Encrypt staging server. It runs provided that both
|
||||||
|
// the environment variables GANDI_API_KEY and GANDI_TEST_DOMAIN are
|
||||||
|
// set. Otherwise the test is skipped.
|
||||||
|
//
|
||||||
|
// To complete this test, go test must be run with the -timeout=40m
|
||||||
|
// flag, since the default timeout of 10m is insufficient.
|
||||||
|
func TestDNSProviderLive(t *testing.T) {
|
||||||
|
apiKey := os.Getenv("GANDI_API_KEY")
|
||||||
|
domain := os.Getenv("GANDI_TEST_DOMAIN")
|
||||||
|
if apiKey == "" || domain == "" {
|
||||||
|
t.Skip("skipping live test")
|
||||||
|
}
|
||||||
|
// create a user.
|
||||||
|
const rsaKeySize = 2048
|
||||||
|
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
myUser := user{
|
||||||
|
Email: "test@example.com",
|
||||||
|
key: privateKey,
|
||||||
|
}
|
||||||
|
// create a client using staging server
|
||||||
|
client, err := acme.NewClient(stagingServer, &myUser, acme.RSA2048)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
provider, err := NewDNSProviderCredentials(apiKey)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
err = client.SetChallengeProvider(acme.DNS01, provider)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
|
||||||
|
// register and agree tos
|
||||||
|
reg, err := client.Register()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
myUser.Registration = reg
|
||||||
|
err = client.AgreeToTOS()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
// complete the challenge
|
||||||
|
bundle := false
|
||||||
|
_, failures := client.ObtainCertificate([]string{domain}, bundle, nil)
|
||||||
|
if len(failures) > 0 {
|
||||||
|
t.Fatal(failures)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// serverResponses is the XML-RPC Request->Response map used by the
|
// serverResponses is the XML-RPC Request->Response map used by the
|
||||||
// fake RPC server. It was generated by recording a real RPC session
|
// fake RPC server. It was generated by recording a real RPC session
|
||||||
// which resulted in the successful issue of a cert, and then
|
// which resulted in the successful issue of a cert, and then
|
||||||
|
|
Loading…
Reference in a new issue