forked from TrueCloudLab/lego
e2b4c3a54f
* Add 'dns-01' in CLI usage's solver list * Add Gandi Beta LiveDNS provider * gandiv5: rename provider and enhance error messages * gandiv5: clean old behavior comments * gandiv5: clean old behavior comments
157 lines
4.2 KiB
Go
157 lines
4.2 KiB
Go
package gandiv5
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"io"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"regexp"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/xenolf/lego/acme"
|
|
)
|
|
|
|
// stagingServer is the Let's Encrypt staging server used by the live test
|
|
const stagingServer = "https://acme-staging.api.letsencrypt.org/directory"
|
|
|
|
// user implements acme.User and is used by the live test
|
|
type user struct {
|
|
Email string
|
|
Registration *acme.RegistrationResource
|
|
key crypto.PrivateKey
|
|
}
|
|
|
|
func (u *user) GetEmail() string {
|
|
return u.Email
|
|
}
|
|
func (u *user) GetRegistration() *acme.RegistrationResource {
|
|
return u.Registration
|
|
}
|
|
func (u *user) GetPrivateKey() crypto.PrivateKey {
|
|
return u.key
|
|
}
|
|
|
|
// TestDNSProvider runs Present and CleanUp against a fake Gandi RPC
|
|
// Server, whose responses are predetermined for particular requests.
|
|
func TestDNSProvider(t *testing.T) {
|
|
fakeAPIKey := "123412341234123412341234"
|
|
fakeKeyAuth := "XXXX"
|
|
provider, err := NewDNSProviderCredentials(fakeAPIKey)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
regexpToken, err := regexp.Compile(`"rrset_values":\[".+"\]`)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// start fake RPC server
|
|
fakeServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Header.Get("Content-Type") != "application/json" {
|
|
t.Fatalf("Content-Type: application/json header not found")
|
|
}
|
|
req, err := ioutil.ReadAll(r.Body)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
req = regexpToken.ReplaceAllLiteral(
|
|
req, []byte(`"rrset_values":["TOKEN"]`))
|
|
resp, ok := serverResponses[string(req)]
|
|
if !ok {
|
|
t.Fatalf("Server response for request not found")
|
|
}
|
|
_, err = io.Copy(w, strings.NewReader(resp))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}))
|
|
defer fakeServer.Close()
|
|
// define function to override findZoneByFqdn with
|
|
fakeFindZoneByFqdn := func(fqdn string, nameserver []string) (string, error) {
|
|
return "example.com.", nil
|
|
}
|
|
// override gandi endpoint and findZoneByFqdn function
|
|
savedEndpoint, savedFindZoneByFqdn := endpoint, findZoneByFqdn
|
|
defer func() {
|
|
endpoint, findZoneByFqdn = savedEndpoint, savedFindZoneByFqdn
|
|
}()
|
|
endpoint, findZoneByFqdn = fakeServer.URL, fakeFindZoneByFqdn
|
|
// run Present
|
|
err = provider.Present("abc.def.example.com", "", fakeKeyAuth)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// run CleanUp
|
|
err = provider.CleanUp("abc.def.example.com", "", fakeKeyAuth)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
// TestDNSProviderLive performs a live test to obtain a certificate
|
|
// using the Let's Encrypt staging server. It runs provided that both
|
|
// the environment variables GANDIV5_API_KEY and GANDI_TEST_DOMAIN are
|
|
// set. Otherwise the test is skipped.
|
|
//
|
|
// To complete this test, go test must be run with the -timeout=40m
|
|
// flag, since the default timeout of 10m is insufficient.
|
|
func TestDNSProviderLive(t *testing.T) {
|
|
apiKey := os.Getenv("GANDIV5_API_KEY")
|
|
domain := os.Getenv("GANDI_TEST_DOMAIN")
|
|
if apiKey == "" || domain == "" {
|
|
t.Skip("skipping live test")
|
|
}
|
|
// create a user.
|
|
const rsaKeySize = 2048
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
myUser := user{
|
|
Email: "test@example.com",
|
|
key: privateKey,
|
|
}
|
|
// create a client using staging server
|
|
client, err := acme.NewClient(stagingServer, &myUser, acme.RSA2048)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
provider, err := NewDNSProviderCredentials(apiKey)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
err = client.SetChallengeProvider(acme.DNS01, provider)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
|
|
// register and agree tos
|
|
reg, err := client.Register()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
myUser.Registration = reg
|
|
err = client.AgreeToTOS()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// complete the challenge
|
|
bundle := false
|
|
_, failures := client.ObtainCertificate([]string{domain}, bundle, nil, false)
|
|
if len(failures) > 0 {
|
|
t.Fatal(failures)
|
|
}
|
|
}
|
|
|
|
// serverResponses is the JSON Request->Response map used by the
|
|
// fake JSON server.
|
|
var serverResponses = map[string]string{
|
|
// Present Request->Response (addTXTRecord)
|
|
`{"rrset_ttl":300,"rrset_values":["TOKEN"]}`: `{"message": "Zone Record Created"}`,
|
|
// CleanUp Request->Response (deleteTXTRecord)
|
|
`{"delete":true}`: ``,
|
|
}
|