lego/acme/tls_sni_challenge_test.go

package acme

import (
	"crypto/rsa"
	"crypto/sha256"
	"crypto/tls"
	"encoding/hex"
	"fmt"
	"strings"
	"testing"
)

func TestTLSSNIChallenge(t *testing.T) {
	privKey, _ := generatePrivateKey(rsakey, 512)
	j := &jws{privKey: privKey.(*rsa.PrivateKey)}
	clientChallenge := challenge{Type: TLSSNI01, Token: "tlssni1"}
	mockValidate := func(_ *jws, _, _ string, chlng challenge) error {
		conn, err := tls.Dial("tcp", "localhost:23457", &tls.Config{
			InsecureSkipVerify: true,
		})
		if err != nil {
			t.Errorf("Expected to connect to challenge server without an error. %s", err.Error())
		}

		// Expect the server to only return one certificate
		connState := conn.ConnectionState()
		if count := len(connState.PeerCertificates); count != 1 {
			t.Errorf("Expected the challenge server to return exactly one certificate but got %d", count)
		}

		remoteCert := connState.PeerCertificates[0]
		if count := len(remoteCert.DNSNames); count != 1 {
			t.Errorf("Expected the challenge certificate to have exactly one DNSNames entry but had %d", count)
		}

		zBytes := sha256.Sum256([]byte(chlng.KeyAuthorization))
		z := hex.EncodeToString(zBytes[:sha256.Size])
		domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:])

		if remoteCert.DNSNames[0] != domain {
			t.Errorf("Expected the challenge certificate DNSName to match %s but was %s", domain, remoteCert.DNSNames[0])
		}

		return nil
	}
	solver := &tlsSNIChallenge{jws: j, validate: mockValidate, provider: &TLSProviderServer{port: "23457"}}

	if err := solver.Solve(clientChallenge, "localhost:23457"); err != nil {
		t.Errorf("Solve error: got %v, want nil", err)
	}
}

func TestTLSSNIChallengeInvalidPort(t *testing.T) {
	privKey, _ := generatePrivateKey(rsakey, 128)
	j := &jws{privKey: privKey.(*rsa.PrivateKey)}
	clientChallenge := challenge{Type: TLSSNI01, Token: "tlssni2"}
	solver := &tlsSNIChallenge{jws: j, validate: stubValidate, provider: &TLSProviderServer{port: "123456"}}

	if err := solver.Solve(clientChallenge, "localhost:123456"); err == nil {
		t.Errorf("Solve error: got %v, want error", err)
	} else if want := "invalid port 123456"; !strings.HasSuffix(err.Error(), want) {
		t.Errorf("Solve error: got %q, want suffix %q", err.Error(), want)
	}
}
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00			`package acme`

			`import (`
			`"crypto/rsa"`
			`"crypto/sha256"`
			`"crypto/tls"`
			`"encoding/hex"`
			`"fmt"`
Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`"strings"`
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00			`"testing"`
			`)`

Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`func TestTLSSNIChallenge(t *testing.T) {`
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00			`privKey, _ := generatePrivateKey(rsakey, 512)`
Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`j := &jws{privKey: privKey.(*rsa.PrivateKey)}`
Refactor challenge providers to new ChallengeProvider interface * new ChallengeProvider with Present and CleanUp methods * new Challenge type describing `http-01`, `tls-sni-01`, `dns-01` * new client.SetChallengeProvider to support custom implementations 2016-01-15 04:06:25 +00:00			`clientChallenge := challenge{Type: TLSSNI01, Token: "tlssni1"}`
Fix validateFunc tests 2015-12-27 18:26:47 +00:00			`mockValidate := func(_ *jws, _, _ string, chlng challenge) error {`
Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`conn, err := tls.Dial("tcp", "localhost:23457", &tls.Config{`
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00			`InsecureSkipVerify: true,`
			`})`
			`if err != nil {`
			`t.Errorf("Expected to connect to challenge server without an error. %s", err.Error())`
			`}`

			`// Expect the server to only return one certificate`
			`connState := conn.ConnectionState()`
			`if count := len(connState.PeerCertificates); count != 1 {`
			`t.Errorf("Expected the challenge server to return exactly one certificate but got %d", count)`
			`}`

			`remoteCert := connState.PeerCertificates[0]`
			`if count := len(remoteCert.DNSNames); count != 1 {`
			`t.Errorf("Expected the challenge certificate to have exactly one DNSNames entry but had %d", count)`
			`}`

Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`zBytes := sha256.Sum256([]byte(chlng.KeyAuthorization))`
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00			`z := hex.EncodeToString(zBytes[:sha256.Size])`
			`domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:])`

			`if remoteCert.DNSNames[0] != domain {`
			`t.Errorf("Expected the challenge certificate DNSName to match %s but was %s", domain, remoteCert.DNSNames[0])`
			`}`

Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`return nil`
			`}`
Fix tests for new naming. 2016-02-14 21:07:27 +00:00			`solver := &tlsSNIChallenge{jws: j, validate: mockValidate, provider: &TLSProviderServer{port: "23457"}}`
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00
Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`if err := solver.Solve(clientChallenge, "localhost:23457"); err != nil {`
			`t.Errorf("Solve error: got %v, want nil", err)`
			`}`
			`}`
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00
Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`func TestTLSSNIChallengeInvalidPort(t *testing.T) {`
			`privKey, _ := generatePrivateKey(rsakey, 128)`
			`j := &jws{privKey: privKey.(*rsa.PrivateKey)}`
Refactor challenge providers to new ChallengeProvider interface * new ChallengeProvider with Present and CleanUp methods * new Challenge type describing `http-01`, `tls-sni-01`, `dns-01` * new client.SetChallengeProvider to support custom implementations 2016-01-15 04:06:25 +00:00			`clientChallenge := challenge{Type: TLSSNI01, Token: "tlssni2"}`
Fix tests for new naming. 2016-02-14 21:07:27 +00:00			`solver := &tlsSNIChallenge{jws: j, validate: stubValidate, provider: &TLSProviderServer{port: "123456"}}`
Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00
			`if err := solver.Solve(clientChallenge, "localhost:123456"); err == nil {`
Implement custom User-Agent string Also a couple miscellaneous vet fixes 2015-12-30 22:01:21 +00:00			`t.Errorf("Solve error: got %v, want error", err)`
Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 14:53:53 +00:00			`} else if want := "invalid port 123456"; !strings.HasSuffix(err.Error(), want) {`
			`t.Errorf("Solve error: got %q, want suffix %q", err.Error(), want)`
Add tests to TLS-SNI-01 2015-11-22 17:32:22 +00:00			`}`
			`}`