From e99d2ee63f303918441539cc782d867ab744c5be Mon Sep 17 00:00:00 2001
From: Michael Cross <mc@xi2.org>
Date: Thu, 24 Mar 2016 21:58:45 +0000
Subject: [PATCH] Gandi DNS: add live test

---
 providers/dns/gandi/gandi_test.go | 81 +++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)

diff --git a/providers/dns/gandi/gandi_test.go b/providers/dns/gandi/gandi_test.go
index f99079d1..9a90b358 100644
--- a/providers/dns/gandi/gandi_test.go
+++ b/providers/dns/gandi/gandi_test.go
@@ -1,15 +1,41 @@
 package gandi
 
 import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"regexp"
 	"strings"
 	"testing"
+
+	"github.com/xenolf/lego/acme"
 )
 
+// stagingServer is the Let's Encrypt staging server used by the live test
+const stagingServer = "https://acme-staging.api.letsencrypt.org/directory"
+
+// user implements acme.User and is used by the live test
+type user struct {
+	Email        string
+	Registration *acme.RegistrationResource
+	key          crypto.PrivateKey
+}
+
+func (u *user) GetEmail() string {
+	return u.Email
+}
+func (u *user) GetRegistration() *acme.RegistrationResource {
+	return u.Registration
+}
+func (u *user) GetPrivateKey() crypto.PrivateKey {
+	return u.key
+}
+
 // TestDNSProvider runs Present and CleanUp against a fake Gandi RPC
 // Server, whose responses are predetermined for particular requests.
 func TestDNSProvider(t *testing.T) {
@@ -62,6 +88,61 @@ func TestDNSProvider(t *testing.T) {
 	}
 }
 
+// TestDNSProviderLive performs a live test to obtain a certificate
+// using the Let's Encrypt staging server. It runs provided that both
+// the environment variables GANDI_API_KEY and GANDI_TEST_DOMAIN are
+// set. Otherwise the test is skipped.
+//
+// To complete this test, go test must be run with the -timeout=40m
+// flag, since the default timeout of 10m is insufficient.
+func TestDNSProviderLive(t *testing.T) {
+	apiKey := os.Getenv("GANDI_API_KEY")
+	domain := os.Getenv("GANDI_TEST_DOMAIN")
+	if apiKey == "" || domain == "" {
+		t.Skip("skipping live test")
+	}
+	// create a user.
+	const rsaKeySize = 2048
+	privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
+	if err != nil {
+		t.Fatal(err)
+	}
+	myUser := user{
+		Email: "test@example.com",
+		key:   privateKey,
+	}
+	// create a client using staging server
+	client, err := acme.NewClient(stagingServer, &myUser, acme.RSA2048)
+	if err != nil {
+		t.Fatal(err)
+	}
+	provider, err := NewDNSProviderCredentials(apiKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = client.SetChallengeProvider(acme.DNS01, provider)
+	if err != nil {
+		t.Fatal(err)
+	}
+	client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
+	// register and agree tos
+	reg, err := client.Register()
+	if err != nil {
+		t.Fatal(err)
+	}
+	myUser.Registration = reg
+	err = client.AgreeToTOS()
+	if err != nil {
+		t.Fatal(err)
+	}
+	// complete the challenge
+	bundle := false
+	_, failures := client.ObtainCertificate([]string{domain}, bundle, nil)
+	if len(failures) > 0 {
+		t.Fatal(failures)
+	}
+}
+
 // serverResponses is the XML-RPC Request->Response map used by the
 // fake RPC server. It was generated by recording a real RPC session
 // which resulted in the successful issue of a cert, and then