Exemplo n.º 1
0
func TestApacheSolverTLSSNI01(t *testing.T) {
	tmpDir, err := ioutil.TempDir("", "apachesolver_test")
	if err != nil {
		t.Fatalf("TempDir failed: %v", err)
	}
	defer os.RemoveAll(tmpDir)
	configFile := filepath.Join(tmpDir, "apache.conf")

	ps := newApacheSolver("", configFile)
	n := 2
	got, stop, err := ps.Solve([]protocol.Challenge{&protocol.TLSSNI01Challenge{Type: protocol.ChallengeTLSSNI01, Token: "token", N: n}})
	if err != nil {
		t.Fatalf("Solve failed: %v", err)
	}
	defer func() {
		if err := stop(); err != nil {
			t.Errorf("Solve stop failed: %v", err)
		}
	}()

	want := &protocol.TLSSNI01Response{
		Resource:         protocol.ResourceChallenge,
		Type:             protocol.ChallengeTLSSNI01,
		KeyAuthorization: "token.luhDRvWTmOMLRwM2gMkTDdC88jVeIXo9Hm1r_Q6W41Y",
	}
	if !reflect.DeepEqual(got[0], want) {
		t.Errorf("Solve responses: got %v, want %v", got[0], want)
	}
	bs, err := ioutil.ReadFile(configFile)
	if err != nil {
		t.Errorf("ReadFile(apache.conf) failed: %v", err)
	}
	cfs, kfs := apacheCertsAndKeys(string(bs))
	if want := n; len(cfs) != want {
		t.Errorf("apacheCertsAndKeys(%s): got %d cert files, want %d", bs, len(cfs), want)
	}
	if len(cfs) != len(kfs) {
		t.Fatalf("apacheCertsAndKeys(%s): got %d cert files, but %d key files", bs, len(cfs), len(kfs))
	}
	ns := protocol.TLSSNI01Names(want.KeyAuthorization, n)
	for i, cf := range cfs {
		cert, err := tls.LoadX509KeyPair(cf, kfs[i])
		if err != nil {
			t.Errorf("LoadX509KeyPair(%q, %q) failed: %v", cf, kfs[i], err)
		}
		c, err := x509.ParseCertificate(cert.Certificate[0])
		if err != nil {
			t.Errorf("ParseCertificate(%q) failed: %v", cf, err)
		}
		// Assumes apachesolver creates certs in order.
		if err := c.VerifyHostname(ns[i]); err != nil {
			t.Errorf("VerifyHostname(%q) failed: %v", cf, err)
		}
	}
}
Exemplo n.º 2
0
// writeChallenge marshals the challenge and writes it as CSV.
func writeChallenge(w *csv.Writer, c protocol.Challenge, accKey *jose.JsonWebKey) error {
	switch cc := c.(type) {
	case *protocol.DNS01Challenge:
		ka, err := protocol.KeyAuthz(cc.Token, accKey)
		if err != nil {
			return err
		}
		return w.Write([]string{string(cc.GetType()), cc.Token, ka})

	case *protocol.HTTP01Challenge:
		ka, err := protocol.KeyAuthz(cc.Token, accKey)
		if err != nil {
			return err
		}
		return w.Write([]string{string(cc.GetType()), cc.Token, ka})

	case *protocol.Possession01Challenge:
		rec := []string{string(cc.GetType())}
		for _, bs := range cc.Certs {
			rec = append(rec, base64.URLEncoding.EncodeToString(bs))
		}
		return w.Write(rec)

	case *protocol.TLSSNI01Challenge:
		ka, err := protocol.KeyAuthz(cc.Token, accKey)
		if err != nil {
			return err
		}
		rec := []string{string(cc.GetType()), cc.Token, ka}
		rec = append(rec, protocol.TLSSNI01Names(ka, cc.N)...)
		return w.Write(rec)

	default:
		return fmt.Errorf("unknown challenge type: %#v", c)
	}
}