U ]%W@s8dZddlZddlZddlZddlZddlZddlmZddlm Z ddlm Z ddlm Z ddlmZddlm Z ddlmZdd lmZdd lmZdd lmZGd d d ejZGd ddejZe jddfddZGdddejZGdddejZGdddejZddZdddZedkr4e dS)zTests for certbot.auth_handler.N) challenges)client)messages)errors) achallenges) interfaces)util) acme_utilc@s,eZdZddZddZddZddZd S) ChallengeFactoryTestcCsHddlm}|ddtjddg|_ttjdtj tjgdd|_ dS)Nr AuthHandlerZmock_keykeytestF) certbot.auth_handlerr mockMockhandlerr gen_authzrrSTATUS_PENDING CHALLENGESauthzrselfr rA/usr/lib/python3/dist-packages/certbot/tests/auth_handler_test.pysetUps  zChallengeFactoryTest.setUpcCs8|j|jtdttj}|dd|DtjdS)NrcSsg|] }|jqSrchall.0achallrrr )sz1ChallengeFactoryTest.test_all..)r_challenge_factoryrrangelenr r assertEqualrZachallsrrrtest_all$s zChallengeFactoryTest.test_allcCs0|j|jdg}|dd|DtjgdS)NrcSsg|] }|jqSrrr rrrr#/sz6ChallengeFactoryTest.test_one_http..)rr$rr'r HTTP01r(rrr test_one_http+s  z"ChallengeFactoryTest.test_one_httpcCs>ttjdtjdddgtjg}|tj|j j |dgdS)NrrZ unrecognized)rtypr) r rrrrr assertRaisesrErrorrr$)rrrrrtest_unrecognized1sz&ChallengeFactoryTest.test_unrecognizedN)__name__ __module__ __qualname__rr)r+r/rrrrr s r c@seZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zd0d1Zd2d3Zd4d5Zd6d7Zd8S)9HandleAuthorizationsTestzmhandle_authorizations test. This tests everything except for all functions under _poll_challenges. cCsddlm}t|_tj|jtj tjtjddtj tj dd|_ t jg|j j_t|j j_tjtddd |_tj tjd |_d |j_tjj|jj_||j |j|jg|_ttjdS) Nrr FZdebug_challengesZApacheConfigurator)nameZ file_pathZPEMr )spec) rr rr mock_displayzope componentprovideUtilityrZIDisplayIConfig MagicMock mock_authrr*get_chall_pref return_value gen_auth_respperform side_effectrZKeyZ mock_account acme_clientZClientmock_net acme_versionZ retry_afterrloggingdisableZCRITICALrrrrrBs0    zHandleAuthorizationsTest.setUpcCsttjdSNrGrHZNOTSETrrrrtearDown[sz!HandleAuthorizationsTest.tearDownc Cstdtj|d}tj|gd}tddd|jj_t d}|j |}| |jj jd| |jjjd| |jjd||jjdd d dk||jjdd d d k| |jjjd| |jjjd d d jd | t|dW5QRXdS) N0domainchallscombosZauthorizationsr7)retry wait_valuezcertbot.auth_handler.timerhttp-01)gen_dom_authzrr rrr=_gen_mock_on_pollrEpollrCpatchrhandle_authorizationsr'answer_challenge call_countsleep assertTruecall_args_listr>cleanup call_argsr,r&)rrQr mock_orderZ mock_timerrr_test_name1_http_01_1_common^s   z5HandleAuthorizationsTest._test_name1_http_01_1_commoncCs|jdddSNTrQ)rfrKrrrtest_name1_http_01_1_acme_1wsz4HandleAuthorizationsTest.test_name1_http_01_1_acme_1cCsd|j_|jdddSNrVFrh)rErFrfrKrrrtest_name1_http_01_1_acme_2zsz4HandleAuthorizationsTest.test_name1_http_01_1_acme_2cCst|jj_|jjjtj t dt j dd}t j|gd}|j|}||jjjd||jjjd||jjjd|jjjddD]}||jdkq|t|ddS) NrMFrNrRrVr7r)rXzdns-01)rZrEr[rCr>r?r@appendrDNS01rYr rrr=rr]r'r^r_rcrdrar,r&)rrrer"rrr!test_name1_http_01_1_dns_1_acme_1~s  z:HandleAuthorizationsTest.test_name1_http_01_1_dns_1_acme_1cCsd|j_t|jj_|jjjt j t dt j dd}tj|gd}|j|}||jjjd||jjjd||jjjd|jjjdd}|t|d||djd|t|ddS) NrVrMFrNrRr7rrX)rErFrZr[rCr>r?r@rlrrmrYr rrr=rr]r'r^r_rcrdr&r,)rrreZcleaned_up_achallsrrr!test_name1_http_01_1_dns_1_acme_2s  z:HandleAuthorizationsTest.test_name1_http_01_1_dns_1_acme_2cCstjttj|d|jj_tdtjdtdtjdtdtjdg}tj |d}t |jj _|j |}||jjjd||jj jd||jjjd|t|ddS) N)rPrQrMrOrP12rRrWr7) functoolspartialrYr rrEZrequest_domain_challengesrCrr=rZr[rr]r'r^r_r>rcr&)rrQauthzrsrerrrr_test_name3_http_01_3_commons        z5HandleAuthorizationsTest._test_name3_http_01_3_commoncCs|jdddSrg)rvrKrrr"test_name3_http_01_3_common_acme_1sz;HandleAuthorizationsTest.test_name3_http_01_3_common_acme_1cCsd|j_|jdddSrj)rErFrvrKrrr"test_name3_http_01_3_common_acme_2sz;HandleAuthorizationsTest.test_name3_http_01_3_common_acme_2cCsttjtjddtjtdtj dg}tj |d}t |j j _|j|||j jjd||jjjddS)NTr4rMrprRr7)r9r:r;rrrr<rYr rr=rZrEr[rCrr]r'r^r_r8Z notificationrrurerrrtest_debug_challengess    z.HandleAuthorizationsTest.test_debug_challengescCs@tdtjdg}tj|d}tj|jj_ | tj|j j |dSNrMrprR) rYr rrr=rAuthorizationErrorr>rBrCr-rr]ryrrrtest_perform_failures  z-HandleAuthorizationsTest.test_perform_failurec Csltdtjdg}tj|d}tdd|jj_| t j }|j |ddW5QRX|dt|jkdS) NrMrprRrV)rTFr7z0All authorizations were not finalized by the CA.)rYr rrr=rZrEr[rCr-rr|rr]rastr exceptionrrureerrorrrrtest_max_retries_exceededs  z2HandleAuthorizationsTest.test_max_retries_exceededcCs$tjgd}|tj|jj|dS)NrR)rr=r-rr|rr])rrerrrtest_no_domainss z(HandleAuthorizationsTest.test_no_domainscCstdtj|dg}tj|d}|jjjt j |j j t j jt jjft|jj_|j |||jjjd||jjjdddjddS)NrMrNrRr7rrX)rYr rrr=r>r?r@rlrr*r pref_challsextendr,rmrZrEr[rCr]r'rcr_rdrrQrurerrr'_test_preferred_challenge_choice_commons   z@HandleAuthorizationsTest._test_preferred_challenge_choice_commoncCs|jdddSrg)rrKrrr-test_preferred_challenge_choice_common_acme_1szFHandleAuthorizationsTest.test_preferred_challenge_choice_common_acme_1cCsd|j_|jdddSrj)rErFrrKrrr-test_preferred_challenge_choice_common_acme_2szFHandleAuthorizationsTest.test_preferred_challenge_choice_common_acme_2cCsHtdtj|dg}tj|d}|jjtj j | t j |jj|dS)NrMrNrR)rYr rrr=rrrlrrmr,r-rr|r]rrrr/_test_preferred_challenges_not_supported_commons zHHandleAuthorizationsTest._test_preferred_challenges_not_supported_commoncCs|jdddSrg)rrKrrr.test_preferred_challenges_not_supported_acme_1szGHandleAuthorizationsTest.test_preferred_challenges_not_supported_acme_1cCsd|j_|jdddSrj)rErFrrKrrr.test_preferred_challenges_not_supported_acme_2 szGHandleAuthorizationsTest.test_preferred_challenges_not_supported_acme_2cCs6tdtjgdg}tj|d}|tj|jj |dSr{) rYr rmrr=r-rr|rr]ryrrr%test_dns_only_challenge_not_supporteds z>HandleAuthorizationsTest.test_dns_only_challenge_not_supportedcCsttj|jj_tdtjdd}tj |gd}| tj|j j || |jjjd| |jjjdddjddS)NrMTrNrRr7rrX)rr|r>rBrCrYr rrr=r-rr]r'rcr_rdr,rrrerrrtest_perform_errors z+HandleAuthorizationsTest.test_perform_errorcCsrtj|jj_tdtjdg}tj |d}| tj|j j || |jjjd| |jjjdddjddS)NrMrprRr7rrX)rr|rEr^rCrYr rrr=r-rr]r'r>rcr_rdr,ryrrrtest_answer_errors  z*HandleAuthorizationsTest.test_answer_errorc Cstdtjdg}tj|d}ttjd|jj _ t ,| tj}|j|dW5QRXW5QRX|dt|jk||jjjd||jjjdddjd dS) NrMrprRstatusFzSome challenges have failed.r7rrX)rYr rrr=rZrSTATUS_INVALIDrEr[rC test_utilpatch_get_utilityr-rr|rr]rar~rr'r>rcr_rdr,rrrrtest_incomplete_authzr_error+s  "z5HandleAuthorizationsTest.test_incomplete_authzr_errorc Csdd}tdtjdtdtjdg}||jj_tj|d}td}|j |d}W5QRX| t |d | |j d ttjd |jj_t,|tj}|j |dW5QRXW5QRX|d t|jkdS) NcSs2ttj}ttj}|jjjdkr*||S||S)zBThis mock will invalidate one authzr, and invalidate the other onewill-be-invalid)rZr STATUS_VALIDrbody identifiervalue)rZ valid_mockZ invalid_mockrrr_conditional_mock_on_poll9s   zLHandleAuthorizationsTest.test_best_effort.._conditional_mock_on_pollz will-be-validrprrRz+certbot.auth_handler._report_failed_authzrsTr7rzAll challenges have failed.)rYr rrEr[rCrr=r\rr]r'r&r_rZrrrrr-rr|rar~r)rrrureZ mock_reportZ valid_authzrrrrrtest_best_effort8s      "z)HandleAuthorizationsTest.test_best_effortcCsxttjdtjgtjgd}tj|gd}|tj |j j |ttj dtjgtj gd}tj|gd}|j |dS)NrMFrR) r rrrrmrr=r-rr|rr]rrrrr"test_validated_challenge_not_rerunYs,z;HandleAuthorizationsTest.test_validated_challenge_not_reruncCsdd}dtjfdtjfdtjfg}dd|D}tj|d}||jj_|j |\}}| |jjj d | t |d | t |d | |d j jjd| |d j jtj| |d j jjd| |d j jtjd S) zWhen we deactivate valid authzrs in an orderr, we expect them to become deactivated and to receive a list of deactivated authzrs in return.cSsR|jjtjkrD|jjjdkr&td|jjtj d}tj |d}n t d|S)Nis_valid_but_will_failzMock deactivation ACME errorr)rz Can't deactivate non-valid authz) rrrrrr acme_errorsr.updateSTATUS_DEACTIVATEDZAuthorizationResourcer)rZauthzbrrr_mock_deactivateqs  zQHandleAuthorizationsTest.test_valid_authzrs_deactivated.._mock_deactivateZis_validZ is_pendingrc Ss0g|](}t|d|dtjg|ddgqS)r7rF)r rr*)r!arrrr#s zKHandleAuthorizationsTest.test_valid_authzrs_deactivated..rRrVr7rN)rrrrr=rEZdeactivate_authorizationrCrZdeactivate_valid_authorizationsr'r_r&rrrrr)rrZ to_deactivateZorderrruZfailedrrrtest_valid_authzrs_deactivatedns$   z7HandleAuthorizationsTest.test_valid_authzrs_deactivatedN)r0r1r2__doc__rrLrfrirkrnrorvrwrxrzr}rrrrrrrrrrrrrrrrrrrr3;s8      !r3r7csd|ifdd}|S)Ncountcsvddd<ddkr ntj}t||jjjdd|jjD|gt|jj|jj }|t j dt idfS)Nrr7rcSsg|] }|jqSrr)r!challbrrrr#sz4_gen_mock_on_poll.._mock..z Retry-After)Zheaders) rrr rrrrrr& combinationsrr=r~)rZeffective_statusZ updated_azrstaterrUrr_mocksz _gen_mock_on_poll.._mockr)rrTrUrrrrrZs rZc@s eZdZdZddZddZdS)ChallbToAchallTestz0Tests for certbot.auth_handler.challb_to_achall.cCsddlm}||ddS)Nr)challb_to_achall account_keyrO)rr)rrrrrr_calls zChallbToAchallTest._callcCs&||tjtjtjddddS)NrrO)rrrO)r'rr HTTP01_PrZ"KeyAuthorizationAnnotatedChallengerKrrrtest_its zChallbToAchallTest.test_itN)r0r1r2rrrrrrrrsrc@s<eZdZdZddZddZeddZdd Zd d Z d S) GenChallengePathTestzTests for certbot.auth_handler.gen_challenge_path. .. todo:: Add more tests for dumb_path... depending on what we want to do. cCsttjdSrI)rGrHZFATALrKrrrrszGenChallengePathTest.setUpcCsttjdSrIrJrKrrrrLszGenChallengePathTest.tearDowncCsddlm}||||S)Nr)gen_challenge_path)rr)clschallbsZ preferencesrrrrrrs zGenChallengePathTest._callcCstjtjf}tjtjg}d}|||||d||||d|||ddd||d|||ddd|ddS)z/Given DNS01 and HTTP01 with appropriate combos.)rr7rNr) r DNS01_Prrrmr*r'rrarrZprefsrQrrrtest_common_cases   z%GenChallengePathTest.test_common_casecCsHtjtjf}tjg}d}|tj|j||||tj|j||ddS)N))rr7) r rrrr*r-rr|rrrrrtest_not_supporteds" z'GenChallengePathTest.test_not_supportedN) r0r1r2rrrL classmethodrrrrrrrrs  rc@s8eZdZdZddZeddZeddZdS) ReportFailedAuthzrsTestz6Tests for certbot.auth_handler._report_failed_authzrs.cCstjdtjtjjdddd}||djdk tjf|}tj|d<tjf|}t |_ d|j j j _||g|j j _tjd dd |d<tjf|}t |_d |jj j _|g|jj _dS) NuriZtlsdetail)r)rrrrrrz example.comZdnssec)r,rzfoo.bar)r r*rrr.Z with_coderaZ descriptionZ ChallengeBodyrr=authzr1rrrrauthzr2)rkwargsZhttp_01Z http_01_diffrrrrs"        zReportFailedAuthzrsTest.setUpcCsVddlm}||jgd|jj}|t|dk|d|dddkdS)Nr auth_handlerrr7z.Domain: example.com Type: tls Detail: detail)certbotr_report_failed_authzrsr add_messagerbrar&)r mock_zoperZ call_listrrrtest_same_error_and_domains   z2ReportFailedAuthzrsTest.test_same_error_and_domaincCs8ddlm}||j|jgd||jjdkdS)NrrrrV)rrrrrrarr_)rrrrrr!test_different_errors_and_domainss z9ReportFailedAuthzrsTest.test_different_errors_and_domainsN) r0r1r2rrrrrrrrrrrs  rcCsdd|DS)z(Generate a dummy authorization response.cSsg|]}d|jj|jfqS)z%s%s) __class__r0rO)r!rrrrr# sz!gen_auth_resp..r)Z chall_listrrrrA srATcCs ttj||tjgt||S)z!Generates new authzr for domains.)r rrrr&rNrrrrYsrY__main__)T)!rrsrGZunittestrZzope.componentr9ZacmerrrDrrrrrrrZ certbot.testsr rZTestCaser r3rrZrrrrArYr0mainrrrrs6          $W+0