|
|
|
@ -2187,6 +2187,43 @@ func TestTLSALPN01Validate(t *testing.T) {
|
|
|
|
|
srv, tlsDial := newTestTLSALPNServer(cert)
|
|
|
|
|
srv.Start()
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
ch: ch,
|
|
|
|
|
vo: &ValidateChallengeOptions{
|
|
|
|
|
TLSDial: tlsDial,
|
|
|
|
|
},
|
|
|
|
|
db: &MockDB{
|
|
|
|
|
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
|
|
|
|
|
assert.Equals(t, updch.ID, ch.ID)
|
|
|
|
|
assert.Equals(t, updch.Token, ch.Token)
|
|
|
|
|
assert.Equals(t, updch.Status, StatusValid)
|
|
|
|
|
assert.Equals(t, updch.Type, ch.Type)
|
|
|
|
|
assert.Equals(t, updch.Value, ch.Value)
|
|
|
|
|
assert.Equals(t, updch.Error, nil)
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
srv: srv,
|
|
|
|
|
jwk: jwk,
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"ok/ip": func(t *testing.T) test {
|
|
|
|
|
ch := makeTLSCh()
|
|
|
|
|
ch.Value = "127.0.0.1"
|
|
|
|
|
|
|
|
|
|
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
|
|
|
|
|
expKeyAuth, err := KeyAuthorization(ch.Token, jwk)
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
expKeyAuthHash := sha256.Sum256([]byte(expKeyAuth))
|
|
|
|
|
|
|
|
|
|
cert, err := newTLSALPNValidationCert(expKeyAuthHash[:], false, true, ch.Value)
|
|
|
|
|
assert.FatalError(t, err)
|
|
|
|
|
|
|
|
|
|
srv, tlsDial := newTestTLSALPNServer(cert)
|
|
|
|
|
srv.Start()
|
|
|
|
|
|
|
|
|
|
return test{
|
|
|
|
|
ch: ch,
|
|
|
|
|
vo: &ValidateChallengeOptions{
|
|
|
|
@ -2234,4 +2271,84 @@ func TestTLSALPN01Validate(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
t.Fail()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_reverseAddr(t *testing.T) {
|
|
|
|
|
type args struct {
|
|
|
|
|
ip net.IP
|
|
|
|
|
}
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
args args
|
|
|
|
|
wantArpa string
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "ok/ipv4",
|
|
|
|
|
args: args{
|
|
|
|
|
ip: net.ParseIP("127.0.0.1"),
|
|
|
|
|
},
|
|
|
|
|
wantArpa: "1.0.0.127.in-addr.arpa.",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "ok/ipv6",
|
|
|
|
|
args: args{
|
|
|
|
|
ip: net.ParseIP("2001:db8::567:89ab"),
|
|
|
|
|
},
|
|
|
|
|
wantArpa: "b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
if gotArpa := reverseAddr(tt.args.ip); gotArpa != tt.wantArpa {
|
|
|
|
|
t.Errorf("reverseAddr() = %v, want %v", gotArpa, tt.wantArpa)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_serverName(t *testing.T) {
|
|
|
|
|
type args struct {
|
|
|
|
|
ch *Challenge
|
|
|
|
|
}
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
args args
|
|
|
|
|
want string
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "ok/dns",
|
|
|
|
|
args: args{
|
|
|
|
|
ch: &Challenge{
|
|
|
|
|
Value: "example.com",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
want: "example.com",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "ok/ipv4",
|
|
|
|
|
args: args{
|
|
|
|
|
ch: &Challenge{
|
|
|
|
|
Value: "127.0.0.1",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
want: "1.0.0.127.in-addr.arpa.",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "ok/ipv4",
|
|
|
|
|
args: args{
|
|
|
|
|
ch: &Challenge{
|
|
|
|
|
Value: "2001:db8::567:89ab",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
want: "b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
if got := serverName(tt.args.ch); got != tt.want {
|
|
|
|
|
t.Errorf("serverName() = %v, want %v", got, tt.want)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|