Update record test, use random prefix
* Test multiple zone records (@, foo, *.foo) * Use random _acme-challenge-xxxx
This commit is contained in:
		
							parent
							
								
									e179188bc0
								
							
						
					
					
						commit
						f2373a09de
					
				
							
								
								
									
										17
									
								
								example.js
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								example.js
									
									
									
									
									
								
							| @ -1,10 +1,10 @@ | ||||
| "use strict"; | ||||
| 'use strict'; | ||||
| 
 | ||||
| //var tester = require('acme-challenge-test');
 | ||||
| var tester = require("./"); | ||||
| var tester = require('./'); | ||||
| 
 | ||||
| var type = "http-01"; | ||||
| var challenger = require("acme-http-01-cli").create({}); | ||||
| var type = 'http-01'; | ||||
| var challenger = require('acme-http-01-cli').create({}); | ||||
| //var type = 'dns-01';
 | ||||
| //var challenger = require('acme-dns-01-cli').create({});
 | ||||
| //var challenger = require('./YOUR-CHALLENGE-STRATEGY').create({});
 | ||||
| @ -12,16 +12,15 @@ var challenger = require("acme-http-01-cli").create({}); | ||||
| 
 | ||||
| // The dry-run tests can pass on, literally, 'example.com'
 | ||||
| // but the integration tests require that you have control over the domain
 | ||||
| var domain = "example.com"; | ||||
| //var domain = '*.example.com';
 | ||||
| var zone = 'example.com'; | ||||
| 
 | ||||
| tester | ||||
| 	.test(type, domain, challenger) | ||||
| 	.test(type, zone, challenger) | ||||
| 	.then(function() { | ||||
| 		console.info("PASS"); | ||||
| 		console.info('ALL PASSED'); | ||||
| 	}) | ||||
| 	.catch(function(err) { | ||||
| 		console.error("FAIL"); | ||||
| 		console.error('FAIL'); | ||||
| 		console.error(err); | ||||
| 		process.exit(20); | ||||
| 	}); | ||||
|  | ||||
							
								
								
									
										239
									
								
								index.js
									
									
									
									
									
								
							
							
						
						
									
										239
									
								
								index.js
									
									
									
									
									
								
							| @ -75,121 +75,140 @@ function run(challenger, opts) { | ||||
| 
 | ||||
| 	// The first time we just check it against itself
 | ||||
| 	// this will cause the prompt to appear
 | ||||
| 	return set(opts) | ||||
| 		.then(function() { | ||||
| 			// this will cause the final completion message to appear
 | ||||
| 			// _test is used by the manual cli reference implementations
 | ||||
| 			var query = { type: ch.type, /*debug*/ status: ch.status, _test: true }; | ||||
| 			if ('http-01' === ch.type) { | ||||
| 				query.identifier = ch.identifier; | ||||
| 				query.token = ch.token; | ||||
| 				// For testing only
 | ||||
| 				query.url = ch.challengeUrl; | ||||
| 			} else if ('dns-01' === ch.type) { | ||||
| 				query.identifier = { type: 'dns', value: ch.dnsHost }; | ||||
| 				// For testing only
 | ||||
| 				query.altname = ch.altname; | ||||
| 				// there should only be two possible TXT records per challenge domain:
 | ||||
| 				// one for the bare domain, and the other if and only if there's a wildcard
 | ||||
| 				query.wildcard = ch.wildcard; | ||||
| 				query.dnsAuthorization = ch.dnsAuthorization; | ||||
| 			} else { | ||||
| 				query = JSON.parse(JSON.stringify(ch)); | ||||
| 				query.comment = 'unknown challenge type, supplying everything'; | ||||
| 			} | ||||
| 			return get({ challenge: query }) | ||||
| 				.then(function(secret) { | ||||
| 					if ('string' === typeof secret) { | ||||
| 						console.info( | ||||
| 							'secret was passed as a string, which works historically, but should be an object instead:' | ||||
| 						); | ||||
| 						console.info('{ "keyAuthorization": "' + secret + '" }'); | ||||
| 						console.info('or'); | ||||
| 						// TODO this should be "keyAuthorizationDigest"
 | ||||
| 						console.info('{ "dnsAuthorization": "' + secret + '" }'); | ||||
| 						console.info( | ||||
| 							'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types' | ||||
| 	return set(opts).then(function() { | ||||
| 		// this will cause the final completion message to appear
 | ||||
| 		// _test is used by the manual cli reference implementations
 | ||||
| 		var query = { type: ch.type, /*debug*/ status: ch.status, _test: true }; | ||||
| 		if ('http-01' === ch.type) { | ||||
| 			query.identifier = ch.identifier; | ||||
| 			query.token = ch.token; | ||||
| 			// For testing only
 | ||||
| 			query.url = ch.challengeUrl; | ||||
| 		} else if ('dns-01' === ch.type) { | ||||
| 			query.identifier = { type: 'dns', value: ch.dnsHost }; | ||||
| 			// For testing only
 | ||||
| 			query.altname = ch.altname; | ||||
| 			// there should only be two possible TXT records per challenge domain:
 | ||||
| 			// one for the bare domain, and the other if and only if there's a wildcard
 | ||||
| 			query.wildcard = ch.wildcard; | ||||
| 			query.dnsAuthorization = ch.dnsAuthorization; | ||||
| 		} else { | ||||
| 			query = JSON.parse(JSON.stringify(ch)); | ||||
| 			query.comment = 'unknown challenge type, supplying everything'; | ||||
| 		} | ||||
| 		return get({ challenge: query }) | ||||
| 			.then(function(secret) { | ||||
| 				if ('string' === typeof secret) { | ||||
| 					console.info( | ||||
| 						'secret was passed as a string, which works historically, but should be an object instead:' | ||||
| 					); | ||||
| 					console.info('{ "keyAuthorization": "' + secret + '" }'); | ||||
| 					console.info('or'); | ||||
| 					// TODO this should be "keyAuthorizationDigest"
 | ||||
| 					console.info('{ "dnsAuthorization": "' + secret + '" }'); | ||||
| 					console.info( | ||||
| 						'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types' | ||||
| 					); | ||||
| 				} | ||||
| 				// historically 'secret' has been a string, but I'd like it to transition to be an object.
 | ||||
| 				// to make it backwards compatible in v2.7 to change it,
 | ||||
| 				// so I'm not sure that we really need to.
 | ||||
| 				if ('http-01' === ch.type) { | ||||
| 					secret = secret.keyAuthorization || secret; | ||||
| 					if (ch.keyAuthorization !== secret) { | ||||
| 						throw new Error( | ||||
| 							"http-01 challenge.get() returned '" + | ||||
| 								secret + | ||||
| 								"', which does not match the keyAuthorization" + | ||||
| 								" saved with challenge.set(), which was '" + | ||||
| 								ch.keyAuthorization + | ||||
| 								"'" | ||||
| 						); | ||||
| 					} | ||||
| 					// historically 'secret' has been a string, but I'd like it to transition to be an object.
 | ||||
| 					// to make it backwards compatible in v2.7 to change it,
 | ||||
| 					// so I'm not sure that we really need to.
 | ||||
| 					if ('http-01' === ch.type) { | ||||
| 						secret = secret.keyAuthorization || secret; | ||||
| 						if (ch.keyAuthorization !== secret) { | ||||
| 							throw new Error( | ||||
| 								"http-01 challenge.get() returned '" + | ||||
| 									secret + | ||||
| 									"', which does not match the keyAuthorization" + | ||||
| 									" saved with challenge.set(), which was '" + | ||||
| 									ch.keyAuthorization + | ||||
| 									"'" | ||||
| 							); | ||||
| 						} | ||||
| 					} else if ('dns-01' === ch.type) { | ||||
| 						secret = secret.dnsAuthorization || secret; | ||||
| 						if (ch.dnsAuthorization !== secret) { | ||||
| 							throw new Error( | ||||
| 								"dns-01 challenge.get() returned '" + | ||||
| 									secret + | ||||
| 									"', which does not match the dnsAuthorization" + | ||||
| 									" (keyAuthDigest) saved with challenge.set(), which was '" + | ||||
| 									ch.dnsAuthorization + | ||||
| 									"'" | ||||
| 							); | ||||
| 						} | ||||
| 				} else if ('dns-01' === ch.type) { | ||||
| 					secret = secret.dnsAuthorization || secret; | ||||
| 					if (ch.dnsAuthorization !== secret) { | ||||
| 						throw new Error( | ||||
| 							"dns-01 challenge.get() returned '" + | ||||
| 								secret + | ||||
| 								"', which does not match the dnsAuthorization" + | ||||
| 								" (keyAuthDigest) saved with challenge.set(), which was '" + | ||||
| 								ch.dnsAuthorization + | ||||
| 								"'" | ||||
| 						); | ||||
| 					} | ||||
| 				} else { | ||||
| 					if ('tls-alpn-01' === ch.type) { | ||||
| 						console.warn( | ||||
| 							"'tls-alpn-01' support is in development" + | ||||
| 								" (or developed and we haven't update this yet). Please contact us." | ||||
| 						); | ||||
| 					} else { | ||||
| 						if ('tls-alpn-01' === ch.type) { | ||||
| 							console.warn( | ||||
| 								"'tls-alpn-01' support is in development" + | ||||
| 									" (or developed and we haven't update this yet). Please contact us." | ||||
| 							); | ||||
| 						} else { | ||||
| 							console.warn( | ||||
| 								"We don't know how to test '" + | ||||
| 									ch.type + | ||||
| 									"'... are you sure that's a thing?" | ||||
| 							); | ||||
| 						} | ||||
| 						secret = secret.keyAuthorization || secret; | ||||
| 						if (ch.keyAuthorization !== secret) { | ||||
| 							console.warn( | ||||
| 								"The returned value doesn't match keyAuthorization", | ||||
| 								ch.keyAuthorization, | ||||
| 								secret | ||||
| 							); | ||||
| 						} | ||||
| 						console.warn( | ||||
| 							"We don't know how to test '" + | ||||
| 								ch.type + | ||||
| 								"'... are you sure that's a thing?" | ||||
| 						); | ||||
| 					} | ||||
| 				}) | ||||
| 				.then(function() { | ||||
| 					return remove(opts).then(function() { | ||||
| 						return get(opts).then(function(result) { | ||||
| 							if (result) { | ||||
| 								throw new Error( | ||||
| 									'challenge.remove() should have made it not possible for challenge.get() to return a value' | ||||
| 								); | ||||
| 							} | ||||
| 							if (null !== result) { | ||||
| 								throw new Error( | ||||
| 									'challenge.get() should return null when the value is not set' | ||||
| 								); | ||||
| 							} | ||||
| 						}); | ||||
| 					secret = secret.keyAuthorization || secret; | ||||
| 					if (ch.keyAuthorization !== secret) { | ||||
| 						console.warn( | ||||
| 							"The returned value doesn't match keyAuthorization", | ||||
| 							ch.keyAuthorization, | ||||
| 							secret | ||||
| 						); | ||||
| 					} | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(function() { | ||||
| 				return remove(opts).then(function() { | ||||
| 					return get(opts).then(function(result) { | ||||
| 						if (result) { | ||||
| 							throw new Error( | ||||
| 								'challenge.remove() should have made it not possible for challenge.get() to return a value' | ||||
| 							); | ||||
| 						} | ||||
| 						if (null !== result) { | ||||
| 							throw new Error( | ||||
| 								'challenge.get() should return null when the value is not set' | ||||
| 							); | ||||
| 						} | ||||
| 					}); | ||||
| 				}); | ||||
| 		}) | ||||
| 		.then(function() { | ||||
| 			console.info('All soft tests: PASS'); | ||||
| 			console.warn( | ||||
| 				'Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.' | ||||
| 			); | ||||
| 			console.warn( | ||||
| 				"We'll copy them over here as well, but that's a TODO for next week." | ||||
| 			); | ||||
| 		}); | ||||
| 			}); | ||||
| 	}); | ||||
| } | ||||
| 
 | ||||
| module.exports.test = function(type, altname, challenger) { | ||||
| module.exports.test = function(type, zone, challenger) { | ||||
| 	var domains = [zone, 'foo.' + zone]; | ||||
| 	if ('dns-01' === type) { | ||||
| 		domains.push('*.foo.' + zone); | ||||
| 	} | ||||
| 
 | ||||
| 	function next() { | ||||
| 		var domain = domains.shift(); | ||||
| 		if (!domain) { | ||||
| 			return; | ||||
| 		} | ||||
| 		console.info("TEST '%s'", domain); | ||||
| 		return testOne(type, domain, challenger).then(function() { | ||||
| 			console.info("PASS '%s'", domain); | ||||
| 			return next(); | ||||
| 		}); | ||||
| 	} | ||||
| 
 | ||||
| 	return next().then(function() { | ||||
| 		console.info('All soft tests: PASS'); | ||||
| 		console.warn( | ||||
| 			'Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.' | ||||
| 		); | ||||
| 		console.warn( | ||||
| 			"We'll copy them over here as well, but that's a TODO for next week." | ||||
| 		); | ||||
| 	}); | ||||
| }; | ||||
| 
 | ||||
| function testOne(type, altname, challenger) { | ||||
| 	var expires = new Date(Date.now() + 10 * 60 * 1000).toISOString(); | ||||
| 	var token = crypto.randomBytes(8).toString('hex'); | ||||
| 	var thumb = crypto.randomBytes(16).toString('hex'); | ||||
| @ -212,7 +231,7 @@ module.exports.test = function(type, altname, challenger) { | ||||
| 		thumbprint: thumb, | ||||
| 		keyAuthorization: keyAuth, | ||||
| 		url: null, // completed below
 | ||||
| 		dnsHost: '_acme-challenge.', // completed below
 | ||||
| 		dnsHost: '_acme-challenge-' + token.slice(0, 4) + '.', // completed below
 | ||||
| 		dnsAuthorization: dnsAuth, | ||||
| 		altname: altname, | ||||
| 		_test: true // used by CLI referenced implementations
 | ||||
| @ -227,4 +246,6 @@ module.exports.test = function(type, altname, challenger) { | ||||
| 	challenge.dnsHost += altname; | ||||
| 
 | ||||
| 	return run(challenger, { challenge: challenge }); | ||||
| }; | ||||
| } | ||||
| 
 | ||||
| module.exports._test = testOne; | ||||
|  | ||||
							
								
								
									
										5
									
								
								package-lock.json
									
									
									
										generated
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								package-lock.json
									
									
									
										generated
									
									
									
										Normal file
									
								
							| @ -0,0 +1,5 @@ | ||||
| { | ||||
| 	"name": "acme-challenge-test", | ||||
| 	"version": "3.0.4", | ||||
| 	"lockfileVersion": 1 | ||||
| } | ||||
| @ -1,6 +1,6 @@ | ||||
| { | ||||
| 	"name": "acme-challenge-test", | ||||
| 	"version": "3.0.4", | ||||
| 	"version": "3.0.5", | ||||
| 	"description": "The base set of tests for all ACME challenge strategies. Any `acme-http-01-`, `acme-dns-01-`, `acme-challenge-`, or greenlock plugin should be able to pass these tests.", | ||||
| 	"main": "index.js", | ||||
| 	"homepage": "https://git.rootprojects.org/root/acme-challenge-test.js", | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user