a }|gJ@sdZddlZddlZddlmZddlmZddlZddl m Z ddl Z ddl Z ddl Z ddlmZddlmZedZejedd ZGd d d ejZGd d d ejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZ GdddejZ!GdddejZ"Gd d!d!ejZ#e$d"kre%e &ej'd#de(gdS)$zTests for acme.challenges.N)mock)JWKEC)errors) test_utilzcert.pemrsa512_key.pemkeyc@seZdZddZdS) ChallengeTestcCs(ddlm}ddlm}|ddi}dS)Nr) ChallengeUnrecognizedChallengetypefoo)acme.challengesr r )selfr r challrH/usr/lib/python3.9/site-packages/acme/_internal/tests/challenges_test.pytest_from_json_unrecognizeds   z)ChallengeTest.test_from_json_unrecognizedN)__name__ __module__ __qualname__rrrrrr sr c@s$eZdZddZddZddZdS)UnrecognizedChallengeTestcCs&ddlm}ddi|_||j|_dS)Nrr r r)rr jobjrrr rrrsetUps  zUnrecognizedChallengeTest.setUpcCsdSNrrrrrtest_to_partial_json$sz.UnrecognizedChallengeTest.test_to_partial_jsoncCsddlm}dS)Nrr )rr rrrrtest_from_json's z(UnrecognizedChallengeTest.test_from_jsonN)rrrrrrrrrrrsrc@s4eZdZddZddZddZddZd d Zd S) %KeyAuthorizationChallengeResponseTestcCs dd}t|_||jj_dS)NcSsdS)Nrr)namerrr_encode/sz._encode)rZMockrencode side_effect)rr"rrrr.s z+KeyAuthorizationChallengeResponseTest.setUpcCsddlm}|dd}dS)Nr!KeyAuthorizationChallengeResponsez/foo.oKGqedy-b-acd5eoybm2f-NVFxvyOoET5CNy3xnv8WYkey_authorizationrr&rr&responserrrtest_verify_ok5s  z4KeyAuthorizationChallengeResponseTest.test_verify_okcCsddlm}|dd}dS)Nrr%z/bar.oKGqedy-b-acd5eoybm2f-NVFxvyOoET5CNy3xnv8WYr'r)r*rrrtest_verify_wrong_token;s  z=KeyAuthorizationChallengeResponseTest.test_verify_wrong_tokencCsddlm}|dd}dS)Nrr%zfoo.oKGqedy-b-acd5eoybm2f-NVFxvr'r)r*rrrtest_verify_wrong_thumbprintAs  zBKeyAuthorizationChallengeResponseTest.test_verify_wrong_thumbprintcCsddlm}|dd}dS)Nrr%z0.foo.oKGqedy-b-acd5eoybm2f-NVFxvyOoET5CNy3xnv8WYr'r)r*rrrtest_verify_wrong_formGs  zrJr+rKr)rrJrMrrrtest_simple_verify_successosz,DNS01ResponseTest.test_simple_verify_successN) rrrrrrrCrNrOrrrrr0Os  r0c@s<eZdZddZddZddZddZd d Zd d Zd S) DNS01TestcCs.ddlm}|tdd|_ddd|_dS)Nrr7+evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ+PCt92wr+oAr:r4+evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oAr r;)rr8rFdecode_b64joser<r=rr8rrrrws  zDNS01Test.setUpcCsdSrrrrrrtest_validation_domain_namesz%DNS01Test.test_validation_domain_namecCsdSrrrrrrtest_validationszDNS01Test.test_validationcCsdSrrrrrrrszDNS01Test.test_to_partial_jsoncCsddlm}dSNrr7)rr8rUrrrrs zDNS01Test.test_from_jsoncCs ddlm}t||jdSrX)rr8rArBr=rUrrrrCs z!DNS01Test.test_from_json_hashableN) rrrrrVrWrrrCrrrrrPus  rPc@seZdZddZddZddZddZd d Ze d d d Z e d ddZ e d ddZ e d ddZ e d ddZe d ddZdS)HTTP01ResponseTestcCsPddlm}|dd|_dddd|_ddlm}|d d |_|jt|_dS) NrHTTP01Responserr'r3http-01r5HTTP01r9r:)rr[r<r=r^rr+r>)rr[r^rrrrs    zHTTP01ResponseTest.setUpcCsdSrrrrrrrsz'HTTP01ResponseTest.test_to_partial_jsoncCsddlm}dSNrrZ)rr[rr[rrrrs z!HTTP01ResponseTest.test_from_jsoncCs ddlm}t||jdSr_)rr[rArBr=r`rrrrCs z*HTTP01ResponseTest.test_from_json_hashablecCs,tjtd}|j|jd|dSrD rFrGrHrrIr+rKrrJrrLrrr(test_simple_verify_bad_key_authorizationsz;HTTP01ResponseTest.test_simple_verify_bad_key_authorizationzacme.challenges.requests.getcCs8|jt}tj|d|_|j|jddtjddS)NtextrEFZverifytimeout) r validationr>r MagicMock return_valueassert_called_once_withuriANY)rmock_getrhrrr"test_simple_verify_good_validations  z5HTTP01ResponseTest.test_simple_verify_good_validationcCstjdd|_dS)N!rd)rrirjrrnrrr!test_simple_verify_bad_validationsz4HTTP01ResponseTest.test_simple_verify_bad_validationcCsFddlm}tj|jt|jd|_|j |j ddtj ddS)NrrZrdrEFrf) rr[rrirrhr>ZWHITESPACE_CUTSETrjrkrlrm)rrnr[rrr(test_simple_verify_whitespace_validations  z;HTTP01ResponseTest.test_simple_verify_whitespace_validationcCstjj|_dSr)requests exceptionsZRequestExceptionr$rqrrr#test_simple_verify_connection_errors z6HTTP01ResponseTest.test_simple_verify_connection_errorcCs|jj|jdtdddS)NrEi)domainZaccount_public_keyport)r+rKrr>rJrqrrrtest_simple_verify_ports z*HTTP01ResponseTest.test_simple_verify_portcCsl|j|jdt|j|jdddd||jj|jdtdd|j|jdddddS)NrEFrfi)rg)r+rKrr>rJrkrlZ reset_mockrqrrrtest_simple_verify_timeoutsz-HTTP01ResponseTest.test_simple_verify_timeoutN)rrrrrrrCrcrpatchrorrrsrvryr{rrrrrYs"      rYc@sDeZdZddZddZddZddZd d Zd d Zd dZ dS) HTTP01TestcCs.ddlm}|tdd|_ddd|_dS)Nrr]rQr:r\rRrS)rr^rFrTr<r=rr^rrrrs zHTTP01Test.setUpcCsdSrrrrrr test_pathszHTTP01Test.test_pathcCsdSrrrrrrtest_uriszHTTP01Test.test_uricCsdSrrrrrrrszHTTP01Test.test_to_partial_jsoncCsddlm}dSNrr])rr^r~rrrrs zHTTP01Test.test_from_jsoncCs ddlm}t||jdSr)rr^rArBr=r~rrrrCs z"HTTP01Test.test_from_json_hashablecCsdSrrrrrrtest_good_tokenszHTTP01Test.test_good_tokenN) rrrrrrrrrCrrrrrr}s r}c@seZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ e j dddddZe de dddZe dddZdS) TLSALPN01ResponseTestcCsNddlm}|tdd|_d|_d|_|jt|_dd|jj d |_ dS) Nr TLSALPN01s a82d5ff8ef740d12881f6d3c2277ab2er:z example.comz example2.comr3 tls-alpn-01r5) rrrF b64decoderrwZdomain2r+r>r(r=rrrrrr s zTLSALPN01ResponseTest.setUpcCsdSrrrrrrrsz*TLSALPN01ResponseTest.test_to_partial_jsoncCsddlm}dSNr)TLSALPN01Response)rrrrrrrrs z$TLSALPN01ResponseTest.test_from_jsoncCs ddlm}t||jdSr)rrrArBr=rrrrrC!s z-TLSALPN01ResponseTest.test_from_json_hashablecCs"td}|j|j|\}}dSNrrZload_pyopenssl_private_keyr+gen_certrwrZkey1certrLrrrtest_gen_verify_cert%s z*TLSALPN01ResponseTest.test_gen_verify_certcCs|j|j\}}dSr)r+rrw)rrrrrrtest_gen_verify_cert_gen_key+sz2TLSALPN01ResponseTest.test_gen_verify_cert_gen_keycCsdSrrrrrrtest_verify_bad_cert0sz*TLSALPN01ResponseTest.test_verify_bad_certcCs"td}|j|j|\}}dSrrrrrrtest_verify_bad_domain4s z,TLSALPN01ResponseTest.test_verify_bad_domaincCs,tjtd}|j|jd|dSrDrarbrrrrc:sz>TLSALPN01ResponseTest.test_simple_verify_bad_key_authorizationz-acme.challenges.TLSALPN01Response.verify_certT)ZautospeccCs$tjj|_||j|jtjjdSr)rsentinelZ verificationrjrkr+rwr)rZmock_verify_certrrrtest_simple_verify>s z(TLSALPN01ResponseTest.test_simple_verifyz$acme.challenges.socket.gethostbynamez%acme.challenges.crypto_util.probe_snicCs^d|_|jd|d|jd|jjddgd|jjddd|jd tjddgddS) Nz 127.0.0.1zfoo.coms 127.0.0.1sfoo.coms acme-tls/1)hostrxr!Zalpn_protocolsz8.8.8.8)rs8.8.8.8)rjr+Z probe_certrkZPORTZassert_called_withrrm)rZmock_probe_sniZmock_gethostbynamerrrtest_probe_certGs   z%TLSALPN01ResponseTest.test_probe_certz,acme.challenges.TLSALPN01Response.probe_certcCs tj|_dSr)rErrorr$)rZmock_probe_certrrr'test_simple_verify_false_on_probe_errorVsz=TLSALPN01ResponseTest.test_simple_verify_false_on_probe_errorN)rrrrrrrCrrrrrcrr|rrrrrrrr s    rc@sFeZdZddZddZddZddZd d Ze d d d Z dS) TLSALPN01TestcCs.ddlm}|tdd|_ddd|_dS)NrrZ a82d5ff8ef740d12881f6d3c2277ab2er:rrS)rrrFrr<r=rrrrr_s zTLSALPN01Test.setUpcCsdSrrrrrrrhsz"TLSALPN01Test.test_to_partial_jsoncCsddlm}dSNrr)rrrrrrrks zTLSALPN01Test.test_from_jsoncCs ddlm}t||jdSr)rrrArBr=rrrrrCos z%TLSALPN01Test.test_from_json_hashablecCsXddlm}td|jd<ttj||jWdn1sJ0YdS)Nrrsabcdr;) rrrFZencode_b64joser=pytestZraisesZDeserializationErrorrBrrrr#test_from_json_invalid_token_lengthss z1TLSALPN01Test.test_from_json_invalid_token_lengthz*acme.challenges.TLSALPN01Response.gen_certcCs d|_|jtjjtjjddS)N)rr)rrw)rjrkrrZcert_keyrw)rZ mock_gen_certrrrrWys zTLSALPN01Test.test_validationN) rrrrrrrCrrr|rWrrrrr]s rc@sdeZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ dS)DNSTestcCs.ddlm}|tdd|_ddd|_dS)NrDNS+evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oAr:dnsrRrS)rrrFrr<r=rrrrrrs  z DNSTest.setUpcCsdSrrrrrrrszDNSTest.test_to_partial_jsoncCsddlm}dSNrr)rrrrrrrs zDNSTest.test_from_jsoncCs ddlm}t||jdSr)rrrArBr=rrrrrCs zDNSTest.test_from_json_hashablec Cs`ttdd}ttjf|tjffD]6\}}|j||dWdq$1sP0Yq$dS)Nec_secp384r1_key.pemr)ralg)rrload_ecdsa_private_keyr>rFRS256ZES384ZsubTest)rec_key_secp384r1rrrrrtest_gen_check_validationsz!DNSTest.test_gen_check_validationcCstjtd}dS)Nzrsa1024_key.pem)rFrGrHrrIrbrrr#test_gen_check_validation_wrong_keysz+DNSTest.test_gen_check_validation_wrong_keycCs tdddD}|D]}qdS)Ncss"|]}tjj|tjtdVqdS)payloadrrN)rFJWSsignrr>).0rrrr sz>DNSTest.test_check_validation_wrong_payload..)s{})tuple)rZ validationsrhrrr#test_check_validation_wrong_payloads z+DNSTest.test_check_validation_wrong_payloadcCs,tjj|jjdddtjtd}dS)Nsxxxxxxxxxxxxxxxxxxxxr:zutf-8r) rFrrr<update json_dumpsr#rr>)rZbad_validationrrr"test_check_validation_wrong_fieldss z*DNSTest.test_check_validation_wrong_fieldscCsPtd&}tjj|_|jt}Wdn1s60Yddlm }dS)Nz"acme.challenges.DNS.gen_validationr DNSResponse) rr|rrhrjr<Z gen_responser>rr)rZmock_genr+rrrrtest_gen_responses   * zDNSTest.test_gen_responsecCsdSrrrrrrrVsz#DNSTest.test_validation_domain_namecCsttdd}dS)Nrr)rrr)rrrrr!test_validation_domain_name_ecdsasz)DNSTest.test_validation_domain_name_ecdsaN)rrrrrrrCrrrrrrVrrrrrrs  rc@s4eZdZddZddZddZddZd d Zd S) DNSResponseTestcCsddlm}|tdd|_tjj|jjddt tj d|_ ddlm }||j d |_ d |j i|_d d |j d |_dS)Nrrrr:T)Z sort_keys)rrrr)rhrhr3r)r6r rh)rrrFrrrrrr#r>rrhrr<Zjmsg_toZto_json jmsg_from)rrrrrrrs    zDNSResponseTest.setUpcCsdSrrrrrrrsz$DNSResponseTest.test_to_partial_jsoncCsddlm}dSNrr)rrrrrrrrs zDNSResponseTest.test_from_jsoncCs ddlm}t||jdSr)rrrArBrrrrrrCs z'DNSResponseTest.test_from_json_hashablecCsdSrrrrrrtest_check_validationsz%DNSResponseTest.test_check_validationN)rrrrrrrCrrrrrrs rc@seZdZdZddZdS)JWSPayloadRFC8555CompliantzFTest for RFC8555 compliance of JWS generated from resources/challengescCs&ddlm}|}|jdd}dS)NrrZ)indent)rr[rr#)rr[Zchallenge_bodyrrrrtest_challenge_payloads z1JWSPayloadRFC8555Compliant.test_challenge_payloadN)rrr__doc__rrrrrrsr__main__))rsysZunittestr urllib.parseparseZ urllib_parseZjosepyrFZ josepy.jwkrZOpenSSLrrtZacmerZacme._internal.testsrZload_comparable_certZCERTrGZload_rsa_private_keyr>ZTestCaser rr r0rPrYr}rrrrrrexitmainargv__file__rrrrs6       #&Q%S%D$