a }|gJ@sdZddlZddlZddlmZddlmZddlZddl m Z ddl Z ddl Z ddl Z ddlmZddlmZedZejedd ZGd d d ejZGd d d ejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZ GdddejZ!GdddejZ"Gd d!d!ejZ#e$d"kre%e &ej'd#de(gdS)$zTests for acme.challenges.N)mock)JWKEC)errors) test_utilcert.pemrsa512_key.pemkeyc@seZdZddZdS) ChallengeTestcCs<ddlm}ddlm}|ddi}|||jks8JdS)Nr) ChallengeUnrecognizedChallengetypefoo)acme.challengesr r from_jsonjobj)selfr r challrH/usr/lib/python3.9/site-packages/acme/_internal/tests/challenges_test.pytest_from_json_unrecognizeds   z)ChallengeTest.test_from_json_unrecognizedN)__name__ __module__ __qualname__rrrrrr sr c@s$eZdZddZddZddZdS)UnrecognizedChallengeTestcCs&ddlm}ddi|_||j|_dS)Nrr rr)rr rrrr rrrsetUps  zUnrecognizedChallengeTest.setUpcCs|j|jksJdSN)rrto_partial_jsonrrrrtest_to_partial_json$sz.UnrecognizedChallengeTest.test_to_partial_jsoncCs&ddlm}|j||jks"JdS)Nrr )rr rrrrrrrtest_from_json's z(UnrecognizedChallengeTest.test_from_jsonN)rrrrr!r"rrrrrsrc@s4eZdZddZddZddZddZd d Zd S) %KeyAuthorizationChallengeResponseTestcCs dd}t|_||jj_dS)NcSs|dks JdS)Ntokenrr)namerrr_encode/s z._encode)rZMockrencode side_effect)rr&rrrr.s z+KeyAuthorizationChallengeResponseTest.setUpcCs0ddlm}|dd}||jts,JdS)Nr!KeyAuthorizationChallengeResponsez/foo.oKGqedy-b-acd5eoybm2f-NVFxvyOoET5CNy3xnv8WYkey_authorizationrr*verifyrKEY public_keyrr*responserrrtest_verify_ok5s  z4KeyAuthorizationChallengeResponseTest.test_verify_okcCs0ddlm}|dd}||jtr,JdS)Nrr)z/bar.oKGqedy-b-acd5eoybm2f-NVFxvyOoET5CNy3xnv8WYr+r-r1rrrtest_verify_wrong_token;s  z=KeyAuthorizationChallengeResponseTest.test_verify_wrong_tokencCs0ddlm}|dd}||jtr,JdS)Nrr)zfoo.oKGqedy-b-acd5eoybm2f-NVFxvr+r-r1rrrtest_verify_wrong_thumbprintAs  zBKeyAuthorizationChallengeResponseTest.test_verify_wrong_thumbprintcCs0ddlm}|dd}||jtr,JdS)Nrr)z0.foo.oKGqedy-b-acd5eoybm2f-NVFxvyOoET5CNy3xnv8WYr+r-r1rrrtest_verify_wrong_formGs  z+evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ+PCt92wr+oArAr;+evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oArr$)rr?rKdecode_b64joserBrCrr?rrrrws  zDNS01Test.setUpcCsd|jdksJdS)Nz_acme-challenge.www.example.comzwww.example.comrBZvalidation_domain_namer rrrtest_validation_domain_names z%DNS01Test.test_validation_domain_namecCsd|jtksJdS)NZ+rAa7iIg4K2y63fvUhCfy8dP1Xl7wEhmQq0oChTcE3Zk)rB validationr/r rrrtest_validations zDNS01Test.test_validationcCs|j|jksJdSrrCrBrr rrrr!szDNS01Test.test_to_partial_jsoncCs&ddlm}|j||jks"JdSNrr>)rr?rBrrCrZrrrr"s zDNS01Test.test_from_jsoncCs ddlm}t||jdSr`)rr?rGrrCrZrrrrHs z!DNS01Test.test_from_json_hashableN) rrrrr\r^r!r"rHrrrrrUus  rUc@seZdZddZddZddZddZd d Ze d d d Z e d ddZ e d ddZ e d ddZ e d ddZe d ddZdS)HTTP01ResponseTestcCsPddlm}|dd|_dddd|_ddlm}|d d |_|jt|_dS) NrHTTP01Responserr+r:http-01r<HTTP01r@rA)rrcrBrCrfrr2r/)rrcrfrrrrs    zHTTP01ResponseTest.setUpcCsi|jksJdSrrDr rrrr!sz'HTTP01ResponseTest.test_to_partial_jsoncCs&ddlm}|j||jks"JdSNrrb)rrcrBrrCrrcrrrr"s z!HTTP01ResponseTest.test_from_jsoncCs ddlm}t||jdSrg)rrcrGrrCrhrrrrHs z*HTTP01ResponseTest.test_from_json_hashablecCs,tjtd}|j|jd|dSrI rKrLrMrrNr2rOrr0rrPrrr(test_simple_verify_bad_key_authorizationsz;HTTP01ResponseTest.test_simple_verify_bad_key_authorizationzacme.challenges.requests.getcCsR|jt}tj|d|_|j|jdts4J|j |j ddtj ddS)NtextrJFr.timeout) rr]r/r MagicMock return_valuer2rOr0assert_called_once_withuriANY)rmock_getr]rrr"test_simple_verify_good_validations  z5HTTP01ResponseTest.test_simple_verify_good_validationcCs,tjdd|_|j|jdtr(JdS)N!rlrJ)rrprqr2rOrr/r0rrurrr!test_simple_verify_bad_validations z4HTTP01ResponseTest.test_simple_verify_bad_validationcCs`ddlm}tj|jt|jd|_|j |jdt sBJ|j |j ddtjddS)NrrbrlrJFrn)rrcrrprr]r/ZWHITESPACE_CUTSETrqr2rOr0rrrsrt)rrurcrrr(test_simple_verify_whitespace_validations   z;HTTP01ResponseTest.test_simple_verify_whitespace_validationcCs(tjj|_|j|jdtr$JdSrS) requests exceptionsZRequestExceptionr(r2rOrr/r0rxrrr#test_simple_verify_connection_errors  z6HTTP01ResponseTest.test_simple_verify_connection_errorcCs@|jj|jdtdddt|jdddjksJdSNr)rload_pyopenssl_private_keyr2gen_certr~ verify_certrZkey1certrPrrrtest_gen_verify_cert%s  z*TLSALPN01ResponseTest.test_gen_verify_certcCs<|j|j\}}t|tjjs$J|j|j|s8JdSr)r2rr~ isinstanceOpenSSLZcryptoZPKeyr)rrr rrrtest_gen_verify_cert_gen_key+sz2TLSALPN01ResponseTest.test_gen_verify_cert_gen_keycCs|j|jtdrJdS)Nr)r2rr~rZ load_certr rrrtest_verify_bad_cert0s z*TLSALPN01ResponseTest.test_verify_bad_certcCsBtd}|j|j|\}}||ks*J|j|j|r>JdSr)rrr2rr~rrrrrrtest_verify_bad_domain4s  z,TLSALPN01ResponseTest.test_verify_bad_domaincCs,tjtd}|j|jd|dSrIrirjrrrrk:sz>TLSALPN01ResponseTest.test_simple_verify_bad_key_authorizationz-acme.challenges.TLSALPN01Response.verify_certT)ZautospeccCsPtjj|_tjj|jj|j|jt tjj dks6J| |j|jtjj dS)N)r) rsentinelZ verificationrqr2rOrr~r/r0rrr)rZmock_verify_certrrrtest_simple_verify>s   z(TLSALPN01ResponseTest.test_simple_verifyz$acme.challenges.socket.gethostbynamez%acme.challenges.crypto_util.probe_snicCs^d|_|jd|d|jd|jjddgd|jjddd|jd tjddgddS) Nz 127.0.0.1zfoo.coms 127.0.0.1sfoo.coms acme-tls/1)hostrr%Zalpn_protocolsz8.8.8.8)rs8.8.8.8)rqr2Z probe_certrrZPORTZassert_called_withrrt)rZmock_probe_sniZmock_gethostbynamerrrtest_probe_certGs   z%TLSALPN01ResponseTest.test_probe_certz,acme.challenges.TLSALPN01Response.probe_certcCs(tj|_|j|j|jtr$JdSr) rErrorr(r2rOrr~r/r0)rZmock_probe_certrrr'test_simple_verify_false_on_probe_errorVsz=TLSALPN01ResponseTest.test_simple_verify_false_on_probe_errorN)rrrrr!r"rHrrrrrkrrrrrrrrrr s    rc@sFeZdZddZddZddZddZd d Ze d d d Z dS) TLSALPN01TestcCs.ddlm}|tdd|_ddd|_dS)NrrZ a82d5ff8ef740d12881f6d3c2277ab2erArrX)rrrKrrBrCrrrrr_s zTLSALPN01Test.setUpcCs|j|jksJdSrr_r rrrr!hsz"TLSALPN01Test.test_to_partial_jsoncCs&ddlm}|j||jks"JdSNrr)rrrBrrCrrrrr"ks zTLSALPN01Test.test_from_jsoncCs ddlm}t||jdSr)rrrGrrCrrrrrHos z%TLSALPN01Test.test_from_json_hashablecCsXddlm}td|jd<ttj||jWdn1sJ0YdS)Nrrsabcdr$) rrrKZencode_b64joserCpytestZraisesZDeserializationErrorrrrrr#test_from_json_invalid_token_lengthss z1TLSALPN01Test.test_from_json_invalid_token_lengthz*acme.challenges.TLSALPN01Response.gen_certcCsBd|_d|jjttjjtjjdks(J|jtjjtjjddS)N)rr )cert_keyr~)r r~) rqrBr]r/rrrr~rr)rZ mock_gen_certrrrr^ys  zTLSALPN01Test.test_validationN) rrrrr!r"rHrrrr^rrrrr]s rc@sdeZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ dS)DNSTestcCs.ddlm}|tdd|_ddd|_dS)NrDNS+evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oArAdnsrWrX)rrrKrrBrCrrrrrrs  z DNSTest.setUpcCs|j|jksJdSrr_r rrrr!szDNSTest.test_to_partial_jsoncCs&ddlm}|j||jks"JdSNrr)rrrBrrCrrrrr"s zDNSTest.test_from_jsoncCs ddlm}t||jdSr)rrrGrrCrrrrrHs zDNSTest.test_from_json_hashablec Csttdd}ttjf|tjffD]X\}}|j||d2|j |jj ||d| s^JWdq$1sr0Yq$dS)Nec_secp384r1_key.pemr)r algr) rrload_ecdsa_private_keyr/rKRS256ES384ZsubTestrBcheck_validationgen_validationr0)rec_key_secp384r1r rrrrtest_gen_check_validations z!DNSTest.test_gen_check_validationcCs4tjtd}|j|jt| r0JdS)Nzrsa1024_key.pem) rKrLrMrrNrBrrr/r0rjrrr#test_gen_check_validation_wrong_keysz+DNSTest.test_gen_check_validation_wrong_keycCs6tdddD}|D]}|j|trJqdS)Ncss"|]}tjj|tjtdVqdS)payloadrr N)rKJWSsignrr/).0rrrr sz>DNSTest.test_check_validation_wrong_payload..){})tuplerBrr/r0)rZ validationsr]rrr#test_check_validation_wrong_payloadsz+DNSTest.test_check_validation_wrong_payloadcCsBtjj|jjdddtjtd}|j |t r>JdS)NsxxxxxxxxxxxxxxxxxxxxrAzutf-8r) rKrrrBr json_dumpsr'rr/rr0)rZbad_validationrrr"test_check_validation_wrong_fieldss z*DNSTest.test_check_validation_wrong_fieldscCsptd&}tjj|_|jt}Wdn1s60Yddlm }t ||sZJ|jtjjkslJdS)Nz"acme.challenges.DNS.gen_validationr DNSResponse) rrrr]rqrBZ gen_responser/rrr)rZmock_genr2rrrrtest_gen_responses   * zDNSTest.test_gen_responsecCsd|jdksJdS)Nz_acme-challenge.le.wtfzle.wtfr[r rrrr\sz#DNSTest.test_validation_domain_namecCs<ttdd}|j|jj|tjd|dus8JdS)NrrrT) rrrrBrrrKrr0)rrrrr!test_validation_domain_name_ecdsasz)DNSTest.test_validation_domain_name_ecdsaN)rrrrr!r"rHrrrrrr\rrrrrrs  rc@s4eZdZddZddZddZddZd d Zd S) DNSResponseTestcCsddlm}|tdd|_tjj|jjddt tj d|_ ddlm }||j d |_ d |j i|_d d |j d |_dS)NrrrrAT)Z sort_keys)rr rr)r]r]r:r)r=rr])rrrKrrrrrr'r/rr]rrBjmsg_toZto_json jmsg_from)rrrrrrrs    zDNSResponseTest.setUpcCs|j|jksJdSr)rrBrr rrrr!sz$DNSResponseTest.test_to_partial_jsoncCs&ddlm}|j||jks"JdSNrr)rrrBrrrrrrrr"s zDNSResponseTest.test_from_jsoncCs ddlm}t||jdSr)rrrGrrrrrrrHs z'DNSResponseTest.test_from_json_hashablecCs|j|jtsJdSr)rBrrr/r0r rrrtest_check_validationsz%DNSResponseTest.test_check_validationN)rrrrr!r"rHrrrrrrs rc@seZdZdZddZdS)JWSPayloadRFC8555CompliantzFTest for RFC8555 compliance of JWS generated from resources/challengescCs2ddlm}|}|jdd}|dks.JdS)Nrrb)indentr)rrcrr')rrcZchallenge_bodyrrrrtest_challenge_payloads z1JWSPayloadRFC8555Compliant.test_challenge_payloadN)rrr__doc__rrrrrrsr__main__r))rsysZunittestr urllib.parseparserZjosepyrKZ josepy.jwkrrrr{ZacmerZacme._internal.testsrZload_comparable_certZCERTrLZload_rsa_private_keyr/ZTestCaser rr#r7rUrarrrrrrrexitmainargv__file__rrrrs6       #&Q%S%D$