a }|g@sdZddlZddlZddlmZddlZddlZddlm Z ddl Z ddl m Z ddl Z ddlZddlZddlmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZed ZedZedZe j !edZ"e#ddddej#$dZ%Gddde j&Z'Gddde j(Z)Gddde j&Z*Gddde j&Z+e,dkre-e.ej/dde0gdS) zTests for acme.client.N)Dict)mock) challenges)errors)jws)messages) messages_test) test_util) ClientNetwork)ClientV2z cert-san.pemz csr-mixed.pemzcsr-nosans.pemzrsa512_key.pemz1https://www.letsencrypt-demo.org/acme/new-account/https://www.letsencrypt-demo.org/acme/new-noncez/https://www.letsencrypt-demo.org/acme/new-orderz1https://www.letsencrypt-demo.org/acme/revoke-cert)Z newAccountnewNonceZnewOrder revokeCertmetac@sTeZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ e dddZe dddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8Z d9d:Z!e dd;d<Z"e dd=d>Z#e dd?d@Z$e ddAdBZ%dCdDZ&dES)F ClientV2TestzTests for acme.client.ClientV2.cCstjdtjiid|_t|_|j|jj_|j|jj_t j t j dd|_ d|_ t j|j td}t|}t jfi||_t j|dd|_d }t j|d t jtjtd d d }t j||d|_t jt j t j dd|fd|_t j |j|d|_!d|_"t#|_$t%|j$|j|_&|jj'dd|_d|_(|jj't j t j ddt j)d|_*t j |j*|j(d|_+t j,|jj |j*j ft j)|j!j-|j(fdd|_.t j/|j.d|j!|j+gt0d|_1t j/|j.d|j!|j+gt2d|_3dS)NT)ok status_codeheaderslinksz example.com)typvalue)zmailto:cert-admin@example.comztel:+12025551212)contactkey+https://www.letsencrypt-demo.org/acme/reg/1bodyuriz-https://www.letsencrypt-demo.org/acme/authz/1z/1z+evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA)token)rstatusZchall)r authzr_uri) identifierr)Zterms_of_service_agreedz-https://www.letsencrypt-demo.org/acme/authz/2zwww.example.com)r rz=https://www.letsencrypt-demo.org/acme/acct/1/order/1/finalize)Z identifiersrauthorizationsfinalizez4https://www.letsencrypt-demo.org/acme/acct/1/order/1)rrr"Zcsr_pem)4r MagicMock http_clientOKresponsenetpost return_valuegetrZ IdentifierZIDENTIFIER_FQDNr rZ RegistrationKEYZ public_keydictZNewRegistrationnew_regZRegistrationResourceregrZ ChallengeBody STATUS_VALIDrZDNSjose b64decodeZChallengeResourcechallrZ AuthorizationauthzAuthorizationResourceauthzrrsn DIRECTORY_V2 directoryr clientupdate authzr_uri2ZSTATUS_PENDINGauthz2authzr2ZOrderrorderZ OrderResource CSR_MIXED_PEMorderrCSR_NO_SANS_PEMZorderr2)selfZregZthe_argrchallbrED/usr/lib/python3.9/site-packages/acme/_internal/tests/client_test.pysetUp*s          zClientV2Test.setUpcCs0tj|j_|jj|jj_|jj |jj d<dSNLocation) r%CREATEDr'rr/rto_jsonjsonr*rrrCrErErFtest_new_accountjs zClientV2Test.test_new_accountcCsFtj|j_|jj|jj_|jj |jj d<|jj dddiidS)NrIzterms-of-serviceurlz$https://www.letsencrypt-demo.org/tos) r%rJr'rr/rrKrLr*rrrr;rMrErErFtest_new_account_tos_linkqs z&ClientV2Test.test_new_account_tos_linkcCsXtj|j_|jj|jjd<tt j |j |j Wdn1sJ0YdSrH)r%r&r'rr/rrpytestraisesr ConflictErrorr:Z new_accountr.rMrErErFtest_new_account_conflict}s z&ClientV2Test.test_new_account_conflictcCsH|jj|jjjddd}|j|jj_tj|j_ |jj |jj d<dS)NZ deactivatedrrrI) r/r;rrKr'rLr*r%r&rrr)rCZdeactivated_regrrErErFtest_deactivate_accounts z$ClientV2Test.test_deactivate_accountcCs>|jj|jjjtjdd}|j|jj_|j |j}dS)NrUrV) r6r;rrZSTATUS_DEACTIVATEDrKr'rLr*r:Zdeactivate_authorization)rCZdeactivated_authzr6rErErFtest_deactivate_authorizations z*ClientV2Test.test_deactivate_authorizationcCst|j}tj|_|j|j_ |j j |j d<||j j_ t|j}|j|j_ |jj |j d<|j}|j|j_ |jj |j d<td}||f|_Wdn1s0Ytd}||f|_Wdn1s0YdS)NrIz!acme.client.ClientV2._post_as_get)copydeepcopyr'r%rJrr?rKrLr*rArrr(r)r4r6r=r>rpatch side_effect)rCZorder_responseZauthz_responseZauthz_response2Zmock_post_as_getrErErFtest_new_orders"       zClientV2Test.test_new_ordercCsd|jji|jjd<|jj|jj_tj dd}|j |jj|t tj*|j |jjjdd|Wdn1s0YdS)NrOZupZ validationfoo)r)r3rr'rrrKrLr*r DNSResponser:answer_challengerQrRrUnexpectedUpdater;)rCZchall_responserErErFtest_answer_challeges  z!ClientV2Test.test_answer_challegecCsJttj*|j|jjtj ddWdn1s<0YdS)Nr^) rQrRr ClientErrorr:rar3rrr`rMrErErF"test_answer_challenge_missing_nextsz/ClientV2Test.test_answer_challenge_missing_nextzacme.client.datetimecCs~tddd|jj_tj|_|jtjdd}tj|jd|j_tj|jd|j_ |jj |j||jj |j|dS)NZZsecondsr*) datetimenowr* timedeltarZMockrAr:poll_authorizationsfinalize_orderassert_called_once_with)rC mock_datetimeZexpected_deadlinerErErFtest_poll_and_finalizesz#ClientV2Test.test_poll_and_finalizecCstdddtdddtdddg}||jj_|j|j|jg|jj_t t j $|j |j|dWdn1s0YdS)Nrfrgrhr!)rlrmr\r4rKr=r'rLrQrRr TimeoutErrorr:rorA)rCrrZnow_side_effectrErErF test_poll_authorizations_timeouts     z-ClientV2Test.test_poll_authorizations_timeoutcCstddd}|jjjtjtjdd}|jjtj|fd}| |j j _ t tj |j|j|Wdn1s~0YdS)N' unauthorized)rerror)rr)rlr3rr;rSTATUS_INVALIDError with_coder4rKr'rLr*rQrRrZValidationErrorr:rorA)rCdeadlinerDr4rErErF test_poll_authorizations_failures  z-ClientV2Test.test_poll_authorizations_failurecCsftddd}|jjtjd}tj||jd}|jj|j|gd}|j |j | f|j j _ dS)NrxryrUr)r")rlr=r;rr0r5r<rAr6r4rKr'rLr\)rCrZupdated_authz2Zupdated_authzr2updated_orderrrErErF test_poll_authorizations_successs z-ClientV2Test.test_poll_authorizations_successcCsd|jj|jjddd}||jj_tt j |j |j Wdn1sV0YdS)Nr_r)r )r4r;r rKr'rLr*rQrRrrbr:pollr6)rCZ updated_authzrErErFtest_poll_unexpected_updatesz(ClientV2Test.test_poll_unexpected_updatecCsJ|jjdtjd}|jj|td}||jj_ t|j_ t ddd}dS)N+https://www.letsencrypt-demo.org/acme/cert/Z certificater)r fullchain_pemrxry) r?r;rr0rA CERT_SAN_PEMrKr'rLr*textrl)rC updated_orderrrrErErFtest_finalize_order_successsz(ClientV2Test.test_finalize_order_successcCsv|jjtjdtjd}||jj_ t ddd}t t j |j|j|Wdn1sh0YdS)Nrzr{rrxry)r?r;rr}r~r|rKr'rLr*rlrQrRrZ IssuanceErrorr:rprA)rCrrrErErFtest_finalize_order_errors z&ClientV2Test.test_finalize_order_errorc Csn|jjdtjd}||jj_tj t j dd*|j |jtdddWdn1s`0YdS)NrzThe certificate order failed)matchrxry)r?r;rr|rKr'rLr*rQrRrr}r:rprArl)rCr?rErErF"test_finalize_order_invalid_statussz/ClientV2Test.test_finalize_order_invalid_statuscCsVtjtjdd}ttj |j|j |Wdn1sH0YdS)N<rj) rlrmrnrQrRrrvr:rprA)rCrrErErFtest_finalize_order_timeoutsz(ClientV2Test.test_finalize_order_timeoutcCs|jjdtjd}|jj|tttgd}||jj_ t|j_ d|jj d<t ddd}|j j|j|dd }|jjjd tjtjd |jjjd tjtjd |jj d=|j j|j|dd }dS) Nrr)rrZalternative_fullchains_pemz;rel="alternate", ;rel="index", ;title="foo";rel="alternate"ZLinkrxryT)Zfetch_alternative_chainszhttps://example.com/acme/cert/1 new_nonce_urlzhttps://example.com/acme/cert/2)r?r;rr0rArrKr'rLr*rrrlr:rpr(r)Zassert_any_callrANY)rCrrrZresprErErFtest_finalize_order_alt_chains s0    z+ClientV2Test.test_finalize_order_alt_chainscCs6|jtj|j|jjj|jdt j t dddS)Nrr r) r:revokerCERTr7r(r)rqr9rrr8rMrErErF test_revoke(szClientV2Test.test_revokecCsLtj|j_ttj"|j t j |j Wdn1s>0YdSN) r%METHOD_NOT_ALLOWEDr'rrQrRrrdr:rrrr7rMrErErF#test_revoke_bad_status_raises_error-s   z0ClientV2Test.test_revoke_bad_status_raises_errorcCs@|jj|jjd<|jj|jj_|jjjdd|jj_dS)NrIrE)r) r/rr'rrrKrLr*r;rMrErErFtest_update_registration3s z%ClientV2Test.test_update_registrationcCs tdtjjddi|j_dS)NrTZexternal_account_requiredr DirectoryMetar:r9rMrErErF#test_external_account_required_true?s z0ClientV2Test.test_external_account_required_truecCs tdtjjddi|j_dS)NrFrrrMrErErF$test_external_account_required_falseFs z1ClientV2Test.test_external_account_required_falsecCsdSrrErMrErErF&test_external_account_required_defaultMsz3ClientV2Test.test_external_account_required_defaultcCs"|jj|jj_d|jjd<dS)NrrI)r/rrKr'rLr*rrMrErErFtest_query_registration_clientPs z+ClientV2Test.test_query_registration_clientcCsltdN}|j|_|j|j|jjjj|jj ddd|jjj Wdn1s^0YdS)Nz*acme.client.ClientV2._authzr_from_responser r) rr[r>r*r:rr(r)rqrr+Zassert_not_called)rCZ mock_clientrErErFtest_post_as_getUs  zClientV2Test.test_post_as_getcCsd|jjd<dS)NzFri, 31 Dec 1999 23:59:59 GMT Retry-After)r'rrMrErErFtest_retry_after_date`s z"ClientV2Test.test_retry_after_datecCs,tddd|jj_tj|_d|jjd<dS)NZfoooorrlrmr*rnr'rrCZdt_mockrErErFtest_retry_after_invalides z%ClientV2Test.test_retry_after_invalidcCs6tddd|jj_tj|_tj|j_d|jjd<dS)NrrrzTue, 116 Feb 2016 11:50:00 MSTr)rlrmr*rnr\r'rrrErErFtest_retry_after_overflowns   z&ClientV2Test.test_retry_after_overflowcCs,tddd|jj_tj|_d|jjd<dS)NrrrZ50rrrrErErFtest_retry_after_secondsxs z%ClientV2Test.test_retry_after_secondscCs tddd|jj_tj|_dS)Nrrr)rlrmr*rnrrErErFtest_retry_after_missingsz%ClientV2Test.test_retry_after_missingcCst|jj_dSr)r8rKr'rLr*rMrErErFtest_get_directoryszClientV2Test.test_get_directoryN)'__name__ __module__ __qualname____doc__rGrNrPrTrWrXr]rcrerr[rsrwrrrrrrrrrrrrrrrrrrrrrrrErErErFr'sP@               rc@s(eZdZddZddZeddZdS)MockJSONDeSerializablecCs ||_dSrr)rCrrErErF__init__szMockJSONDeSerializable.__init__cCs d|jiS)Nr_rrMrErErFto_partial_jsonsz&MockJSONDeSerializable.to_partial_jsoncCsdSrrE)clsZjobjrErErF from_jsonsz MockJSONDeSerializable.from_jsonN)rrrrr classmethodrrErErErFrsrc@seZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ e dddZe dddZddZddZddZe ddd Zd!d"Zd#d$Zd%d&Zd'd(Zd3d*d+Zd,d-Ze d.d/d0Zd1d2Zd)S)4ClientNetworkTestz$Tests for acme.client.ClientNetwork.cCsXt|_tjtjjd|_tttj |jdd|_ tjdt j d|_ i|j _i|j _dS)Nrkacme-python-test)ralg verify_sslZ user_agentTrr)rr$rsentinelwrappedZ wrap_in_jwsr r,r1ZRS256r(r%r&r'rrrMrErErFrGs  zClientNetworkTest.setUpcCsdSrrErMrErErF test_initszClientNetworkTest.test_initcCs&|jjtdddd}tj|}dS)Nr_TgrOZnoncerO)r( _wrap_in_jwsracme_jwsJWS json_loadsrCZjws_dumprrErErFtest_wrap_in_jwss   z"ClientNetworkTest.test_wrap_in_jwscCs2ddi|j_|jjtdddd}tj|}dS)Nrzacct-urir_rrOr)r(ZaccountrrrrrrrErErFtest_wrap_in_jws_v2s    z%ClientNetworkTest.test_wrap_in_jws_v2c Csd|j_i|jj_tdR}tj|_t t j |j |jWdn1sV0YWdn1st0YdS)NFz$acme.client.messages.Error.from_json)r'rrLr*rr[r1ZDeserializationErrorr\rQrRrrdr(_check_response)rCrrErErF(test_check_response_not_ok_jobj_no_errors   z:ClientNetworkTest.test_check_response_not_ok_jobj_no_errorcCsbd|j_tjjdddd|jj_t tj|j |jWdn1sT0YdS)NFZserverInternalr_z some title)Zdetailtitle) r'rrr}r~rKrLr*rQrRr(rrMrErErF%test_check_response_not_ok_jobj_errors z7ClientNetworkTest.test_check_response_not_ok_jobj_errorcCsPd|j_t|jj_ttj|j |jWdn1sB0YdS)NF) r'r ValueErrorrLr\rQrRrrdr(rrMrErErF"test_check_response_not_ok_no_jobjs z4ClientNetworkTest.test_check_response_not_ok_no_jobjc Csnt|jj_|jjdfD]R}||jjd<tt j &|jj |j|jjdWdq1s^0YqdS)Nr_ Content-Type content_type) rr'rLr\r(JSON_CONTENT_TYPErrQrRrrdrrCZ response_ctrErErF*test_check_response_ok_no_jobj_ct_requireds   z.send_request)r\rk)r r(rr$r%r&r'rrcheckedrr objZ wrapped_objrrr1 b64encode all_noncesr rrcheck_responserr)rCrrErMrFrGs,     z)ClientNetworkWithMockedResponseTest.setUpcCsd|j_|jS)NT)r'r)rCr'rrErErFrsz2ClientNetworkWithMockedResponseTest.check_responsecCs|jjddddddS)Nrrr_rrrrqrMrErErF test_headsz-ClientNetworkWithMockedResponseTest.test_headcCs|jjddddddS)Nrr r_rrrrMrErErF test_head_v2sz0ClientNetworkWithMockedResponseTest.test_head_v2cCs|jjdddddS)NrrrrrrMrErErFtest_getsz,ClientNetworkWithMockedResponseTest.test_getcCs|jj|_dSr)r(ZJOSE_CONTENT_TYPErrMrErErFtest_post_no_content_types z=ClientNetworkWithMockedResponseTest.test_post_no_content_typecCs|jj|jt|jdg|_t t j &|jj d|j|jdWdn1s^0Y|jj|jt|jddS)Nrr)r(rrqrr1r2rr r rQrRrZ MissingNoncer)rrrMrErErF test_posts4z-ClientNetworkWithMockedResponseTest.test_postcCsVdtdg|_ttj&|jjd|j |j dWdn1sH0YdS)Nfgoodrr r1rr rQrRrZBadNoncer(r)rrrMrErErFtest_post_wrong_initial_nonces zAClientNetworkWithMockedResponseTest.test_post_wrong_initial_noncecCsVtddg|_ttj&|jjd|j |j dWdn1sH0YdS)Nr rrrr!rMrErErF#test_post_wrong_post_response_nonces zGClientNetworkWithMockedResponseTest.test_post_wrong_post_response_noncecCsdt}tjd|_||j_t tj&|jj d|j |j dWdn1sV0YdS)NbadNoncerr) rr$rr}r~r\r(rrQrRr)rrrCrrErErFtest_post_failed_retrysz:ClientNetworkWithMockedResponseTest.test_post_failed_retrycCsjt}tjd|jg|_||j_t tj&|jj d|j |j dWdn1s\0YdS)NZ malformedrr)rr$rr}r~r'r\r(rrQrRr)rrr%rErErFtest_post_not_retrieds z9ClientNetworkWithMockedResponseTest.test_post_not_retriedcCs t}tjd|jg|_dS)Nr$)rr$rr}r~r'r\)rCZ post_oncerErErFtest_post_successful_retrys  z>ClientNetworkWithMockedResponseTest.test_post_successful_retryc Cstjj|j_|jj|jjfD]<}t tjj|ddWdq1sN0Yqt tjj"|jj d|j dWdn1s0YdS)Nrr)r) rrrrr\r(headr+rQrRr)r)rCrrErErF$test_head_get_post_error_passthroughs  *zHClientNetworkWithMockedResponseTest.test_head_get_post_error_passthroughcCstjdtjd}t|j_||jj_d|_t}||j_t t j (|jj d|j|jddWdn1sv0YdS)NFrrr rr)rr$r%ZSERVICE_UNAVAILABLEr(rr*rrrQrRrrdr)r)rCZ bad_responserrErErFtest_post_bad_nonce_heads  $zClientNetworkWithMockedResponseTest.test_new_nonce_uri_removedN)rrrrrGrrrrrrr"r#r&r'r(r*r,r-rErErErFr s +   r __main__r!)1rrYrlZ http.clientr:r%rLsystypingrZunittestrZjosepyr1rQrZacmerrrrrZacme._internal.testsrr Z acme.clientr r Z load_vectorrr@rBZJWKRSAloadr,rrr8ZTestCaserZJSONDeSerializablerrr rexitmainargv__file__rErErErFsP               j e#