2018-04-25 20:19:34 +02:00
|
|
|
import unittest
|
2020-02-13 00:10:24 +01:00
|
|
|
|
|
|
|
from cryptography.x509 import DNSName
|
2019-08-05 22:59:59 +02:00
|
|
|
from requests.models import Response
|
2018-04-25 20:19:34 +02:00
|
|
|
|
|
|
|
from mock import MagicMock, Mock, patch
|
|
|
|
|
2019-08-05 22:59:59 +02:00
|
|
|
from lemur.plugins.lemur_acme import plugin, ultradns
|
2018-05-07 18:58:24 +02:00
|
|
|
|
2018-04-25 20:19:34 +02:00
|
|
|
|
|
|
|
class TestAcme(unittest.TestCase):
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.dns_provider_service")
|
2018-08-13 23:22:59 +02:00
|
|
|
def setUp(self, mock_dns_provider_service):
|
2018-04-27 20:18:41 +02:00
|
|
|
self.ACMEIssuerPlugin = plugin.ACMEIssuerPlugin()
|
2018-08-13 23:22:59 +02:00
|
|
|
self.acme = plugin.AcmeHandler()
|
|
|
|
mock_dns_provider = Mock()
|
|
|
|
mock_dns_provider.name = "cloudflare"
|
|
|
|
mock_dns_provider.credentials = "{}"
|
|
|
|
mock_dns_provider.provider_type = "cloudflare"
|
2019-05-16 16:57:02 +02:00
|
|
|
self.acme.dns_providers_for_domain = {
|
|
|
|
"www.test.com": [mock_dns_provider],
|
|
|
|
"test.fakedomain.net": [mock_dns_provider],
|
|
|
|
}
|
2018-04-27 20:18:41 +02:00
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.len", return_value=1)
|
2020-03-16 19:24:17 +01:00
|
|
|
def test_get_dns_challenges(self, mock_len):
|
2018-04-25 20:19:34 +02:00
|
|
|
assert mock_len
|
|
|
|
|
|
|
|
from acme import challenges
|
2019-05-16 16:57:02 +02:00
|
|
|
|
2020-03-16 19:24:17 +01:00
|
|
|
host = "example.com"
|
2018-04-25 20:19:34 +02:00
|
|
|
c = challenges.DNS01()
|
|
|
|
|
|
|
|
mock_authz = Mock()
|
|
|
|
mock_authz.body.resolved_combinations = []
|
|
|
|
mock_entry = Mock()
|
|
|
|
mock_entry.chall = c
|
|
|
|
mock_authz.body.resolved_combinations.append(mock_entry)
|
2020-03-16 19:24:17 +01:00
|
|
|
result = yield self.acme.get_dns_challenges(host, mock_authz)
|
2018-04-25 20:19:34 +02:00
|
|
|
self.assertEqual(result, mock_entry)
|
|
|
|
|
2020-03-16 19:24:17 +01:00
|
|
|
def test_strip_wildcard(self):
|
|
|
|
expected = ("example.com", False)
|
|
|
|
result = self.acme.strip_wildcard("example.com")
|
|
|
|
self.assertEqual(expected, result)
|
|
|
|
|
|
|
|
expected = ("example.com", True)
|
|
|
|
result = self.acme.strip_wildcard("*.example.com")
|
|
|
|
self.assertEqual(expected, result)
|
|
|
|
|
2018-04-25 20:19:34 +02:00
|
|
|
def test_authz_record(self):
|
|
|
|
a = plugin.AuthorizationRecord("host", "authz", "challenge", "id")
|
|
|
|
self.assertEqual(type(a), plugin.AuthorizationRecord)
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("acme.client.Client")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.len", return_value=1)
|
2020-03-16 19:24:17 +01:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.get_dns_challenges")
|
2019-05-16 16:57:02 +02:00
|
|
|
def test_start_dns_challenge(
|
2020-03-16 19:24:17 +01:00
|
|
|
self, mock_get_dns_challenges, mock_len, mock_app, mock_acme
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-04-25 20:19:34 +02:00
|
|
|
assert mock_len
|
2018-05-16 16:46:37 +02:00
|
|
|
mock_order = Mock()
|
2018-04-25 20:19:34 +02:00
|
|
|
mock_app.logger.debug = Mock()
|
|
|
|
mock_authz = Mock()
|
|
|
|
mock_authz.body.resolved_combinations = []
|
2018-05-08 20:04:25 +02:00
|
|
|
mock_entry = MagicMock()
|
2018-04-25 20:19:34 +02:00
|
|
|
from acme import challenges
|
2019-05-16 16:57:02 +02:00
|
|
|
|
2018-04-25 20:19:34 +02:00
|
|
|
c = challenges.DNS01()
|
2018-08-13 23:22:59 +02:00
|
|
|
mock_entry.chall = TestAcme.test_complete_dns_challenge_fail
|
2018-04-25 20:19:34 +02:00
|
|
|
mock_authz.body.resolved_combinations.append(mock_entry)
|
|
|
|
mock_acme.request_domain_challenges = Mock(return_value=mock_authz)
|
|
|
|
mock_dns_provider = Mock()
|
|
|
|
mock_dns_provider.create_txt_record = Mock(return_value=1)
|
|
|
|
|
|
|
|
values = [mock_entry]
|
2020-03-16 19:24:17 +01:00
|
|
|
iterable = mock_get_dns_challenges.return_value
|
2018-04-25 20:19:34 +02:00
|
|
|
iterator = iter(values)
|
|
|
|
iterable.__iter__.return_value = iterator
|
2019-05-16 16:57:02 +02:00
|
|
|
result = self.acme.start_dns_challenge(
|
|
|
|
mock_acme, "accountid", "host", mock_dns_provider, mock_order, {}
|
|
|
|
)
|
2018-04-25 20:19:34 +02:00
|
|
|
self.assertEqual(type(result), plugin.AuthorizationRecord)
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("acme.client.Client")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.cloudflare.wait_for_dns_change")
|
2020-02-13 00:10:24 +01:00
|
|
|
@patch("time.sleep")
|
2019-05-16 16:57:02 +02:00
|
|
|
def test_complete_dns_challenge_success(
|
2020-02-13 00:10:24 +01:00
|
|
|
self, mock_sleep, mock_wait_for_dns_change, mock_current_app, mock_acme
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-04-25 20:19:34 +02:00
|
|
|
mock_dns_provider = Mock()
|
|
|
|
mock_dns_provider.wait_for_dns_change = Mock(return_value=True)
|
|
|
|
mock_authz = Mock()
|
2020-02-13 00:10:24 +01:00
|
|
|
mock_sleep.return_value = False
|
2018-04-25 20:19:34 +02:00
|
|
|
mock_authz.dns_challenge.response = Mock()
|
|
|
|
mock_authz.dns_challenge.response.simple_verify = Mock(return_value=True)
|
2018-05-16 16:46:37 +02:00
|
|
|
mock_authz.authz = []
|
2018-08-13 23:22:59 +02:00
|
|
|
mock_authz.host = "www.test.com"
|
2018-05-16 16:46:37 +02:00
|
|
|
mock_authz_record = Mock()
|
|
|
|
mock_authz_record.body.identifier.value = "test"
|
|
|
|
mock_authz.authz.append(mock_authz_record)
|
|
|
|
mock_authz.change_id = []
|
|
|
|
mock_authz.change_id.append("123")
|
|
|
|
mock_authz.dns_challenge = []
|
|
|
|
dns_challenge = Mock()
|
|
|
|
mock_authz.dns_challenge.append(dns_challenge)
|
2018-08-13 23:22:59 +02:00
|
|
|
self.acme.complete_dns_challenge(mock_acme, mock_authz)
|
2018-04-25 20:19:34 +02:00
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("acme.client.Client")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.cloudflare.wait_for_dns_change")
|
|
|
|
def test_complete_dns_challenge_fail(
|
2020-03-16 19:41:05 +01:00
|
|
|
self, mock_wait_for_dns_change, mock_current_app, mock_acme
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-04-25 20:19:34 +02:00
|
|
|
mock_dns_provider = Mock()
|
|
|
|
mock_dns_provider.wait_for_dns_change = Mock(return_value=True)
|
|
|
|
|
|
|
|
mock_authz = Mock()
|
|
|
|
mock_authz.dns_challenge.response = Mock()
|
|
|
|
mock_authz.dns_challenge.response.simple_verify = Mock(return_value=False)
|
2018-05-16 16:46:37 +02:00
|
|
|
mock_authz.authz = []
|
2018-08-13 23:22:59 +02:00
|
|
|
mock_authz.host = "www.test.com"
|
2018-05-16 16:46:37 +02:00
|
|
|
mock_authz_record = Mock()
|
|
|
|
mock_authz_record.body.identifier.value = "test"
|
|
|
|
mock_authz.authz.append(mock_authz_record)
|
|
|
|
mock_authz.change_id = []
|
|
|
|
mock_authz.change_id.append("123")
|
|
|
|
mock_authz.dns_challenge = []
|
|
|
|
dns_challenge = Mock()
|
|
|
|
mock_authz.dns_challenge.append(dns_challenge)
|
2018-04-25 20:19:34 +02:00
|
|
|
self.assertRaises(
|
2019-05-16 16:57:02 +02:00
|
|
|
ValueError, self.acme.complete_dns_challenge(mock_acme, mock_authz)
|
2018-04-25 20:19:34 +02:00
|
|
|
)
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("acme.client.Client")
|
|
|
|
@patch("OpenSSL.crypto", return_value="mock_cert")
|
|
|
|
@patch("josepy.util.ComparableX509")
|
2020-03-16 19:24:17 +01:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.get_dns_challenges")
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
def test_request_certificate(
|
2020-03-16 19:41:05 +01:00
|
|
|
self,
|
|
|
|
mock_current_app,
|
|
|
|
mock_get_dns_challenges,
|
|
|
|
mock_jose,
|
|
|
|
mock_crypto,
|
|
|
|
mock_acme,
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-04-25 20:19:34 +02:00
|
|
|
mock_cert_response = Mock()
|
|
|
|
mock_cert_response.body = "123"
|
|
|
|
mock_cert_response_full = [mock_cert_response, True]
|
|
|
|
mock_acme.poll_and_request_issuance = Mock(return_value=mock_cert_response_full)
|
|
|
|
mock_authz = []
|
|
|
|
mock_authz_record = MagicMock()
|
|
|
|
mock_authz_record.authz = Mock()
|
|
|
|
mock_authz.append(mock_authz_record)
|
|
|
|
mock_acme.fetch_chain = Mock(return_value="mock_chain")
|
2019-05-16 16:57:02 +02:00
|
|
|
mock_crypto.dump_certificate = Mock(return_value=b"chain")
|
2018-05-16 16:46:37 +02:00
|
|
|
mock_order = Mock()
|
2018-08-13 23:22:59 +02:00
|
|
|
self.acme.request_certificate(mock_acme, [], mock_order)
|
2018-04-25 20:19:34 +02:00
|
|
|
|
|
|
|
def test_setup_acme_client_fail(self):
|
|
|
|
mock_authority = Mock()
|
|
|
|
mock_authority.options = []
|
|
|
|
with self.assertRaises(Exception):
|
2018-08-13 23:22:59 +02:00
|
|
|
self.acme.setup_acme_client(mock_authority)
|
2018-04-25 20:19:34 +02:00
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.BackwardsCompatibleClientV2")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
2018-04-25 20:19:34 +02:00
|
|
|
def test_setup_acme_client_success(self, mock_current_app, mock_acme):
|
|
|
|
mock_authority = Mock()
|
2018-04-27 20:18:41 +02:00
|
|
|
mock_authority.options = '[{"name": "mock_name", "value": "mock_value"}]'
|
2018-04-25 20:19:34 +02:00
|
|
|
mock_client = Mock()
|
|
|
|
mock_registration = Mock()
|
|
|
|
mock_registration.uri = "http://test.com"
|
|
|
|
mock_client.register = mock_registration
|
|
|
|
mock_client.agree_to_tos = Mock(return_value=True)
|
|
|
|
mock_acme.return_value = mock_client
|
2018-07-31 00:25:02 +02:00
|
|
|
mock_current_app.config = {}
|
2018-08-13 23:22:59 +02:00
|
|
|
result_client, result_registration = self.acme.setup_acme_client(mock_authority)
|
2018-04-25 20:19:34 +02:00
|
|
|
assert result_client
|
|
|
|
assert result_registration
|
2018-04-27 20:18:41 +02:00
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
2018-04-27 20:18:41 +02:00
|
|
|
def test_get_domains_single(self, mock_current_app):
|
2019-05-16 16:57:02 +02:00
|
|
|
options = {"common_name": "test.netflix.net"}
|
2018-08-13 23:22:59 +02:00
|
|
|
result = self.acme.get_domains(options)
|
2018-04-27 20:18:41 +02:00
|
|
|
self.assertEqual(result, [options["common_name"]])
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
2018-04-27 20:18:41 +02:00
|
|
|
def test_get_domains_multiple(self, mock_current_app):
|
|
|
|
options = {
|
|
|
|
"common_name": "test.netflix.net",
|
|
|
|
"extensions": {
|
2020-02-13 00:10:24 +01:00
|
|
|
"sub_alt_names": {"names": [DNSName("test2.netflix.net"), DNSName("test3.netflix.net")]}
|
2019-05-16 16:57:02 +02:00
|
|
|
},
|
2018-04-27 20:18:41 +02:00
|
|
|
}
|
2018-08-13 23:22:59 +02:00
|
|
|
result = self.acme.get_domains(options)
|
2019-05-16 16:57:02 +02:00
|
|
|
self.assertEqual(
|
|
|
|
result, [options["common_name"], "test2.netflix.net", "test3.netflix.net"]
|
|
|
|
)
|
2018-04-27 20:18:41 +02:00
|
|
|
|
2020-02-13 00:10:24 +01:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
def test_get_domains_san(self, mock_current_app):
|
|
|
|
options = {
|
|
|
|
"common_name": "test.netflix.net",
|
|
|
|
"extensions": {
|
|
|
|
"sub_alt_names": {"names": [DNSName("test.netflix.net"), DNSName("test2.netflix.net")]}
|
|
|
|
},
|
|
|
|
}
|
|
|
|
result = self.acme.get_domains(options)
|
|
|
|
self.assertEqual(
|
|
|
|
result, [options["common_name"], "test2.netflix.net"]
|
|
|
|
)
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch(
|
|
|
|
"lemur.plugins.lemur_acme.plugin.AcmeHandler.start_dns_challenge",
|
|
|
|
return_value="test",
|
|
|
|
)
|
2018-04-27 20:18:41 +02:00
|
|
|
def test_get_authorizations(self, mock_start_dns_challenge):
|
2018-05-16 16:46:37 +02:00
|
|
|
mock_order = Mock()
|
|
|
|
mock_order.body.identifiers = []
|
|
|
|
mock_domain = Mock()
|
|
|
|
mock_order.body.identifiers.append(mock_domain)
|
|
|
|
mock_order_info = Mock()
|
|
|
|
mock_order_info.account_number = 1
|
2018-05-16 17:00:33 +02:00
|
|
|
mock_order_info.domains = ["test.fakedomain.net"]
|
2019-05-16 16:57:02 +02:00
|
|
|
result = self.acme.get_authorizations(
|
|
|
|
"acme_client", mock_order, mock_order_info
|
|
|
|
)
|
2018-04-27 20:18:41 +02:00
|
|
|
self.assertEqual(result, ["test"])
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch(
|
|
|
|
"lemur.plugins.lemur_acme.plugin.AcmeHandler.complete_dns_challenge",
|
|
|
|
return_value="test",
|
|
|
|
)
|
2018-04-27 20:18:41 +02:00
|
|
|
def test_finalize_authorizations(self, mock_complete_dns_challenge):
|
|
|
|
mock_authz = []
|
|
|
|
mock_authz_record = MagicMock()
|
|
|
|
mock_authz_record.authz = Mock()
|
|
|
|
mock_authz_record.change_id = 1
|
|
|
|
mock_authz_record.dns_challenge.validation_domain_name = Mock()
|
|
|
|
mock_authz_record.dns_challenge.validation = Mock()
|
|
|
|
mock_authz.append(mock_authz_record)
|
|
|
|
mock_dns_provider = Mock()
|
|
|
|
mock_dns_provider.delete_txt_record = Mock()
|
|
|
|
|
|
|
|
mock_acme_client = Mock()
|
2018-08-13 23:22:59 +02:00
|
|
|
result = self.acme.finalize_authorizations(mock_acme_client, mock_authz)
|
2018-04-27 20:18:41 +02:00
|
|
|
self.assertEqual(result, mock_authz)
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
2018-04-27 20:18:41 +02:00
|
|
|
def test_create_authority(self, mock_current_app):
|
|
|
|
mock_current_app.config = Mock()
|
|
|
|
options = {
|
2019-05-16 16:57:02 +02:00
|
|
|
"plugin": {"plugin_options": [{"name": "certificate", "value": "123"}]}
|
2018-04-27 20:18:41 +02:00
|
|
|
}
|
|
|
|
acme_root, b, role = self.ACMEIssuerPlugin.create_authority(options)
|
|
|
|
self.assertEqual(acme_root, "123")
|
|
|
|
self.assertEqual(b, "")
|
2019-05-16 16:57:02 +02:00
|
|
|
self.assertEqual(role, [{"username": "", "password": "", "name": "acme"}])
|
|
|
|
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.dyn.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.cloudflare.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.dns_provider_service")
|
|
|
|
def test_get_dns_provider(
|
2020-03-16 19:24:17 +01:00
|
|
|
self,
|
|
|
|
mock_dns_provider_service,
|
|
|
|
mock_current_app_cloudflare,
|
|
|
|
mock_current_app_dyn,
|
|
|
|
mock_current_app,
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-05-08 20:03:17 +02:00
|
|
|
provider = plugin.ACMEIssuerPlugin()
|
|
|
|
route53 = provider.get_dns_provider("route53")
|
|
|
|
assert route53
|
|
|
|
cloudflare = provider.get_dns_provider("cloudflare")
|
|
|
|
assert cloudflare
|
|
|
|
dyn = provider.get_dns_provider("dyn")
|
|
|
|
assert dyn
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.setup_acme_client")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.authorization_service")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.dns_provider_service")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.get_authorizations")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.finalize_authorizations")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.request_certificate")
|
2018-05-08 20:03:17 +02:00
|
|
|
def test_get_ordered_certificate(
|
2020-03-16 19:41:05 +01:00
|
|
|
self,
|
|
|
|
mock_request_certificate,
|
|
|
|
mock_finalize_authorizations,
|
|
|
|
mock_get_authorizations,
|
|
|
|
mock_dns_provider_service,
|
|
|
|
mock_authorization_service,
|
|
|
|
mock_current_app,
|
|
|
|
mock_acme,
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-05-08 20:03:17 +02:00
|
|
|
mock_client = Mock()
|
|
|
|
mock_acme.return_value = (mock_client, "")
|
|
|
|
mock_request_certificate.return_value = ("pem_certificate", "chain")
|
|
|
|
|
|
|
|
mock_cert = Mock()
|
|
|
|
mock_cert.external_id = 1
|
|
|
|
|
|
|
|
provider = plugin.ACMEIssuerPlugin()
|
|
|
|
provider.get_dns_provider = Mock()
|
|
|
|
result = provider.get_ordered_certificate(mock_cert)
|
|
|
|
self.assertEqual(
|
2019-05-16 16:57:02 +02:00
|
|
|
result, {"body": "pem_certificate", "chain": "chain", "external_id": "1"}
|
2018-05-08 20:03:17 +02:00
|
|
|
)
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.setup_acme_client")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.authorization_service")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.dns_provider_service")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.get_authorizations")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.finalize_authorizations")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.request_certificate")
|
2018-05-08 20:03:17 +02:00
|
|
|
def test_get_ordered_certificates(
|
2020-03-16 19:41:05 +01:00
|
|
|
self,
|
|
|
|
mock_request_certificate,
|
|
|
|
mock_finalize_authorizations,
|
|
|
|
mock_get_authorizations,
|
|
|
|
mock_dns_provider_service,
|
|
|
|
mock_authorization_service,
|
|
|
|
mock_current_app,
|
|
|
|
mock_acme,
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-05-08 20:03:17 +02:00
|
|
|
mock_client = Mock()
|
|
|
|
mock_acme.return_value = (mock_client, "")
|
|
|
|
mock_request_certificate.return_value = ("pem_certificate", "chain")
|
|
|
|
|
|
|
|
mock_cert = Mock()
|
|
|
|
mock_cert.external_id = 1
|
|
|
|
|
|
|
|
mock_cert2 = Mock()
|
|
|
|
mock_cert2.external_id = 2
|
|
|
|
|
|
|
|
provider = plugin.ACMEIssuerPlugin()
|
|
|
|
provider.get_dns_provider = Mock()
|
|
|
|
result = provider.get_ordered_certificates([mock_cert, mock_cert2])
|
|
|
|
self.assertEqual(len(result), 2)
|
2019-05-16 16:57:02 +02:00
|
|
|
self.assertEqual(
|
|
|
|
result[0]["cert"],
|
|
|
|
{"body": "pem_certificate", "chain": "chain", "external_id": "1"},
|
|
|
|
)
|
|
|
|
self.assertEqual(
|
|
|
|
result[1]["cert"],
|
|
|
|
{"body": "pem_certificate", "chain": "chain", "external_id": "2"},
|
|
|
|
)
|
|
|
|
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.setup_acme_client")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.dns_provider_service")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.current_app")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.get_authorizations")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.finalize_authorizations")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.AcmeHandler.request_certificate")
|
|
|
|
@patch("lemur.plugins.lemur_acme.plugin.authorization_service")
|
|
|
|
def test_create_certificate(
|
2020-03-16 19:24:17 +01:00
|
|
|
self,
|
|
|
|
mock_authorization_service,
|
|
|
|
mock_request_certificate,
|
|
|
|
mock_finalize_authorizations,
|
|
|
|
mock_get_authorizations,
|
|
|
|
mock_current_app,
|
|
|
|
mock_dns_provider_service,
|
|
|
|
mock_acme,
|
2019-05-16 16:57:02 +02:00
|
|
|
):
|
2018-05-08 20:03:17 +02:00
|
|
|
provider = plugin.ACMEIssuerPlugin()
|
|
|
|
mock_authority = Mock()
|
|
|
|
|
|
|
|
mock_client = Mock()
|
|
|
|
mock_acme.return_value = (mock_client, "")
|
|
|
|
|
|
|
|
mock_dns_provider = Mock()
|
|
|
|
mock_dns_provider.credentials = '{"account_id": 1}'
|
|
|
|
mock_dns_provider.provider_type = "route53"
|
|
|
|
mock_dns_provider_service.get.return_value = mock_dns_provider
|
|
|
|
|
2018-05-10 21:57:54 +02:00
|
|
|
issuer_options = {
|
2019-05-16 16:57:02 +02:00
|
|
|
"authority": mock_authority,
|
|
|
|
"dns_provider": mock_dns_provider,
|
|
|
|
"common_name": "test.netflix.net",
|
2018-05-10 21:57:54 +02:00
|
|
|
}
|
2018-05-08 20:03:17 +02:00
|
|
|
csr = "123"
|
|
|
|
mock_request_certificate.return_value = ("pem_certificate", "chain")
|
|
|
|
result = provider.create_certificate(csr, issuer_options)
|
|
|
|
assert result
|
2019-08-05 22:59:59 +02:00
|
|
|
|
|
|
|
@patch("lemur.plugins.lemur_acme.ultradns.requests")
|
|
|
|
@patch("lemur.plugins.lemur_acme.ultradns.current_app")
|
2020-01-18 03:29:37 +01:00
|
|
|
def test_ultradns_get_token(self, mock_current_app, mock_requests):
|
2019-08-05 22:59:59 +02:00
|
|
|
# ret_val = json.dumps({"access_token": "access"})
|
|
|
|
the_response = Response()
|
|
|
|
the_response._content = b'{"access_token": "access"}'
|
|
|
|
mock_requests.post = Mock(return_value=the_response)
|
|
|
|
mock_current_app.config.get = Mock(return_value="Test")
|
|
|
|
result = ultradns.get_ultradns_token()
|
|
|
|
self.assertTrue(len(result) > 0)
|
|
|
|
|
|
|
|
@patch("lemur.plugins.lemur_acme.ultradns.current_app")
|
2020-01-18 03:29:37 +01:00
|
|
|
def test_ultradns_create_txt_record(self, mock_current_app):
|
2019-08-07 22:04:38 +02:00
|
|
|
domain = "_acme_challenge.test.example.com"
|
2019-08-07 22:20:24 +02:00
|
|
|
zone = "test.example.com"
|
2019-08-05 22:59:59 +02:00
|
|
|
token = "ABCDEFGHIJ"
|
|
|
|
account_number = "1234567890"
|
2019-08-07 22:55:02 +02:00
|
|
|
change_id = (domain, token)
|
2019-08-07 22:20:24 +02:00
|
|
|
ultradns.get_zone_name = Mock(return_value=zone)
|
2019-08-07 22:04:38 +02:00
|
|
|
mock_current_app.logger.debug = Mock()
|
|
|
|
ultradns._post = Mock()
|
|
|
|
log_data = {
|
|
|
|
"function": "create_txt_record",
|
|
|
|
"fqdn": domain,
|
|
|
|
"token": token,
|
|
|
|
"message": "TXT record created"
|
2019-08-05 22:59:59 +02:00
|
|
|
}
|
|
|
|
result = ultradns.create_txt_record(domain, token, account_number)
|
2019-08-07 22:04:38 +02:00
|
|
|
mock_current_app.logger.debug.assert_called_with(log_data)
|
2019-08-07 22:55:02 +02:00
|
|
|
self.assertEqual(result, change_id)
|
2019-08-05 22:59:59 +02:00
|
|
|
|
2019-08-07 22:04:38 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.ultradns.current_app")
|
|
|
|
@patch("lemur.extensions.metrics")
|
2020-01-18 03:29:37 +01:00
|
|
|
def test_ultradns_delete_txt_record(self, mock_metrics, mock_current_app):
|
2019-08-07 22:04:38 +02:00
|
|
|
domain = "_acme_challenge.test.example.com"
|
2019-08-07 22:27:21 +02:00
|
|
|
zone = "test.example.com"
|
2019-08-07 22:04:38 +02:00
|
|
|
token = "ABCDEFGHIJ"
|
|
|
|
account_number = "1234567890"
|
|
|
|
change_id = (domain, token)
|
|
|
|
mock_current_app.logger.debug = Mock()
|
2019-08-07 22:27:21 +02:00
|
|
|
ultradns.get_zone_name = Mock(return_value=zone)
|
2019-08-07 22:04:38 +02:00
|
|
|
ultradns._post = Mock()
|
|
|
|
ultradns._get = Mock()
|
|
|
|
ultradns._get.return_value = {'zoneName': 'test.example.com.com',
|
2020-03-16 19:24:17 +01:00
|
|
|
'rrSets': [{'ownerName': '_acme-challenge.test.example.com.',
|
|
|
|
'rrtype': 'TXT (16)', 'ttl': 5, 'rdata': ['ABCDEFGHIJ']}],
|
|
|
|
'queryInfo': {'sort': 'OWNER', 'reverse': False, 'limit': 100},
|
|
|
|
'resultInfo': {'totalCount': 1, 'offset': 0, 'returnedCount': 1}}
|
2019-08-07 22:04:38 +02:00
|
|
|
ultradns._delete = Mock()
|
|
|
|
mock_metrics.send = Mock()
|
2019-08-07 22:23:05 +02:00
|
|
|
ultradns.delete_txt_record(change_id, account_number, domain, token)
|
2019-08-07 22:04:38 +02:00
|
|
|
mock_current_app.logger.debug.assert_not_called()
|
|
|
|
mock_metrics.send.assert_not_called()
|
|
|
|
|
2019-08-07 22:39:20 +02:00
|
|
|
@patch("lemur.plugins.lemur_acme.ultradns.current_app")
|
2019-08-07 22:04:38 +02:00
|
|
|
@patch("lemur.extensions.metrics")
|
2020-01-18 03:29:37 +01:00
|
|
|
def test_ultradns_wait_for_dns_change(self, mock_metrics, mock_current_app):
|
2019-08-07 22:04:38 +02:00
|
|
|
ultradns._has_dns_propagated = Mock(return_value=True)
|
2019-08-07 23:38:18 +02:00
|
|
|
nameserver = "1.1.1.1"
|
2019-08-07 23:02:10 +02:00
|
|
|
ultradns.get_authoritative_nameserver = Mock(return_value=nameserver)
|
2019-08-07 22:04:38 +02:00
|
|
|
mock_metrics.send = Mock()
|
2019-08-07 22:39:20 +02:00
|
|
|
domain = "_acme-challenge.test.example.com"
|
|
|
|
token = "ABCDEFGHIJ"
|
|
|
|
change_id = (domain, token)
|
|
|
|
mock_current_app.logger.debug = Mock()
|
|
|
|
ultradns.wait_for_dns_change(change_id)
|
|
|
|
# mock_metrics.send.assert_not_called()
|
|
|
|
log_data = {
|
|
|
|
"function": "wait_for_dns_change",
|
|
|
|
"fqdn": domain,
|
|
|
|
"status": True,
|
|
|
|
"message": "Record status on Public DNS"
|
|
|
|
}
|
|
|
|
mock_current_app.logger.debug.assert_called_with(log_data)
|
|
|
|
|
2020-01-18 03:29:37 +01:00
|
|
|
def test_ultradns_get_zone_name(self):
|
2019-08-07 22:17:16 +02:00
|
|
|
zones = ['example.com', 'test.example.com']
|
|
|
|
zone = "test.example.com"
|
|
|
|
domain = "_acme-challenge.test.example.com"
|
|
|
|
account_number = "1234567890"
|
|
|
|
ultradns.get_zones = Mock(return_value=zones)
|
|
|
|
result = ultradns.get_zone_name(domain, account_number)
|
|
|
|
self.assertEqual(result, zone)
|
|
|
|
|
2020-01-18 03:29:37 +01:00
|
|
|
def test_ultradns_get_zones(self):
|
2019-08-07 22:17:16 +02:00
|
|
|
account_number = "1234567890"
|
|
|
|
path = "a/b/c"
|
|
|
|
zones = ['example.com', 'test.example.com']
|
2019-08-07 23:23:09 +02:00
|
|
|
paginate_response = [{
|
|
|
|
'properties': {
|
|
|
|
'name': 'example.com.', 'accountName': 'example', 'type': 'PRIMARY',
|
|
|
|
'dnssecStatus': 'UNSIGNED', 'status': 'ACTIVE', 'resourceRecordCount': 9,
|
|
|
|
'lastModifiedDateTime': '2017-06-14T06:45Z'},
|
|
|
|
'registrarInfo': {
|
|
|
|
'nameServers': {'missing': ['example.ultradns.com.', 'example.ultradns.net.',
|
|
|
|
'example.ultradns.biz.', 'example.ultradns.org.']}},
|
|
|
|
'inherit': 'ALL'}, {
|
|
|
|
'properties': {
|
|
|
|
'name': 'test.example.com.', 'accountName': 'example', 'type': 'PRIMARY',
|
|
|
|
'dnssecStatus': 'UNSIGNED', 'status': 'ACTIVE', 'resourceRecordCount': 9,
|
|
|
|
'lastModifiedDateTime': '2017-06-14T06:45Z'},
|
|
|
|
'registrarInfo': {
|
|
|
|
'nameServers': {'missing': ['example.ultradns.com.', 'example.ultradns.net.',
|
|
|
|
'example.ultradns.biz.', 'example.ultradns.org.']}},
|
|
|
|
'inherit': 'ALL'}, {
|
|
|
|
'properties': {
|
|
|
|
'name': 'example2.com.', 'accountName': 'example', 'type': 'SECONDARY',
|
|
|
|
'dnssecStatus': 'UNSIGNED', 'status': 'ACTIVE', 'resourceRecordCount': 9,
|
|
|
|
'lastModifiedDateTime': '2017-06-14T06:45Z'},
|
|
|
|
'registrarInfo': {
|
|
|
|
'nameServers': {'missing': ['example.ultradns.com.', 'example.ultradns.net.',
|
|
|
|
'example.ultradns.biz.', 'example.ultradns.org.']}},
|
|
|
|
'inherit': 'ALL'}]
|
2019-08-07 22:17:16 +02:00
|
|
|
ultradns._paginate = Mock(path, "zones")
|
|
|
|
ultradns._paginate.side_effect = [[paginate_response]]
|
|
|
|
result = ultradns.get_zones(account_number)
|
|
|
|
self.assertEqual(result, zones)
|