certbot/letsencrypt-apache/letsencrypt_apache/tests/dvsni_test.py

"""Test for letsencrypt_apache.dvsni."""
import unittest
import shutil

import mock

from letsencrypt.plugins import common_test

from letsencrypt_apache import obj
from letsencrypt_apache.tests import util


class DvsniPerformTest(util.ApacheTest):
    """Test the ApacheDVSNI challenge."""

    auth_key = common_test.DvsniTest.auth_key
    achalls = common_test.DvsniTest.achalls

    def setUp(self):  # pylint: disable=arguments-differ
        super(DvsniPerformTest, self).setUp()

        config = util.get_apache_configurator(
            self.config_path, self.config_dir, self.work_dir)
        config.config.dvsni_port = 443

        from letsencrypt_apache import dvsni
        self.sni = dvsni.ApacheDvsni(config)

    def tearDown(self):
        shutil.rmtree(self.temp_dir)
        shutil.rmtree(self.config_dir)
        shutil.rmtree(self.work_dir)

    def test_perform0(self):
        resp = self.sni.perform()
        self.assertEqual(len(resp), 0)

    @mock.patch("letsencrypt.le_util.exe_exists")
    @mock.patch("letsencrypt.le_util.run_script")
    def test_perform1(self, _, mock_exists):
        mock_register = mock.Mock()
        self.sni.configurator.reverter.register_undo_command = mock_register

        mock_exists.return_value = True
        self.sni.configurator.parser.update_runtime_variables = mock.Mock()

        achall = self.achalls[0]
        self.sni.add_chall(achall)
        response = self.achalls[0].gen_response(self.auth_key)
        mock_setup_cert = mock.MagicMock(return_value=response)
        # pylint: disable=protected-access
        self.sni._setup_challenge_cert = mock_setup_cert

        responses = self.sni.perform()

        # Make sure that register_undo_command was called into temp directory.
        self.assertEqual(True, mock_register.call_args[0][0])

        mock_setup_cert.assert_called_once_with(achall)

        # Check to make sure challenge config path is included in apache config.
        self.assertEqual(
            len(self.sni.configurator.parser.find_dir(
                "Include", self.sni.challenge_conf)), 1)
        self.assertEqual(len(responses), 1)
        self.assertEqual(responses[0], response)

    def test_perform2(self):
        # Avoid load module
        self.sni.configurator.parser.modules.add("ssl_module")

        acme_responses = []
        for achall in self.achalls:
            self.sni.add_chall(achall)
            acme_responses.append(achall.gen_response(self.auth_key))

        mock_setup_cert = mock.MagicMock(side_effect=acme_responses)
        # pylint: disable=protected-access
        self.sni._setup_challenge_cert = mock_setup_cert

        sni_responses = self.sni.perform()

        self.assertEqual(mock_setup_cert.call_count, 2)

        # Make sure calls made to mocked function were correct
        self.assertEqual(
            mock_setup_cert.call_args_list[0], mock.call(self.achalls[0]))
        self.assertEqual(
            mock_setup_cert.call_args_list[1], mock.call(self.achalls[1]))

        self.assertEqual(
            len(self.sni.configurator.parser.find_dir(
                "Include", self.sni.challenge_conf)),
            1)
        self.assertEqual(len(sni_responses), 2)
        for i in xrange(2):
            self.assertEqual(sni_responses[i], acme_responses[i])

    def test_mod_config(self):
        z_domains = []
        for achall in self.achalls:
            self.sni.add_chall(achall)
            z_domain = achall.gen_response(self.auth_key).z_domain
            z_domains.append(set([z_domain]))

        self.sni._mod_config()  # pylint: disable=protected-access
        self.sni.configurator.save()

        self.sni.configurator.parser.find_dir(
            "Include", self.sni.challenge_conf)
        vh_match = self.sni.configurator.aug.match(
            "/files" + self.sni.challenge_conf + "//VirtualHost")

        vhs = []
        for match in vh_match:
            # pylint: disable=protected-access
            vhs.append(self.sni.configurator._create_vhost(match))
        self.assertEqual(len(vhs), 2)
        for vhost in vhs:
            self.assertEqual(vhost.addrs, set([obj.Addr.fromstring("*:443")]))
            names = vhost.get_names()
            self.assertTrue(names in z_domains)

    def test_get_dvsni_addrs_default(self):
        self.sni.configurator.choose_vhost = mock.Mock(
            return_value=obj.VirtualHost(
                "path", "aug_path", set([obj.Addr.fromstring("_default_:443")]),
                False, False)
        )

        self.assertEqual(
            set([obj.Addr.fromstring("*:443")]),
            self.sni.get_dvsni_addrs(self.achalls[0]))


if __name__ == "__main__":
    unittest.main()  # pragma: no cover