mirror of https://github.com/certd/certd
150 lines
5.1 KiB
JavaScript
150 lines
5.1 KiB
JavaScript
/**
|
|
* Challenge verification tests
|
|
*/
|
|
|
|
const { randomUUID: uuid } = require('crypto');
|
|
const { assert } = require('chai');
|
|
const cts = require('./challtestsrv');
|
|
const verify = require('./../src/verify');
|
|
|
|
const domainName = process.env.ACME_DOMAIN_NAME || 'example.com';
|
|
|
|
describe('verify', () => {
|
|
const challengeTypes = ['http-01', 'dns-01'];
|
|
|
|
const testHttp01Authz = { identifier: { type: 'dns', value: `${uuid()}.${domainName}` } };
|
|
const testHttp01Challenge = { type: 'http-01', status: 'pending', token: uuid() };
|
|
const testHttp01Key = uuid();
|
|
|
|
const testHttps01Authz = { identifier: { type: 'dns', value: `${uuid()}.${domainName}` } };
|
|
const testHttps01Challenge = { type: 'http-01', status: 'pending', token: uuid() };
|
|
const testHttps01Key = uuid();
|
|
|
|
const testDns01Authz = { identifier: { type: 'dns', value: `${uuid()}.${domainName}` } };
|
|
const testDns01Challenge = { type: 'dns-01', status: 'pending', token: uuid() };
|
|
const testDns01Key = uuid();
|
|
const testDns01Cname = `${uuid()}.${domainName}`;
|
|
|
|
const testTlsAlpn01Authz = { identifier: { type: 'dns', value: `${uuid()}.${domainName}` } };
|
|
const testTlsAlpn01Challenge = { type: 'dns-01', status: 'pending', token: uuid() };
|
|
const testTlsAlpn01Key = uuid();
|
|
|
|
/**
|
|
* Pebble CTS required
|
|
*/
|
|
|
|
before(function () {
|
|
if (!cts.isEnabled()) {
|
|
this.skip();
|
|
}
|
|
});
|
|
|
|
/**
|
|
* API
|
|
*/
|
|
|
|
it('should expose verification api', async () => {
|
|
assert.containsAllKeys(verify, challengeTypes);
|
|
});
|
|
|
|
/**
|
|
* http-01
|
|
*/
|
|
|
|
describe('http-01', () => {
|
|
it('should reject challenge', async () => {
|
|
await assert.isRejected(verify['http-01'](testHttp01Authz, testHttp01Challenge, testHttp01Key));
|
|
});
|
|
|
|
it('should mock challenge response', async () => {
|
|
const resp = await cts.addHttp01ChallengeResponse(testHttp01Challenge.token, testHttp01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should verify challenge', async () => {
|
|
const resp = await verify['http-01'](testHttp01Authz, testHttp01Challenge, testHttp01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should mock challenge response with trailing newline', async () => {
|
|
const resp = await cts.addHttp01ChallengeResponse(testHttp01Challenge.token, `${testHttp01Key}\n`);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should verify challenge with trailing newline', async () => {
|
|
const resp = await verify['http-01'](testHttp01Authz, testHttp01Challenge, testHttp01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
});
|
|
|
|
/**
|
|
* https-01
|
|
*/
|
|
|
|
describe('https-01', () => {
|
|
it('should reject challenge', async () => {
|
|
await assert.isRejected(verify['http-01'](testHttps01Authz, testHttps01Challenge, testHttps01Key));
|
|
});
|
|
|
|
it('should mock challenge response', async () => {
|
|
const resp = await cts.addHttps01ChallengeResponse(testHttps01Challenge.token, testHttps01Key, testHttps01Authz.identifier.value);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should verify challenge', async () => {
|
|
const resp = await verify['http-01'](testHttps01Authz, testHttps01Challenge, testHttps01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
});
|
|
|
|
/**
|
|
* dns-01
|
|
*/
|
|
|
|
describe('dns-01', () => {
|
|
it('should reject challenge', async () => {
|
|
await assert.isRejected(verify['dns-01'](testDns01Authz, testDns01Challenge, testDns01Key));
|
|
});
|
|
|
|
it('should mock challenge response', async () => {
|
|
const resp = await cts.addDns01ChallengeResponse(`_acme-challenge.${testDns01Authz.identifier.value}.`, testDns01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should add cname to challenge response', async () => {
|
|
const resp = await cts.setDnsCnameRecord(testDns01Cname, `_acme-challenge.${testDns01Authz.identifier.value}.`);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should verify challenge', async () => {
|
|
const resp = await verify['dns-01'](testDns01Authz, testDns01Challenge, testDns01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should verify challenge using cname', async () => {
|
|
const resp = await verify['dns-01'](testDns01Authz, testDns01Challenge, testDns01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
});
|
|
|
|
/**
|
|
* tls-alpn-01
|
|
*/
|
|
|
|
describe('tls-alpn-01', () => {
|
|
it('should reject challenge', async () => {
|
|
await assert.isRejected(verify['tls-alpn-01'](testTlsAlpn01Authz, testTlsAlpn01Challenge, testTlsAlpn01Key));
|
|
});
|
|
|
|
it('should mock challenge response', async () => {
|
|
const resp = await cts.addTlsAlpn01ChallengeResponse(testTlsAlpn01Authz.identifier.value, testTlsAlpn01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
|
|
it('should verify challenge', async () => {
|
|
const resp = await verify['tls-alpn-01'](testTlsAlpn01Authz, testTlsAlpn01Challenge, testTlsAlpn01Key);
|
|
assert.isTrue(resp);
|
|
});
|
|
});
|
|
});
|