Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add dns-account-01 integration test in chisel #7319

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

feat: add dns-account-01 integration test in chisel #7319

wants to merge 7 commits into from

Conversation

sheurich
Copy link
Contributor

@sheurich sheurich commented Feb 8, 2024
edited

This change adds preliminary dns-account-01 challenge support to the Python-based integration test suite.

Implemented tests:

  • test_dns_account_challenge_multidomain
  • test_dns_account_challenge_wildcardmultidomain

The certbot/acme library support for dns-account-01 is a prerequisite; see certbot/certbot#9887.

Tested with initial Boulder support in 0b6192c (#7303).

Assuming you have the above certbot in the boulder directory, the following works:

docker compose -f docker-compose.yml -f docker-compose.next.yml run boulder bash -c \
  'pip install -e certbot/acme && ./test.sh -i -f test_dns_account_challenge'

Combined test output is:

pebble-challtestsrv - 2024/02/12 19:37:21 Added DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.af70283b.xyz." - Value "En_vsg9nRCOt-UrVtN3bI2QCB-R4WekJmMv-MN6B_bg"
pebble-challtestsrv - 2024/02/12 19:37:21 Added DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.bab2cb70.xyz." - Value "KOH2QugY2slM6TjeIuUxDVADGbkUaMS0B4C3D8jCsKk"
19:37:21.577070 6 boulder-va 9NTnLAA [AUDIT] Checked CAA records for rand.af70283b.xyz, [Present: false, Account ID: 154, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:21.579650 6 boulder-va r5q3wA8 [AUDIT] Validation result JSON={"ID":"197","Requester":154,"Hostname":"rand.af70283b.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"qCcmr70OxhyZ9P6R7axJKvFqMy33X_n4Ie-PTHJ0Ftw","keyAuthorization":"qCcmr70OxhyZ9P6R7axJKvFqMy33X_n4Ie-PTHJ0Ftw.gXUtWpMz1F-lLUtGxFr8Tw1np_NlrVl8vzbZbvTgy-g","validationRecord":[{"hostname":"rand.af70283b.xyz","resolverAddrs":["10.77.77.77:8443"]}]},"ValidationLatency":0.009}
19:37:21.583988 6 boulder-va uNf2UQA [AUDIT] Checked CAA records for rand.bab2cb70.xyz, [Present: false, Account ID: 154, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:21.584272 6 boulder-va h9XT0wM [AUDIT] Validation result JSON={"ID":"198","Requester":154,"Hostname":"rand.bab2cb70.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"MykKq_5cS1SAWTsB1xhCO9DFKbFk8deNEA6jy_D2Z-E","keyAuthorization":"MykKq_5cS1SAWTsB1xhCO9DFKbFk8deNEA6jy_D2Z-E.gXUtWpMz1F-lLUtGxFr8Tw1np_NlrVl8vzbZbvTgy-g","validationRecord":[{"hostname":"rand.bab2cb70.xyz","resolverAddrs":["10.77.77.77:8343"]}]},"ValidationLatency":0.005}
19:37:22.629805 6 boulder-ra -9uYZgA FinalizationCaaCheck JSON={"Requester":154,"Reused":2}
19:37:22.676705 6 boulder-ra w9nB8Qg [AUDIT] Certificate request - successful JSON={"ID":"jUQO5pqbdzx_uDL426sN5eXYUPhMHNKk4RnElf_BxYk","Requester":154,"OrderID":140,"SerialNumber":"7f7c4a64221f02c5e35e23ad21f48401f265","VerifiedFields":["subject.commonName","subjectAltName"],"CommonName":"rand.bab2cb70.xyz","Names":["rand.af70283b.xyz","rand.bab2cb70.xyz"],"NotBefore":"2024-02-12T18:37:22Z","NotAfter":"2024-05-12T18:37:21Z","RequestTime":"2024-02-12T19:37:22.624606228Z","ResponseTime":"2024-02-12T19:37:22.676618721Z","Authorizations":{"rand.af70283b.xyz":{"ID":"197","ChallengeType":"dns-account-01"},"rand.bab2cb70.xyz":{"ID":"198","ChallengeType":"dns-account-01"}}}
pebble-challtestsrv - 2024/02/12 19:37:23 Removed DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.af70283b.xyz"
pebble-challtestsrv - 2024/02/12 19:37:23 Removed DNS-01 TXT challenge for Host "_acme-challenge_xxp5nyd4giomkpg5.rand.bab2cb70.xyz"
pebble-challtestsrv - 2024/02/12 19:37:23 Added DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.3ff22dda.xyz." - Value "KdiD-Vbe3bPLWsE2XyyPugx2sVkd_uCOkPwTuNHCKto"
pebble-challtestsrv - 2024/02/12 19:37:23 Added DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.cf45eed4.xyz." - Value "IRstkGJ3xxTBgayqeVOgaUlnnlb2FRODArggAUTUciI"
19:37:23.843814 6 boulder-va majk8AE [AUDIT] Checked CAA records for *.rand.3ff22dda.xyz, [Present: false, Account ID: 155, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:23.845242 6 boulder-va i5GFsQ0 [AUDIT] Validation result JSON={"ID":"199","Requester":155,"Hostname":"*.rand.3ff22dda.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"GCXplv8333LwKOqOmwUlqxWA-8mfV0rqTVtN5Fr7FyQ","keyAuthorization":"GCXplv8333LwKOqOmwUlqxWA-8mfV0rqTVtN5Fr7FyQ.7rCalkEJGRHq27gOWpUeoIcZZcxwm2r561u6W_46cRs","validationRecord":[{"hostname":"rand.3ff22dda.xyz","resolverAddrs":["10.77.77.77:8443"]}]},"ValidationLatency":0.006}
19:37:23.851623 6 boulder-va 3ISrjAo [AUDIT] Checked CAA records for rand.cf45eed4.xyz, [Present: false, Account ID: 155, Challenge: dns-account-01, Valid for issuance: true, Found at: ""] Response=""
19:37:23.851749 6 boulder-va reOm_gU [AUDIT] Validation result JSON={"ID":"200","Requester":155,"Hostname":"rand.cf45eed4.xyz","Challenge":{"type":"dns-account-01","status":"valid","token":"NUZZBYny-KI4CilPeXZ0C_xaLQc0_zqXY25AInc7tyU","keyAuthorization":"NUZZBYny-KI4CilPeXZ0C_xaLQc0_zqXY25AInc7tyU.7rCalkEJGRHq27gOWpUeoIcZZcxwm2r561u6W_46cRs","validationRecord":[{"hostname":"rand.cf45eed4.xyz","resolverAddrs":["10.77.77.77:8443"]}]},"ValidationLatency":0.006}
19:37:24.896026 6 boulder-ra _ujDig0 FinalizationCaaCheck JSON={"Requester":155,"Reused":2}
19:37:24.935591 6 boulder-ra l4Ssnwg [AUDIT] Certificate request - successful JSON={"ID":"9go0UlDwWnei-vuAB85MnImfWwjQcJQKodjyzOX4Gag","Requester":155,"OrderID":141,"SerialNumber":"7f0e8fea93319bc76873f0bbf33130ddf704","VerifiedFields":["subject.commonName","subjectAltName"],"CommonName":"rand.cf45eed4.xyz","Names":["*.rand.3ff22dda.xyz","rand.cf45eed4.xyz"],"NotBefore":"2024-02-12T18:37:24Z","NotAfter":"2024-05-12T18:37:23Z","RequestTime":"2024-02-12T19:37:24.890982663Z","ResponseTime":"2024-02-12T19:37:24.935507509Z","Authorizations":{"*.rand.3ff22dda.xyz":{"ID":"199","ChallengeType":"dns-account-01"},"rand.cf45eed4.xyz":{"ID":"200","ChallengeType":"dns-account-01"}}}
pebble-challtestsrv - 2024/02/12 19:37:25 Removed DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.3ff22dda.xyz"
pebble-challtestsrv - 2024/02/12 19:37:25 Removed DNS-01 TXT challenge for Host "_acme-challenge_sijlbx7rnnewpjn3.rand.cf45eed4.xyz"

@sheurich sheurich mentioned this pull request Feb 8, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sheurich @orangepizza