diff --git a/caddy/letsencrypt/letsencrypt_test.go b/caddy/letsencrypt/letsencrypt_test.go index f7fe3bea..606e08a9 100644 --- a/caddy/letsencrypt/letsencrypt_test.go +++ b/caddy/letsencrypt/letsencrypt_test.go @@ -122,7 +122,7 @@ func TestRedirPlaintextHost(t *testing.T) { } func TestSaveCertResource(t *testing.T) { - storage = Storage("./le_test") + storage = Storage("./le_test_save") defer func() { err := os.RemoveAll(string(storage)) if err != nil { @@ -176,3 +176,168 @@ func TestSaveCertResource(t *testing.T) { t.Errorf("Expected meta file to contain '%s', got '%s'", metaContents, string(metaFile)) } } + +func TestExistingCertAndKey(t *testing.T) { + storage = Storage("./le_test_existing") + defer func() { + err := os.RemoveAll(string(storage)) + if err != nil { + t.Fatalf("Could not remove temporary storage directory (%s): %v", storage, err) + } + }() + + domain := "example.com" + + if existingCertAndKey(domain) { + t.Errorf("Did NOT expect %v to have existing cert or key, but it did", domain) + } + + err := saveCertResource(acme.CertificateResource{ + Domain: domain, + PrivateKey: []byte("key"), + Certificate: []byte("cert"), + }) + if err != nil { + t.Fatalf("Expected no error, got: %v", err) + } + + if !existingCertAndKey(domain) { + t.Errorf("Expected %v to have existing cert and key, but it did NOT", domain) + } +} + +func TestHostHasOtherPort(t *testing.T) { + configs := []server.Config{ + server.Config{Host: "example.com", Port: "80"}, + server.Config{Host: "sub1.example.com", Port: "80"}, + server.Config{Host: "sub1.example.com", Port: "443"}, + } + + if hostHasOtherPort(configs, 0, "80") { + t.Errorf(`Expected hostHasOtherPort(configs, 0, "80") to be false, but got true`) + } + if hostHasOtherPort(configs, 0, "443") { + t.Errorf(`Expected hostHasOtherPort(configs, 0, "443") to be false, but got true`) + } + if !hostHasOtherPort(configs, 1, "443") { + t.Errorf(`Expected hostHasOtherPort(configs, 1, "443") to be true, but got false`) + } +} + +func TestMakePlaintextRedirects(t *testing.T) { + configs := []server.Config{ + // Happy path = standard redirect from 80 to 443 + server.Config{Host: "example.com", TLS: server.TLSConfig{Managed: true}}, + + // Host on port 80 already defined; don't change it (no redirect) + server.Config{Host: "sub1.example.com", Port: "80", Scheme: "http"}, + server.Config{Host: "sub1.example.com", TLS: server.TLSConfig{Managed: true}}, + + // Redirect from port 80 to port 5000 in this case + server.Config{Host: "sub2.example.com", Port: "5000", TLS: server.TLSConfig{Managed: true}}, + + // Can redirect from 80 to either 443 or 5001, but choose 443 + server.Config{Host: "sub3.example.com", Port: "443", TLS: server.TLSConfig{Managed: true}}, + server.Config{Host: "sub3.example.com", Port: "5001", Scheme: "https", TLS: server.TLSConfig{Managed: true}}, + } + + result := MakePlaintextRedirects(configs) + expectedRedirCount := 3 + + if len(result) != len(configs)+expectedRedirCount { + t.Errorf("Expected %d redirect(s) to be added, but got %d", + expectedRedirCount, len(result)-len(configs)) + } +} + +func TestEnableTLS(t *testing.T) { + configs := []server.Config{ + server.Config{TLS: server.TLSConfig{Managed: true}}, + server.Config{}, // not managed - no changes! + } + + EnableTLS(configs) + + if !configs[0].TLS.Enabled { + t.Errorf("Expected config 0 to have TLS.Enabled == true, but it was false") + } + if configs[0].TLS.Certificate == "" { + t.Errorf("Expected config 0 to have TLS.Certificate set, but it was empty") + } + if configs[0].TLS.Key == "" { + t.Errorf("Expected config 0 to have TLS.Key set, but it was empty") + } + + if configs[1].TLS.Enabled { + t.Errorf("Expected config 1 to have TLS.Enabled == false, but it was true") + } + if configs[1].TLS.Certificate != "" { + t.Errorf("Expected config 1 to have TLS.Certificate empty, but it was: %s", configs[1].TLS.Certificate) + } + if configs[1].TLS.Key != "" { + t.Errorf("Expected config 1 to have TLS.Key empty, but it was: %s", configs[1].TLS.Key) + } +} + +func TestGroupConfigsByEmail(t *testing.T) { + if groupConfigsByEmail([]server.Config{}) == nil { + t.Errorf("With empty input, returned map was nil, but expected non-nil map") + } + + configs := []server.Config{ + server.Config{Host: "example.com", TLS: server.TLSConfig{LetsEncryptEmail: "", Managed: true}}, + server.Config{Host: "sub1.example.com", TLS: server.TLSConfig{LetsEncryptEmail: "foo@bar", Managed: true}}, + server.Config{Host: "sub2.example.com", TLS: server.TLSConfig{LetsEncryptEmail: "", Managed: true}}, + server.Config{Host: "sub3.example.com", TLS: server.TLSConfig{LetsEncryptEmail: "foo@bar", Managed: true}}, + server.Config{Host: "sub4.example.com", TLS: server.TLSConfig{LetsEncryptEmail: "", Managed: true}}, + server.Config{Host: "sub5.example.com", TLS: server.TLSConfig{LetsEncryptEmail: ""}}, // not managed + } + DefaultEmail = "test@example.com" // bypass prompt during tests... + + groups := groupConfigsByEmail(configs) + + if groups == nil { + t.Fatalf("Returned map was nil, but expected values") + } + + if len(groups) != 2 { + t.Errorf("Expected 2 groups, got %d: %#v", len(groups), groups) + } + if len(groups["foo@bar"]) != 2 { + t.Errorf("Expected 2 configs for foo@bar, got %d: %#v", len(groups["foobar"]), groups["foobar"]) + } + if len(groups[DefaultEmail]) != 3 { + t.Errorf("Expected 3 configs for %s, got %d: %#v", DefaultEmail, len(groups["foobar"]), groups["foobar"]) + } +} + +func TestMarkQualified(t *testing.T) { + // TODO: TestConfigQualifies and this test share the same config list... + configs := []server.Config{ + {Host: "localhost"}, + {Host: "example.com"}, + {Host: "example.com", TLS: server.TLSConfig{Certificate: "cert.pem"}}, + {Host: "example.com", TLS: server.TLSConfig{Key: "key.pem"}}, + {Host: "example.com", TLS: server.TLSConfig{LetsEncryptEmail: "off"}}, + {Host: "example.com", TLS: server.TLSConfig{LetsEncryptEmail: "foo@bar.com"}}, + {Host: "example.com", Scheme: "http"}, + {Host: "example.com", Port: "80"}, + {Host: "example.com", Port: "1234"}, + {Host: "example.com", Scheme: "https"}, + {Host: "example.com", Port: "80", Scheme: "https"}, + } + expectedManagedCount := 4 + + MarkQualified(configs) + + count := 0 + for _, cfg := range configs { + if cfg.TLS.Managed { + count++ + } + } + + if count != expectedManagedCount { + t.Errorf("Expected %d managed configs, but got %d", expectedManagedCount, count) + } +} diff --git a/caddy/letsencrypt/user_test.go b/caddy/letsencrypt/user_test.go index d074856a..1f9c9e4f 100644 --- a/caddy/letsencrypt/user_test.go +++ b/caddy/letsencrypt/user_test.go @@ -125,6 +125,11 @@ func TestGetUserAlreadyExists(t *testing.T) { } func TestGetEmail(t *testing.T) { + // let's not clutter up the output + origStdout := os.Stdout + os.Stdout = nil + defer func() { os.Stdout = origStdout }() + storage = Storage("./testdata") defer os.RemoveAll(string(storage)) DefaultEmail = "test2@foo.com"