diff --git a/certbot/tests/client_test.py b/certbot/tests/client_test.py index 0219cb0f3..118470214 100644 --- a/certbot/tests/client_test.py +++ b/certbot/tests/client_test.py @@ -60,8 +60,6 @@ class RegisterTest(test_util.ConfigTestCase): self.config.register_unsafely_without_email = False self.config.email = "alias@example.com" self.account_storage = account.AccountMemoryStorage() - self.config.eab_hmac_key = "hmac-key-for-testing" - self.config.eab_kid = "kid-for-testing" def _call(self): from certbot.client import register @@ -75,14 +73,19 @@ class RegisterTest(test_util.ConfigTestCase): return m @staticmethod - def _directory_getitem_mock(input): - return "/acme/new-account" + def _directory_mock(ea_required): + def _directory_getitem_mock(input): + if input == "meta": + return {'externalAccountRequired': ea_required} + else: + return "/acme/new-account" + + return _directory_getitem_mock def test_no_tos(self): with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: mock_client.new_account_and_tos().terms_of_service = "http://tos" - mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) - mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_getitem_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) with mock.patch("certbot.eff.handle_subscription") as mock_handle: with mock.patch("certbot.account.report_new_account"): mock_client().new_account_and_tos.side_effect = errors.Error @@ -95,8 +98,7 @@ class RegisterTest(test_util.ConfigTestCase): def test_it(self): with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: - mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) - mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_getitem_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) with mock.patch("certbot.account.report_new_account"): with mock.patch("certbot.eff.handle_subscription"): self._call() @@ -109,8 +111,7 @@ class RegisterTest(test_util.ConfigTestCase): msg = "DNS problem: NXDOMAIN looking up MX for example.com" mx_err = messages.Error.with_code('invalidContact', detail=msg) with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: - mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) - mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_getitem_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) with mock.patch("certbot.eff.handle_subscription") as mock_handle: mock_client().new_account_and_tos.side_effect = [mx_err, mock.MagicMock()] self._call() @@ -124,8 +125,7 @@ class RegisterTest(test_util.ConfigTestCase): msg = "DNS problem: NXDOMAIN looking up MX for example.com" mx_err = messages.Error.with_code('invalidContact', detail=msg) with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: - mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) - mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_getitem_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) with mock.patch("certbot.eff.handle_subscription"): mock_client().new_account_and_tos.side_effect = [mx_err, mock.MagicMock()] self.assertRaises(errors.Error, self._call) @@ -138,8 +138,7 @@ class RegisterTest(test_util.ConfigTestCase): def test_without_email(self, mock_logger): with mock.patch("certbot.eff.handle_subscription") as mock_handle: with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: - mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) - mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_getitem_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) with mock.patch("certbot.account.report_new_account"): self.config.email = None self.config.register_unsafely_without_email = True @@ -153,8 +152,7 @@ class RegisterTest(test_util.ConfigTestCase): def test_dry_run_no_staging_account(self, _rep, mock_get_email): """Tests dry-run for no staging account, expect account created with no email""" with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: - mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) - mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_getitem_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) with mock.patch("certbot.eff.handle_subscription"): with mock.patch("certbot.account.report_new_account"): self.config.dry_run = True @@ -164,13 +162,45 @@ class RegisterTest(test_util.ConfigTestCase): # check Certbot created an account with no email. Contact should return empty self.assertFalse(mock_client().new_account_and_tos.call_args[0][0].contact) + def test_with_eab_arguments(self): + with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) + with mock.patch("certbot.eff.handle_subscription"): + with mock.patch("certbot.client.messages.ExternalAccountBinding.from_data") as mock_eab_from_data: + self.config.eab_kid = "test-kid" + self.config.eab_hmac_key = "J2OAqW4MHXsrHVa_PVg0Y-L_R4SYw0_aL1le6mfblbE" + self._call() + + self.assertTrue(mock_eab_from_data.called) + + def test_without_eab_arguments(self): + with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) + with mock.patch("certbot.eff.handle_subscription"): + with mock.patch("certbot.client.messages.ExternalAccountBinding.from_data") as mock_eab_from_data: + self.config.eab_kid = None + self.config.eab_hmac_key = None + self._call() + + self.assertFalse(mock_eab_from_data.called) + + def test_external_account_required_without_eab_arguments(self): + with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: + mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(True)) + with mock.patch("certbot.eff.handle_subscription"): + with mock.patch("certbot.client.messages.ExternalAccountBinding.from_data") as mock_eab_from_data: + self.config.eab_kid = None + self.config.eab_hmac_key = None + + self.assertRaises(errors.Error, self._call) + def test_unsupported_error(self): from acme import messages msg = "Test" mx_err = messages.Error(detail=msg, typ="malformed", title="title") with mock.patch("certbot.client.acme_client.BackwardsCompatibleClientV2") as mock_client: - mock_client().client.net.key.public_key = mock.Mock(side_effect=self._public_key_mock) - mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_getitem_mock) + mock_client().client.directory.__getitem__ = mock.Mock(side_effect=self._directory_mock(False)) with mock.patch("certbot.eff.handle_subscription") as mock_handle: mock_client().new_account_and_tos.side_effect = [mx_err, mock.MagicMock()] self.assertRaises(messages.Error, self._call)