Merge pull request #550 from srvrco/test-improvement

Fix domain case conversion for different locales

getssl

@@ -224,11 +224,13 @@
 # 2020-04-16 Add -i|--install command line option (2.23)
 # 2020-04-19 Remove dependency on seq, ensure clean_up doesn't try to delete /tmp (2.24)
 # 2020-04-20 Check for domain using all DNS utilities (2.25)
+# 2020-04-22 Fix HAS_HOST and HAS_NSLOOKUP checks - wolfaba
+# 2020-04-22 Fix domain case conversion for different locales (2.26) - glynge
 # ----------------------------------------------------------------------------------------
 
 PROGNAME=${0##*/}
 PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)"
-VERSION="2.25"
+VERSION="2.26"
 
 # defaults
 ACCOUNT_KEY_LENGTH=4096
@@ -532,14 +534,14 @@ check_config() { # check the config files for all obvious errors
         fi
       fi
 
-      if [[ "$HAS_HOST" == true ]]; then
+      if [[ "$HAS_HOST" == "true" ]]; then
         debug "DNS lookup using host ${d}"
         if [[ "$(host "${d}" |grep -c -i "^${d}")" -ge 1 ]]; then
           found_ip=true
         fi
       fi
 
-      if [[ "$HAS_NSLOOKUP" == true ]]; then
+      if [[ "$HAS_NSLOOKUP" == "true" ]]; then
         debug "DNS lookup using nslookup -query AAAA ${d}"
         if [[ "$(nslookup -query=AAAA "${d}"|grep -c -i "^${d}.*has AAAA address")" -ge 1 ]]; then
           debug "found IPv6 record for ${d}"
@@ -863,8 +865,7 @@ create_order() {
       dn=0
       for d in $alldomains; do
         # Convert domain to lowercase as response from server will be in lowercase
-        # shellcheck disable=SC2018,SC2019
-        d=$(echo "$d" | tr A-Z a-z)
+        d=$(echo "$d" | tr "[:upper:]" "[:lower:]")
         if [ "$d" == "$authdomain" ]; then
           debug "Saving authorization response for $authdomain for domain alldomains[$dn]"
           AuthLinkResponse[$dn]=$response
@@ -1260,7 +1261,7 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
     fi
   fi
 
-  if [[ "$HAS_HOST" == true ]]; then
+  if [[ "$HAS_HOST" == "true" ]]; then
     gad_d="$orig_gad_d"
     debug Using "host -t NS" to find primary name server for "$gad_d"
     if [[ -z "$gad_s" ]]; then
@@ -1279,7 +1280,7 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
     fi
   fi
 
-  if [[ "$HAS_NSLOOKUP" == true ]]; then
+  if [[ "$HAS_NSLOOKUP" == "true" ]]; then
     gad_d="$orig_gad_d"
     debug Using "nslookup -debug -type=soa -type=ns $gad_d $gad_s" to find primary name server
     res=$(nslookup -debug -type=soa -type=ns "$gad_d" ${gad_s})

test/1-simple-http01.bats

@@ -20,9 +20,7 @@ setup() {
     init_getssl
     create_certificate
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }
 
 
@@ -32,8 +30,6 @@ setup() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
     cleanup_environment
 }

test/10-mixed-case-staging.bats

@@ -18,7 +18,5 @@ load '/getssl/test/test_helper.bash'
     create_certificate
 
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }

test/10-mixed-case.bats

@@ -23,9 +23,7 @@ setup() {
     create_certificate
 
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }
 
 @test "Check that DNS-01 verification works if the domain is not lowercase" {
@@ -39,7 +37,5 @@ setup() {
     init_getssl
     create_certificate
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }

test/11-test--install.bats

@@ -32,9 +32,7 @@ setup() {
     run ${CODE_DIR}/getssl "$GETSSL_CMD_HOST"
 
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
     assert_line 'Verification completed, obtaining certificate.'
     assert_line 'Requesting certificate'
     refute [ -d '$HOME/.getssl' ]
@@ -53,9 +51,7 @@ setup() {
     run ${CODE_DIR}/getssl --install "$GETSSL_CMD_HOST"
 
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
     refute_line 'Verification completed, obtaining certificate.'
     refute_line 'Requesting certificate'
     assert_line --partial 'copying domain certificate to'

test/11-test-no-domain-storage.bats

@@ -15,5 +15,6 @@ load '/getssl/test/test_helper.bash'
     cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg"
     run ${CODE_DIR}/getssl -a
     assert_success
+    check_output_for_errors
     assert_line 'Not going to delete TEMP_DIR ///tmp as it appears to be /tmp'
 }

test/2-simple-dns01-dig.bats

@@ -22,9 +22,7 @@ setup() {
     create_certificate -d
     assert_success
     assert_output --partial "dig"
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'  # don't fail for :error:badNonce
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors "debug"
 }
 
 
@@ -35,8 +33,6 @@ setup() {
     run ${CODE_DIR}/getssl -d -f $GETSSL_HOST
     assert_success
     assert_output --partial "dig"
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'  # don't fail for :error:badNonce
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors "debug"
     cleanup_environment
 }

test/2-simple-dns01-nslookup.bats

@@ -32,8 +32,5 @@ teardown() {
     create_certificate -d
     assert_success
     assert_output --partial "nslookup"
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'  # don't fail for :error:badNonce
-    # don't check for "Warnings:" as there might be a warning message if nslookup doesn't support -debug (alpine/ubuntu)
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]'
+    check_output_for_errors "debug"
 }

test/3-dual-rsa-ecdsa.bats

@@ -20,6 +20,7 @@ setup() {
     init_getssl
     create_certificate
     assert_success
+    check_output_for_errors
 }
 
 
@@ -29,6 +30,7 @@ setup() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
+    check_output_for_errors
 }
 
 @test "Create dual certificates using DNS-01 verification" {
@@ -40,6 +42,7 @@ setup() {
     init_getssl
     create_certificate
     assert_success
+    check_output_for_errors
 }
 
 
@@ -49,5 +52,6 @@ setup() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
+    check_output_for_errors
     cleanup_environment
 }

test/4-more-than-10-hosts.bats

@@ -26,9 +26,7 @@ setup() {
     init_getssl
     create_certificate
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }
 
 
@@ -38,9 +36,7 @@ setup() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
     # Remove all the dns aliases
     cleanup_environment
     for prefix in a b c d e f g h i j k; do

test/5-secp384-http01.bats

@@ -20,6 +20,7 @@ setup() {
     init_getssl
     create_certificate
     assert_success
+    check_output_for_errors
 }
 
 
@@ -29,6 +30,7 @@ setup() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
+    check_output_for_errors
 }
 
 
@@ -41,6 +43,7 @@ setup() {
     init_getssl
     create_certificate
     assert_success
+    check_output_for_errors
 }
 
 
@@ -50,4 +53,5 @@ setup() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
+    check_output_for_errors
 }

test/6-dual-rsa-ecdsa-copy-2-locations.bats

@@ -32,6 +32,7 @@ teardown() {
     init_getssl
     create_certificate
     assert_success
+    check_output_for_errors
 
     # Check that the RSA chain and key have been copied to both locations
     assert [ -e "/etc/nginx/pki/domain-chain.crt" ]

test/7-staging-dns01-dig.bats

@@ -16,9 +16,7 @@ load '/getssl/test/test_helper.bash'
     init_getssl
     create_certificate
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }
 
 @test "Force renewal of certificate using staging server, dig and DuckDNS" {
@@ -27,8 +25,6 @@ load '/getssl/test/test_helper.bash'
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
     cleanup_environment
 }

test/7-staging-dns01-nslookup.bats

@@ -30,9 +30,7 @@ teardown() {
     init_getssl
     create_certificate
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings
+    check_output_for_errors "debug"
 }
 
 
@@ -42,8 +40,6 @@ teardown() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings
+    check_output_for_errors "debug"
     cleanup_environment
 }

test/8-staging-ecdsa.bats

@@ -18,9 +18,7 @@ load '/getssl/test/test_helper.bash'
     sed -e 's/rsa/prime256v1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
     run ${CODE_DIR}/getssl -d "$GETSSL_HOST"
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings
+    check_output_for_errors "debug"
 }
 
 
@@ -30,9 +28,7 @@ load '/getssl/test/test_helper.bash'
     fi
     run ${CODE_DIR}/getssl -d -f $GETSSL_HOST
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]' # ignore nslookup warnings
+    check_output_for_errors "debug"
     cleanup_environment
 }
 
@@ -48,9 +44,7 @@ load '/getssl/test/test_helper.bash'
     sed -e 's/rsa/secp384r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
     run ${CODE_DIR}/getssl -d "$GETSSL_HOST"
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]'
+    check_output_for_errors "debug"
 }
 
 
@@ -60,9 +54,7 @@ load '/getssl/test/test_helper.bash'
     fi
     run ${CODE_DIR}/getssl -d -f $GETSSL_HOST
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]'
+    check_output_for_errors "debug"
     cleanup_environment
 }
 

test/9-multiple-domains-dns01.bats

@@ -25,9 +25,7 @@ setup() {
     init_getssl
     create_certificate
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }
 
 
@@ -38,9 +36,7 @@ setup() {
     fi
     run ${CODE_DIR}/getssl -f $GETSSL_HOST
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
     # Remove all the dns aliases
     cleanup_environment
     curl --silent -X POST -d '{"host":"getssl.tst"}' http://10.30.50.3:8055/clear-a
@@ -60,7 +56,5 @@ setup() {
     init_getssl
     create_certificate
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }

test/9-test--all.bats

@@ -28,7 +28,5 @@ setup() {
 
     # Check success conditions
     assert_success
-    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
-    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
-    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    check_output_for_errors
 }

test/Dockerfile-ubuntu

@@ -2,6 +2,9 @@ FROM ubuntu:latest
 
 # Note this image uses mawk1.3
 
+# Set noninteractive otherwise tzdata hangs
+ENV DEBIAN_FRONTEND noninteractive
+
 # Update and install required software
 RUN apt-get update --fix-missing
 RUN apt-get install -y git curl dnsutils wget nginx-light

test/Dockerfile-ubuntu-staging

@@ -2,8 +2,13 @@ FROM ubuntu:latest
 
 # Note this image uses mawk1.3
 
+# Set noninteractive otherwise tzdata hangs
+ENV DEBIAN_FRONTEND noninteractive
+
+# Ensure tests in this image use the staging server
 ENV staging "true"
 ENV DUCKDNS_TOKEN 1d616aa9-b8e4-4bb4-b312-3289de82badb
+
 # Update and install required software
 RUN apt-get update --fix-missing
 RUN apt-get install -y git curl dnsutils wget nginx-light

test/test_helper.bash

@@ -1,23 +1,31 @@
 INSTALL_DIR=/root
 CODE_DIR=/getssl
 
-
-setup_environment() {
-    # One-off test setup
-    if [[ -d ${INSTALL_DIR}/.getssl ]]; then
-        rm -r ${INSTALL_DIR}/.getssl
+check_output_for_errors() {
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    # less strict tests if running with debug output
+    if [ -n "$1" ]; then
+        # don't fail for :error:badNonce
+        refute_output --regexp '[^:][Ee][Rr][Rr][Oo][Rr][^:]'
+        # don't check for "Warnings:" as there might be a warning message if nslookup doesn't support -debug (alpine/ubuntu)
+        refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg][^:]'
+    else
+        refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+        refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
     fi
-
-    curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a
-    cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl "${NGINX_CONFIG}"
-    /getssl/test/restart-nginx
+    refute_line --partial 'command not found'
 }
 
-
 cleanup_environment() {
     curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'"}' http://10.30.50.3:8055/clear-a
 }
 
+create_certificate() {
+    # Create certificate
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg"
+    # shellcheck disable=SC2086
+    run ${CODE_DIR}/getssl $1 "$GETSSL_CMD_HOST"
+}
 
 init_getssl() {
     # Run initialisation (create account key, etc)
@@ -26,12 +34,15 @@ init_getssl() {
     [ -d "$INSTALL_DIR/.getssl" ]
 }
 
+setup_environment() {
+    # One-off test setup
+    if [[ -d ${INSTALL_DIR}/.getssl ]]; then
+        rm -r ${INSTALL_DIR}/.getssl
+    fi
 
-create_certificate() {
-    # Create certificate
-    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg"
-    # shellcheck disable=SC2086
-    run ${CODE_DIR}/getssl $1 "$GETSSL_CMD_HOST"
+    curl --silent -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a
+    cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl "${NGINX_CONFIG}"
+    /getssl/test/restart-nginx
 }
 
 # start nginx in background on alpine via supervisord