From 9d023115b01e978b4d66a1a38be1295ad705b968 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Thu, 22 Jul 2021 22:31:09 +0100
Subject: [PATCH] Test that host/nslookup are not called with +noidnout

---
 test/38-idn-http01-check-noidnout.bats | 44 ++++++++++++++++++++++++++
 test/test_helper.bash                  |  2 +-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 test/38-idn-http01-check-noidnout.bats

diff --git a/test/38-idn-http01-check-noidnout.bats b/test/38-idn-http01-check-noidnout.bats
new file mode 100644
index 0000000..fde4fe6
--- /dev/null
+++ b/test/38-idn-http01-check-noidnout.bats
@@ -0,0 +1,44 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+setup_file() {
+    if [ -z "$STAGING" ]; then
+        export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+        curl --silent -X POST -d '{"host":"'$GETSSL_IDN_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
+    fi
+}
+
+setup() {
+    GETSSL_CMD_HOST=$GETSSL_IDN_HOST
+}
+
+teardown_file() {
+    if [ -z "$STAGING" ]; then
+        curl --silent -X POST -d '{"host":"'$GETSSL_IDN_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/clear-a
+
+    fi
+}
+
+@test "Ensure noidnout in check_config isn't passed to host and nslookup (HTTP-01)" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-http01.cfg"
+    setup_environment
+    init_getssl
+    cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
+SANS="${GETSSL_HOST}"
+USE_SINGLE_ACL="true"
+EOF
+
+    create_certificate -d --check-config
+
+    assert_success
+    refute_output --partial "DNS lookup using host  +noidnout"
+    refute_output --partial "DNS lookup using nslookup  +noidnout"
+    refute_output --partial "+noidnout $GETSSL_HOST"
+    check_output_for_errors
+}
diff --git a/test/test_helper.bash b/test/test_helper.bash
index dedd3ae..ea71967 100644
--- a/test/test_helper.bash
+++ b/test/test_helper.bash
@@ -47,7 +47,7 @@ create_certificate() {
   # Create certificate
   cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg"
   # shellcheck disable=SC2086
-  run ${CODE_DIR}/getssl $1 "$GETSSL_CMD_HOST"
+  run ${CODE_DIR}/getssl "$@" "$GETSSL_CMD_HOST"
 }
 
 init_getssl() {