Merge pull request #539 from srvrco/mixed-case

Fixed for mixed case domain names

.github/workflows/run-all-tests.yml

@@ -31,14 +31,14 @@ jobs:
           run: docker-compose up -d --build
         - name: Run test suite on CentOS7
           run: test/run-test.sh centos7
-  test-centos7-duckdns:
+  test-centos7-staging:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on CentOS7 against Staging using DuckDNS
-        run: test/run-test.sh centos7-duckdns
+        run: test/run-test.sh centos7-staging
   test-debian:
     runs-on: ubuntu-latest
     steps:
@@ -71,11 +71,11 @@ jobs:
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu18
         run: test/run-test.sh ubuntu18
-  test-ubuntu-duckdns:
+  test-ubuntu-staging:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu against Staging using DuckDNS
-        run: test/run-test.sh ubuntu-duckdns
+        run: test/run-test.sh ubuntu-staging

getssl

@@ -440,29 +440,29 @@ check_config() { # check the config files for all obvious errors
       fi
       # check domain exists
       if [[ "$DNS_CHECK_FUNC" == "drill" ]]; then
-        if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c "${d}")" -ge 1 ]]; then
+        if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c -i "${d}")" -ge 1 ]]; then
           debug "found IP for ${d}"
         else
           info "${DOMAIN}: DNS lookup failed for ${d}"
           config_errors=true
         fi
       elif [[ "$DNS_CHECK_FUNC" == "dig" ]]; then
-        if [[ "$($DNS_CHECK_FUNC "${d}" -t SOA|grep -c "^${d}")" -ge 1 ]]; then
+        if [[ "$($DNS_CHECK_FUNC "${d}" -t SOA|grep -c -i "^${d}")" -ge 1 ]]; then
           debug "found SOA IP for ${d}"
-        elif [[ "$($DNS_CHECK_FUNC "${d}" -t A|grep -c "^${d}")" -ge 1 ]]; then
+        elif [[ "$($DNS_CHECK_FUNC "${d}" -t A|grep -c -i "^${d}")" -ge 1 ]]; then
           debug "found A IP for ${d}"
         else
           info "${DOMAIN}: DNS lookup failed for ${d}"
           config_errors=true
         fi
       elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then
-        if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c "^${d}")" -ge 1 ]]; then
+        if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c -i "^${d}")" -ge 1 ]]; then
           debug "found IP for ${d}"
         else
           info "${DOMAIN}: DNS lookup failed for ${d}"
           config_errors=true
         fi
-      elif [[ "$(nslookup -query=AAAA "${d}"|grep -c "^${d}.*has AAAA address")" -ge 1 ]]; then
+      elif [[ "$(nslookup -query=AAAA "${d}"|grep -c -i "^${d}.*has AAAA address")" -ge 1 ]]; then
         debug "found IPv6 record for ${d}"
       elif [[ "$(nslookup "${d}"| grep -c ^Name)" -ge 1 ]]; then
         debug "found IPv4 record for ${d}"
@@ -775,6 +775,9 @@ create_order() {
       # find array position (This is O(n2) but that doubt we'll see performance issues)
       dn=0
       for d in $alldomains; do
+        # Convert domain to lowercase as response from server will be in lowercase
+        # shellcheck disable=SC2018,SC2019
+        d=$(echo "$d" | tr A-Z a-z)
         if [ "$d" == "$authdomain" ]; then
           debug "Saving authorization response for $authdomain for domain alldomains[$dn]"
           AuthLinkResponse[$dn]=$response
@@ -832,20 +835,20 @@ find_dns_utils() {
     HAS_NSLOOKUP=false
     HAS_DIG_OR_DRILL=""
     HAS_HOST=false
-    if [[ -n "$(command -v nslookup)" ]]; then
+    if [[ -n "$(command -v nslookup 2>/dev/null)" ]]; then
         debug "HAS NSLOOKUP=true"
         HAS_NSLOOKUP=true
     fi
 
-    if [[ -n "$(command -v drill)" ]]; then
+    if [[ -n "$(command -v drill 2>/dev/null)" ]]; then
         debug "HAS DIG_OR_DRILL=drill"
         HAS_DIG_OR_DRILL="drill"
-    elif [[ -n "$(command -v dig)" ]]; then
+    elif [[ -n "$(command -v dig 2>/dev/null)" ]]; then
         debug "HAS DIG_OR_DRILL=dig"
         HAS_DIG_OR_DRILL="dig"
     fi
 
-    if [[ -n "$(command -v host)" ]]; then
+    if [[ -n "$(command -v host 2>/dev/null)" ]]; then
         debug "HAS HOST=true"
         HAS_HOST=true
     fi
@@ -915,8 +918,10 @@ for d in $alldomains; do
                  | sed -e 's:=*$::g' -e 'y:+/:-_:')
       debug auth_key "$auth_key"
 
-      debug "adding dns via command: $DNS_ADD_COMMAND $d $auth_key"
-      if ! eval "$DNS_ADD_COMMAND" "$d" "$auth_key" ; then
+      # shellcheck disable=SC2018,SC2019
+      lower_d=$(echo "$d" | tr A-Z a-z)
+      debug "adding dns via command: $DNS_ADD_COMMAND $lower_d $auth_key"
+      if ! eval "$DNS_ADD_COMMAND" "$lower_d" "$auth_key" ; then
         error_exit "DNS_ADD_COMMAND failed for domain $d"
       fi
 
@@ -1093,7 +1098,9 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
       check_challenge_completion "$uri" "$d" "$keyauthorization"
 
       debug "remove DNS entry"
-      eval "$DNS_DEL_COMMAND" "$d" "$auth_key"
+      # shellcheck disable=SC2018,SC2019
+      lower_d=$(echo "$d" | tr A-Z a-z)
+      eval "$DNS_DEL_COMMAND" "$lower_d" "$auth_key"
       # remove $dnsfile after each loop.
       rm -f "$dnsfile"
     fi

test/10-mixed-case-staging.bats

@@ -0,0 +1,24 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+@test "Check can create certificate if domain is not lowercase using staging server and DuckDNS" {
+    if [ -z "$STAGING" ]; then
+        skip "Running internal tests, skipping external test"
+    fi
+
+    CONFIG_FILE="getssl-staging-dns01.cfg"
+    GETSSL_CMD_HOST=$(echo $GETSSL_HOST | tr a-z A-Z)
+
+    setup_environment
+    init_getssl
+    create_certificate
+
+    assert_success
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+}

test/10-mixed-case.bats

@@ -0,0 +1,45 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+@test "Check that HTTP-01 verification works if the domain is not lowercase" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+
+    CONFIG_FILE="getssl-http01.cfg"
+    GETSSL_CMD_HOST=$(echo $GETSSL_HOST | tr a-z A-Z)
+
+    setup_environment
+    init_getssl
+    create_certificate
+
+    assert_success
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+}
+
+@test "Check that DNS-01 verification works if the domain is not lowercase" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-dns01.cfg"
+    GETSSL_CMD_HOST=$(echo $GETSSL_HOST | tr a-z A-Z)
+    setup_environment
+
+    init_getssl
+    create_certificate
+    assert_success
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+}

test/7-duckdns-dns01-dig.bats → test/7-staging-dns01-dig.bats

@@ -10,7 +10,7 @@ load '/getssl/test/test_helper.bash'
     if [ -z "$STAGING" ]; then
         skip "Running internal tests, skipping external test"
     fi
-    CONFIG_FILE="getssl-duckdns01.cfg"
+    CONFIG_FILE="getssl-staging-dns01.cfg"
 
     setup_environment
     init_getssl

test/7-duckdns-dns01-nslookup.bats → test/7-staging-dns01-nslookup.bats

@@ -24,7 +24,7 @@ teardown() {
     if [ -z "$STAGING" ]; then
         skip "Running internal tests, skipping external test"
     fi
-    CONFIG_FILE="getssl-duckdns01.cfg"
+    CONFIG_FILE="getssl-staging-dns01.cfg"
 
     setup_environment
     init_getssl

test/8-duckdns-ecdsa.bats → test/8-staging-ecdsa.bats

@@ -11,7 +11,7 @@ load '/getssl/test/test_helper.bash'
     if [ -z "$STAGING" ]; then
         skip "Running internal tests, skipping external test"
     fi
-    CONFIG_FILE="getssl-duckdns01.cfg"
+    CONFIG_FILE="getssl-staging-dns01.cfg"
 
     setup_environment
     init_getssl
@@ -41,7 +41,7 @@ load '/getssl/test/test_helper.bash'
     if [ -z "$STAGING" ]; then
         skip "Running internal tests, skipping external test"
     fi
-    CONFIG_FILE="getssl-duckdns01.cfg"
+    CONFIG_FILE="getssl-staging-dns01.cfg"
 
     setup_environment
     init_getssl

test/9-test--all.bats

@@ -0,0 +1,34 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+    export PATH=$PATH:/getssl
+}
+
+
+@test "Create new certificate using --all" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+
+    # Setup
+    CONFIG_FILE="getssl-http01.cfg"
+    setup_environment
+    init_getssl
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
+
+    # Run test
+    run ${CODE_DIR}/getssl --all
+
+    # Check success conditions
+    assert_success
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+}

test/run-test.cmd

@@ -7,8 +7,8 @@ IF %2.==. GOTO NoCmd
 set COMMAND=%2 %3
 
 :CheckAlias
-REM check if OS *contains* duckdns
-IF NOT x%OS:duckdns=%==x%OS% GOTO duckdns
+REM check if OS *contains* staging
+IF NOT x%OS:staging=%==x%OS% GOTO staging
 set ALIAS=%OS%.getssl.test
 set STAGING=
 GOTO Run
@@ -22,8 +22,8 @@ REM set COMMAND=/getssl/test/run-bats.sh
 set COMMAND=bats /getssl/test
 GOTO CheckAlias
 
-:duckdns
-set ALIAS=%OS:-duckdns=%-getssl.duckdns.org
+:staging
+set ALIAS=%OS:-staging=%-getssl.duckdns.org
 set STAGING=--env STAGING=true
 
 :Run
@@ -33,7 +33,7 @@ docker build --rm -f "test\Dockerfile-%OS%" -t getssl-%OS% .
 @echo on
 docker run -it ^
   --env GETSSL_HOST=%ALIAS% %STAGING% ^
-  --env GETSSL_OS=%OS:-duckdns=% ^
+  --env GETSSL_OS=%OS:-staging=% ^
   -v %cd%:/getssl ^
   --rm ^
   --network %CurrDirName%_acmenet ^

test/run-test.sh

@@ -14,8 +14,8 @@ else
     COMMAND="bats /getssl/test"
 fi
 
-if [[ "$OS" == *"duckdns"* ]]; then
-    ALIAS="${OS%-duckdns}-getssl.duckdns.org"
+if [[ "$OS" == *"staging"* ]]; then
+    ALIAS="${OS%-staging}-getssl.duckdns.org"
     STAGING="--env STAGING=true"
 else
     ALIAS="$OS.getssl.test"
@@ -26,7 +26,7 @@ docker build --rm -f "test/Dockerfile-$OS" -t "getssl-$OS" .
 # shellcheck disable=SC2086
 docker run \
   --env GETSSL_HOST=$ALIAS $STAGING \
-  --env GETSSL_OS=${OS%-duckdns} \
+  --env GETSSL_OS=${OS%-staging} \
   -v "$(pwd)":/getssl \
   --rm \
   --network ${PWD##*/}_acmenet \

test/test_helper.bash

@@ -21,17 +21,17 @@ cleanup_environment() {
 
 init_getssl() {
     # Run initialisation (create account key, etc)
-    run ${CODE_DIR}/getssl -c "$GETSSL_HOST"
+    run ${CODE_DIR}/getssl -c "$GETSSL_CMD_HOST"
     assert_success
     [ -d "$INSTALL_DIR/.getssl" ]
 }
 
 
 create_certificate() {
     # Create certificate
-    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl.cfg"
     # shellcheck disable=SC2086
-    run ${CODE_DIR}/getssl $1 "$GETSSL_HOST"
+    run ${CODE_DIR}/getssl $1 "$GETSSL_CMD_HOST"
 }
 
 # start nginx in background on alpine via supervisord
@@ -68,6 +68,9 @@ fi
 
 export GETSSL_IP
 
+GETSSL_CMD_HOST=$GETSSL_HOST
+export GETSSL_CMD_HOST
+
 if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
     wget --quiet --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1
     CERT_FILE=/etc/ssl/certs/ca-certificates.crt