Fix certbox-nginx address equality check (#3886)

0.0.0.0, *, and '' are equivalent hosts to nginx. Changes Addr object's equality testing to treat them as equal. Fixes #3855
author: Clif Houck <me@clifhouck.com> 2016-12-14 01:38:57 +0300
committer: Brad Warren <bmw@users.noreply.github.com> 2016-12-14 01:38:57 +0300
commit: ad53c80c1e95a81d5878b4d7ac0095c3b2046451 (patch)
tree: 98b2702615227ab136b0959e833b4bddff06643e /certbot-nginx
parent: 0464ba2c4b6afed56ecb72286b3cf01a54889baa (diff)
2 files changed, 30 insertions, 0 deletions
diff --git a/certbot-nginx/certbot_nginx/obj.py b/certbot-nginx/certbot_nginx/obj.py
index 98bf86f5c..29fa976f3 100644
--- a/certbot-nginx/certbot_nginx/obj.py
+++ b/certbot-nginx/certbot_nginx/obj.py
@@ -29,10 +29,14 @@ class Addr(common.Addr):
     :param bool default: Whether the directive includes 'default_server'
 
     """
+    UNSPECIFIED_IPV4_ADDRESSES = ('', '*', '0.0.0.0')
+    CANONICAL_UNSPECIFIED_ADDRESS = UNSPECIFIED_IPV4_ADDRESSES[0]
+
     def __init__(self, host, port, ssl, default):
         super(Addr, self).__init__((host, port))
         self.ssl = ssl
         self.default = default
+        self.unspecified_address = host in self.UNSPECIFIED_IPV4_ADDRESSES
 
     @classmethod
     def fromstring(cls, str_addr):
@@ -96,6 +100,13 @@ class Addr(common.Addr):
     def super_eq(self, other):
         """Check ip/port equality, with IPv6 support.
         """
+        # If both addresses got an unspecified address, then make sure the
+        # host representation in each match when doing the comparison.
+        if self.unspecified_address and other.unspecified_address:
+            return common.Addr((self.CANONICAL_UNSPECIFIED_ADDRESS,
+                                self.tup[1]), self.ipv6) == \
+                   common.Addr((other.CANONICAL_UNSPECIFIED_ADDRESS,
+                                other.tup[1]), other.ipv6)
         # Nginx plugin currently doesn't support IPv6 but this will
         # future-proof it
         return super(Addr, self).__eq__(other)
diff --git a/certbot-nginx/certbot_nginx/tests/obj_test.py b/certbot-nginx/certbot_nginx/tests/obj_test.py
index b153db8d4..b0a2d5ad8 100644
--- a/certbot-nginx/certbot_nginx/tests/obj_test.py
+++ b/certbot-nginx/certbot_nginx/tests/obj_test.py
@@ -1,5 +1,6 @@
 """Test the helper objects in certbot_nginx.obj."""
 import unittest
+import itertools
 
 
 class AddrTest(unittest.TestCase):
@@ -72,6 +73,24 @@ class AddrTest(unittest.TestCase):
         self.assertNotEqual(self.addr1, self.addr2)
         self.assertFalse(self.addr1 == 3333)
 
+    def test_equivalent_any_addresses(self):
+        from certbot_nginx.obj import Addr
+        any_addresses = ("0.0.0.0:80 default_server ssl",
+                         "80 default_server ssl",
+                         "*:80 default_server ssl")
+        for first, second in itertools.combinations(any_addresses, 2):
+            self.assertEqual(Addr.fromstring(first), Addr.fromstring(second))
+
+        # Also, make sure ports are checked.
+        self.assertNotEqual(Addr.fromstring(any_addresses[0]),
+                            Addr.fromstring("0.0.0.0:443 default_server ssl"))
+
+        # And they aren't equivalent to a specified address.
+        for any_address in any_addresses:
+            self.assertNotEqual(
+                Addr.fromstring("192.168.1.2:80 default_server ssl"),
+                Addr.fromstring(any_address))
+
     def test_set_inclusion(self):
         from certbot_nginx.obj import Addr
         set_a = set([self.addr1, self.addr2])
author	Clif Houck <me@clifhouck.com>	2016-12-14 01:38:57 +0300
committer	Brad Warren <bmw@users.noreply.github.com>	2016-12-14 01:38:57 +0300
commit	ad53c80c1e95a81d5878b4d7ac0095c3b2046451 (patch)
tree	98b2702615227ab136b0959e833b4bddff06643e /certbot-nginx
parent	0464ba2c4b6afed56ecb72286b3cf01a54889baa (diff)