Remove Python tests for TLS-ALPN-01 (#8457)

We now test it in the Go integration tests, in validation_test.go's
TestMPICTLSALPN01().

Certbot's Python acme client has removed support for TLS-ALPN-01.

Author: jsha

test/chisel2.py

@@ -99,13 +99,13 @@ def get_chall(authz, typ):
 def get_any_supported_chall(authz):
     """
     Return the first supported challenge from the given authorization.
-    Supports HTTP01, DNS01, and TLSALPN01 challenges.
+    Supports HTTP01 and DNS01.
 
     Note: DNS-ACCOUNT-01 challenge type is excluded from the list of supported
     challenge types until the Python ACME library adds support for it.
     """
     for chall_body in authz.body.challenges:
-        if isinstance(chall_body.chall, (challenges.HTTP01, challenges.DNS01, challenges.TLSALPN01)):
+        if isinstance(chall_body.chall, (challenges.HTTP01, challenges.DNS01)):
             return chall_body
     raise Exception("No supported challenge types found in authorization")
 
@@ -137,8 +137,6 @@ def auth_and_issue(domains, chall_type="dns-01", email=None, cert_output=None, c
         cleanup = do_http_challenges(client, authzs)
     elif chall_type == "dns-01":
         cleanup = do_dns_challenges(client, authzs)
-    elif chall_type == "tls-alpn-01":
-        cleanup = do_tlsalpn_challenges(client, authzs)
     else:
         raise Exception("invalid challenge type %s" % chall_type)
 
@@ -199,19 +197,6 @@ def cleanup():
             challSrv.remove_http01_response(token)
     return cleanup
 
-def do_tlsalpn_challenges(client, authzs):
-    cleanup_hosts = []
-    for a in authzs:
-        c = get_chall(a, challenges.TLSALPN01)
-        name, value = (a.body.identifier.value, c.key_authorization(client.net.key))
-        cleanup_hosts.append(name)
-        challSrv.add_tlsalpn01_response(name, value)
-        client.answer_challenge(c, c.response(client.net.key))
-    def cleanup():
-        for host in cleanup_hosts:
-            challSrv.remove_tlsalpn01_response(host)
-    return cleanup
-
 def expect_problem(problem_type, func):
     """Run a function. If it raises an acme_errors.ValidationError or messages.Error that
        contains the given problem_type, return. If it raises no error or the wrong

test/v2_integration.py

@@ -98,8 +98,6 @@ def check_challenge_dns_err(chalType):
                 c = chisel2.get_chall(authzr, challenges.HTTP01)
             elif chalType == "dns-01":
                 c = chisel2.get_chall(authzr, challenges.DNS01)
-            elif chalType == "tls-alpn-01":
-                c = chisel2.get_chall(authzr, challenges.TLSALPN01)
             else:
                 raise(Exception("Invalid challenge type requested: {0}".format(challType)))
 
@@ -130,13 +128,6 @@ def test_dns_challenge_dns_err():
     """
     check_challenge_dns_err("dns-01")
 
-def test_tls_alpn_challenge_dns_err():
-    """
-    test_tls_alpn_challenge_dns_err tests that a TLS-ALPN-01 challenge for a domain
-    with broken DNS produces the correct problem response.
-    """
-    check_challenge_dns_err("tls-alpn-01")
-
 def test_http_challenge_broken_redirect():
     """
     test_http_challenge_broken_redirect tests that a common webserver
@@ -482,20 +473,6 @@ def test_http_challenge_timeout():
         raise(Exception("expected timeout to occur in under {0} seconds. Took {1}".format(expectedDuration, delta.total_seconds())))
 
 
-def test_tls_alpn_challenge():
-    # Pick two random domains
-    domains = [random_domain(),random_domain()]
-
-    # Add A records for these domains to ensure the VA's requests are directed
-    # to the interface that the challtestsrv has bound for TLS-ALPN-01 challenge
-    # responses
-    for host in domains:
-        challSrv.add_a_record(host, ["64.112.117.134"])
-    chisel2.auth_and_issue(domains, chall_type="tls-alpn-01")
-
-    for host in domains:
-        challSrv.remove_a_record(host)
-
 def test_overlapping_wildcard():
     """
     Test issuance for a random domain and a wildcard version of the same domain