Add tests for ACME Meta object

2 years ago · 3eae04928f
parent 02d679e160
commit 3eae04928f
2 changed files with 123 additions and 7 deletions
--- a/acme/api/handler.go
+++ b/acme/api/handler.go
@ -228,16 +228,15 @@ func GetDirectory(w http.ResponseWriter, r *http.Request) {
 	}

 	linker := acme.MustLinkerFromContext(ctx)
-	directory := &Directory{
+
+	render.JSON(w, &Directory{
 		NewNonce:   linker.GetLink(ctx, acme.NewNonceLinkType),
 		NewAccount: linker.GetLink(ctx, acme.NewAccountLinkType),
 		NewOrder:   linker.GetLink(ctx, acme.NewOrderLinkType),
 		RevokeCert: linker.GetLink(ctx, acme.RevokeCertLinkType),
 		KeyChange:  linker.GetLink(ctx, acme.KeyChangeLinkType),
 		Meta:       createMetaObject(acmeProv),
-	}
-
-	render.JSON(w, directory)
+	})
 }

 // createMetaObject creates a Meta object if the ACME provisioner
@ -263,7 +262,7 @@ func shouldAddMetaObject(p *provisioner.ACME) bool {
 		return true
 	case p.Website != "":
 		return true
-	case len(p.CaaIdentities) > 0 && p.CaaIdentities[0] != "":
+	case len(p.CaaIdentities) > 0:
 		return true
 	case p.RequireEAB:
 		return true
--- a/acme/api/handler_test.go
+++ b/acme/api/handler_test.go
@ -18,10 +18,13 @@ import (
 	"github.com/go-chi/chi"
 	"github.com/google/go-cmp/cmp"
 	"github.com/pkg/errors"
-	"github.com/smallstep/assert"
-	"github.com/smallstep/certificates/acme"
+
 	"go.step.sm/crypto/jose"
 	"go.step.sm/crypto/pemutil"
+
+	"github.com/smallstep/assert"
+	"github.com/smallstep/certificates/acme"
+	"github.com/smallstep/certificates/authority/provisioner"
 )

 type mockClient struct {
@ -139,6 +142,34 @@ func TestHandler_GetDirectory(t *testing.T) {
 				statusCode: 200,
 			}
 		},
+		"ok/full-meta": func(t *testing.T) test {
+			prov := newACMEProv(t)
+			prov.TermsOfService = "https://terms.ca.local/"
+			prov.Website = "https://ca.local/"
+			prov.CaaIdentities = []string{"ca.local"}
+			prov.RequireEAB = true
+			provName := url.PathEscape(prov.GetName())
+			baseURL := &url.URL{Scheme: "https", Host: "test.ca.smallstep.com"}
+			ctx := acme.NewProvisionerContext(context.Background(), prov)
+			expDir := Directory{
+				NewNonce:   fmt.Sprintf("%s/acme/%s/new-nonce", baseURL.String(), provName),
+				NewAccount: fmt.Sprintf("%s/acme/%s/new-account", baseURL.String(), provName),
+				NewOrder:   fmt.Sprintf("%s/acme/%s/new-order", baseURL.String(), provName),
+				RevokeCert: fmt.Sprintf("%s/acme/%s/revoke-cert", baseURL.String(), provName),
+				KeyChange:  fmt.Sprintf("%s/acme/%s/key-change", baseURL.String(), provName),
+				Meta: &Meta{
+					TermsOfService:          "https://terms.ca.local/",
+					Website:                 "https://ca.local/",
+					CaaIdentities:           []string{"ca.local"},
+					ExternalAccountRequired: true,
+				},
+			}
+			return test{
+				ctx:        ctx,
+				dir:        expDir,
+				statusCode: 200,
+			}
+		},
 	}
 	for name, run := range tests {
 		tc := run(t)
@ -751,3 +782,89 @@ func TestHandler_GetChallenge(t *testing.T) {
 		})
 	}
 }
+
+func Test_createMetaObject(t *testing.T) {
+	tests := []struct {
+		name string
+		p    *provisioner.ACME
+		want *Meta
+	}{
+		{
+			name: "no-meta",
+			p: &provisioner.ACME{
+				Type: "ACME",
+				Name: "acme",
+			},
+			want: nil,
+		},
+		{
+			name: "terms-of-service",
+			p: &provisioner.ACME{
+				Type:           "ACME",
+				Name:           "acme",
+				TermsOfService: "https://terms.ca.local",
+			},
+			want: &Meta{
+				TermsOfService: "https://terms.ca.local",
+			},
+		},
+		{
+			name: "website",
+			p: &provisioner.ACME{
+				Type:    "ACME",
+				Name:    "acme",
+				Website: "https://ca.local",
+			},
+			want: &Meta{
+				Website: "https://ca.local",
+			},
+		},
+		{
+			name: "caa",
+			p: &provisioner.ACME{
+				Type:          "ACME",
+				Name:          "acme",
+				CaaIdentities: []string{"ca.local", "ca.remote"},
+			},
+			want: &Meta{
+				CaaIdentities: []string{"ca.local", "ca.remote"},
+			},
+		},
+		{
+			name: "require-eab",
+			p: &provisioner.ACME{
+				Type:       "ACME",
+				Name:       "acme",
+				RequireEAB: true,
+			},
+			want: &Meta{
+				ExternalAccountRequired: true,
+			},
+		},
+		{
+			name: "full-meta",
+			p: &provisioner.ACME{
+				Type:           "ACME",
+				Name:           "acme",
+				TermsOfService: "https://terms.ca.local",
+				Website:        "https://ca.local",
+				CaaIdentities:  []string{"ca.local", "ca.remote"},
+				RequireEAB:     true,
+			},
+			want: &Meta{
+				TermsOfService:          "https://terms.ca.local",
+				Website:                 "https://ca.local",
+				CaaIdentities:           []string{"ca.local", "ca.remote"},
+				ExternalAccountRequired: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := createMetaObject(tt.p)
+			if !cmp.Equal(tt.want, got) {
+				t.Errorf("createMetaObject() diff =\n%s", cmp.Diff(tt.want, got))
+			}
+		})
+	}
+}