Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more unit tests

Browse Source
pull/496/head
max furman 3 years ago
parent df05340521
commit b6ebc0fd25
11 changed files with 523 additions and 295 deletions
Show Stats Download Patch File Download Diff File

2
acme/api/account_test.go
Unescape Escape View File

@ -28,7 +28,7 @@ var (
}
)
func newProv() provisioner.Interface {
func newProv() acme.Provisioner {
// Initialize provisioners
p := &provisioner.ACME{
Type: "ACME",

28
acme/api/handler.go
Unescape Escape View File

@ -1,6 +1,7 @@
package api
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/json"
@ -70,14 +71,28 @@ func NewHandler(ops HandlerOptions) api.RouterHandler {
dialer := &net.Dialer{
Timeout: 30 * time.Second,
}
resolver := &net.Resolver{
// The DNS resolver can be configured for testing purposes with something
// like this:
//
// PreferGo: true,
// Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
// var d net.Dialer
// return d.DialContext(ctx, "udp", "127.0.0.1:5333")
// },
}
return &Handler{
ca: ops.CA,
db: ops.DB,
backdate: ops.Backdate,
linker: NewLinker(ops.DNS, ops.Prefix),
validateChallengeOptions: &acme.ValidateChallengeOptions{
HTTPGet: client.Get,
LookupTxt: net.LookupTXT,
HTTPGet: client.Get,
LookupTxt: func(name string) ([]string, error) {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
return resolver.LookupTXT(ctx, name)
},
TLSDial: func(network, addr string, config *tls.Config) (*tls.Conn, error) {
return tls.DialWithDialer(dialer, network, addr, config)
},
@ -216,7 +231,8 @@ func (h *Handler) GetChallenge(w http.ResponseWriter, r *http.Request) {
// strict enforcement would render these clients broken. For the time being
// we'll just ignore the body.
ch, err := h.db.GetChallenge(ctx, chi.URLParam(r, "chID"), chi.URLParam(r, "authzID"))
azID := chi.URLParam(r, "authzID")
ch, err := h.db.GetChallenge(ctx, chi.URLParam(r, "chID"), azID)
if err != nil {
api.WriteError(w, acme.WrapErrorISE(err, "error retrieving challenge"))
return
@ -236,10 +252,10 @@ func (h *Handler) GetChallenge(w http.ResponseWriter, r *http.Request) {
return
}
h.linker.LinkChallenge(ctx, ch)
h.linker.LinkChallenge(ctx, ch, azID)
w.Header().Add("Link", link(h.linker.GetLink(ctx, AuthzLinkType, true, ch.AuthzID), "up"))
w.Header().Set("Location", h.linker.GetLink(ctx, ChallengeLinkType, true, ch.AuthzID, ch.ID))
w.Header().Add("Link", link(h.linker.GetLink(ctx, AuthzLinkType, true, azID), "up"))
w.Header().Set("Location", h.linker.GetLink(ctx, ChallengeLinkType, true, azID, ch.ID))
api.JSON(w, ch)
}

37
acme/api/handler_test.go
Unescape Escape View File

@ -126,20 +126,18 @@ func TestHandler_GetAuthorization(t *testing.T) {
Wildcard: false,
Challenges: []*acme.Challenge{
{
Type: "http-01",
Status: "pending",
Token: "tok2",
URL: "https://ca.smallstep.com/acme/challenge/chHTTPID",
ID: "chHTTP01ID",
AuthzID: "authzID",
Type: "http-01",
Status: "pending",
Token: "tok2",
URL: "https://ca.smallstep.com/acme/challenge/chHTTPID",
ID: "chHTTP01ID",
},
{
Type: "dns-01",
Status: "pending",
Token: "tok2",
URL: "https://ca.smallstep.com/acme/challenge/chDNSID",
ID: "chDNSID",
AuthzID: "authzID",
Type: "dns-01",
Status: "pending",
Token: "tok2",
URL: "https://ca.smallstep.com/acme/challenge/chDNSID",
ID: "chDNSID",
},
},
}
@ -429,12 +427,11 @@ func TestHandler_GetCertificate(t *testing.T) {
func ch() acme.Challenge {
return acme.Challenge{
Type: "http-01",
Status: "pending",
Token: "tok2",
URL: "https://ca.smallstep.com/acme/challenge/chID",
ID: "chID",
AuthzID: "authzID",
Type: "http-01",
Status: "pending",
Token: "tok2",
URL: "https://ca.smallstep.com/acme/challenge/chID",
ID: "chID",
}
}
@ -627,7 +624,6 @@ func TestHandler_GetChallenge(t *testing.T) {
assert.Equals(t, azID, "authzID")
return &acme.Challenge{
ID: "chID",
AuthzID: "authzID",
Status: acme.StatusPending,
Type: "http-01",
AccountID: "accID",
@ -643,7 +639,6 @@ func TestHandler_GetChallenge(t *testing.T) {
},
ch: &acme.Challenge{
ID: "chID",
AuthzID: "authzID",
Status: acme.StatusPending,
Type: "http-01",
AccountID: "accID",
@ -689,7 +684,7 @@ func TestHandler_GetChallenge(t *testing.T) {
expB, err := json.Marshal(tc.ch)
assert.FatalError(t, err)
assert.Equals(t, bytes.TrimSpace(body), expB)
assert.Equals(t, res.Header["Link"], []string{fmt.Sprintf("<%s/acme/%s/authz/%s>;rel=\"up\"", baseURL, provName, tc.ch.AuthzID)})
assert.Equals(t, res.Header["Link"], []string{fmt.Sprintf("<%s/acme/%s/authz/%s>;rel=\"up\"", baseURL, provName, "authzID")})
assert.Equals(t, res.Header["Location"], []string{url})
assert.Equals(t, res.Header["Content-Type"], []string{"application/json"})
}

8
acme/api/linker.go
Unescape Escape View File

@ -20,7 +20,7 @@ type Linker interface {
LinkOrder(ctx context.Context, o *acme.Order)
LinkAccount(ctx context.Context, o *acme.Account)
LinkChallenge(ctx context.Context, o *acme.Challenge)
LinkChallenge(ctx context.Context, o *acme.Challenge, azID string)
LinkAuthorization(ctx context.Context, o *acme.Authorization)
LinkOrdersByAccountID(ctx context.Context, orders []string)
}
@ -164,14 +164,14 @@ func (l *linker) LinkAccount(ctx context.Context, acc *acme.Account) {
}
// LinkChallenge sets the ACME links required by an ACME challenge.
func (l *linker) LinkChallenge(ctx context.Context, ch *acme.Challenge) {
ch.URL = l.GetLink(ctx, ChallengeLinkType, true, ch.AuthzID, ch.ID)
func (l *linker) LinkChallenge(ctx context.Context, ch *acme.Challenge, azID string) {
ch.URL = l.GetLink(ctx, ChallengeLinkType, true, azID, ch.ID)
}
// LinkAuthorization sets the ACME links required by an ACME authorization.
func (l *linker) LinkAuthorization(ctx context.Context, az *acme.Authorization) {
for _, ch := range az.Challenges {
l.LinkChallenge(ctx, ch)
l.LinkChallenge(ctx, ch, az.ID)
}
}

13
acme/api/linker_test.go
Unescape Escape View File

@ -214,17 +214,16 @@ func TestLinker_LinkChallenge(t *testing.T) {
var tests = map[string]test{
"ok": {
ch: &acme.Challenge{
ID: chID,
AuthzID: azID,
ID: chID,
},
validate: func(ch *acme.Challenge) {
assert.Equals(t, ch.URL, fmt.Sprintf("%s/%s/%s/challenge/%s/%s", baseURL, linkerPrefix, provName, ch.AuthzID, ch.ID))
assert.Equals(t, ch.URL, fmt.Sprintf("%s/%s/%s/challenge/%s/%s", baseURL, linkerPrefix, provName, azID, ch.ID))
},
},
}
for name, tc := range tests {
t.Run(name, func(t *testing.T) {
l.LinkChallenge(ctx, tc.ch)
l.LinkChallenge(ctx, tc.ch, azID)
tc.validate(tc.ch)
})
}
@ -252,9 +251,9 @@ func TestLinker_LinkAuthorization(t *testing.T) {
az: &acme.Authorization{
ID: azID,
Challenges: []*acme.Challenge{
{ID: chID0, AuthzID: azID},
{ID: chID1, AuthzID: azID},
{ID: chID2, AuthzID: azID},
{ID: chID0},
{ID: chID1},
{ID: chID2},
},
},
validate: func(az *acme.Authorization) {

25
acme/api/order.go
Unescape Escape View File

@ -59,6 +59,7 @@ func (f *FinalizeRequest) Validate() error {
}
var defaultOrderExpiry = time.Hour * 24
var defaultOrderBackdate = time.Minute
// NewOrder ACME api for creating a new order.
func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
@ -90,22 +91,23 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
}
now := clock.Now()
expiry := now.Add(defaultOrderExpiry)
// New order.
o := &acme.Order{
AccountID: acc.ID,
ProvisionerID: prov.GetID(),
Status: acme.StatusPending,
ExpiresAt: expiry,
Identifiers: nor.Identifiers,
AccountID: acc.ID,
ProvisionerID: prov.GetID(),
Status: acme.StatusPending,
Identifiers: nor.Identifiers,
ExpiresAt: now.Add(defaultOrderExpiry),
AuthorizationIDs: make([]string, len(nor.Identifiers)),
NotBefore: nor.NotBefore,
NotAfter: nor.NotAfter,
}
o.AuthorizationIDs = make([]string, len(o.Identifiers))
for i, identifier := range o.Identifiers {
az := &acme.Authorization{
AccountID: acc.ID,
Identifier: identifier,
ExpiresAt: expiry,
ExpiresAt: o.ExpiresAt,
Status: acme.StatusPending,
}
if err := h.newAuthorization(ctx, az); err != nil {
@ -121,6 +123,9 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
if o.NotAfter.IsZero() {
o.NotAfter = o.NotBefore.Add(prov.DefaultTLSCertDuration())
}
if nor.NotBefore.IsZero() {
o.NotBefore.Add(-defaultOrderBackdate)
}
if err := h.db.CreateOrder(ctx, o); err != nil {
api.WriteError(w, acme.WrapErrorISE(err, "error creating order"))
@ -155,19 +160,17 @@ func (h *Handler) newAuthorization(ctx context.Context, az *acme.Authorization)
if err != nil {
return acme.WrapErrorISE(err, "error generating random alphanumeric ID")
}
az.Challenges = make([]*acme.Challenge, len(chTypes))
for i, typ := range chTypes {
ch := &acme.Challenge{
AccountID: az.AccountID,
AuthzID: az.ID,
Value: az.Identifier.Value,
Type: typ,
Token: az.Token,
Status: acme.StatusPending,
}
if err := h.db.CreateChallenge(ctx, ch); err != nil {
return err
return acme.WrapErrorISE(err, "error creating challenge")
}
az.Challenges[i] = ch
}

426
acme/api/order_test.go
Unescape Escape View File

@ -14,6 +14,7 @@ import (
"time"
"github.com/go-chi/chi"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/acme"
"go.step.sm/crypto/pemutil"
@ -374,33 +375,221 @@ func TestHandler_GetOrder(t *testing.T) {
}
}
/*
func TestHandler_NewOrder(t *testing.T) {
expiry := time.Now().UTC().Add(6 * time.Hour)
nbf := time.Now().UTC().Add(5 * time.Hour)
naf := nbf.Add(17 * time.Hour)
o := acme.Order{
ID: "orderID",
ExpiresAt: expiry,
NotBefore: nbf,
NotAfter: naf,
Identifiers: []acme.Identifier{
{Type: "dns", Value: "example.com"},
{Type: "dns", Value: "bar.com"},
func TestHandler_newAuthorization(t *testing.T) {
type test struct {
az *acme.Authorization
db acme.DB
err *acme.Error
}
var tests = map[string]func(t *testing.T) test{
"fail/error-db.CreateChallenge": func(t *testing.T) test {
az := &acme.Authorization{
AccountID: "accID",
Identifier: acme.Identifier{
Type: "dns",
Value: "zap.internal",
},
}
return test{
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
assert.Equals(t, ch.AccountID, az.AccountID)
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Token, az.Token)
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, az.Identifier.Value)
return errors.New("force")
},
},
az: az,
err: acme.NewErrorISE("error creating challenge: force"),
}
},
"fail/error-db.CreateAuthorization": func(t *testing.T) test {
az := &acme.Authorization{
AccountID: "accID",
Identifier: acme.Identifier{
Type: "dns",
Value: "zap.internal",
},
Status: acme.StatusPending,
ExpiresAt: clock.Now(),
}
count := 0
var ch1, ch2, ch3 **acme.Challenge
return test{
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
return errors.New("force")
}
count++
assert.Equals(t, ch.AccountID, az.AccountID)
assert.Equals(t, ch.Token, az.Token)
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, az.Identifier.Value)
return nil
},
MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error {
assert.Equals(t, _az.AccountID, az.AccountID)
assert.Equals(t, _az.Token, az.Token)
assert.Equals(t, _az.Status, acme.StatusPending)
assert.Equals(t, _az.Identifier, az.Identifier)
assert.Equals(t, _az.ExpiresAt, az.ExpiresAt)
assert.Equals(t, _az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3})
assert.Equals(t, _az.Wildcard, false)
return errors.New("force")
},
},
az: az,
err: acme.NewErrorISE("error creating authorization: force"),
}
},
"ok/no-wildcard": func(t *testing.T) test {
az := &acme.Authorization{
AccountID: "accID",
Identifier: acme.Identifier{
Type: "dns",
Value: "zap.internal",
},
Status: acme.StatusPending,
ExpiresAt: clock.Now(),
}
count := 0
var ch1, ch2, ch3 **acme.Challenge
return test{
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
return errors.New("force")
}
count++
assert.Equals(t, ch.AccountID, az.AccountID)
assert.Equals(t, ch.Token, az.Token)
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, az.Identifier.Value)
return nil
},
MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error {
assert.Equals(t, _az.AccountID, az.AccountID)
assert.Equals(t, _az.Token, az.Token)
assert.Equals(t, _az.Status, acme.StatusPending)
assert.Equals(t, _az.Identifier, az.Identifier)
assert.Equals(t, _az.ExpiresAt, az.ExpiresAt)
assert.Equals(t, _az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3})
assert.Equals(t, _az.Wildcard, false)
return nil
},
},
az: az,
}
},
"ok/wildcard": func(t *testing.T) test {
az := &acme.Authorization{
AccountID: "accID",
Identifier: acme.Identifier{
Type: "dns",
Value: "*.zap.internal",
},
Status: acme.StatusPending,
ExpiresAt: clock.Now(),
}
var ch1 **acme.Challenge
return test{
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.AccountID, az.AccountID)
assert.Equals(t, ch.Token, az.Token)
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, "zap.internal")
ch1 = &ch
return nil
},
MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error {
assert.Equals(t, _az.AccountID, az.AccountID)
assert.Equals(t, _az.Token, az.Token)
assert.Equals(t, _az.Status, acme.StatusPending)
assert.Equals(t, _az.Identifier, acme.Identifier{
Type: "dns",
Value: "zap.internal",
})
assert.Equals(t, _az.ExpiresAt, az.ExpiresAt)
assert.Equals(t, _az.Challenges, []*acme.Challenge{*ch1})
assert.Equals(t, _az.Wildcard, true)
return nil
},
},
az: az,
}
},
Status: "pending",
AuthorizationURLs: []string{"foo", "bar"},
}
for name, run := range tests {
t.Run(name, func(t *testing.T) {
tc := run(t)
h := &Handler{db: tc.db}
if err := h.newAuthorization(context.Background(), tc.az); err != nil {
if assert.NotNil(t, tc.err) {
switch k := err.(type) {
case *acme.Error:
assert.Equals(t, k.Type, tc.err.Type)
assert.Equals(t, k.Detail, tc.err.Detail)
assert.Equals(t, k.Status, tc.err.Status)
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
assert.Equals(t, k.Detail, tc.err.Detail)
default:
assert.FatalError(t, errors.New("unexpected error type"))
}
}
} else {
assert.Nil(t, tc.err)
}
})
}
}
func TestHandler_NewOrder(t *testing.T) {
// Request with chi context
prov := newProv()
provName := url.PathEscape(prov.GetName())
baseURL := &url.URL{Scheme: "https", Host: "test.ca.smallstep.com"}
url := fmt.Sprintf("%s/acme/%s/new-order",
url := fmt.Sprintf("%s/acme/%s/order/ordID",
baseURL.String(), provName)
type test struct {
db acme.DB
ctx context.Context
nor *NewOrderRequest
statusCode int
err *acme.Error
}
@ -422,33 +611,43 @@ func TestHandler_NewOrder(t *testing.T) {
}
},
"fail/no-provisioner": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
acc := &acme.Account{ID: "accountID"}
ctx := context.WithValue(context.Background(), accContextKey, acc)
return test{
ctx: ctx,
statusCode: 500,
err: acme.NewErrorISE("provisioner expected in request context"),
err: acme.NewErrorISE("provisioner does not exist"),
}
},
"fail/nil-provisioner": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
acc := &acme.Account{ID: "accountID"}
ctx := context.WithValue(context.Background(), provisionerContextKey, nil)
ctx = context.WithValue(ctx, accContextKey, acc)
return test{
ctx: ctx,
statusCode: 500,
err: acme.NewErrorISE("provisioner expected in request context"),
err: acme.NewErrorISE("provisioner does not exist"),
}
},
"fail/no-payload": func(t *testing.T) test {
acc := &acme.Account{ID: "accountID"}
ctx := context.WithValue(context.Background(), accContextKey, acc)
ctx = context.WithValue(ctx, provisionerContextKey, prov)
return test{
ctx: ctx,
statusCode: 500,
err: acme.NewErrorISE("payload does not exist"),
}
},
"fail/nil-payload": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
acc := &acme.Account{ID: "accountID"}
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, nil)
return test{
ctx: ctx,
statusCode: 500,
err: acme.NewErrorISE("payload expected in request context"),
err: acme.NewErrorISE("paylod does not exist"),
}
},
"fail/unmarshal-payload-error": func(t *testing.T) test {
@ -464,8 +663,8 @@ func TestHandler_NewOrder(t *testing.T) {
},
"fail/malformed-payload-error": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
nor := &NewOrderRequest{}
b, err := json.Marshal(nor)
fr := &NewOrderRequest{}
b, err := json.Marshal(fr)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
@ -476,86 +675,179 @@ func TestHandler_NewOrder(t *testing.T) {
err: acme.NewError(acme.ErrorMalformedType, "identifiers list cannot be empty"),
}
},
"fail/NewOrder-error": func(t *testing.T) test {
"fail/error-h.newAuthorization": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
nor := &NewOrderRequest{
fr := &NewOrderRequest{
Identifiers: []acme.Identifier{
{Type: "dns", Value: "example.com"},
{Type: "dns", Value: "bar.com"},
{Type: "dns", Value: "zap.internal"},
},
}
b, err := json.Marshal(nor)
b, err := json.Marshal(fr)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
return test{
ctx: ctx,
statusCode: 500,
db: &acme.MockDB{
MockCreateOrder: func(ctx context.Context, o *acme.Order) error {
return acme.NewError(acme.ErrorMalformedType, "force")
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
assert.Equals(t, ch.AccountID, "accID")
assert.Equals(t, ch.Type, "dns-01")
assert.NotEquals(t, ch.Token, "")
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, "zap.internal")
return errors.New("force")
},
},
ctx: ctx,
statusCode: 400,
err: acme.NewError(acme.ErrorMalformedType, "force"),
err: acme.NewErrorISE("error creating challenge: force"),
}
},
"ok": func(t *testing.T) test {
"fail/error-db.CreateOrder": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
nor := &NewOrderRequest{
fr := &NewOrderRequest{
Identifiers: []acme.Identifier{
{Type: "dns", Value: "example.com"},
{Type: "dns", Value: "bar.com"},
{Type: "dns", Value: "zap.internal"},
},
NotBefore: nbf,
NotAfter: naf,
}
b, err := json.Marshal(nor)
b, err := json.Marshal(fr)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
var (
ch1, ch2, ch3 **acme.Challenge
az1ID *string
count = 0
)
return test{
ctx: ctx,
statusCode: 500,
db: &acme.MockDB{
MockCreateOrder: func(ctx context.Context, o *acme.Order) error {
o.ID = "orderID"
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
return errors.New("force")
}
count++
assert.Equals(t, ch.AccountID, "accID")
assert.NotEquals(t, ch.Token, "")
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, "zap.internal")
return nil
},
MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error {
az.ID = "az1ID"
az1ID = &az.ID
assert.Equals(t, az.AccountID, "accID")
assert.NotEquals(t, az.Token, "")
assert.Equals(t, az.Status, acme.StatusPending)
assert.Equals(t, az.Identifier, fr.Identifiers[0])
assert.Equals(t, az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3})
assert.Equals(t, az.Wildcard, false)
return nil
},
MockCreateOrder: func(ctx context.Context, o *acme.Order) error {
assert.Equals(t, o.AccountID, "accID")
assert.Equals(t, o.ProvisionerID, prov.GetID())
assert.Equals(t, o.Status, acme.StatusPending)
assert.Equals(t, o.Identifiers, fr.Identifiers)
assert.Equals(t, o.AuthorizationIDs, []string{*az1ID})
return errors.New("force")
},
},
ctx: ctx,
statusCode: 201,
err: acme.NewErrorISE("error creating order: force"),
}
},
"ok/default-naf-nbf": func(t *testing.T) test {
"ok/no-naf-nbf": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
nor := &NewOrderRequest{
fr := &NewOrderRequest{
Identifiers: []acme.Identifier{
{Type: "dns", Value: "example.com"},
{Type: "dns", Value: "bar.com"},
{Type: "dns", Value: "zap.internal"},
},
}
b, err := json.Marshal(nor)
b, err := json.Marshal(fr)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
var (
ch1, ch2, ch3 **acme.Challenge
az1ID *string
count = 0
)
return test{
ctx: ctx,
statusCode: 201,
nor: fr,
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
return errors.New("force")
}
count++
assert.Equals(t, ch.AccountID, "accID")
assert.NotEquals(t, ch.Token, "")
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, "zap.internal")
return nil
},
MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error {
az.ID = "az1ID"
az1ID = &az.ID
assert.Equals(t, az.AccountID, "accID")
assert.NotEquals(t, az.Token, "")
assert.Equals(t, az.Status, acme.StatusPending)
assert.Equals(t, az.Identifier, fr.Identifiers[0])
assert.Equals(t, az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3})
assert.Equals(t, az.Wildcard, false)
return nil
},
MockCreateOrder: func(ctx context.Context, o *acme.Order) error {
o.ID = "ordID"
assert.Equals(t, o.AccountID, "accID")
assert.Equals(t, o.ProvisionerID, prov.GetID())
assert.Equals(t, o.Status, acme.StatusPending)
assert.Equals(t, o.Identifiers, fr.Identifiers)
assert.Equals(t, o.AuthorizationIDs, []string{*az1ID})
return nil
},
},
ctx: ctx,
statusCode: 201,
}
},
}
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := &Handler{linker: NewLinker("dns", "prefix"), db: tc.db}
h := &Handler{linker: NewLinker("dns", "acme"), db: tc.db}
req := httptest.NewRequest("GET", url, nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -578,18 +870,30 @@ func TestHandler_NewOrder(t *testing.T) {
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
assert.Equals(t, res.Header["Content-Type"], []string{"application/problem+json"})
} else {
expB, err := json.Marshal(o)
assert.FatalError(t, err)
assert.Equals(t, bytes.TrimSpace(body), expB)
assert.Equals(t, res.Header["Location"],
[]string{fmt.Sprintf("%s/acme/%s/order/%s", baseURL.String(),
provName, o.ID)})
ro := new(acme.Order)
err = json.Unmarshal(body, ro)
now := clock.Now()
orderExpiry := now.Add(defaultOrderExpiry)
certExpiry := now.Add(prov.DefaultTLSCertDuration())
assert.Equals(t, ro.ID, "ordID")
assert.Equals(t, ro.Status, acme.StatusPending)
assert.Equals(t, ro.Identifiers, tc.nor.Identifiers)
assert.Equals(t, ro.AuthorizationURLs, []string{"https://test.ca.smallstep.com/acme/test@acme-provisioner.com/authz/az1ID"})
assert.True(t, ro.NotBefore.Add(-time.Minute).Before(now))
assert.True(t, ro.NotBefore.Add(time.Minute).After(now))
assert.True(t, ro.NotAfter.Add(-time.Minute).Before(certExpiry))
assert.True(t, ro.NotAfter.Add(time.Minute).After(certExpiry))
assert.True(t, ro.ExpiresAt.Add(-time.Minute).Before(orderExpiry))
assert.True(t, ro.ExpiresAt.Add(time.Minute).After(orderExpiry))
assert.Equals(t, res.Header["Location"], []string{url})
assert.Equals(t, res.Header["Content-Type"], []string{"application/json"})
}
})
}
}
*/
func TestHandler_FinalizeOrder(t *testing.T) {
now := clock.Now()

1
acme/challenge.go
Unescape Escape View File

@ -29,7 +29,6 @@ type Challenge struct {
URL string `json:"url"`
Error *Error `json:"error,omitempty"`
ID string `json:"-"`
AuthzID string `json:"-"`
AccountID string `json:"-"`
Value string `json:"-"`
}

262
acme/challenge_test.go
Unescape Escape View File

@ -39,17 +39,15 @@ func Test_storeError(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/db.UpdateChallenge-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
ch: ch,
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -66,17 +64,15 @@ func Test_storeError(t *testing.T) {
},
"fail/db.UpdateChallenge-acme-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
ch: ch,
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -93,17 +89,15 @@ func Test_storeError(t *testing.T) {
},
"ok": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
ch: ch,
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -236,12 +230,11 @@ func TestChallenge_Validate(t *testing.T) {
},
"fail/http-01": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
Status: StatusPending,
AuthzID: "azID",
Type: "http-01",
Token: "token",
Value: "zap.internal",
ID: "chID",
Status: StatusPending,
Type: "http-01",
Token: "token",
Value: "zap.internal",
}
return test{
@ -254,7 +247,6 @@ func TestChallenge_Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Type, ch.Type)
assert.Equals(t, updch.Status, ch.Status)
@ -274,12 +266,11 @@ func TestChallenge_Validate(t *testing.T) {
},
"ok/http-01": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
Status: StatusPending,
AuthzID: "azID",
Type: "http-01",
Token: "token",
Value: "zap.internal",
ID: "chID",
Status: StatusPending,
Type: "http-01",
Token: "token",
Value: "zap.internal",
}
return test{
@ -292,7 +283,6 @@ func TestChallenge_Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Type, ch.Type)
assert.Equals(t, updch.Status, ch.Status)
@ -311,12 +301,11 @@ func TestChallenge_Validate(t *testing.T) {
},
"fail/dns-01": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
Type: "dns-01",
Status: StatusPending,
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Type: "dns-01",
Status: StatusPending,
Token: "token",
Value: "zap.internal",
}
return test{
@ -329,7 +318,6 @@ func TestChallenge_Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Type, ch.Type)
assert.Equals(t, updch.Status, ch.Status)
@ -350,12 +338,11 @@ func TestChallenge_Validate(t *testing.T) {
},
"ok/dns-01": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
Type: "dns-01",
Status: StatusPending,
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Type: "dns-01",
Status: StatusPending,
Token: "token",
Value: "zap.internal",
}
return test{
@ -368,7 +355,6 @@ func TestChallenge_Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Type, ch.Type)
assert.Equals(t, updch.Status, ch.Status)
@ -388,12 +374,11 @@ func TestChallenge_Validate(t *testing.T) {
},
"fail/tls-alpn-01": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Type: "tls-alpn-01",
Status: StatusPending,
Value: "zap.internal",
ID: "chID",
Token: "token",
Type: "tls-alpn-01",
Status: StatusPending,
Value: "zap.internal",
}
return test{
ch: ch,
@ -405,7 +390,6 @@ func TestChallenge_Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -426,12 +410,11 @@ func TestChallenge_Validate(t *testing.T) {
},
"ok/tls-alpn-01": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Type: "tls-alpn-01",
Status: StatusPending,
Value: "zap.internal",
ID: "chID",
Token: "token",
Type: "tls-alpn-01",
Status: StatusPending,
Value: "zap.internal",
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -455,7 +438,6 @@ func TestChallenge_Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -517,10 +499,9 @@ func TestHTTP01Validate(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/http-get-error-store-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
@ -533,7 +514,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s: force", ch.Token)
@ -550,10 +530,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"ok/http-get-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
@ -566,7 +545,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s: force", ch.Token)
@ -582,10 +560,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"fail/http-get->=400-store-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
@ -600,7 +577,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s with status code 400", ch.Token)
@ -617,10 +593,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"ok/http-get->=400": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
@ -635,7 +610,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s with status code 400", ch.Token)
@ -651,10 +625,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"fail/read-body": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
return test{
@ -671,10 +644,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"fail/key-auth-gen-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -695,10 +667,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"ok/key-auth-mismatch": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -719,7 +690,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -737,10 +707,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"fail/key-auth-mismatch-store-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -761,7 +730,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -780,10 +748,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"fail/update-challenge-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -804,7 +771,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
assert.Equals(t, updch.Status, StatusValid)
@ -823,10 +789,9 @@ func TestHTTP01Validate(t *testing.T) {
},
"ok": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: "zap.internal",
ID: "chID",
Token: "token",
Value: "zap.internal",
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -847,7 +812,6 @@ func TestHTTP01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -900,10 +864,9 @@ func TestDNS01Validate(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/lookupTXT-store-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: fulldomain,
ID: "chID",
Token: "token",
Value: fulldomain,
}
return test{
@ -916,7 +879,6 @@ func TestDNS01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorDNSType, "error looking up TXT records for domain %s: force", domain)
@ -934,10 +896,9 @@ func TestDNS01Validate(t *testing.T) {
},
"ok/lookupTXT-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: fulldomain,
ID: "chID",
Token: "token",
Value: fulldomain,
}
return test{
@ -950,7 +911,6 @@ func TestDNS01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorDNSType, "error looking up TXT records for domain %s: force", domain)
@ -967,10 +927,9 @@ func TestDNS01Validate(t *testing.T) {
},
"fail/key-auth-gen-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: fulldomain,
ID: "chID",
Token: "token",
Value: fulldomain,
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -990,10 +949,9 @@ func TestDNS01Validate(t *testing.T) {
},
"fail/key-auth-mismatch-store-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: fulldomain,
ID: "chID",
Token: "token",
Value: fulldomain,
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -1012,7 +970,6 @@ func TestDNS01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorRejectedIdentifierType, "keyAuthorization does not match; expected %s, but got %s", expKeyAuth, []string{"foo", "bar"})
@ -1031,10 +988,9 @@ func TestDNS01Validate(t *testing.T) {
},
"ok/key-auth-mismatch-store-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: fulldomain,
ID: "chID",
Token: "token",
Value: fulldomain,
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -1053,7 +1009,6 @@ func TestDNS01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
err := NewError(ErrorRejectedIdentifierType, "keyAuthorization does not match; expected %s, but got %s", expKeyAuth, []string{"foo", "bar"})
@ -1071,10 +1026,9 @@ func TestDNS01Validate(t *testing.T) {
},
"fail/update-challenge-error": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: fulldomain,
ID: "chID",
Token: "token",
Value: fulldomain,
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -1095,7 +1049,6 @@ func TestDNS01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -1116,10 +1069,9 @@ func TestDNS01Validate(t *testing.T) {
},
"ok": func(t *testing.T) test {
ch := &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Value: fulldomain,
ID: "chID",
Token: "token",
Value: fulldomain,
}
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
@ -1140,7 +1092,6 @@ func TestDNS01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Value, ch.Value)
@ -1277,12 +1228,11 @@ func newTLSALPNValidationCert(keyAuthHash []byte, obsoleteOID, critical bool, na
func TestTLSALPN01Validate(t *testing.T) {
makeTLSCh := func() *Challenge {
return &Challenge{
ID: "chID",
AuthzID: "azID",
Token: "token",
Type: "tls-alpn-01",
Status: StatusPending,
Value: "zap.internal",
ID: "chID",
Token: "token",
Type: "tls-alpn-01",
Status: StatusPending,
Value: "zap.internal",
}
}
type test struct {
@ -1306,7 +1256,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1337,7 +1286,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1369,7 +1317,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1401,7 +1348,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1432,7 +1378,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1469,7 +1414,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1507,7 +1451,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1552,7 +1495,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1596,7 +1538,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1641,7 +1582,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1685,7 +1625,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1752,7 +1691,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1792,7 +1730,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1837,7 +1774,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1881,7 +1817,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1922,7 +1857,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -1962,7 +1896,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -2008,7 +1941,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -2055,7 +1987,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -2102,7 +2033,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -2147,7 +2077,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)
@ -2193,7 +2122,6 @@ func TestTLSALPN01Validate(t *testing.T) {
db: &MockDB{
MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error {
assert.Equals(t, updch.ID, ch.ID)
assert.Equals(t, updch.AuthzID, ch.AuthzID)
assert.Equals(t, updch.Token, ch.Token)
assert.Equals(t, updch.Status, ch.Status)
assert.Equals(t, updch.Type, ch.Type)

3
acme/db/nosql/challenge.go
Unescape Escape View File

@ -13,7 +13,6 @@ import (
type dbChallenge struct {
ID string `json:"id"`
AccountID string `json:"accountID"`
AuthzID string `json:"authzID"`
Type string `json:"type"`
Status acme.Status `json:"status"`
Token string `json:"token"`
@ -54,7 +53,6 @@ func (db *DB) CreateChallenge(ctx context.Context, ch *acme.Challenge) error {
dbch := &dbChallenge{
ID: ch.ID,
AuthzID: ch.AuthzID,
AccountID: ch.AccountID,
Value: ch.Value,
Status: acme.StatusPending,
@ -77,7 +75,6 @@ func (db *DB) GetChallenge(ctx context.Context, id, authzID string) (*acme.Chall
ch := &acme.Challenge{
ID: dbch.ID,
AccountID: dbch.AccountID,
AuthzID: dbch.AuthzID,
Type: dbch.Type,
Value: dbch.Value,
Status: dbch.Status,

13
acme/db/nosql/challenge_test.go
Unescape Escape View File

@ -66,7 +66,6 @@ func TestDB_getDBChallenge(t *testing.T) {
dbc := &dbChallenge{
ID: chID,
AccountID: "accountID",
AuthzID: "authzID",
Type: "dns-01",
Status: acme.StatusPending,
Token: "token",
@ -113,7 +112,6 @@ func TestDB_getDBChallenge(t *testing.T) {
if assert.Nil(t, tc.err) {
assert.Equals(t, ch.ID, tc.dbc.ID)
assert.Equals(t, ch.AccountID, tc.dbc.AccountID)
assert.Equals(t, ch.AuthzID, tc.dbc.AuthzID)
assert.Equals(t, ch.Type, tc.dbc.Type)
assert.Equals(t, ch.Status, tc.dbc.Status)
assert.Equals(t, ch.Token, tc.dbc.Token)
@ -137,7 +135,6 @@ func TestDB_CreateChallenge(t *testing.T) {
"fail/cmpAndSwap-error": func(t *testing.T) test {
ch := &acme.Challenge{
AccountID: "accountID",
AuthzID: "authzID",
Type: "dns-01",
Status: acme.StatusPending,
Token: "token",
@ -154,7 +151,6 @@ func TestDB_CreateChallenge(t *testing.T) {
assert.FatalError(t, json.Unmarshal(nu, dbc))
assert.Equals(t, dbc.ID, string(key))
assert.Equals(t, dbc.AccountID, ch.AccountID)
assert.Equals(t, dbc.AuthzID, ch.AuthzID)
assert.Equals(t, dbc.Type, ch.Type)
assert.Equals(t, dbc.Status, ch.Status)
assert.Equals(t, dbc.Token, ch.Token)
@ -174,7 +170,6 @@ func TestDB_CreateChallenge(t *testing.T) {
idPtr = &id
ch = &acme.Challenge{
AccountID: "accountID",
AuthzID: "authzID",
Type: "dns-01",
Status: acme.StatusPending,
Token: "token",
@ -195,7 +190,6 @@ func TestDB_CreateChallenge(t *testing.T) {
assert.FatalError(t, json.Unmarshal(nu, dbc))
assert.Equals(t, dbc.ID, string(key))
assert.Equals(t, dbc.AccountID, ch.AccountID)
assert.Equals(t, dbc.AuthzID, ch.AuthzID)
assert.Equals(t, dbc.Type, ch.Type)
assert.Equals(t, dbc.Status, ch.Status)
assert.Equals(t, dbc.Token, ch.Token)
@ -266,7 +260,6 @@ func TestDB_GetChallenge(t *testing.T) {
dbc := &dbChallenge{
ID: chID,
AccountID: "accountID",
AuthzID: azID,
Type: "dns-01",
Status: acme.StatusPending,
Token: "token",
@ -313,7 +306,6 @@ func TestDB_GetChallenge(t *testing.T) {
if assert.Nil(t, tc.err) {
assert.Equals(t, ch.ID, tc.dbc.ID)
assert.Equals(t, ch.AccountID, tc.dbc.AccountID)
assert.Equals(t, ch.AuthzID, tc.dbc.AuthzID)
assert.Equals(t, ch.Type, tc.dbc.Type)
assert.Equals(t, ch.Status, tc.dbc.Status)
assert.Equals(t, ch.Token, tc.dbc.Token)
@ -331,7 +323,6 @@ func TestDB_UpdateChallenge(t *testing.T) {
dbc := &dbChallenge{
ID: chID,
AccountID: "accountID",
AuthzID: "azID",
Type: "dns-01",
Status: acme.StatusPending,
Token: "token",
@ -390,7 +381,6 @@ func TestDB_UpdateChallenge(t *testing.T) {
assert.FatalError(t, json.Unmarshal(nu, dbNew))
assert.Equals(t, dbNew.ID, dbc.ID)
assert.Equals(t, dbNew.AccountID, dbc.AccountID)
assert.Equals(t, dbNew.AuthzID, dbc.AuthzID)
assert.Equals(t, dbNew.Type, dbc.Type)
assert.Equals(t, dbNew.Status, updCh.Status)
assert.Equals(t, dbNew.Token, dbc.Token)
@ -408,7 +398,6 @@ func TestDB_UpdateChallenge(t *testing.T) {
updCh := &acme.Challenge{
ID: dbc.ID,
AccountID: dbc.AccountID,
AuthzID: dbc.AuthzID,
Type: dbc.Type,
Token: dbc.Token,
Value: dbc.Value,
@ -437,7 +426,6 @@ func TestDB_UpdateChallenge(t *testing.T) {
assert.FatalError(t, json.Unmarshal(nu, dbNew))
assert.Equals(t, dbNew.ID, dbc.ID)
assert.Equals(t, dbNew.AccountID, dbc.AccountID)
assert.Equals(t, dbNew.AuthzID, dbc.AuthzID)
assert.Equals(t, dbNew.Type, dbc.Type)
assert.Equals(t, dbNew.Token, dbc.Token)
assert.Equals(t, dbNew.Value, dbc.Value)
@ -463,7 +451,6 @@ func TestDB_UpdateChallenge(t *testing.T) {
if assert.Nil(t, tc.err) {
assert.Equals(t, tc.ch.ID, dbc.ID)
assert.Equals(t, tc.ch.AccountID, dbc.AccountID)
assert.Equals(t, tc.ch.AuthzID, dbc.AuthzID)
assert.Equals(t, tc.ch.Type, dbc.Type)
assert.Equals(t, tc.ch.Token, dbc.Token)
assert.Equals(t, tc.ch.Value, dbc.Value)

Write Preview
Loading…
Cancel
Save