diff --git a/acme/api/account_test.go b/acme/api/account_test.go index 918c31c5..7cbe7b7c 100644 --- a/acme/api/account_test.go +++ b/acme/api/account_test.go @@ -28,7 +28,7 @@ var ( } ) -func newProv() provisioner.Interface { +func newProv() acme.Provisioner { // Initialize provisioners p := &provisioner.ACME{ Type: "ACME", diff --git a/acme/api/handler.go b/acme/api/handler.go index 47c93dfc..31477fca 100644 --- a/acme/api/handler.go +++ b/acme/api/handler.go @@ -1,6 +1,7 @@ package api import ( + "context" "crypto/tls" "crypto/x509" "encoding/json" @@ -70,14 +71,28 @@ func NewHandler(ops HandlerOptions) api.RouterHandler { dialer := &net.Dialer{ Timeout: 30 * time.Second, } + resolver := &net.Resolver{ + // The DNS resolver can be configured for testing purposes with something + // like this: + // + // PreferGo: true, + // Dial: func(ctx context.Context, network, address string) (net.Conn, error) { + // var d net.Dialer + // return d.DialContext(ctx, "udp", "127.0.0.1:5333") + // }, + } return &Handler{ ca: ops.CA, db: ops.DB, backdate: ops.Backdate, linker: NewLinker(ops.DNS, ops.Prefix), validateChallengeOptions: &acme.ValidateChallengeOptions{ - HTTPGet: client.Get, - LookupTxt: net.LookupTXT, + HTTPGet: client.Get, + LookupTxt: func(name string) ([]string, error) { + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + return resolver.LookupTXT(ctx, name) + }, TLSDial: func(network, addr string, config *tls.Config) (*tls.Conn, error) { return tls.DialWithDialer(dialer, network, addr, config) }, @@ -216,7 +231,8 @@ func (h *Handler) GetChallenge(w http.ResponseWriter, r *http.Request) { // strict enforcement would render these clients broken. For the time being // we'll just ignore the body. - ch, err := h.db.GetChallenge(ctx, chi.URLParam(r, "chID"), chi.URLParam(r, "authzID")) + azID := chi.URLParam(r, "authzID") + ch, err := h.db.GetChallenge(ctx, chi.URLParam(r, "chID"), azID) if err != nil { api.WriteError(w, acme.WrapErrorISE(err, "error retrieving challenge")) return @@ -236,10 +252,10 @@ func (h *Handler) GetChallenge(w http.ResponseWriter, r *http.Request) { return } - h.linker.LinkChallenge(ctx, ch) + h.linker.LinkChallenge(ctx, ch, azID) - w.Header().Add("Link", link(h.linker.GetLink(ctx, AuthzLinkType, true, ch.AuthzID), "up")) - w.Header().Set("Location", h.linker.GetLink(ctx, ChallengeLinkType, true, ch.AuthzID, ch.ID)) + w.Header().Add("Link", link(h.linker.GetLink(ctx, AuthzLinkType, true, azID), "up")) + w.Header().Set("Location", h.linker.GetLink(ctx, ChallengeLinkType, true, azID, ch.ID)) api.JSON(w, ch) } diff --git a/acme/api/handler_test.go b/acme/api/handler_test.go index 19e5da76..eb8b9f56 100644 --- a/acme/api/handler_test.go +++ b/acme/api/handler_test.go @@ -126,20 +126,18 @@ func TestHandler_GetAuthorization(t *testing.T) { Wildcard: false, Challenges: []*acme.Challenge{ { - Type: "http-01", - Status: "pending", - Token: "tok2", - URL: "https://ca.smallstep.com/acme/challenge/chHTTPID", - ID: "chHTTP01ID", - AuthzID: "authzID", + Type: "http-01", + Status: "pending", + Token: "tok2", + URL: "https://ca.smallstep.com/acme/challenge/chHTTPID", + ID: "chHTTP01ID", }, { - Type: "dns-01", - Status: "pending", - Token: "tok2", - URL: "https://ca.smallstep.com/acme/challenge/chDNSID", - ID: "chDNSID", - AuthzID: "authzID", + Type: "dns-01", + Status: "pending", + Token: "tok2", + URL: "https://ca.smallstep.com/acme/challenge/chDNSID", + ID: "chDNSID", }, }, } @@ -429,12 +427,11 @@ func TestHandler_GetCertificate(t *testing.T) { func ch() acme.Challenge { return acme.Challenge{ - Type: "http-01", - Status: "pending", - Token: "tok2", - URL: "https://ca.smallstep.com/acme/challenge/chID", - ID: "chID", - AuthzID: "authzID", + Type: "http-01", + Status: "pending", + Token: "tok2", + URL: "https://ca.smallstep.com/acme/challenge/chID", + ID: "chID", } } @@ -627,7 +624,6 @@ func TestHandler_GetChallenge(t *testing.T) { assert.Equals(t, azID, "authzID") return &acme.Challenge{ ID: "chID", - AuthzID: "authzID", Status: acme.StatusPending, Type: "http-01", AccountID: "accID", @@ -643,7 +639,6 @@ func TestHandler_GetChallenge(t *testing.T) { }, ch: &acme.Challenge{ ID: "chID", - AuthzID: "authzID", Status: acme.StatusPending, Type: "http-01", AccountID: "accID", @@ -689,7 +684,7 @@ func TestHandler_GetChallenge(t *testing.T) { expB, err := json.Marshal(tc.ch) assert.FatalError(t, err) assert.Equals(t, bytes.TrimSpace(body), expB) - assert.Equals(t, res.Header["Link"], []string{fmt.Sprintf("<%s/acme/%s/authz/%s>;rel=\"up\"", baseURL, provName, tc.ch.AuthzID)}) + assert.Equals(t, res.Header["Link"], []string{fmt.Sprintf("<%s/acme/%s/authz/%s>;rel=\"up\"", baseURL, provName, "authzID")}) assert.Equals(t, res.Header["Location"], []string{url}) assert.Equals(t, res.Header["Content-Type"], []string{"application/json"}) } diff --git a/acme/api/linker.go b/acme/api/linker.go index b5995852..9459e1bc 100644 --- a/acme/api/linker.go +++ b/acme/api/linker.go @@ -20,7 +20,7 @@ type Linker interface { LinkOrder(ctx context.Context, o *acme.Order) LinkAccount(ctx context.Context, o *acme.Account) - LinkChallenge(ctx context.Context, o *acme.Challenge) + LinkChallenge(ctx context.Context, o *acme.Challenge, azID string) LinkAuthorization(ctx context.Context, o *acme.Authorization) LinkOrdersByAccountID(ctx context.Context, orders []string) } @@ -164,14 +164,14 @@ func (l *linker) LinkAccount(ctx context.Context, acc *acme.Account) { } // LinkChallenge sets the ACME links required by an ACME challenge. -func (l *linker) LinkChallenge(ctx context.Context, ch *acme.Challenge) { - ch.URL = l.GetLink(ctx, ChallengeLinkType, true, ch.AuthzID, ch.ID) +func (l *linker) LinkChallenge(ctx context.Context, ch *acme.Challenge, azID string) { + ch.URL = l.GetLink(ctx, ChallengeLinkType, true, azID, ch.ID) } // LinkAuthorization sets the ACME links required by an ACME authorization. func (l *linker) LinkAuthorization(ctx context.Context, az *acme.Authorization) { for _, ch := range az.Challenges { - l.LinkChallenge(ctx, ch) + l.LinkChallenge(ctx, ch, az.ID) } } diff --git a/acme/api/linker_test.go b/acme/api/linker_test.go index c3075a1a..2252e334 100644 --- a/acme/api/linker_test.go +++ b/acme/api/linker_test.go @@ -214,17 +214,16 @@ func TestLinker_LinkChallenge(t *testing.T) { var tests = map[string]test{ "ok": { ch: &acme.Challenge{ - ID: chID, - AuthzID: azID, + ID: chID, }, validate: func(ch *acme.Challenge) { - assert.Equals(t, ch.URL, fmt.Sprintf("%s/%s/%s/challenge/%s/%s", baseURL, linkerPrefix, provName, ch.AuthzID, ch.ID)) + assert.Equals(t, ch.URL, fmt.Sprintf("%s/%s/%s/challenge/%s/%s", baseURL, linkerPrefix, provName, azID, ch.ID)) }, }, } for name, tc := range tests { t.Run(name, func(t *testing.T) { - l.LinkChallenge(ctx, tc.ch) + l.LinkChallenge(ctx, tc.ch, azID) tc.validate(tc.ch) }) } @@ -252,9 +251,9 @@ func TestLinker_LinkAuthorization(t *testing.T) { az: &acme.Authorization{ ID: azID, Challenges: []*acme.Challenge{ - {ID: chID0, AuthzID: azID}, - {ID: chID1, AuthzID: azID}, - {ID: chID2, AuthzID: azID}, + {ID: chID0}, + {ID: chID1}, + {ID: chID2}, }, }, validate: func(az *acme.Authorization) { diff --git a/acme/api/order.go b/acme/api/order.go index 379c2287..9f557d7f 100644 --- a/acme/api/order.go +++ b/acme/api/order.go @@ -59,6 +59,7 @@ func (f *FinalizeRequest) Validate() error { } var defaultOrderExpiry = time.Hour * 24 +var defaultOrderBackdate = time.Minute // NewOrder ACME api for creating a new order. func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) { @@ -90,22 +91,23 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) { } now := clock.Now() - expiry := now.Add(defaultOrderExpiry) // New order. o := &acme.Order{ - AccountID: acc.ID, - ProvisionerID: prov.GetID(), - Status: acme.StatusPending, - ExpiresAt: expiry, - Identifiers: nor.Identifiers, + AccountID: acc.ID, + ProvisionerID: prov.GetID(), + Status: acme.StatusPending, + Identifiers: nor.Identifiers, + ExpiresAt: now.Add(defaultOrderExpiry), + AuthorizationIDs: make([]string, len(nor.Identifiers)), + NotBefore: nor.NotBefore, + NotAfter: nor.NotAfter, } - o.AuthorizationIDs = make([]string, len(o.Identifiers)) for i, identifier := range o.Identifiers { az := &acme.Authorization{ AccountID: acc.ID, Identifier: identifier, - ExpiresAt: expiry, + ExpiresAt: o.ExpiresAt, Status: acme.StatusPending, } if err := h.newAuthorization(ctx, az); err != nil { @@ -121,6 +123,9 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) { if o.NotAfter.IsZero() { o.NotAfter = o.NotBefore.Add(prov.DefaultTLSCertDuration()) } + if nor.NotBefore.IsZero() { + o.NotBefore.Add(-defaultOrderBackdate) + } if err := h.db.CreateOrder(ctx, o); err != nil { api.WriteError(w, acme.WrapErrorISE(err, "error creating order")) @@ -155,19 +160,17 @@ func (h *Handler) newAuthorization(ctx context.Context, az *acme.Authorization) if err != nil { return acme.WrapErrorISE(err, "error generating random alphanumeric ID") } - az.Challenges = make([]*acme.Challenge, len(chTypes)) for i, typ := range chTypes { ch := &acme.Challenge{ AccountID: az.AccountID, - AuthzID: az.ID, Value: az.Identifier.Value, Type: typ, Token: az.Token, Status: acme.StatusPending, } if err := h.db.CreateChallenge(ctx, ch); err != nil { - return err + return acme.WrapErrorISE(err, "error creating challenge") } az.Challenges[i] = ch } diff --git a/acme/api/order_test.go b/acme/api/order_test.go index 84136fa3..62652812 100644 --- a/acme/api/order_test.go +++ b/acme/api/order_test.go @@ -14,6 +14,7 @@ import ( "time" "github.com/go-chi/chi" + "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/acme" "go.step.sm/crypto/pemutil" @@ -374,33 +375,221 @@ func TestHandler_GetOrder(t *testing.T) { } } -/* -func TestHandler_NewOrder(t *testing.T) { - expiry := time.Now().UTC().Add(6 * time.Hour) - nbf := time.Now().UTC().Add(5 * time.Hour) - naf := nbf.Add(17 * time.Hour) - o := acme.Order{ - ID: "orderID", - ExpiresAt: expiry, - NotBefore: nbf, - NotAfter: naf, - Identifiers: []acme.Identifier{ - {Type: "dns", Value: "example.com"}, - {Type: "dns", Value: "bar.com"}, +func TestHandler_newAuthorization(t *testing.T) { + type test struct { + az *acme.Authorization + db acme.DB + err *acme.Error + } + var tests = map[string]func(t *testing.T) test{ + "fail/error-db.CreateChallenge": func(t *testing.T) test { + az := &acme.Authorization{ + AccountID: "accID", + Identifier: acme.Identifier{ + Type: "dns", + Value: "zap.internal", + }, + } + return test{ + db: &acme.MockDB{ + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + assert.Equals(t, ch.AccountID, az.AccountID) + assert.Equals(t, ch.Type, "dns-01") + assert.Equals(t, ch.Token, az.Token) + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, az.Identifier.Value) + return errors.New("force") + }, + }, + az: az, + err: acme.NewErrorISE("error creating challenge: force"), + } + }, + "fail/error-db.CreateAuthorization": func(t *testing.T) test { + az := &acme.Authorization{ + AccountID: "accID", + Identifier: acme.Identifier{ + Type: "dns", + Value: "zap.internal", + }, + Status: acme.StatusPending, + ExpiresAt: clock.Now(), + } + count := 0 + var ch1, ch2, ch3 **acme.Challenge + return test{ + db: &acme.MockDB{ + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + switch count { + case 0: + ch.ID = "dns" + assert.Equals(t, ch.Type, "dns-01") + ch1 = &ch + case 1: + ch.ID = "http" + assert.Equals(t, ch.Type, "http-01") + ch2 = &ch + case 2: + ch.ID = "tls" + assert.Equals(t, ch.Type, "tls-alpn-01") + ch3 = &ch + default: + assert.FatalError(t, errors.New("test logic error")) + return errors.New("force") + } + count++ + assert.Equals(t, ch.AccountID, az.AccountID) + assert.Equals(t, ch.Token, az.Token) + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, az.Identifier.Value) + return nil + }, + MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error { + assert.Equals(t, _az.AccountID, az.AccountID) + assert.Equals(t, _az.Token, az.Token) + assert.Equals(t, _az.Status, acme.StatusPending) + assert.Equals(t, _az.Identifier, az.Identifier) + assert.Equals(t, _az.ExpiresAt, az.ExpiresAt) + assert.Equals(t, _az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3}) + assert.Equals(t, _az.Wildcard, false) + return errors.New("force") + }, + }, + az: az, + err: acme.NewErrorISE("error creating authorization: force"), + } + }, + "ok/no-wildcard": func(t *testing.T) test { + az := &acme.Authorization{ + AccountID: "accID", + Identifier: acme.Identifier{ + Type: "dns", + Value: "zap.internal", + }, + Status: acme.StatusPending, + ExpiresAt: clock.Now(), + } + count := 0 + var ch1, ch2, ch3 **acme.Challenge + return test{ + db: &acme.MockDB{ + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + switch count { + case 0: + ch.ID = "dns" + assert.Equals(t, ch.Type, "dns-01") + ch1 = &ch + case 1: + ch.ID = "http" + assert.Equals(t, ch.Type, "http-01") + ch2 = &ch + case 2: + ch.ID = "tls" + assert.Equals(t, ch.Type, "tls-alpn-01") + ch3 = &ch + default: + assert.FatalError(t, errors.New("test logic error")) + return errors.New("force") + } + count++ + assert.Equals(t, ch.AccountID, az.AccountID) + assert.Equals(t, ch.Token, az.Token) + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, az.Identifier.Value) + return nil + }, + MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error { + assert.Equals(t, _az.AccountID, az.AccountID) + assert.Equals(t, _az.Token, az.Token) + assert.Equals(t, _az.Status, acme.StatusPending) + assert.Equals(t, _az.Identifier, az.Identifier) + assert.Equals(t, _az.ExpiresAt, az.ExpiresAt) + assert.Equals(t, _az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3}) + assert.Equals(t, _az.Wildcard, false) + return nil + }, + }, + az: az, + } + }, + "ok/wildcard": func(t *testing.T) test { + az := &acme.Authorization{ + AccountID: "accID", + Identifier: acme.Identifier{ + Type: "dns", + Value: "*.zap.internal", + }, + Status: acme.StatusPending, + ExpiresAt: clock.Now(), + } + var ch1 **acme.Challenge + return test{ + db: &acme.MockDB{ + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + ch.ID = "dns" + assert.Equals(t, ch.Type, "dns-01") + assert.Equals(t, ch.AccountID, az.AccountID) + assert.Equals(t, ch.Token, az.Token) + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, "zap.internal") + ch1 = &ch + return nil + }, + MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error { + assert.Equals(t, _az.AccountID, az.AccountID) + assert.Equals(t, _az.Token, az.Token) + assert.Equals(t, _az.Status, acme.StatusPending) + assert.Equals(t, _az.Identifier, acme.Identifier{ + Type: "dns", + Value: "zap.internal", + }) + assert.Equals(t, _az.ExpiresAt, az.ExpiresAt) + assert.Equals(t, _az.Challenges, []*acme.Challenge{*ch1}) + assert.Equals(t, _az.Wildcard, true) + return nil + }, + }, + az: az, + } }, - Status: "pending", - AuthorizationURLs: []string{"foo", "bar"}, } + for name, run := range tests { + t.Run(name, func(t *testing.T) { + tc := run(t) + h := &Handler{db: tc.db} + if err := h.newAuthorization(context.Background(), tc.az); err != nil { + if assert.NotNil(t, tc.err) { + switch k := err.(type) { + case *acme.Error: + assert.Equals(t, k.Type, tc.err.Type) + assert.Equals(t, k.Detail, tc.err.Detail) + assert.Equals(t, k.Status, tc.err.Status) + assert.Equals(t, k.Err.Error(), tc.err.Err.Error()) + assert.Equals(t, k.Detail, tc.err.Detail) + default: + assert.FatalError(t, errors.New("unexpected error type")) + } + } + } else { + assert.Nil(t, tc.err) + } + }) + + } +} +func TestHandler_NewOrder(t *testing.T) { + // Request with chi context prov := newProv() provName := url.PathEscape(prov.GetName()) baseURL := &url.URL{Scheme: "https", Host: "test.ca.smallstep.com"} - url := fmt.Sprintf("%s/acme/%s/new-order", + url := fmt.Sprintf("%s/acme/%s/order/ordID", baseURL.String(), provName) type test struct { db acme.DB ctx context.Context + nor *NewOrderRequest statusCode int err *acme.Error } @@ -422,33 +611,43 @@ func TestHandler_NewOrder(t *testing.T) { } }, "fail/no-provisioner": func(t *testing.T) test { - acc := &acme.Account{ID: "accID"} + acc := &acme.Account{ID: "accountID"} ctx := context.WithValue(context.Background(), accContextKey, acc) return test{ ctx: ctx, statusCode: 500, - err: acme.NewErrorISE("provisioner expected in request context"), + err: acme.NewErrorISE("provisioner does not exist"), } }, "fail/nil-provisioner": func(t *testing.T) test { - acc := &acme.Account{ID: "accID"} + acc := &acme.Account{ID: "accountID"} ctx := context.WithValue(context.Background(), provisionerContextKey, nil) ctx = context.WithValue(ctx, accContextKey, acc) return test{ ctx: ctx, statusCode: 500, - err: acme.NewErrorISE("provisioner expected in request context"), + err: acme.NewErrorISE("provisioner does not exist"), + } + }, + "fail/no-payload": func(t *testing.T) test { + acc := &acme.Account{ID: "accountID"} + ctx := context.WithValue(context.Background(), accContextKey, acc) + ctx = context.WithValue(ctx, provisionerContextKey, prov) + return test{ + ctx: ctx, + statusCode: 500, + err: acme.NewErrorISE("payload does not exist"), } }, "fail/nil-payload": func(t *testing.T) test { - acc := &acme.Account{ID: "accID"} + acc := &acme.Account{ID: "accountID"} ctx := context.WithValue(context.Background(), provisionerContextKey, prov) ctx = context.WithValue(ctx, accContextKey, acc) ctx = context.WithValue(ctx, payloadContextKey, nil) return test{ ctx: ctx, statusCode: 500, - err: acme.NewErrorISE("payload expected in request context"), + err: acme.NewErrorISE("paylod does not exist"), } }, "fail/unmarshal-payload-error": func(t *testing.T) test { @@ -464,8 +663,8 @@ func TestHandler_NewOrder(t *testing.T) { }, "fail/malformed-payload-error": func(t *testing.T) test { acc := &acme.Account{ID: "accID"} - nor := &NewOrderRequest{} - b, err := json.Marshal(nor) + fr := &NewOrderRequest{} + b, err := json.Marshal(fr) assert.FatalError(t, err) ctx := context.WithValue(context.Background(), provisionerContextKey, prov) ctx = context.WithValue(ctx, accContextKey, acc) @@ -476,86 +675,179 @@ func TestHandler_NewOrder(t *testing.T) { err: acme.NewError(acme.ErrorMalformedType, "identifiers list cannot be empty"), } }, - "fail/NewOrder-error": func(t *testing.T) test { + "fail/error-h.newAuthorization": func(t *testing.T) test { acc := &acme.Account{ID: "accID"} - nor := &NewOrderRequest{ + fr := &NewOrderRequest{ Identifiers: []acme.Identifier{ - {Type: "dns", Value: "example.com"}, - {Type: "dns", Value: "bar.com"}, + {Type: "dns", Value: "zap.internal"}, }, } - b, err := json.Marshal(nor) + b, err := json.Marshal(fr) assert.FatalError(t, err) ctx := context.WithValue(context.Background(), provisionerContextKey, prov) ctx = context.WithValue(ctx, accContextKey, acc) ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b}) return test{ + ctx: ctx, + statusCode: 500, db: &acme.MockDB{ - MockCreateOrder: func(ctx context.Context, o *acme.Order) error { - return acme.NewError(acme.ErrorMalformedType, "force") + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + assert.Equals(t, ch.AccountID, "accID") + assert.Equals(t, ch.Type, "dns-01") + assert.NotEquals(t, ch.Token, "") + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, "zap.internal") + return errors.New("force") }, }, - ctx: ctx, - statusCode: 400, - err: acme.NewError(acme.ErrorMalformedType, "force"), + err: acme.NewErrorISE("error creating challenge: force"), } }, - "ok": func(t *testing.T) test { + "fail/error-db.CreateOrder": func(t *testing.T) test { acc := &acme.Account{ID: "accID"} - nor := &NewOrderRequest{ + fr := &NewOrderRequest{ Identifiers: []acme.Identifier{ - {Type: "dns", Value: "example.com"}, - {Type: "dns", Value: "bar.com"}, + {Type: "dns", Value: "zap.internal"}, }, - NotBefore: nbf, - NotAfter: naf, } - b, err := json.Marshal(nor) + b, err := json.Marshal(fr) assert.FatalError(t, err) ctx := context.WithValue(context.Background(), provisionerContextKey, prov) ctx = context.WithValue(ctx, accContextKey, acc) ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b}) - ctx = context.WithValue(ctx, baseURLContextKey, baseURL) + var ( + ch1, ch2, ch3 **acme.Challenge + az1ID *string + count = 0 + ) return test{ + ctx: ctx, + statusCode: 500, db: &acme.MockDB{ - MockCreateOrder: func(ctx context.Context, o *acme.Order) error { - o.ID = "orderID" + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + switch count { + case 0: + ch.ID = "dns" + assert.Equals(t, ch.Type, "dns-01") + ch1 = &ch + case 1: + ch.ID = "http" + assert.Equals(t, ch.Type, "http-01") + ch2 = &ch + case 2: + ch.ID = "tls" + assert.Equals(t, ch.Type, "tls-alpn-01") + ch3 = &ch + default: + assert.FatalError(t, errors.New("test logic error")) + return errors.New("force") + } + count++ + assert.Equals(t, ch.AccountID, "accID") + assert.NotEquals(t, ch.Token, "") + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, "zap.internal") return nil }, + MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error { + az.ID = "az1ID" + az1ID = &az.ID + assert.Equals(t, az.AccountID, "accID") + assert.NotEquals(t, az.Token, "") + assert.Equals(t, az.Status, acme.StatusPending) + assert.Equals(t, az.Identifier, fr.Identifiers[0]) + assert.Equals(t, az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3}) + assert.Equals(t, az.Wildcard, false) + return nil + }, + MockCreateOrder: func(ctx context.Context, o *acme.Order) error { + assert.Equals(t, o.AccountID, "accID") + assert.Equals(t, o.ProvisionerID, prov.GetID()) + assert.Equals(t, o.Status, acme.StatusPending) + assert.Equals(t, o.Identifiers, fr.Identifiers) + assert.Equals(t, o.AuthorizationIDs, []string{*az1ID}) + return errors.New("force") + }, }, - ctx: ctx, - statusCode: 201, + err: acme.NewErrorISE("error creating order: force"), } }, - "ok/default-naf-nbf": func(t *testing.T) test { + "ok/no-naf-nbf": func(t *testing.T) test { acc := &acme.Account{ID: "accID"} - nor := &NewOrderRequest{ + fr := &NewOrderRequest{ Identifiers: []acme.Identifier{ - {Type: "dns", Value: "example.com"}, - {Type: "dns", Value: "bar.com"}, + {Type: "dns", Value: "zap.internal"}, }, } - b, err := json.Marshal(nor) + b, err := json.Marshal(fr) assert.FatalError(t, err) ctx := context.WithValue(context.Background(), provisionerContextKey, prov) ctx = context.WithValue(ctx, accContextKey, acc) ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b}) ctx = context.WithValue(ctx, baseURLContextKey, baseURL) + var ( + ch1, ch2, ch3 **acme.Challenge + az1ID *string + count = 0 + ) return test{ + ctx: ctx, + statusCode: 201, + nor: fr, db: &acme.MockDB{ + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + switch count { + case 0: + ch.ID = "dns" + assert.Equals(t, ch.Type, "dns-01") + ch1 = &ch + case 1: + ch.ID = "http" + assert.Equals(t, ch.Type, "http-01") + ch2 = &ch + case 2: + ch.ID = "tls" + assert.Equals(t, ch.Type, "tls-alpn-01") + ch3 = &ch + default: + assert.FatalError(t, errors.New("test logic error")) + return errors.New("force") + } + count++ + assert.Equals(t, ch.AccountID, "accID") + assert.NotEquals(t, ch.Token, "") + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, "zap.internal") + return nil + }, + MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error { + az.ID = "az1ID" + az1ID = &az.ID + assert.Equals(t, az.AccountID, "accID") + assert.NotEquals(t, az.Token, "") + assert.Equals(t, az.Status, acme.StatusPending) + assert.Equals(t, az.Identifier, fr.Identifiers[0]) + assert.Equals(t, az.Challenges, []*acme.Challenge{*ch1, *ch2, *ch3}) + assert.Equals(t, az.Wildcard, false) + return nil + }, MockCreateOrder: func(ctx context.Context, o *acme.Order) error { + o.ID = "ordID" + assert.Equals(t, o.AccountID, "accID") + assert.Equals(t, o.ProvisionerID, prov.GetID()) + assert.Equals(t, o.Status, acme.StatusPending) + assert.Equals(t, o.Identifiers, fr.Identifiers) + assert.Equals(t, o.AuthorizationIDs, []string{*az1ID}) return nil }, }, - ctx: ctx, - statusCode: 201, } }, } for name, run := range tests { tc := run(t) t.Run(name, func(t *testing.T) { - h := &Handler{linker: NewLinker("dns", "prefix"), db: tc.db} + h := &Handler{linker: NewLinker("dns", "acme"), db: tc.db} req := httptest.NewRequest("GET", url, nil) req = req.WithContext(tc.ctx) w := httptest.NewRecorder() @@ -578,18 +870,30 @@ func TestHandler_NewOrder(t *testing.T) { assert.Equals(t, ae.Subproblems, tc.err.Subproblems) assert.Equals(t, res.Header["Content-Type"], []string{"application/problem+json"}) } else { - expB, err := json.Marshal(o) - assert.FatalError(t, err) - assert.Equals(t, bytes.TrimSpace(body), expB) - assert.Equals(t, res.Header["Location"], - []string{fmt.Sprintf("%s/acme/%s/order/%s", baseURL.String(), - provName, o.ID)}) + ro := new(acme.Order) + err = json.Unmarshal(body, ro) + + now := clock.Now() + orderExpiry := now.Add(defaultOrderExpiry) + certExpiry := now.Add(prov.DefaultTLSCertDuration()) + + assert.Equals(t, ro.ID, "ordID") + assert.Equals(t, ro.Status, acme.StatusPending) + assert.Equals(t, ro.Identifiers, tc.nor.Identifiers) + assert.Equals(t, ro.AuthorizationURLs, []string{"https://test.ca.smallstep.com/acme/test@acme-provisioner.com/authz/az1ID"}) + assert.True(t, ro.NotBefore.Add(-time.Minute).Before(now)) + assert.True(t, ro.NotBefore.Add(time.Minute).After(now)) + assert.True(t, ro.NotAfter.Add(-time.Minute).Before(certExpiry)) + assert.True(t, ro.NotAfter.Add(time.Minute).After(certExpiry)) + assert.True(t, ro.ExpiresAt.Add(-time.Minute).Before(orderExpiry)) + assert.True(t, ro.ExpiresAt.Add(time.Minute).After(orderExpiry)) + + assert.Equals(t, res.Header["Location"], []string{url}) assert.Equals(t, res.Header["Content-Type"], []string{"application/json"}) } }) } } -*/ func TestHandler_FinalizeOrder(t *testing.T) { now := clock.Now() diff --git a/acme/challenge.go b/acme/challenge.go index a3514d15..b4f151cd 100644 --- a/acme/challenge.go +++ b/acme/challenge.go @@ -29,7 +29,6 @@ type Challenge struct { URL string `json:"url"` Error *Error `json:"error,omitempty"` ID string `json:"-"` - AuthzID string `json:"-"` AccountID string `json:"-"` Value string `json:"-"` } diff --git a/acme/challenge_test.go b/acme/challenge_test.go index d5b6cc58..caaca8f6 100644 --- a/acme/challenge_test.go +++ b/acme/challenge_test.go @@ -39,17 +39,15 @@ func Test_storeError(t *testing.T) { tests := map[string]func(t *testing.T) test{ "fail/db.UpdateChallenge-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ ch: ch, db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -66,17 +64,15 @@ func Test_storeError(t *testing.T) { }, "fail/db.UpdateChallenge-acme-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ ch: ch, db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -93,17 +89,15 @@ func Test_storeError(t *testing.T) { }, "ok": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ ch: ch, db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -236,12 +230,11 @@ func TestChallenge_Validate(t *testing.T) { }, "fail/http-01": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - Status: StatusPending, - AuthzID: "azID", - Type: "http-01", - Token: "token", - Value: "zap.internal", + ID: "chID", + Status: StatusPending, + Type: "http-01", + Token: "token", + Value: "zap.internal", } return test{ @@ -254,7 +247,6 @@ func TestChallenge_Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Type, ch.Type) assert.Equals(t, updch.Status, ch.Status) @@ -274,12 +266,11 @@ func TestChallenge_Validate(t *testing.T) { }, "ok/http-01": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - Status: StatusPending, - AuthzID: "azID", - Type: "http-01", - Token: "token", - Value: "zap.internal", + ID: "chID", + Status: StatusPending, + Type: "http-01", + Token: "token", + Value: "zap.internal", } return test{ @@ -292,7 +283,6 @@ func TestChallenge_Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Type, ch.Type) assert.Equals(t, updch.Status, ch.Status) @@ -311,12 +301,11 @@ func TestChallenge_Validate(t *testing.T) { }, "fail/dns-01": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - Type: "dns-01", - Status: StatusPending, - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Type: "dns-01", + Status: StatusPending, + Token: "token", + Value: "zap.internal", } return test{ @@ -329,7 +318,6 @@ func TestChallenge_Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Type, ch.Type) assert.Equals(t, updch.Status, ch.Status) @@ -350,12 +338,11 @@ func TestChallenge_Validate(t *testing.T) { }, "ok/dns-01": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - Type: "dns-01", - Status: StatusPending, - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Type: "dns-01", + Status: StatusPending, + Token: "token", + Value: "zap.internal", } return test{ @@ -368,7 +355,6 @@ func TestChallenge_Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Type, ch.Type) assert.Equals(t, updch.Status, ch.Status) @@ -388,12 +374,11 @@ func TestChallenge_Validate(t *testing.T) { }, "fail/tls-alpn-01": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Type: "tls-alpn-01", - Status: StatusPending, - Value: "zap.internal", + ID: "chID", + Token: "token", + Type: "tls-alpn-01", + Status: StatusPending, + Value: "zap.internal", } return test{ ch: ch, @@ -405,7 +390,6 @@ func TestChallenge_Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -426,12 +410,11 @@ func TestChallenge_Validate(t *testing.T) { }, "ok/tls-alpn-01": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Type: "tls-alpn-01", - Status: StatusPending, - Value: "zap.internal", + ID: "chID", + Token: "token", + Type: "tls-alpn-01", + Status: StatusPending, + Value: "zap.internal", } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -455,7 +438,6 @@ func TestChallenge_Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -517,10 +499,9 @@ func TestHTTP01Validate(t *testing.T) { tests := map[string]func(t *testing.T) test{ "fail/http-get-error-store-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ @@ -533,7 +514,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s: force", ch.Token) @@ -550,10 +530,9 @@ func TestHTTP01Validate(t *testing.T) { }, "ok/http-get-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ @@ -566,7 +545,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s: force", ch.Token) @@ -582,10 +560,9 @@ func TestHTTP01Validate(t *testing.T) { }, "fail/http-get->=400-store-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ @@ -600,7 +577,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s with status code 400", ch.Token) @@ -617,10 +593,9 @@ func TestHTTP01Validate(t *testing.T) { }, "ok/http-get->=400": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ @@ -635,7 +610,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorConnectionType, "error doing http GET for url http://zap.internal/.well-known/acme-challenge/%s with status code 400", ch.Token) @@ -651,10 +625,9 @@ func TestHTTP01Validate(t *testing.T) { }, "fail/read-body": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } return test{ @@ -671,10 +644,9 @@ func TestHTTP01Validate(t *testing.T) { }, "fail/key-auth-gen-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -695,10 +667,9 @@ func TestHTTP01Validate(t *testing.T) { }, "ok/key-auth-mismatch": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -719,7 +690,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -737,10 +707,9 @@ func TestHTTP01Validate(t *testing.T) { }, "fail/key-auth-mismatch-store-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -761,7 +730,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -780,10 +748,9 @@ func TestHTTP01Validate(t *testing.T) { }, "fail/update-challenge-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -804,7 +771,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) assert.Equals(t, updch.Status, StatusValid) @@ -823,10 +789,9 @@ func TestHTTP01Validate(t *testing.T) { }, "ok": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: "zap.internal", + ID: "chID", + Token: "token", + Value: "zap.internal", } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -847,7 +812,6 @@ func TestHTTP01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -900,10 +864,9 @@ func TestDNS01Validate(t *testing.T) { tests := map[string]func(t *testing.T) test{ "fail/lookupTXT-store-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: fulldomain, + ID: "chID", + Token: "token", + Value: fulldomain, } return test{ @@ -916,7 +879,6 @@ func TestDNS01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorDNSType, "error looking up TXT records for domain %s: force", domain) @@ -934,10 +896,9 @@ func TestDNS01Validate(t *testing.T) { }, "ok/lookupTXT-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: fulldomain, + ID: "chID", + Token: "token", + Value: fulldomain, } return test{ @@ -950,7 +911,6 @@ func TestDNS01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorDNSType, "error looking up TXT records for domain %s: force", domain) @@ -967,10 +927,9 @@ func TestDNS01Validate(t *testing.T) { }, "fail/key-auth-gen-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: fulldomain, + ID: "chID", + Token: "token", + Value: fulldomain, } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -990,10 +949,9 @@ func TestDNS01Validate(t *testing.T) { }, "fail/key-auth-mismatch-store-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: fulldomain, + ID: "chID", + Token: "token", + Value: fulldomain, } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -1012,7 +970,6 @@ func TestDNS01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorRejectedIdentifierType, "keyAuthorization does not match; expected %s, but got %s", expKeyAuth, []string{"foo", "bar"}) @@ -1031,10 +988,9 @@ func TestDNS01Validate(t *testing.T) { }, "ok/key-auth-mismatch-store-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: fulldomain, + ID: "chID", + Token: "token", + Value: fulldomain, } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -1053,7 +1009,6 @@ func TestDNS01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) err := NewError(ErrorRejectedIdentifierType, "keyAuthorization does not match; expected %s, but got %s", expKeyAuth, []string{"foo", "bar"}) @@ -1071,10 +1026,9 @@ func TestDNS01Validate(t *testing.T) { }, "fail/update-challenge-error": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: fulldomain, + ID: "chID", + Token: "token", + Value: fulldomain, } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -1095,7 +1049,6 @@ func TestDNS01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -1116,10 +1069,9 @@ func TestDNS01Validate(t *testing.T) { }, "ok": func(t *testing.T) test { ch := &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Value: fulldomain, + ID: "chID", + Token: "token", + Value: fulldomain, } jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) @@ -1140,7 +1092,6 @@ func TestDNS01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Value, ch.Value) @@ -1277,12 +1228,11 @@ func newTLSALPNValidationCert(keyAuthHash []byte, obsoleteOID, critical bool, na func TestTLSALPN01Validate(t *testing.T) { makeTLSCh := func() *Challenge { return &Challenge{ - ID: "chID", - AuthzID: "azID", - Token: "token", - Type: "tls-alpn-01", - Status: StatusPending, - Value: "zap.internal", + ID: "chID", + Token: "token", + Type: "tls-alpn-01", + Status: StatusPending, + Value: "zap.internal", } } type test struct { @@ -1306,7 +1256,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1337,7 +1286,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1369,7 +1317,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1401,7 +1348,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1432,7 +1378,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1469,7 +1414,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1507,7 +1451,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1552,7 +1495,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1596,7 +1538,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1641,7 +1582,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1685,7 +1625,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1752,7 +1691,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1792,7 +1730,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1837,7 +1774,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1881,7 +1817,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1922,7 +1857,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -1962,7 +1896,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -2008,7 +1941,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -2055,7 +1987,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -2102,7 +2033,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -2147,7 +2077,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) @@ -2193,7 +2122,6 @@ func TestTLSALPN01Validate(t *testing.T) { db: &MockDB{ MockUpdateChallenge: func(ctx context.Context, updch *Challenge) error { assert.Equals(t, updch.ID, ch.ID) - assert.Equals(t, updch.AuthzID, ch.AuthzID) assert.Equals(t, updch.Token, ch.Token) assert.Equals(t, updch.Status, ch.Status) assert.Equals(t, updch.Type, ch.Type) diff --git a/acme/db/nosql/challenge.go b/acme/db/nosql/challenge.go index afcb4600..f3a3cfca 100644 --- a/acme/db/nosql/challenge.go +++ b/acme/db/nosql/challenge.go @@ -13,7 +13,6 @@ import ( type dbChallenge struct { ID string `json:"id"` AccountID string `json:"accountID"` - AuthzID string `json:"authzID"` Type string `json:"type"` Status acme.Status `json:"status"` Token string `json:"token"` @@ -54,7 +53,6 @@ func (db *DB) CreateChallenge(ctx context.Context, ch *acme.Challenge) error { dbch := &dbChallenge{ ID: ch.ID, - AuthzID: ch.AuthzID, AccountID: ch.AccountID, Value: ch.Value, Status: acme.StatusPending, @@ -77,7 +75,6 @@ func (db *DB) GetChallenge(ctx context.Context, id, authzID string) (*acme.Chall ch := &acme.Challenge{ ID: dbch.ID, AccountID: dbch.AccountID, - AuthzID: dbch.AuthzID, Type: dbch.Type, Value: dbch.Value, Status: dbch.Status, diff --git a/acme/db/nosql/challenge_test.go b/acme/db/nosql/challenge_test.go index 314fc5f7..b39395e8 100644 --- a/acme/db/nosql/challenge_test.go +++ b/acme/db/nosql/challenge_test.go @@ -66,7 +66,6 @@ func TestDB_getDBChallenge(t *testing.T) { dbc := &dbChallenge{ ID: chID, AccountID: "accountID", - AuthzID: "authzID", Type: "dns-01", Status: acme.StatusPending, Token: "token", @@ -113,7 +112,6 @@ func TestDB_getDBChallenge(t *testing.T) { if assert.Nil(t, tc.err) { assert.Equals(t, ch.ID, tc.dbc.ID) assert.Equals(t, ch.AccountID, tc.dbc.AccountID) - assert.Equals(t, ch.AuthzID, tc.dbc.AuthzID) assert.Equals(t, ch.Type, tc.dbc.Type) assert.Equals(t, ch.Status, tc.dbc.Status) assert.Equals(t, ch.Token, tc.dbc.Token) @@ -137,7 +135,6 @@ func TestDB_CreateChallenge(t *testing.T) { "fail/cmpAndSwap-error": func(t *testing.T) test { ch := &acme.Challenge{ AccountID: "accountID", - AuthzID: "authzID", Type: "dns-01", Status: acme.StatusPending, Token: "token", @@ -154,7 +151,6 @@ func TestDB_CreateChallenge(t *testing.T) { assert.FatalError(t, json.Unmarshal(nu, dbc)) assert.Equals(t, dbc.ID, string(key)) assert.Equals(t, dbc.AccountID, ch.AccountID) - assert.Equals(t, dbc.AuthzID, ch.AuthzID) assert.Equals(t, dbc.Type, ch.Type) assert.Equals(t, dbc.Status, ch.Status) assert.Equals(t, dbc.Token, ch.Token) @@ -174,7 +170,6 @@ func TestDB_CreateChallenge(t *testing.T) { idPtr = &id ch = &acme.Challenge{ AccountID: "accountID", - AuthzID: "authzID", Type: "dns-01", Status: acme.StatusPending, Token: "token", @@ -195,7 +190,6 @@ func TestDB_CreateChallenge(t *testing.T) { assert.FatalError(t, json.Unmarshal(nu, dbc)) assert.Equals(t, dbc.ID, string(key)) assert.Equals(t, dbc.AccountID, ch.AccountID) - assert.Equals(t, dbc.AuthzID, ch.AuthzID) assert.Equals(t, dbc.Type, ch.Type) assert.Equals(t, dbc.Status, ch.Status) assert.Equals(t, dbc.Token, ch.Token) @@ -266,7 +260,6 @@ func TestDB_GetChallenge(t *testing.T) { dbc := &dbChallenge{ ID: chID, AccountID: "accountID", - AuthzID: azID, Type: "dns-01", Status: acme.StatusPending, Token: "token", @@ -313,7 +306,6 @@ func TestDB_GetChallenge(t *testing.T) { if assert.Nil(t, tc.err) { assert.Equals(t, ch.ID, tc.dbc.ID) assert.Equals(t, ch.AccountID, tc.dbc.AccountID) - assert.Equals(t, ch.AuthzID, tc.dbc.AuthzID) assert.Equals(t, ch.Type, tc.dbc.Type) assert.Equals(t, ch.Status, tc.dbc.Status) assert.Equals(t, ch.Token, tc.dbc.Token) @@ -331,7 +323,6 @@ func TestDB_UpdateChallenge(t *testing.T) { dbc := &dbChallenge{ ID: chID, AccountID: "accountID", - AuthzID: "azID", Type: "dns-01", Status: acme.StatusPending, Token: "token", @@ -390,7 +381,6 @@ func TestDB_UpdateChallenge(t *testing.T) { assert.FatalError(t, json.Unmarshal(nu, dbNew)) assert.Equals(t, dbNew.ID, dbc.ID) assert.Equals(t, dbNew.AccountID, dbc.AccountID) - assert.Equals(t, dbNew.AuthzID, dbc.AuthzID) assert.Equals(t, dbNew.Type, dbc.Type) assert.Equals(t, dbNew.Status, updCh.Status) assert.Equals(t, dbNew.Token, dbc.Token) @@ -408,7 +398,6 @@ func TestDB_UpdateChallenge(t *testing.T) { updCh := &acme.Challenge{ ID: dbc.ID, AccountID: dbc.AccountID, - AuthzID: dbc.AuthzID, Type: dbc.Type, Token: dbc.Token, Value: dbc.Value, @@ -437,7 +426,6 @@ func TestDB_UpdateChallenge(t *testing.T) { assert.FatalError(t, json.Unmarshal(nu, dbNew)) assert.Equals(t, dbNew.ID, dbc.ID) assert.Equals(t, dbNew.AccountID, dbc.AccountID) - assert.Equals(t, dbNew.AuthzID, dbc.AuthzID) assert.Equals(t, dbNew.Type, dbc.Type) assert.Equals(t, dbNew.Token, dbc.Token) assert.Equals(t, dbNew.Value, dbc.Value) @@ -463,7 +451,6 @@ func TestDB_UpdateChallenge(t *testing.T) { if assert.Nil(t, tc.err) { assert.Equals(t, tc.ch.ID, dbc.ID) assert.Equals(t, tc.ch.AccountID, dbc.AccountID) - assert.Equals(t, tc.ch.AuthzID, dbc.AuthzID) assert.Equals(t, tc.ch.Type, dbc.Type) assert.Equals(t, tc.ch.Token, dbc.Token) assert.Equals(t, tc.ch.Value, dbc.Value)