diff --git a/acme/api/order_test.go b/acme/api/order_test.go index 6ce330c0..0875b7ec 100644 --- a/acme/api/order_test.go +++ b/acme/api/order_test.go @@ -500,10 +500,12 @@ func TestHandler_GetOrder(t *testing.T) { } func TestHandler_newAuthorization(t *testing.T) { + defaultProvisioner := newProv() type test struct { - az *acme.Authorization - db acme.DB - err *acme.Error + az *acme.Authorization + prov acme.Provisioner + db acme.DB + err *acme.Error } var tests = map[string]func(t *testing.T) test{ "fail/error-db.CreateChallenge": func(t *testing.T) test { @@ -515,6 +517,7 @@ func TestHandler_newAuthorization(t *testing.T) { }, } return test{ + prov: defaultProvisioner, db: &acme.MockDB{ MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { assert.Equals(t, ch.AccountID, az.AccountID) @@ -542,6 +545,7 @@ func TestHandler_newAuthorization(t *testing.T) { count := 0 var ch1, ch2, ch3 **acme.Challenge return test{ + prov: defaultProvisioner, db: &acme.MockDB{ MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { switch count { @@ -596,6 +600,7 @@ func TestHandler_newAuthorization(t *testing.T) { count := 0 var ch1, ch2, ch3 **acme.Challenge return test{ + prov: defaultProvisioner, db: &acme.MockDB{ MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { switch count { @@ -648,6 +653,7 @@ func TestHandler_newAuthorization(t *testing.T) { } var ch1 **acme.Challenge return test{ + prov: defaultProvisioner, db: &acme.MockDB{ MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { ch.ID = "dns" @@ -676,12 +682,86 @@ func TestHandler_newAuthorization(t *testing.T) { az: az, } }, + "ok/permanent-identifier-disabled": func(t *testing.T) test { + az := &acme.Authorization{ + AccountID: "accID", + Identifier: acme.Identifier{ + Type: "permanent-identifier", + Value: "7b53aa19-26f7-4fac-824f-7a781de0dab0", + }, + Status: acme.StatusPending, + ExpiresAt: clock.Now(), + } + return test{ + prov: defaultProvisioner, + db: &acme.MockDB{ + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + t.Errorf("createChallenge should not be called") + return nil + }, + MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error { + assert.Equals(t, _az.AccountID, az.AccountID) + assert.Equals(t, _az.Token, az.Token) + assert.Equals(t, _az.Status, acme.StatusPending) + assert.Equals(t, _az.Identifier, az.Identifier) + assert.Equals(t, _az.ExpiresAt, az.ExpiresAt) + assert.Equals(t, _az.Challenges, []*acme.Challenge{}) + assert.Equals(t, _az.Wildcard, false) + return nil + }, + }, + az: az, + } + }, + "ok/permanent-identifier-enabled": func(t *testing.T) test { + var ch1 *acme.Challenge + az := &acme.Authorization{ + AccountID: "accID", + Identifier: acme.Identifier{ + Type: "permanent-identifier", + Value: "7b53aa19-26f7-4fac-824f-7a781de0dab0", + }, + Status: acme.StatusPending, + ExpiresAt: clock.Now(), + } + deviceAttestProv := newProv() + deviceAttestProv.(*provisioner.ACME).Challenges = []string{string(acme.DEVICEATTEST01)} + return test{ + prov: deviceAttestProv, + db: &acme.MockDB{ + MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { + ch.ID = "997bacc2-c175-4214-a3b4-a229ada5f671" + assert.Equals(t, ch.Type, acme.DEVICEATTEST01) + assert.Equals(t, ch.AccountID, az.AccountID) + assert.Equals(t, ch.Token, az.Token) + assert.Equals(t, ch.Status, acme.StatusPending) + assert.Equals(t, ch.Value, "7b53aa19-26f7-4fac-824f-7a781de0dab0") + ch1 = ch + return nil + }, + MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error { + assert.Equals(t, _az.AccountID, az.AccountID) + assert.Equals(t, _az.Token, az.Token) + assert.Equals(t, _az.Status, acme.StatusPending) + assert.Equals(t, _az.Identifier, az.Identifier) + assert.Equals(t, _az.ExpiresAt, az.ExpiresAt) + assert.Equals(t, _az.Challenges, []*acme.Challenge{ch1}) + assert.Equals(t, _az.Wildcard, false) + return nil + }, + }, + az: az, + } + }, } for name, run := range tests { t.Run(name, func(t *testing.T) { + if name == "ok/permanent-identifier-enabled" { + println(1) + } tc := run(t) ctx := newBaseContext(context.Background(), tc.db) - ctx = acme.NewProvisionerContext(ctx, newProv()) + ctx = acme.NewProvisionerContext(ctx, tc.prov) if err := newAuthorization(ctx, tc.az); err != nil { if assert.NotNil(t, tc.err) { switch k := err.(type) { diff --git a/authority/provisioner/acme_test.go b/authority/provisioner/acme_test.go index 33cbbc75..8f48e37e 100644 --- a/authority/provisioner/acme_test.go +++ b/authority/provisioner/acme_test.go @@ -204,3 +204,44 @@ func TestACME_AuthorizeSign(t *testing.T) { }) } } + +func TestACME_AuthorizeChallenge(t *testing.T) { + ctx := context.Background() + type fields struct { + Challenges []string + } + type args struct { + ctx context.Context + challenge string + } + tests := []struct { + name string + fields fields + args args + wantErr bool + }{ + {"ok http-01", fields{nil}, args{ctx, "http-01"}, false}, + {"ok dns-01", fields{nil}, args{ctx, "dns-01"}, false}, + {"ok tls-alpn-01", fields{[]string{}}, args{ctx, "tls-alpn-01"}, false}, + {"fail device-attest-01", fields{[]string{}}, args{ctx, "device-attest-01"}, true}, + {"ok http-01 enabled", fields{[]string{"http-01"}}, args{ctx, "http-01"}, false}, + {"ok dns-01 enabled", fields{[]string{"http-01", "dns-01"}}, args{ctx, "dns-01"}, false}, + {"ok tls-alpn-01 enabled", fields{[]string{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, "tls-alpn-01"}, false}, + {"ok device-attest-01 enabled", fields{[]string{"device-attest-01", "dns-01"}}, args{ctx, "device-attest-01"}, false}, + {"fail http-01", fields{[]string{"dns-01"}}, args{ctx, "http-01"}, true}, + {"fail dns-01", fields{[]string{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, true}, + {"fail tls-alpn-01", fields{[]string{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, true}, + {"fail device-attest-01", fields{[]string{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, true}, + {"fail unknown", fields{[]string{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + p := &ACME{ + Challenges: tt.fields.Challenges, + } + if err := p.AuthorizeChallenge(tt.args.ctx, tt.args.challenge); (err != nil) != tt.wantErr { + t.Errorf("ACME.AuthorizeChallenge() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +}