Rename method to IsChallengeEnabled

2 years ago · fd4e96d1f4
parent c77b4ff9c5
commit fd4e96d1f4
5 changed files with 33 additions and 34 deletions
--- a/acme/api/account_test.go
+++ b/acme/api/account_test.go
@ -41,8 +41,8 @@ func (*fakeProvisioner) AuthorizeSign(ctx context.Context, token string) ([]prov
 	return nil, nil
 }
-func (*fakeProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error {
+func (*fakeProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
-	return nil
+	return true
 }
 func (*fakeProvisioner) AuthorizeRevoke(ctx context.Context, token string) error { return nil }
--- a/acme/api/order.go
+++ b/acme/api/order.go
@ -258,8 +258,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
 	prov := acme.MustProvisionerFromContext(ctx)
 	az.Challenges = make([]*acme.Challenge, 0, len(chTypes))
 	for _, typ := range chTypes {
-		// Make sure the challenge is enabled
+		if !prov.IsChallengeEnabled(ctx, provisioner.ACMEChallenge(typ)) {
 		if err := prov.AuthorizeChallenge(ctx, provisioner.ACMEChallenge(typ)); err != nil {
 			continue
 		}
--- a/acme/common.go
+++ b/acme/common.go
@ -71,7 +71,7 @@ type Provisioner interface {
 	AuthorizeOrderIdentifier(ctx context.Context, identifier provisioner.ACMEIdentifier) error
 	AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error)
 	AuthorizeRevoke(ctx context.Context, token string) error
-	AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error
+	IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool
 	GetID() string
 	GetName() string
 	DefaultTLSCertDuration() time.Duration
@ -110,7 +110,7 @@ type MockProvisioner struct {
 	MauthorizeOrderIdentifier func(ctx context.Context, identifier provisioner.ACMEIdentifier) error
 	MauthorizeSign            func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
 	MauthorizeRevoke          func(ctx context.Context, token string) error
-	MauthorizeChallenge       func(Ctx context.Context, challenge provisioner.ACMEChallenge) error
+	MisChallengeEnabled       func(Ctx context.Context, challenge provisioner.ACMEChallenge) bool
 	MdefaultTLSCertDuration   func() time.Duration
 	MgetOptions               func() *provisioner.Options
 }
@ -148,11 +148,11 @@ func (m *MockProvisioner) AuthorizeRevoke(ctx context.Context, token string) err
 }
 // AuthorizeChallenge mock
-func (m *MockProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error {
+func (m *MockProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
-	if m.MauthorizeChallenge != nil {
+	if m.MisChallengeEnabled != nil {
-		return m.MauthorizeChallenge(ctx, challenge)
+		return m.MisChallengeEnabled(ctx, challenge)
 	}
-	return m.Merr
+	return m.Merr == nil
 }
 // DefaultTLSCertDuration mock
--- a/authority/provisioner/acme.go
+++ b/authority/provisioner/acme.go
@ -205,10 +205,10 @@ func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error
 	return p.ctl.AuthorizeRenew(ctx, cert)
 }
-// AuthorizeChallenge checks if the given challenge is enabled. By default
+// IsChallengeEnabled checks if the given challenge is enabled. By default
 // http-01, dns-01 and tls-alpn-01 are enabled, to disable any of them the
 // Challenge provisioner property should have at least one element.
-func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge) error {
+func (p *ACME) IsChallengeEnabled(ctx context.Context, challenge ACMEChallenge) bool {
 	enabledChallenges := []ACMEChallenge{
 		HTTP_01, DNS_01, TLS_ALPN_01,
 	}
@ -217,8 +217,8 @@ func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge)
 	}
 	for _, ch := range enabledChallenges {
 		if strings.EqualFold(string(ch), string(challenge)) {
-			return nil
+			return true
 		}
 	}
-	return fmt.Errorf("acme challenge %q is disabled", challenge)
+	return false
 }
--- a/authority/provisioner/acme_test.go
+++ b/authority/provisioner/acme_test.go
@ -242,7 +242,7 @@ func TestACME_AuthorizeSign(t *testing.T) {
 	}
 }
-func TestACME_AuthorizeChallenge(t *testing.T) {
+func TestACME_IsChallengeEnabled(t *testing.T) {
 	ctx := context.Background()
 	type fields struct {
 		Challenges []ACMEChallenge
@ -252,32 +252,32 @@ func TestACME_AuthorizeChallenge(t *testing.T) {
 		challenge ACMEChallenge
 	}
 	tests := []struct {
-		name    string
+		name   string
-		fields  fields
+		fields fields
-		args    args
+		args   args
-		wantErr bool
+		want   bool
 	}{
-		{"ok http-01", fields{nil}, args{ctx, HTTP_01}, false},
+		{"ok http-01", fields{nil}, args{ctx, HTTP_01}, true},
-		{"ok dns-01", fields{nil}, args{ctx, DNS_01}, false},
+		{"ok dns-01", fields{nil}, args{ctx, DNS_01}, true},
-		{"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, false},
+		{"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, true},
-		{"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, true},
+		{"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, false},
-		{"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, false},
+		{"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, true},
-		{"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, false},
+		{"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, true},
-		{"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, false},
+		{"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, true},
-		{"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, false},
+		{"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, true},
-		{"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, true},
+		{"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, false},
-		{"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, true},
+		{"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, false},
-		{"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, true},
+		{"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, false},
-		{"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, true},
+		{"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, false},
-		{"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, true},
+		{"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			p := &ACME{
 				Challenges: tt.fields.Challenges,
 			}
-			if err := p.AuthorizeChallenge(tt.args.ctx, tt.args.challenge); (err != nil) != tt.wantErr {
+			if got := p.IsChallengeEnabled(tt.args.ctx, tt.args.challenge); got != tt.want {
-				t.Errorf("ACME.AuthorizeChallenge() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("ACME.AuthorizeChallenge() = %v, want %v", got, tt.want)
 			}
 		})
 	}