Fix tests for new ACME orders with Wire IDs

5 months ago · fdea5e7db3
parent c1a7acc306
commit fdea5e7db3
3 changed files with 36 additions and 13 deletions
--- a/acme/api/order.go
+++ b/acme/api/order.go
@ -5,12 +5,13 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
-	"go.step.sm/crypto/kms/uri"
 	"net"
 	"net/http"
 	"strings"
 	"time"

+	"go.step.sm/crypto/kms/uri"
+
 	"github.com/go-chi/chi/v5"

 	"go.step.sm/crypto/randutil"
@ -282,13 +283,11 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
 		case acme.WireID:
 			wireId, err := wire.ParseID([]byte(az.Identifier.Value))
 			if err != nil {
-				if err != nil {
-					return acme.NewError(acme.ErrorMalformedType, "WireID cannot be parsed")
-				}
+				return acme.WrapError(acme.ErrorMalformedType, err, "WireID cannot be parsed")
 			}
 			clientID, err := wire.ParseClientID(wireId.ClientID)
 			if err != nil {
-				return acme.NewError(acme.ErrorMalformedType, "DeviceID cannot be parsed")
+				return acme.WrapError(acme.ErrorMalformedType, err, "DeviceID cannot be parsed")
 			}

 			var targetProvider interface{ GetTarget(string) (string, error) }
@ -302,7 +301,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {

 			target, err = targetProvider.GetTarget(clientID.DeviceID)
 			if err != nil {
-				return acme.NewError(acme.ErrorMalformedType, "Invalid Go template registered for 'target'")
+				return acme.WrapError(acme.ErrorMalformedType, err, "Invalid Go template registered for 'target'")
 			}
 		default:
 		}
--- a/acme/api/order_test.go
+++ b/acme/api/order_test.go
@ -80,7 +80,7 @@ func TestNewOrderRequest_Validate(t *testing.T) {
 				err: acme.NewError(acme.ErrorMalformedType, "invalid DNS name: *.example.com:8080"),
 			}
 		},
-		"fail/bad-ip": func(t *testing.T) test {
+		"fail/bad-identifier/ip": func(t *testing.T) test {
 			nbf := time.Now().UTC().Add(time.Minute)
 			naf := time.Now().UTC().Add(5 * time.Minute)
 			return test{
@ -103,7 +103,7 @@ func TestNewOrderRequest_Validate(t *testing.T) {
 						{Type: "wireapp-id", Value: "{}"},
 					},
 				},
-				err: acme.NewError(acme.ErrorMalformedType, "missing client ID prefix"),
+				err: acme.NewError(acme.ErrorMalformedType, "invalid client ID, it's supposed to be a valid URI"),
 			}
 		},
 		"ok": func(t *testing.T) test {
@ -853,7 +853,6 @@ func TestHandler_newAuthorization(t *testing.T) {
 				assert.Nil(t, tc.err)
 			}
 		})
-
 	}
 }

@ -1696,15 +1695,39 @@ func TestHandler_NewOrder(t *testing.T) {
 			}
 		},
 		"ok/default-naf-nbf-wireapp": func(t *testing.T) test {
+			acmeWireProv := newACMEProvWithOptions(t, &provisioner.Options{
+				OIDC: &provisioner.OIDCOptions{
+					Provider: provisioner.ProviderJSON{
+						IssuerURL:   "",
+						AuthURL:     "",
+						TokenURL:    "",
+						JWKSURL:     "",
+						UserInfoURL: "",
+						Algorithms:  []string{},
+					},
+					Config: provisioner.ConfigJSON{
+						ClientID:                   "integration test",
+						SupportedSigningAlgs:       []string{},
+						SkipClientIDCheck:          true,
+						SkipExpiryCheck:            true,
+						SkipIssuerCheck:            true,
+						InsecureSkipSignatureCheck: true,
+						Now:                        time.Now,
+					},
+				},
+				DPOP: &provisioner.DPOPOptions{
+					ValidationExecPath: "true", // true will always exit with code 0
+				},
+			})
 			acc := &acme.Account{ID: "accID"}
 			nor := &NewOrderRequest{
 				Identifiers: []acme.Identifier{
-					{Type: "wireapp-id", Value: `{"client-id": "wireapp://user:client@domain"}`},
+					{Type: "wireapp-id", Value: `{"client-id": "wireapp://user!client@domain"}`},
 				},
 			}
 			b, err := json.Marshal(nor)
 			assert.FatalError(t, err)
-			ctx := acme.NewProvisionerContext(context.Background(), prov)
+			ctx := acme.NewProvisionerContext(context.Background(), acmeWireProv)
 			ctx = context.WithValue(ctx, accContextKey, acc)
 			ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
 			var (
@ -1736,7 +1759,7 @@ func TestHandler_NewOrder(t *testing.T) {
 						assert.Equals(t, ch.AccountID, "accID")
 						assert.NotEquals(t, ch.Token, "")
 						assert.Equals(t, ch.Status, acme.StatusPending)
-						assert.Equals(t, ch.Value, `{"client-id": "wireapp://user:client@domain"}`)
+						assert.Equals(t, ch.Value, `{"client-id": "wireapp://user!client@domain"}`)
 						return nil
 					},
 					MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error {
--- a/wire/id.go
+++ b/wire/id.go
@ -3,8 +3,9 @@ package wire
 import (
 	"encoding/json"
 	"fmt"
-	"go.step.sm/crypto/kms/uri"
 	"strings"
+
+	"go.step.sm/crypto/kms/uri"
 )

 type WireIDJSON struct {