mirror of
https://github.com/smallstep/certificates.git
synced 2024-11-15 18:12:59 +00:00
1026 lines
31 KiB
Go
1026 lines
31 KiB
Go
package nosql
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"reflect"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/smallstep/assert"
|
|
"github.com/smallstep/certificates/acme"
|
|
"github.com/smallstep/certificates/db"
|
|
"github.com/smallstep/nosql"
|
|
"github.com/smallstep/nosql/database"
|
|
)
|
|
|
|
func TestDB_getDBOrder(t *testing.T) {
|
|
orderID := "orderID"
|
|
type test struct {
|
|
db nosql.DB
|
|
err error
|
|
acmeErr *acme.Error
|
|
dbo *dbOrder
|
|
}
|
|
var tests = map[string]func(t *testing.T) test{
|
|
"fail/not-found": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return nil, database.ErrNotFound
|
|
},
|
|
},
|
|
acmeErr: acme.NewError(acme.ErrorMalformedType, "order orderID not found"),
|
|
}
|
|
},
|
|
"fail/db.Get-error": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return nil, errors.New("force")
|
|
},
|
|
},
|
|
err: errors.New("error loading order orderID: force"),
|
|
}
|
|
},
|
|
"fail/unmarshal-error": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return []byte("foo"), nil
|
|
},
|
|
},
|
|
err: errors.New("error unmarshaling order orderID into dbOrder"),
|
|
}
|
|
},
|
|
"ok": func(t *testing.T) test {
|
|
now := clock.Now()
|
|
dbo := &dbOrder{
|
|
ID: orderID,
|
|
AccountID: "accID",
|
|
ProvisionerID: "provID",
|
|
CertificateID: "certID",
|
|
Status: acme.StatusValid,
|
|
ExpiresAt: now,
|
|
CreatedAt: now,
|
|
NotBefore: now,
|
|
NotAfter: now,
|
|
Identifiers: []acme.Identifier{
|
|
{Type: "dns", Value: "test.ca.smallstep.com"},
|
|
{Type: "dns", Value: "example.foo.com"},
|
|
},
|
|
AuthorizationIDs: []string{"foo", "bar"},
|
|
Error: acme.NewError(acme.ErrorMalformedType, "The request message was malformed"),
|
|
}
|
|
b, err := json.Marshal(dbo)
|
|
assert.FatalError(t, err)
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return b, nil
|
|
},
|
|
},
|
|
dbo: dbo,
|
|
}
|
|
},
|
|
}
|
|
for name, run := range tests {
|
|
tc := run(t)
|
|
t.Run(name, func(t *testing.T) {
|
|
d := DB{db: tc.db}
|
|
if dbo, err := d.getDBOrder(context.Background(), orderID); err != nil {
|
|
var ae *acme.Error
|
|
if errors.As(err, &ae) {
|
|
if assert.NotNil(t, tc.acmeErr) {
|
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
|
}
|
|
} else {
|
|
if assert.NotNil(t, tc.err) {
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
|
}
|
|
}
|
|
} else if assert.Nil(t, tc.err) {
|
|
assert.Equals(t, dbo.ID, tc.dbo.ID)
|
|
assert.Equals(t, dbo.ProvisionerID, tc.dbo.ProvisionerID)
|
|
assert.Equals(t, dbo.CertificateID, tc.dbo.CertificateID)
|
|
assert.Equals(t, dbo.Status, tc.dbo.Status)
|
|
assert.Equals(t, dbo.CreatedAt, tc.dbo.CreatedAt)
|
|
assert.Equals(t, dbo.ExpiresAt, tc.dbo.ExpiresAt)
|
|
assert.Equals(t, dbo.NotBefore, tc.dbo.NotBefore)
|
|
assert.Equals(t, dbo.NotAfter, tc.dbo.NotAfter)
|
|
assert.Equals(t, dbo.Identifiers, tc.dbo.Identifiers)
|
|
assert.Equals(t, dbo.AuthorizationIDs, tc.dbo.AuthorizationIDs)
|
|
assert.Equals(t, dbo.Error.Error(), tc.dbo.Error.Error())
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestDB_GetOrder(t *testing.T) {
|
|
orderID := "orderID"
|
|
type test struct {
|
|
db nosql.DB
|
|
err error
|
|
acmeErr *acme.Error
|
|
dbo *dbOrder
|
|
}
|
|
var tests = map[string]func(t *testing.T) test{
|
|
"fail/db.Get-error": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return nil, errors.New("force")
|
|
},
|
|
},
|
|
err: errors.New("error loading order orderID: force"),
|
|
}
|
|
},
|
|
"fail/forward-acme-error": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return nil, database.ErrNotFound
|
|
},
|
|
},
|
|
acmeErr: acme.NewError(acme.ErrorMalformedType, "order orderID not found"),
|
|
}
|
|
},
|
|
"ok": func(t *testing.T) test {
|
|
now := clock.Now()
|
|
dbo := &dbOrder{
|
|
ID: orderID,
|
|
AccountID: "accID",
|
|
ProvisionerID: "provID",
|
|
CertificateID: "certID",
|
|
Status: acme.StatusValid,
|
|
ExpiresAt: now,
|
|
CreatedAt: now,
|
|
NotBefore: now,
|
|
NotAfter: now,
|
|
Identifiers: []acme.Identifier{
|
|
{Type: "dns", Value: "test.ca.smallstep.com"},
|
|
{Type: "dns", Value: "example.foo.com"},
|
|
},
|
|
AuthorizationIDs: []string{"foo", "bar"},
|
|
Error: acme.NewError(acme.ErrorMalformedType, "The request message was malformed"),
|
|
}
|
|
b, err := json.Marshal(dbo)
|
|
assert.FatalError(t, err)
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
return b, nil
|
|
},
|
|
},
|
|
dbo: dbo,
|
|
}
|
|
},
|
|
}
|
|
for name, run := range tests {
|
|
tc := run(t)
|
|
t.Run(name, func(t *testing.T) {
|
|
d := DB{db: tc.db}
|
|
if o, err := d.GetOrder(context.Background(), orderID); err != nil {
|
|
var ae *acme.Error
|
|
if errors.As(err, &ae) {
|
|
if assert.NotNil(t, tc.acmeErr) {
|
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
|
}
|
|
} else {
|
|
if assert.NotNil(t, tc.err) {
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
|
}
|
|
}
|
|
} else if assert.Nil(t, tc.err) {
|
|
assert.Equals(t, o.ID, tc.dbo.ID)
|
|
assert.Equals(t, o.AccountID, tc.dbo.AccountID)
|
|
assert.Equals(t, o.ProvisionerID, tc.dbo.ProvisionerID)
|
|
assert.Equals(t, o.CertificateID, tc.dbo.CertificateID)
|
|
assert.Equals(t, o.Status, tc.dbo.Status)
|
|
assert.Equals(t, o.ExpiresAt, tc.dbo.ExpiresAt)
|
|
assert.Equals(t, o.NotBefore, tc.dbo.NotBefore)
|
|
assert.Equals(t, o.NotAfter, tc.dbo.NotAfter)
|
|
assert.Equals(t, o.Identifiers, tc.dbo.Identifiers)
|
|
assert.Equals(t, o.AuthorizationIDs, tc.dbo.AuthorizationIDs)
|
|
assert.Equals(t, o.Error.Error(), tc.dbo.Error.Error())
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestDB_UpdateOrder(t *testing.T) {
|
|
orderID := "orderID"
|
|
now := clock.Now()
|
|
dbo := &dbOrder{
|
|
ID: orderID,
|
|
AccountID: "accID",
|
|
ProvisionerID: "provID",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: now,
|
|
CreatedAt: now,
|
|
NotBefore: now,
|
|
NotAfter: now,
|
|
Identifiers: []acme.Identifier{
|
|
{Type: "dns", Value: "test.ca.smallstep.com"},
|
|
{Type: "dns", Value: "example.foo.com"},
|
|
},
|
|
AuthorizationIDs: []string{"foo", "bar"},
|
|
}
|
|
b, err := json.Marshal(dbo)
|
|
assert.FatalError(t, err)
|
|
type test struct {
|
|
db nosql.DB
|
|
o *acme.Order
|
|
err error
|
|
}
|
|
var tests = map[string]func(t *testing.T) test{
|
|
"fail/db.Get-error": func(t *testing.T) test {
|
|
return test{
|
|
o: &acme.Order{
|
|
ID: orderID,
|
|
},
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return nil, errors.New("force")
|
|
},
|
|
},
|
|
err: errors.New("error loading order orderID: force"),
|
|
}
|
|
},
|
|
"fail/save-error": func(t *testing.T) test {
|
|
o := &acme.Order{
|
|
ID: orderID,
|
|
Status: acme.StatusValid,
|
|
CertificateID: "certID",
|
|
Error: acme.NewError(acme.ErrorMalformedType, "The request message was malformed"),
|
|
}
|
|
return test{
|
|
o: o,
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return b, nil
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, old, b)
|
|
|
|
dbNew := new(dbOrder)
|
|
assert.FatalError(t, json.Unmarshal(nu, dbNew))
|
|
assert.Equals(t, dbNew.ID, dbo.ID)
|
|
assert.Equals(t, dbNew.AccountID, dbo.AccountID)
|
|
assert.Equals(t, dbNew.ProvisionerID, dbo.ProvisionerID)
|
|
assert.Equals(t, dbNew.CertificateID, o.CertificateID)
|
|
assert.Equals(t, dbNew.Status, o.Status)
|
|
assert.Equals(t, dbNew.CreatedAt, dbo.CreatedAt)
|
|
assert.Equals(t, dbNew.ExpiresAt, dbo.ExpiresAt)
|
|
assert.Equals(t, dbNew.NotBefore, dbo.NotBefore)
|
|
assert.Equals(t, dbNew.NotAfter, dbo.NotAfter)
|
|
assert.Equals(t, dbNew.AuthorizationIDs, dbo.AuthorizationIDs)
|
|
assert.Equals(t, dbNew.Identifiers, dbo.Identifiers)
|
|
assert.Equals(t, dbNew.Error.Error(), o.Error.Error())
|
|
return nil, false, errors.New("force")
|
|
},
|
|
},
|
|
err: errors.New("error saving acme order: force"),
|
|
}
|
|
},
|
|
"ok": func(t *testing.T) test {
|
|
o := &acme.Order{
|
|
ID: orderID,
|
|
Status: acme.StatusValid,
|
|
CertificateID: "certID",
|
|
Error: acme.NewError(acme.ErrorMalformedType, "The request message was malformed"),
|
|
}
|
|
return test{
|
|
o: o,
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, string(key), orderID)
|
|
|
|
return b, nil
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, old, b)
|
|
|
|
dbNew := new(dbOrder)
|
|
assert.FatalError(t, json.Unmarshal(nu, dbNew))
|
|
assert.Equals(t, dbNew.ID, dbo.ID)
|
|
assert.Equals(t, dbNew.AccountID, dbo.AccountID)
|
|
assert.Equals(t, dbNew.ProvisionerID, dbo.ProvisionerID)
|
|
assert.Equals(t, dbNew.CertificateID, o.CertificateID)
|
|
assert.Equals(t, dbNew.Status, o.Status)
|
|
assert.Equals(t, dbNew.CreatedAt, dbo.CreatedAt)
|
|
assert.Equals(t, dbNew.ExpiresAt, dbo.ExpiresAt)
|
|
assert.Equals(t, dbNew.NotBefore, dbo.NotBefore)
|
|
assert.Equals(t, dbNew.NotAfter, dbo.NotAfter)
|
|
assert.Equals(t, dbNew.AuthorizationIDs, dbo.AuthorizationIDs)
|
|
assert.Equals(t, dbNew.Identifiers, dbo.Identifiers)
|
|
assert.Equals(t, dbNew.Error.Error(), o.Error.Error())
|
|
return nu, true, nil
|
|
},
|
|
},
|
|
}
|
|
},
|
|
}
|
|
for name, run := range tests {
|
|
tc := run(t)
|
|
t.Run(name, func(t *testing.T) {
|
|
d := DB{db: tc.db}
|
|
if err := d.UpdateOrder(context.Background(), tc.o); err != nil {
|
|
if assert.NotNil(t, tc.err) {
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
|
}
|
|
} else {
|
|
if assert.Nil(t, tc.err) {
|
|
assert.Equals(t, tc.o.ID, dbo.ID)
|
|
assert.Equals(t, tc.o.CertificateID, "certID")
|
|
assert.Equals(t, tc.o.Status, acme.StatusValid)
|
|
assert.Equals(t, tc.o.Error.Error(), acme.NewError(acme.ErrorMalformedType, "The request message was malformed").Error())
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestDB_CreateOrder(t *testing.T) {
|
|
now := clock.Now()
|
|
nbf := now.Add(5 * time.Minute)
|
|
naf := now.Add(15 * time.Minute)
|
|
type test struct {
|
|
db nosql.DB
|
|
o *acme.Order
|
|
err error
|
|
_id *string
|
|
}
|
|
var tests = map[string]func(t *testing.T) test{
|
|
"fail/order-save-error": func(t *testing.T) test {
|
|
o := &acme.Order{
|
|
AccountID: "accID",
|
|
ProvisionerID: "provID",
|
|
CertificateID: "certID",
|
|
Status: acme.StatusValid,
|
|
ExpiresAt: now,
|
|
NotBefore: nbf,
|
|
NotAfter: naf,
|
|
Identifiers: []acme.Identifier{
|
|
{Type: "dns", Value: "test.ca.smallstep.com"},
|
|
{Type: "dns", Value: "example.foo.com"},
|
|
},
|
|
AuthorizationIDs: []string{"foo", "bar"},
|
|
}
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
assert.Equals(t, string(bucket), string(orderTable))
|
|
assert.Equals(t, string(key), o.ID)
|
|
assert.Equals(t, old, nil)
|
|
|
|
dbo := new(dbOrder)
|
|
assert.FatalError(t, json.Unmarshal(nu, dbo))
|
|
assert.Equals(t, dbo.ID, o.ID)
|
|
assert.Equals(t, dbo.AccountID, o.AccountID)
|
|
assert.Equals(t, dbo.ProvisionerID, o.ProvisionerID)
|
|
assert.Equals(t, dbo.CertificateID, "")
|
|
assert.Equals(t, dbo.Status, o.Status)
|
|
assert.True(t, dbo.CreatedAt.Add(-time.Minute).Before(now))
|
|
assert.True(t, dbo.CreatedAt.Add(time.Minute).After(now))
|
|
assert.Equals(t, dbo.ExpiresAt, o.ExpiresAt)
|
|
assert.Equals(t, dbo.NotBefore, o.NotBefore)
|
|
assert.Equals(t, dbo.NotAfter, o.NotAfter)
|
|
assert.Equals(t, dbo.AuthorizationIDs, o.AuthorizationIDs)
|
|
assert.Equals(t, dbo.Identifiers, o.Identifiers)
|
|
assert.Equals(t, dbo.Error, nil)
|
|
return nil, false, errors.New("force")
|
|
},
|
|
},
|
|
o: o,
|
|
err: errors.New("error saving acme order: force"),
|
|
}
|
|
},
|
|
"fail/orderIDsByOrderUpdate-error": func(t *testing.T) test {
|
|
o := &acme.Order{
|
|
AccountID: "accID",
|
|
ProvisionerID: "provID",
|
|
CertificateID: "certID",
|
|
Status: acme.StatusValid,
|
|
ExpiresAt: now,
|
|
NotBefore: nbf,
|
|
NotAfter: naf,
|
|
Identifiers: []acme.Identifier{
|
|
{Type: "dns", Value: "test.ca.smallstep.com"},
|
|
{Type: "dns", Value: "example.foo.com"},
|
|
},
|
|
AuthorizationIDs: []string{"foo", "bar"},
|
|
}
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, string(bucket), string(ordersByAccountIDTable))
|
|
assert.Equals(t, string(key), o.AccountID)
|
|
return nil, errors.New("force")
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
assert.Equals(t, string(bucket), string(orderTable))
|
|
assert.Equals(t, string(key), o.ID)
|
|
assert.Equals(t, old, nil)
|
|
|
|
dbo := new(dbOrder)
|
|
assert.FatalError(t, json.Unmarshal(nu, dbo))
|
|
assert.Equals(t, dbo.ID, o.ID)
|
|
assert.Equals(t, dbo.AccountID, o.AccountID)
|
|
assert.Equals(t, dbo.ProvisionerID, o.ProvisionerID)
|
|
assert.Equals(t, dbo.CertificateID, "")
|
|
assert.Equals(t, dbo.Status, o.Status)
|
|
assert.True(t, dbo.CreatedAt.Add(-time.Minute).Before(now))
|
|
assert.True(t, dbo.CreatedAt.Add(time.Minute).After(now))
|
|
assert.Equals(t, dbo.ExpiresAt, o.ExpiresAt)
|
|
assert.Equals(t, dbo.NotBefore, o.NotBefore)
|
|
assert.Equals(t, dbo.NotAfter, o.NotAfter)
|
|
assert.Equals(t, dbo.AuthorizationIDs, o.AuthorizationIDs)
|
|
assert.Equals(t, dbo.Identifiers, o.Identifiers)
|
|
assert.Equals(t, dbo.Error, nil)
|
|
return nu, true, nil
|
|
},
|
|
},
|
|
o: o,
|
|
err: errors.New("error loading orderIDs for account accID: force"),
|
|
}
|
|
},
|
|
"ok": func(t *testing.T) test {
|
|
var (
|
|
id string
|
|
idptr = &id
|
|
)
|
|
|
|
o := &acme.Order{
|
|
AccountID: "accID",
|
|
ProvisionerID: "provID",
|
|
Status: acme.StatusValid,
|
|
ExpiresAt: now,
|
|
NotBefore: nbf,
|
|
NotAfter: naf,
|
|
Identifiers: []acme.Identifier{
|
|
{Type: "dns", Value: "test.ca.smallstep.com"},
|
|
{Type: "dns", Value: "example.foo.com"},
|
|
},
|
|
AuthorizationIDs: []string{"foo", "bar"},
|
|
}
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, string(bucket), string(ordersByAccountIDTable))
|
|
assert.Equals(t, string(key), o.AccountID)
|
|
return nil, database.ErrNotFound
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
switch string(bucket) {
|
|
case string(ordersByAccountIDTable):
|
|
b, err := json.Marshal([]string{o.ID})
|
|
assert.FatalError(t, err)
|
|
assert.Equals(t, string(key), "accID")
|
|
assert.Equals(t, old, nil)
|
|
assert.Equals(t, nu, b)
|
|
return nu, true, nil
|
|
case string(orderTable):
|
|
*idptr = string(key)
|
|
assert.Equals(t, string(key), o.ID)
|
|
assert.Equals(t, old, nil)
|
|
|
|
dbo := new(dbOrder)
|
|
assert.FatalError(t, json.Unmarshal(nu, dbo))
|
|
assert.Equals(t, dbo.ID, o.ID)
|
|
assert.Equals(t, dbo.AccountID, o.AccountID)
|
|
assert.Equals(t, dbo.ProvisionerID, o.ProvisionerID)
|
|
assert.Equals(t, dbo.CertificateID, "")
|
|
assert.Equals(t, dbo.Status, o.Status)
|
|
assert.True(t, dbo.CreatedAt.Add(-time.Minute).Before(now))
|
|
assert.True(t, dbo.CreatedAt.Add(time.Minute).After(now))
|
|
assert.Equals(t, dbo.ExpiresAt, o.ExpiresAt)
|
|
assert.Equals(t, dbo.NotBefore, o.NotBefore)
|
|
assert.Equals(t, dbo.NotAfter, o.NotAfter)
|
|
assert.Equals(t, dbo.AuthorizationIDs, o.AuthorizationIDs)
|
|
assert.Equals(t, dbo.Identifiers, o.Identifiers)
|
|
assert.Equals(t, dbo.Error, nil)
|
|
return nu, true, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, false, errors.New("force")
|
|
}
|
|
},
|
|
},
|
|
o: o,
|
|
_id: idptr,
|
|
}
|
|
},
|
|
}
|
|
for name, run := range tests {
|
|
tc := run(t)
|
|
t.Run(name, func(t *testing.T) {
|
|
d := DB{db: tc.db}
|
|
if err := d.CreateOrder(context.Background(), tc.o); err != nil {
|
|
if assert.NotNil(t, tc.err) {
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
|
}
|
|
} else {
|
|
if assert.Nil(t, tc.err) {
|
|
assert.Equals(t, tc.o.ID, *tc._id)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestDB_updateAddOrderIDs(t *testing.T) {
|
|
accID := "accID"
|
|
type test struct {
|
|
db nosql.DB
|
|
err error
|
|
acmeErr *acme.Error
|
|
addOids []string
|
|
res []string
|
|
}
|
|
var tests = map[string]func(t *testing.T) test{
|
|
"fail/db.Get-error": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, ordersByAccountIDTable)
|
|
assert.Equals(t, key, []byte(accID))
|
|
return nil, errors.New("force")
|
|
},
|
|
},
|
|
err: errors.Errorf("error loading orderIDs for account %s", accID),
|
|
}
|
|
},
|
|
"fail/unmarshal-error": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, ordersByAccountIDTable)
|
|
assert.Equals(t, key, []byte(accID))
|
|
return []byte("foo"), nil
|
|
},
|
|
},
|
|
err: errors.Errorf("error unmarshaling orderIDs for account %s", accID),
|
|
}
|
|
},
|
|
"fail/db.Get-order-error": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
switch string(bucket) {
|
|
case string(ordersByAccountIDTable):
|
|
assert.Equals(t, key, []byte(accID))
|
|
b, err := json.Marshal([]string{"foo", "bar"})
|
|
assert.FatalError(t, err)
|
|
return b, nil
|
|
case string(orderTable):
|
|
assert.Equals(t, key, []byte("foo"))
|
|
return nil, errors.New("force")
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, errors.New("force")
|
|
}
|
|
},
|
|
},
|
|
acmeErr: acme.NewErrorISE("error loading order foo for account accID: error loading order foo: force"),
|
|
}
|
|
},
|
|
"fail/update-order-status-error": func(t *testing.T) test {
|
|
expiry := clock.Now().Add(-5 * time.Minute)
|
|
ofoo := &dbOrder{
|
|
ID: "foo",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: expiry,
|
|
}
|
|
bfoo, err := json.Marshal(ofoo)
|
|
assert.FatalError(t, err)
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
switch string(bucket) {
|
|
case string(ordersByAccountIDTable):
|
|
assert.Equals(t, key, []byte(accID))
|
|
b, err := json.Marshal([]string{"foo", "bar"})
|
|
assert.FatalError(t, err)
|
|
return b, nil
|
|
case string(orderTable):
|
|
assert.Equals(t, key, []byte("foo"))
|
|
return bfoo, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, errors.New("force")
|
|
}
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, key, []byte("foo"))
|
|
assert.Equals(t, old, bfoo)
|
|
|
|
newdbo := new(dbOrder)
|
|
assert.FatalError(t, json.Unmarshal(nu, newdbo))
|
|
assert.Equals(t, newdbo.ID, "foo")
|
|
assert.Equals(t, newdbo.Status, acme.StatusInvalid)
|
|
assert.Equals(t, newdbo.ExpiresAt, expiry)
|
|
assert.Equals(t, newdbo.Error.Error(), acme.NewError(acme.ErrorMalformedType, "The request message was malformed").Error())
|
|
return nil, false, errors.New("force")
|
|
},
|
|
},
|
|
acmeErr: acme.NewErrorISE("error updating order foo for account accID: error updating order: error saving acme order: force"),
|
|
}
|
|
},
|
|
"fail/db.save-order-error": func(t *testing.T) test {
|
|
addOids := []string{"foo", "bar"}
|
|
b, err := json.Marshal(addOids)
|
|
assert.FatalError(t, err)
|
|
delCount := 0
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
assert.Equals(t, bucket, ordersByAccountIDTable)
|
|
assert.Equals(t, key, []byte(accID))
|
|
return nil, database.ErrNotFound
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
assert.Equals(t, bucket, ordersByAccountIDTable)
|
|
assert.Equals(t, key, []byte(accID))
|
|
assert.Equals(t, old, nil)
|
|
assert.Equals(t, nu, b)
|
|
return nil, false, errors.New("force")
|
|
},
|
|
MDel: func(bucket, key []byte) error {
|
|
delCount++
|
|
switch delCount {
|
|
case 1:
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, key, []byte("foo"))
|
|
return nil
|
|
case 2:
|
|
assert.Equals(t, bucket, orderTable)
|
|
assert.Equals(t, key, []byte("bar"))
|
|
return nil
|
|
default:
|
|
assert.FatalError(t, errors.New("delete should only be called twice"))
|
|
return errors.New("force")
|
|
}
|
|
},
|
|
},
|
|
addOids: addOids,
|
|
err: errors.Errorf("error saving orderIDs index for account %s", accID),
|
|
}
|
|
},
|
|
"ok/no-old": func(t *testing.T) test {
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
switch string(bucket) {
|
|
case string(ordersByAccountIDTable):
|
|
return nil, database.ErrNotFound
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, errors.New("force")
|
|
}
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
switch string(bucket) {
|
|
case string(ordersByAccountIDTable):
|
|
assert.Equals(t, key, []byte(accID))
|
|
assert.Equals(t, old, nil)
|
|
assert.Equals(t, nu, nil)
|
|
return nil, true, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, false, errors.New("force")
|
|
}
|
|
},
|
|
},
|
|
res: []string{},
|
|
}
|
|
},
|
|
"ok/all-old-not-pending": func(t *testing.T) test {
|
|
oldOids := []string{"foo", "bar"}
|
|
bOldOids, err := json.Marshal(oldOids)
|
|
assert.FatalError(t, err)
|
|
expiry := clock.Now().Add(-5 * time.Minute)
|
|
ofoo := &dbOrder{
|
|
ID: "foo",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: expiry,
|
|
}
|
|
bfoo, err := json.Marshal(ofoo)
|
|
assert.FatalError(t, err)
|
|
obar := &dbOrder{
|
|
ID: "bar",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: expiry,
|
|
}
|
|
bbar, err := json.Marshal(obar)
|
|
assert.FatalError(t, err)
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
switch string(bucket) {
|
|
case string(ordersByAccountIDTable):
|
|
return bOldOids, nil
|
|
case string(orderTable):
|
|
switch string(key) {
|
|
case "foo":
|
|
assert.Equals(t, key, []byte("foo"))
|
|
return bfoo, nil
|
|
case "bar":
|
|
assert.Equals(t, key, []byte("bar"))
|
|
return bbar, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected key %s", string(key)))
|
|
return nil, errors.New("force")
|
|
}
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, errors.New("force")
|
|
}
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
switch string(bucket) {
|
|
case string(orderTable):
|
|
return nil, true, nil
|
|
case string(ordersByAccountIDTable):
|
|
assert.Equals(t, key, []byte(accID))
|
|
assert.Equals(t, old, bOldOids)
|
|
assert.Equals(t, nu, nil)
|
|
return nil, true, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, false, errors.New("force")
|
|
}
|
|
},
|
|
},
|
|
res: []string{},
|
|
}
|
|
},
|
|
"ok/old-and-new": func(t *testing.T) test {
|
|
oldOids := []string{"foo", "bar"}
|
|
bOldOids, err := json.Marshal(oldOids)
|
|
assert.FatalError(t, err)
|
|
addOids := []string{"zap", "zar"}
|
|
bAddOids, err := json.Marshal(addOids)
|
|
assert.FatalError(t, err)
|
|
expiry := clock.Now().Add(-5 * time.Minute)
|
|
ofoo := &dbOrder{
|
|
ID: "foo",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: expiry,
|
|
}
|
|
bfoo, err := json.Marshal(ofoo)
|
|
assert.FatalError(t, err)
|
|
obar := &dbOrder{
|
|
ID: "bar",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: expiry,
|
|
}
|
|
bbar, err := json.Marshal(obar)
|
|
assert.FatalError(t, err)
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
switch string(bucket) {
|
|
case string(ordersByAccountIDTable):
|
|
return bOldOids, nil
|
|
case string(orderTable):
|
|
switch string(key) {
|
|
case "foo":
|
|
assert.Equals(t, key, []byte("foo"))
|
|
return bfoo, nil
|
|
case "bar":
|
|
assert.Equals(t, key, []byte("bar"))
|
|
return bbar, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected key %s", string(key)))
|
|
return nil, errors.New("force")
|
|
}
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, errors.New("force")
|
|
}
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
switch string(bucket) {
|
|
case string(orderTable):
|
|
return nil, true, nil
|
|
case string(ordersByAccountIDTable):
|
|
assert.Equals(t, key, []byte(accID))
|
|
assert.Equals(t, old, bOldOids)
|
|
assert.Equals(t, nu, bAddOids)
|
|
return nil, true, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, false, errors.New("force")
|
|
}
|
|
},
|
|
},
|
|
addOids: addOids,
|
|
res: addOids,
|
|
}
|
|
},
|
|
"ok/old-and-new-2": func(t *testing.T) test {
|
|
oldOids := []string{"foo", "bar", "baz"}
|
|
bOldOids, err := json.Marshal(oldOids)
|
|
assert.FatalError(t, err)
|
|
addOids := []string{"zap", "zar"}
|
|
now := clock.Now()
|
|
min5 := now.Add(5 * time.Minute)
|
|
expiry := now.Add(-5 * time.Minute)
|
|
|
|
o1 := &dbOrder{
|
|
ID: "foo",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: min5,
|
|
AuthorizationIDs: []string{"a"},
|
|
}
|
|
bo1, err := json.Marshal(o1)
|
|
assert.FatalError(t, err)
|
|
o2 := &dbOrder{
|
|
ID: "bar",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: expiry,
|
|
}
|
|
bo2, err := json.Marshal(o2)
|
|
assert.FatalError(t, err)
|
|
o3 := &dbOrder{
|
|
ID: "baz",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: min5,
|
|
AuthorizationIDs: []string{"b"},
|
|
}
|
|
bo3, err := json.Marshal(o3)
|
|
assert.FatalError(t, err)
|
|
|
|
az1 := &dbAuthz{
|
|
ID: "a",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: min5,
|
|
ChallengeIDs: []string{"aa"},
|
|
}
|
|
baz1, err := json.Marshal(az1)
|
|
assert.FatalError(t, err)
|
|
az2 := &dbAuthz{
|
|
ID: "b",
|
|
Status: acme.StatusPending,
|
|
ExpiresAt: min5,
|
|
ChallengeIDs: []string{"bb"},
|
|
}
|
|
baz2, err := json.Marshal(az2)
|
|
assert.FatalError(t, err)
|
|
|
|
ch1 := &dbChallenge{
|
|
ID: "aa",
|
|
Status: acme.StatusPending,
|
|
}
|
|
bch1, err := json.Marshal(ch1)
|
|
assert.FatalError(t, err)
|
|
ch2 := &dbChallenge{
|
|
ID: "bb",
|
|
Status: acme.StatusPending,
|
|
}
|
|
bch2, err := json.Marshal(ch2)
|
|
assert.FatalError(t, err)
|
|
|
|
newOids := append([]string{"foo", "baz"}, addOids...)
|
|
bNewOids, err := json.Marshal(newOids)
|
|
assert.FatalError(t, err)
|
|
|
|
return test{
|
|
db: &db.MockNoSQLDB{
|
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
|
switch string(bucket) {
|
|
case string(authzTable):
|
|
switch string(key) {
|
|
case "a":
|
|
return baz1, nil
|
|
case "b":
|
|
return baz2, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected authz key %s", string(key)))
|
|
return nil, errors.New("force")
|
|
}
|
|
case string(challengeTable):
|
|
switch string(key) {
|
|
case "aa":
|
|
return bch1, nil
|
|
case "bb":
|
|
return bch2, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected challenge key %s", string(key)))
|
|
return nil, errors.New("force")
|
|
}
|
|
case string(ordersByAccountIDTable):
|
|
return bOldOids, nil
|
|
case string(orderTable):
|
|
switch string(key) {
|
|
case "foo":
|
|
return bo1, nil
|
|
case "bar":
|
|
return bo2, nil
|
|
case "baz":
|
|
return bo3, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected key %s", string(key)))
|
|
return nil, errors.New("force")
|
|
}
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, errors.New("force")
|
|
}
|
|
},
|
|
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
|
switch string(bucket) {
|
|
case string(orderTable):
|
|
return nil, true, nil
|
|
case string(ordersByAccountIDTable):
|
|
assert.Equals(t, key, []byte(accID))
|
|
assert.Equals(t, old, bOldOids)
|
|
assert.Equals(t, nu, bNewOids)
|
|
return nil, true, nil
|
|
default:
|
|
assert.FatalError(t, errors.Errorf("unexpected bucket %s", string(bucket)))
|
|
return nil, false, errors.New("force")
|
|
}
|
|
},
|
|
},
|
|
addOids: addOids,
|
|
res: newOids,
|
|
}
|
|
},
|
|
}
|
|
for name, run := range tests {
|
|
tc := run(t)
|
|
t.Run(name, func(t *testing.T) {
|
|
d := DB{db: tc.db}
|
|
var (
|
|
res []string
|
|
err error
|
|
)
|
|
if tc.addOids == nil {
|
|
res, err = d.updateAddOrderIDs(context.Background(), accID)
|
|
} else {
|
|
res, err = d.updateAddOrderIDs(context.Background(), accID, tc.addOids...)
|
|
}
|
|
|
|
if err != nil {
|
|
var ae *acme.Error
|
|
if errors.As(err, &ae) {
|
|
if assert.NotNil(t, tc.acmeErr) {
|
|
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
|
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
|
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
|
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
|
}
|
|
} else {
|
|
if assert.NotNil(t, tc.err) {
|
|
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
|
}
|
|
}
|
|
} else if assert.Nil(t, tc.err) {
|
|
assert.True(t, reflect.DeepEqual(res, tc.res))
|
|
}
|
|
})
|
|
}
|
|
}
|