Rename method to IsChallengeEnabled
This commit is contained in:
Mariano Cano
parent
c77b4ff9c5
commit
fd4e96d1f4
5 changed files with 33 additions and 34 deletions
|
|
@ -41,8 +41,8 @@ func (*fakeProvisioner) AuthorizeSign(ctx context.Context, token string) ([]prov
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
func (*fakeProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error {
|
||||
return nil
|
||||
func (*fakeProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func (*fakeProvisioner) AuthorizeRevoke(ctx context.Context, token string) error { return nil }
|
||||
|
|
|
|||
|
|
@ -258,8 +258,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
|
|||
prov := acme.MustProvisionerFromContext(ctx)
|
||||
az.Challenges = make([]*acme.Challenge, 0, len(chTypes))
|
||||
for _, typ := range chTypes {
|
||||
// Make sure the challenge is enabled
|
||||
if err := prov.AuthorizeChallenge(ctx, provisioner.ACMEChallenge(typ)); err != nil {
|
||||
if !prov.IsChallengeEnabled(ctx, provisioner.ACMEChallenge(typ)) {
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ type Provisioner interface {
|
|||
AuthorizeOrderIdentifier(ctx context.Context, identifier provisioner.ACMEIdentifier) error
|
||||
AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error)
|
||||
AuthorizeRevoke(ctx context.Context, token string) error
|
||||
AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error
|
||||
IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool
|
||||
GetID() string
|
||||
GetName() string
|
||||
DefaultTLSCertDuration() time.Duration
|
||||
|
|
@ -110,7 +110,7 @@ type MockProvisioner struct {
|
|||
MauthorizeOrderIdentifier func(ctx context.Context, identifier provisioner.ACMEIdentifier) error
|
||||
MauthorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
|
||||
MauthorizeRevoke func(ctx context.Context, token string) error
|
||||
MauthorizeChallenge func(Ctx context.Context, challenge provisioner.ACMEChallenge) error
|
||||
MisChallengeEnabled func(Ctx context.Context, challenge provisioner.ACMEChallenge) bool
|
||||
MdefaultTLSCertDuration func() time.Duration
|
||||
MgetOptions func() *provisioner.Options
|
||||
}
|
||||
|
|
@ -148,11 +148,11 @@ func (m *MockProvisioner) AuthorizeRevoke(ctx context.Context, token string) err
|
|||
}
|
||||
|
||||
// AuthorizeChallenge mock
|
||||
func (m *MockProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error {
|
||||
if m.MauthorizeChallenge != nil {
|
||||
return m.MauthorizeChallenge(ctx, challenge)
|
||||
func (m *MockProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
|
||||
if m.MisChallengeEnabled != nil {
|
||||
return m.MisChallengeEnabled(ctx, challenge)
|
||||
}
|
||||
return m.Merr
|
||||
return m.Merr == nil
|
||||
}
|
||||
|
||||
// DefaultTLSCertDuration mock
|
||||
|
|
|
|||
|
|
@ -205,10 +205,10 @@ func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error
|
|||
return p.ctl.AuthorizeRenew(ctx, cert)
|
||||
}
|
||||
|
||||
// AuthorizeChallenge checks if the given challenge is enabled. By default
|
||||
// IsChallengeEnabled checks if the given challenge is enabled. By default
|
||||
// http-01, dns-01 and tls-alpn-01 are enabled, to disable any of them the
|
||||
// Challenge provisioner property should have at least one element.
|
||||
func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge) error {
|
||||
func (p *ACME) IsChallengeEnabled(ctx context.Context, challenge ACMEChallenge) bool {
|
||||
enabledChallenges := []ACMEChallenge{
|
||||
HTTP_01, DNS_01, TLS_ALPN_01,
|
||||
}
|
||||
|
|
@ -217,8 +217,8 @@ func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge)
|
|||
}
|
||||
for _, ch := range enabledChallenges {
|
||||
if strings.EqualFold(string(ch), string(challenge)) {
|
||||
return nil
|
||||
return true
|
||||
}
|
||||
}
|
||||
return fmt.Errorf("acme challenge %q is disabled", challenge)
|
||||
return false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -242,7 +242,7 @@ func TestACME_AuthorizeSign(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestACME_AuthorizeChallenge(t *testing.T) {
|
||||
func TestACME_IsChallengeEnabled(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
type fields struct {
|
||||
Challenges []ACMEChallenge
|
||||
|
|
@ -252,32 +252,32 @@ func TestACME_AuthorizeChallenge(t *testing.T) {
|
|||
challenge ACMEChallenge
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
fields fields
|
||||
args args
|
||||
wantErr bool
|
||||
name string
|
||||
fields fields
|
||||
args args
|
||||
want bool
|
||||
}{
|
||||
{"ok http-01", fields{nil}, args{ctx, HTTP_01}, false},
|
||||
{"ok dns-01", fields{nil}, args{ctx, DNS_01}, false},
|
||||
{"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, false},
|
||||
{"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, true},
|
||||
{"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, false},
|
||||
{"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, false},
|
||||
{"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, false},
|
||||
{"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, false},
|
||||
{"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, true},
|
||||
{"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, true},
|
||||
{"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, true},
|
||||
{"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, true},
|
||||
{"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, true},
|
||||
{"ok http-01", fields{nil}, args{ctx, HTTP_01}, true},
|
||||
{"ok dns-01", fields{nil}, args{ctx, DNS_01}, true},
|
||||
{"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, true},
|
||||
{"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, false},
|
||||
{"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, true},
|
||||
{"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, true},
|
||||
{"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, true},
|
||||
{"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, true},
|
||||
{"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, false},
|
||||
{"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, false},
|
||||
{"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, false},
|
||||
{"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, false},
|
||||
{"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
p := &ACME{
|
||||
Challenges: tt.fields.Challenges,
|
||||
}
|
||||
if err := p.AuthorizeChallenge(tt.args.ctx, tt.args.challenge); (err != nil) != tt.wantErr {
|
||||
t.Errorf("ACME.AuthorizeChallenge() error = %v, wantErr %v", err, tt.wantErr)
|
||||
if got := p.IsChallengeEnabled(tt.args.ctx, tt.args.challenge); got != tt.want {
|
||||
t.Errorf("ACME.AuthorizeChallenge() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue