Create ACME database tables when initializing ACME autority.

This commit is contained in:
max furman 2019-10-07 18:17:20 -07:00
parent f53f4720ad
commit 7aec7c2612
5 changed files with 120 additions and 58 deletions

View file

@ -17,6 +17,7 @@ import (
"github.com/smallstep/assert" "github.com/smallstep/assert"
"github.com/smallstep/certificates/acme" "github.com/smallstep/certificates/acme"
"github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/jose" "github.com/smallstep/cli/jose"
) )
@ -230,7 +231,8 @@ func TestHandlerGetNonce(t *testing.T) {
} }
func TestHandlerGetDirectory(t *testing.T) { func TestHandlerGetDirectory(t *testing.T) {
auth := acme.NewAuthority(nil, "ca.smallstep.com", "acme", nil) auth, err := acme.NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
prov := newProv() prov := newProv()
url := fmt.Sprintf("http://ca.smallstep.com/acme/%s/directory", acme.URLSafeProvisionerName(prov)) url := fmt.Sprintf("http://ca.smallstep.com/acme/%s/directory", acme.URLSafeProvisionerName(prov))

View file

@ -11,6 +11,7 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/authority/provisioner"
database "github.com/smallstep/certificates/db"
"github.com/smallstep/cli/jose" "github.com/smallstep/cli/jose"
"github.com/smallstep/nosql" "github.com/smallstep/nosql"
) )
@ -43,11 +44,35 @@ type Authority struct {
signAuth SignAuthority signAuth SignAuthority
} }
var (
accountTable = []byte("acme_accounts")
accountByKeyIDTable = []byte("acme_keyID_accountID_index")
authzTable = []byte("acme_authzs")
challengeTable = []byte("acme_challenges")
nonceTable = []byte("nonces")
orderTable = []byte("acme_orders")
ordersByAccountIDTable = []byte("acme_account-orders-index")
certTable = []byte("acme_certs")
)
// NewAuthority returns a new Authority that implements the ACME interface. // NewAuthority returns a new Authority that implements the ACME interface.
func NewAuthority(db nosql.DB, dns, prefix string, signAuth SignAuthority) *Authority { func NewAuthority(db nosql.DB, dns, prefix string, signAuth SignAuthority) (*Authority, error) {
if _, ok := db.(*database.SimpleDB); !ok {
// If it's not a SimpleDB then go ahead and bootstrap the DB with the
// necessary ACME tables. SimpleDB should ONLY be used for testing.
tables := [][]byte{accountTable, accountByKeyIDTable, authzTable,
challengeTable, nonceTable, orderTable, ordersByAccountIDTable,
certTable}
for _, b := range tables {
if err := db.CreateTable(b); err != nil {
return nil, errors.Wrapf(err, "error creating table %s",
string(b))
}
}
}
return &Authority{ return &Authority{
db: db, dir: newDirectory(dns, prefix), signAuth: signAuth, db: db, dir: newDirectory(dns, prefix), signAuth: signAuth,
} }, nil
} }
// GetLink returns the requested link from the directory. // GetLink returns the requested link from the directory.

View file

@ -14,7 +14,8 @@ import (
) )
func TestAuthorityGetLink(t *testing.T) { func TestAuthorityGetLink(t *testing.T) {
auth := NewAuthority(nil, "ca.smallstep.com", "acme", nil) auth, err := NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
provID := "acme-test-provisioner" provID := "acme-test-provisioner"
type test struct { type test struct {
auth *Authority auth *Authority
@ -69,7 +70,8 @@ func TestAuthorityGetLink(t *testing.T) {
} }
func TestAuthorityGetDirectory(t *testing.T) { func TestAuthorityGetDirectory(t *testing.T) {
auth := NewAuthority(nil, "ca.smallstep.com", "acme", nil) auth, err := NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
prov := newProv() prov := newProv()
acmeDir := auth.GetDirectory(prov) acmeDir := auth.GetDirectory(prov)
assert.Equals(t, acmeDir.NewNonce, fmt.Sprintf("https://ca.smallstep.com/acme/%s/new-nonce", URLSafeProvisionerName(prov))) assert.Equals(t, acmeDir.NewNonce, fmt.Sprintf("https://ca.smallstep.com/acme/%s/new-nonce", URLSafeProvisionerName(prov)))
@ -88,11 +90,12 @@ func TestAuthorityNewNonce(t *testing.T) {
} }
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/newNonce-error": func(t *testing.T) test { "fail/newNonce-error": func(t *testing.T) test {
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) { MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return nil, false, errors.New("force") return nil, false, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
res: nil, res: nil,
@ -102,12 +105,13 @@ func TestAuthorityNewNonce(t *testing.T) {
"ok": func(t *testing.T) test { "ok": func(t *testing.T) test {
var _res string var _res string
res := &_res res := &_res
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) { MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
*res = string(key) *res = string(key)
return nil, true, nil return nil, true, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
res: res, res: res,
@ -141,22 +145,24 @@ func TestAuthorityUseNonce(t *testing.T) {
} }
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/newNonce-error": func(t *testing.T) test { "fail/newNonce-error": func(t *testing.T) test {
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MUpdate: func(tx *database.Tx) error { MUpdate: func(tx *database.Tx) error {
return errors.New("force") return errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
err: ServerInternalErr(errors.New("error deleting nonce foo: force")), err: ServerInternalErr(errors.New("error deleting nonce foo: force")),
} }
}, },
"ok": func(t *testing.T) test { "ok": func(t *testing.T) test {
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MUpdate: func(tx *database.Tx) error { MUpdate: func(tx *database.Tx) error {
return nil return nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
} }
@ -195,11 +201,12 @@ func TestAuthorityNewAccount(t *testing.T) {
} }
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/newAccount-error": func(t *testing.T) test { "fail/newAccount-error": func(t *testing.T) test {
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) { MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return nil, false, errors.New("force") return nil, false, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
ops: ops, ops: ops,
@ -213,7 +220,7 @@ func TestAuthorityNewAccount(t *testing.T) {
count = 0 count = 0
dir = newDirectory("ca.smallstep.com", "acme") dir = newDirectory("ca.smallstep.com", "acme")
) )
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) { MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
if count == 1 { if count == 1 {
var acc *account var acc *account
@ -225,6 +232,7 @@ func TestAuthorityNewAccount(t *testing.T) {
return nil, true, nil return nil, true, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
ops: ops, ops: ops,
@ -267,13 +275,14 @@ func TestAuthorityGetAccount(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getAccount-error": func(t *testing.T) test { "fail/getAccount-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, accountTable) assert.Equals(t, bucket, accountTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -285,11 +294,12 @@ func TestAuthorityGetAccount(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(acc) b, err := json.Marshal(acc)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: acc.ID, id: acc.ID,
@ -338,7 +348,8 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0) jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
assert.FatalError(t, err) assert.FatalError(t, err)
jwk.Key = "foo" jwk.Key = "foo"
auth := NewAuthority(nil, "ca.smallstep.com", "acme", nil) auth, err := NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
jwk: jwk, jwk: jwk,
@ -350,13 +361,14 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
kid, err := keyToID(jwk) kid, err := keyToID(jwk)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, accountByKeyIDTable) assert.Equals(t, bucket, accountByKeyIDTable)
assert.Equals(t, key, []byte(kid)) assert.Equals(t, key, []byte(kid))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
jwk: jwk, jwk: jwk,
@ -371,7 +383,7 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
count := 0 count := 0
kid, err := keyToID(acc.Key) kid, err := keyToID(acc.Key)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
var ret []byte var ret []byte
switch { switch {
@ -388,6 +400,7 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
return ret, nil return ret, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
jwk: acc.Key, jwk: acc.Key,
@ -434,13 +447,14 @@ func TestAuthorityGetOrder(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getOrder-error": func(t *testing.T) test { "fail/getOrder-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, orderTable) assert.Equals(t, bucket, orderTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -452,13 +466,14 @@ func TestAuthorityGetOrder(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(o) b, err := json.Marshal(o)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, orderTable) assert.Equals(t, bucket, orderTable)
assert.Equals(t, key, []byte(o.ID)) assert.Equals(t, key, []byte(o.ID))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: o.ID, id: o.ID,
@ -472,7 +487,7 @@ func TestAuthorityGetOrder(t *testing.T) {
b, err := json.Marshal(o) b, err := json.Marshal(o)
assert.FatalError(t, err) assert.FatalError(t, err)
i := 0 i := 0
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
switch { switch {
case i == 0: case i == 0:
@ -487,6 +502,7 @@ func TestAuthorityGetOrder(t *testing.T) {
} }
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: o.ID, id: o.ID,
@ -500,13 +516,14 @@ func TestAuthorityGetOrder(t *testing.T) {
o.Status = "valid" o.Status = "valid"
b, err := json.Marshal(o) b, err := json.Marshal(o)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, orderTable) assert.Equals(t, bucket, orderTable)
assert.Equals(t, key, []byte(o.ID)) assert.Equals(t, key, []byte(o.ID))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: o.ID, id: o.ID,
@ -553,13 +570,14 @@ func TestAuthorityGetCertificate(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getCertificate-error": func(t *testing.T) test { "fail/getCertificate-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, certTable) assert.Equals(t, bucket, certTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -571,13 +589,14 @@ func TestAuthorityGetCertificate(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(cert) b, err := json.Marshal(cert)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, certTable) assert.Equals(t, bucket, certTable)
assert.Equals(t, key, []byte(cert.ID)) assert.Equals(t, key, []byte(cert.ID))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: cert.ID, id: cert.ID,
@ -590,13 +609,14 @@ func TestAuthorityGetCertificate(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(cert) b, err := json.Marshal(cert)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, certTable) assert.Equals(t, bucket, certTable)
assert.Equals(t, key, []byte(cert.ID)) assert.Equals(t, key, []byte(cert.ID))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: cert.ID, id: cert.ID,
@ -644,13 +664,14 @@ func TestAuthorityGetAuthz(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getAuthz-error": func(t *testing.T) test { "fail/getAuthz-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, authzTable) assert.Equals(t, bucket, authzTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -662,13 +683,14 @@ func TestAuthorityGetAuthz(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(az) b, err := json.Marshal(az)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, authzTable) assert.Equals(t, bucket, authzTable)
assert.Equals(t, key, []byte(az.getID())) assert.Equals(t, key, []byte(az.getID()))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: az.getID(), id: az.getID(),
@ -682,7 +704,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
b, err := json.Marshal(az) b, err := json.Marshal(az)
assert.FatalError(t, err) assert.FatalError(t, err)
count := 0 count := 0
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
var ret []byte var ret []byte
switch count { switch count {
@ -699,6 +721,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
return ret, nil return ret, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: az.getID(), id: az.getID(),
@ -757,7 +780,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
count = 0 count = 0
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
var ret []byte var ret []byte
switch count { switch count {
@ -778,6 +801,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
return ret, nil return ret, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: az.getID(), id: az.getID(),
@ -822,11 +846,12 @@ func TestAuthorityNewOrder(t *testing.T) {
} }
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/newOrder-error": func(t *testing.T) test { "fail/newOrder-error": func(t *testing.T) test {
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) { MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return nil, false, errors.New("force") return nil, false, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
ops: defaultOrderOps(), ops: defaultOrderOps(),
@ -843,7 +868,7 @@ func TestAuthorityNewOrder(t *testing.T) {
_accID string _accID string
accID = &_accID accID = &_accID
) )
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) { MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
switch count { switch count {
case 0: case 0:
@ -876,6 +901,7 @@ func TestAuthorityNewOrder(t *testing.T) {
return nil, database.ErrNotFound return nil, database.ErrNotFound
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
ops: defaultOrderOps(), ops: defaultOrderOps(),
@ -918,13 +944,14 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getOrderIDsByAccount-error": func(t *testing.T) test { "fail/getOrderIDsByAccount-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, ordersByAccountIDTable) assert.Equals(t, bucket, ordersByAccountIDTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -938,7 +965,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
count = 0 count = 0
err error err error
) )
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
var ret []byte var ret []byte
switch count { switch count {
@ -956,6 +983,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
return ret, nil return ret, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -973,7 +1001,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
baz, err := newO() baz, err := newO()
bar.Status = StatusInvalid bar.Status = StatusInvalid
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
var ret []byte var ret []byte
switch count { switch count {
@ -1002,6 +1030,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
return ret, nil return ret, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -1043,13 +1072,14 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getOrder-error": func(t *testing.T) test { "fail/getOrder-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, orderTable) assert.Equals(t, bucket, orderTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -1061,13 +1091,14 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(o) b, err := json.Marshal(o)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, orderTable) assert.Equals(t, bucket, orderTable)
assert.Equals(t, key, []byte(o.ID)) assert.Equals(t, key, []byte(o.ID))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: o.ID, id: o.ID,
@ -1081,7 +1112,7 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
o.Expires = time.Now().Add(-time.Minute) o.Expires = time.Now().Add(-time.Minute)
b, err := json.Marshal(o) b, err := json.Marshal(o)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, orderTable) assert.Equals(t, bucket, orderTable)
assert.Equals(t, key, []byte(o.ID)) assert.Equals(t, key, []byte(o.ID))
@ -1093,6 +1124,7 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
return nil, false, errors.New("force") return nil, false, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: o.ID, id: o.ID,
@ -1107,13 +1139,14 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
o.Certificate = "certID" o.Certificate = "certID"
b, err := json.Marshal(o) b, err := json.Marshal(o)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, orderTable) assert.Equals(t, bucket, orderTable)
assert.Equals(t, key, []byte(o.ID)) assert.Equals(t, key, []byte(o.ID))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: o.ID, id: o.ID,
@ -1161,13 +1194,14 @@ func TestAuthorityValidateChallenge(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getChallenge-error": func(t *testing.T) test { "fail/getChallenge-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, challengeTable) assert.Equals(t, bucket, challengeTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -1179,13 +1213,14 @@ func TestAuthorityValidateChallenge(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(ch) b, err := json.Marshal(ch)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, challengeTable) assert.Equals(t, bucket, challengeTable)
assert.Equals(t, key, []byte(ch.getID())) assert.Equals(t, key, []byte(ch.getID()))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: ch.getID(), id: ch.getID(),
@ -1198,7 +1233,7 @@ func TestAuthorityValidateChallenge(t *testing.T) {
assert.FatalError(t, err) assert.FatalError(t, err)
b, err := json.Marshal(ch) b, err := json.Marshal(ch)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, challengeTable) assert.Equals(t, bucket, challengeTable)
assert.Equals(t, key, []byte(ch.getID())) assert.Equals(t, key, []byte(ch.getID()))
@ -1210,6 +1245,7 @@ func TestAuthorityValidateChallenge(t *testing.T) {
return nil, false, errors.New("force") return nil, false, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: ch.getID(), id: ch.getID(),
@ -1226,13 +1262,14 @@ func TestAuthorityValidateChallenge(t *testing.T) {
_ch.baseChallenge.Validated = clock.Now() _ch.baseChallenge.Validated = clock.Now()
b, err := json.Marshal(ch) b, err := json.Marshal(ch)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, challengeTable) assert.Equals(t, bucket, challengeTable)
assert.Equals(t, key, []byte(ch.getID())) assert.Equals(t, key, []byte(ch.getID()))
return b, nil return b, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: ch.getID(), id: ch.getID(),
@ -1282,13 +1319,14 @@ func TestAuthorityUpdateAccount(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getAccount-error": func(t *testing.T) test { "fail/getAccount-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, accountTable) assert.Equals(t, bucket, accountTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -1302,7 +1340,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
b, err := json.Marshal(acc) b, err := json.Marshal(acc)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
return b, nil return b, nil
}, },
@ -1310,6 +1348,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
return nil, false, errors.New("force") return nil, false, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: acc.ID, id: acc.ID,
@ -1327,7 +1366,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
_acc := *acc _acc := *acc
clone := &_acc clone := &_acc
clone.Contact = contact clone.Contact = contact
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
return b, nil return b, nil
}, },
@ -1337,6 +1376,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
return nil, true, nil return nil, true, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: acc.ID, id: acc.ID,
@ -1384,13 +1424,14 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
tests := map[string]func(t *testing.T) test{ tests := map[string]func(t *testing.T) test{
"fail/getAccount-error": func(t *testing.T) test { "fail/getAccount-error": func(t *testing.T) test {
id := "foo" id := "foo"
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
assert.Equals(t, bucket, accountTable) assert.Equals(t, bucket, accountTable)
assert.Equals(t, key, []byte(id)) assert.Equals(t, key, []byte(id))
return nil, errors.New("force") return nil, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: id, id: id,
@ -1403,7 +1444,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
b, err := json.Marshal(acc) b, err := json.Marshal(acc)
assert.FatalError(t, err) assert.FatalError(t, err)
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
return b, nil return b, nil
}, },
@ -1411,6 +1452,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
return nil, false, errors.New("force") return nil, false, errors.New("force")
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: acc.ID, id: acc.ID,
@ -1428,7 +1470,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
clone := &_acc clone := &_acc
clone.Status = StatusDeactivated clone.Status = StatusDeactivated
clone.Deactivated = clock.Now() clone.Deactivated = clock.Now()
auth := NewAuthority(&db.MockNoSQLDB{ auth, err := NewAuthority(&db.MockNoSQLDB{
MGet: func(bucket, key []byte) ([]byte, error) { MGet: func(bucket, key []byte) ([]byte, error) {
return b, nil return b, nil
}, },
@ -1438,6 +1480,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
return nil, true, nil return nil, true, nil
}, },
}, "ca.smallstep.com", "acme", nil) }, "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
return test{ return test{
auth: auth, auth: auth,
id: acc.ID, id: acc.ID,

View file

@ -22,17 +22,6 @@ type Identifier struct {
Value string `json:"value"` Value string `json:"value"`
} }
var (
accountTable = []byte("acme-accounts")
accountByKeyIDTable = []byte("acme-keyID-accountID-index")
authzTable = []byte("acme-authzs")
challengeTable = []byte("acme-challenges")
nonceTable = []byte("nonce-table")
orderTable = []byte("acme-orders")
ordersByAccountIDTable = []byte("acme-account-orders-index")
certTable = []byte("acme-certs")
)
var ( var (
// StatusValid -- valid // StatusValid -- valid
StatusValid = "valid" StatusValid = "valid"

View file

@ -124,7 +124,10 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
} }
prefix := "acme" prefix := "acme"
acmeAuth := acme.NewAuthority(auth.GetDatabase().(nosql.DB), dns, prefix, auth) acmeAuth, err := acme.NewAuthority(auth.GetDatabase().(nosql.DB), dns, prefix, auth)
if err != nil {
return nil, errors.Wrap(err, "error creating ACME authority")
}
acmeRouterHandler := acmeAPI.New(acmeAuth) acmeRouterHandler := acmeAPI.New(acmeAuth)
mux.Route("/"+prefix, func(r chi.Router) { mux.Route("/"+prefix, func(r chi.Router) {
acmeRouterHandler.Route(r) acmeRouterHandler.Route(r)