forked from TrueCloudLab/certificates
Create ACME database tables when initializing ACME autority.
This commit is contained in:
parent
f53f4720ad
commit
7aec7c2612
5 changed files with 120 additions and 58 deletions
|
@ -17,6 +17,7 @@ import (
|
||||||
"github.com/smallstep/assert"
|
"github.com/smallstep/assert"
|
||||||
"github.com/smallstep/certificates/acme"
|
"github.com/smallstep/certificates/acme"
|
||||||
"github.com/smallstep/certificates/authority/provisioner"
|
"github.com/smallstep/certificates/authority/provisioner"
|
||||||
|
"github.com/smallstep/certificates/db"
|
||||||
"github.com/smallstep/cli/crypto/pemutil"
|
"github.com/smallstep/cli/crypto/pemutil"
|
||||||
"github.com/smallstep/cli/jose"
|
"github.com/smallstep/cli/jose"
|
||||||
)
|
)
|
||||||
|
@ -230,7 +231,8 @@ func TestHandlerGetNonce(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestHandlerGetDirectory(t *testing.T) {
|
func TestHandlerGetDirectory(t *testing.T) {
|
||||||
auth := acme.NewAuthority(nil, "ca.smallstep.com", "acme", nil)
|
auth, err := acme.NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
prov := newProv()
|
prov := newProv()
|
||||||
url := fmt.Sprintf("http://ca.smallstep.com/acme/%s/directory", acme.URLSafeProvisionerName(prov))
|
url := fmt.Sprintf("http://ca.smallstep.com/acme/%s/directory", acme.URLSafeProvisionerName(prov))
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/authority/provisioner"
|
"github.com/smallstep/certificates/authority/provisioner"
|
||||||
|
database "github.com/smallstep/certificates/db"
|
||||||
"github.com/smallstep/cli/jose"
|
"github.com/smallstep/cli/jose"
|
||||||
"github.com/smallstep/nosql"
|
"github.com/smallstep/nosql"
|
||||||
)
|
)
|
||||||
|
@ -43,11 +44,35 @@ type Authority struct {
|
||||||
signAuth SignAuthority
|
signAuth SignAuthority
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
accountTable = []byte("acme_accounts")
|
||||||
|
accountByKeyIDTable = []byte("acme_keyID_accountID_index")
|
||||||
|
authzTable = []byte("acme_authzs")
|
||||||
|
challengeTable = []byte("acme_challenges")
|
||||||
|
nonceTable = []byte("nonces")
|
||||||
|
orderTable = []byte("acme_orders")
|
||||||
|
ordersByAccountIDTable = []byte("acme_account-orders-index")
|
||||||
|
certTable = []byte("acme_certs")
|
||||||
|
)
|
||||||
|
|
||||||
// NewAuthority returns a new Authority that implements the ACME interface.
|
// NewAuthority returns a new Authority that implements the ACME interface.
|
||||||
func NewAuthority(db nosql.DB, dns, prefix string, signAuth SignAuthority) *Authority {
|
func NewAuthority(db nosql.DB, dns, prefix string, signAuth SignAuthority) (*Authority, error) {
|
||||||
|
if _, ok := db.(*database.SimpleDB); !ok {
|
||||||
|
// If it's not a SimpleDB then go ahead and bootstrap the DB with the
|
||||||
|
// necessary ACME tables. SimpleDB should ONLY be used for testing.
|
||||||
|
tables := [][]byte{accountTable, accountByKeyIDTable, authzTable,
|
||||||
|
challengeTable, nonceTable, orderTable, ordersByAccountIDTable,
|
||||||
|
certTable}
|
||||||
|
for _, b := range tables {
|
||||||
|
if err := db.CreateTable(b); err != nil {
|
||||||
|
return nil, errors.Wrapf(err, "error creating table %s",
|
||||||
|
string(b))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
return &Authority{
|
return &Authority{
|
||||||
db: db, dir: newDirectory(dns, prefix), signAuth: signAuth,
|
db: db, dir: newDirectory(dns, prefix), signAuth: signAuth,
|
||||||
}
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetLink returns the requested link from the directory.
|
// GetLink returns the requested link from the directory.
|
||||||
|
|
|
@ -14,7 +14,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestAuthorityGetLink(t *testing.T) {
|
func TestAuthorityGetLink(t *testing.T) {
|
||||||
auth := NewAuthority(nil, "ca.smallstep.com", "acme", nil)
|
auth, err := NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
provID := "acme-test-provisioner"
|
provID := "acme-test-provisioner"
|
||||||
type test struct {
|
type test struct {
|
||||||
auth *Authority
|
auth *Authority
|
||||||
|
@ -69,7 +70,8 @@ func TestAuthorityGetLink(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAuthorityGetDirectory(t *testing.T) {
|
func TestAuthorityGetDirectory(t *testing.T) {
|
||||||
auth := NewAuthority(nil, "ca.smallstep.com", "acme", nil)
|
auth, err := NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
prov := newProv()
|
prov := newProv()
|
||||||
acmeDir := auth.GetDirectory(prov)
|
acmeDir := auth.GetDirectory(prov)
|
||||||
assert.Equals(t, acmeDir.NewNonce, fmt.Sprintf("https://ca.smallstep.com/acme/%s/new-nonce", URLSafeProvisionerName(prov)))
|
assert.Equals(t, acmeDir.NewNonce, fmt.Sprintf("https://ca.smallstep.com/acme/%s/new-nonce", URLSafeProvisionerName(prov)))
|
||||||
|
@ -88,11 +90,12 @@ func TestAuthorityNewNonce(t *testing.T) {
|
||||||
}
|
}
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/newNonce-error": func(t *testing.T) test {
|
"fail/newNonce-error": func(t *testing.T) test {
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
||||||
return nil, false, errors.New("force")
|
return nil, false, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
res: nil,
|
res: nil,
|
||||||
|
@ -102,12 +105,13 @@ func TestAuthorityNewNonce(t *testing.T) {
|
||||||
"ok": func(t *testing.T) test {
|
"ok": func(t *testing.T) test {
|
||||||
var _res string
|
var _res string
|
||||||
res := &_res
|
res := &_res
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
||||||
*res = string(key)
|
*res = string(key)
|
||||||
return nil, true, nil
|
return nil, true, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
res: res,
|
res: res,
|
||||||
|
@ -141,22 +145,24 @@ func TestAuthorityUseNonce(t *testing.T) {
|
||||||
}
|
}
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/newNonce-error": func(t *testing.T) test {
|
"fail/newNonce-error": func(t *testing.T) test {
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MUpdate: func(tx *database.Tx) error {
|
MUpdate: func(tx *database.Tx) error {
|
||||||
return errors.New("force")
|
return errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
err: ServerInternalErr(errors.New("error deleting nonce foo: force")),
|
err: ServerInternalErr(errors.New("error deleting nonce foo: force")),
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ok": func(t *testing.T) test {
|
"ok": func(t *testing.T) test {
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MUpdate: func(tx *database.Tx) error {
|
MUpdate: func(tx *database.Tx) error {
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
}
|
}
|
||||||
|
@ -195,11 +201,12 @@ func TestAuthorityNewAccount(t *testing.T) {
|
||||||
}
|
}
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/newAccount-error": func(t *testing.T) test {
|
"fail/newAccount-error": func(t *testing.T) test {
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
||||||
return nil, false, errors.New("force")
|
return nil, false, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
ops: ops,
|
ops: ops,
|
||||||
|
@ -213,7 +220,7 @@ func TestAuthorityNewAccount(t *testing.T) {
|
||||||
count = 0
|
count = 0
|
||||||
dir = newDirectory("ca.smallstep.com", "acme")
|
dir = newDirectory("ca.smallstep.com", "acme")
|
||||||
)
|
)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
||||||
if count == 1 {
|
if count == 1 {
|
||||||
var acc *account
|
var acc *account
|
||||||
|
@ -225,6 +232,7 @@ func TestAuthorityNewAccount(t *testing.T) {
|
||||||
return nil, true, nil
|
return nil, true, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
ops: ops,
|
ops: ops,
|
||||||
|
@ -267,13 +275,14 @@ func TestAuthorityGetAccount(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getAccount-error": func(t *testing.T) test {
|
"fail/getAccount-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, accountTable)
|
assert.Equals(t, bucket, accountTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -285,11 +294,12 @@ func TestAuthorityGetAccount(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(acc)
|
b, err := json.Marshal(acc)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: acc.ID,
|
id: acc.ID,
|
||||||
|
@ -338,7 +348,8 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
|
||||||
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
|
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
jwk.Key = "foo"
|
jwk.Key = "foo"
|
||||||
auth := NewAuthority(nil, "ca.smallstep.com", "acme", nil)
|
auth, err := NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
jwk: jwk,
|
jwk: jwk,
|
||||||
|
@ -350,13 +361,14 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
kid, err := keyToID(jwk)
|
kid, err := keyToID(jwk)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, accountByKeyIDTable)
|
assert.Equals(t, bucket, accountByKeyIDTable)
|
||||||
assert.Equals(t, key, []byte(kid))
|
assert.Equals(t, key, []byte(kid))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
jwk: jwk,
|
jwk: jwk,
|
||||||
|
@ -371,7 +383,7 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
|
||||||
count := 0
|
count := 0
|
||||||
kid, err := keyToID(acc.Key)
|
kid, err := keyToID(acc.Key)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
var ret []byte
|
var ret []byte
|
||||||
switch {
|
switch {
|
||||||
|
@ -388,6 +400,7 @@ func TestAuthorityGetAccountByKey(t *testing.T) {
|
||||||
return ret, nil
|
return ret, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
jwk: acc.Key,
|
jwk: acc.Key,
|
||||||
|
@ -434,13 +447,14 @@ func TestAuthorityGetOrder(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getOrder-error": func(t *testing.T) test {
|
"fail/getOrder-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, orderTable)
|
assert.Equals(t, bucket, orderTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -452,13 +466,14 @@ func TestAuthorityGetOrder(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(o)
|
b, err := json.Marshal(o)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, orderTable)
|
assert.Equals(t, bucket, orderTable)
|
||||||
assert.Equals(t, key, []byte(o.ID))
|
assert.Equals(t, key, []byte(o.ID))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: o.ID,
|
id: o.ID,
|
||||||
|
@ -472,7 +487,7 @@ func TestAuthorityGetOrder(t *testing.T) {
|
||||||
b, err := json.Marshal(o)
|
b, err := json.Marshal(o)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
i := 0
|
i := 0
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
switch {
|
switch {
|
||||||
case i == 0:
|
case i == 0:
|
||||||
|
@ -487,6 +502,7 @@ func TestAuthorityGetOrder(t *testing.T) {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: o.ID,
|
id: o.ID,
|
||||||
|
@ -500,13 +516,14 @@ func TestAuthorityGetOrder(t *testing.T) {
|
||||||
o.Status = "valid"
|
o.Status = "valid"
|
||||||
b, err := json.Marshal(o)
|
b, err := json.Marshal(o)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, orderTable)
|
assert.Equals(t, bucket, orderTable)
|
||||||
assert.Equals(t, key, []byte(o.ID))
|
assert.Equals(t, key, []byte(o.ID))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: o.ID,
|
id: o.ID,
|
||||||
|
@ -553,13 +570,14 @@ func TestAuthorityGetCertificate(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getCertificate-error": func(t *testing.T) test {
|
"fail/getCertificate-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, certTable)
|
assert.Equals(t, bucket, certTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -571,13 +589,14 @@ func TestAuthorityGetCertificate(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(cert)
|
b, err := json.Marshal(cert)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, certTable)
|
assert.Equals(t, bucket, certTable)
|
||||||
assert.Equals(t, key, []byte(cert.ID))
|
assert.Equals(t, key, []byte(cert.ID))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: cert.ID,
|
id: cert.ID,
|
||||||
|
@ -590,13 +609,14 @@ func TestAuthorityGetCertificate(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(cert)
|
b, err := json.Marshal(cert)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, certTable)
|
assert.Equals(t, bucket, certTable)
|
||||||
assert.Equals(t, key, []byte(cert.ID))
|
assert.Equals(t, key, []byte(cert.ID))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: cert.ID,
|
id: cert.ID,
|
||||||
|
@ -644,13 +664,14 @@ func TestAuthorityGetAuthz(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getAuthz-error": func(t *testing.T) test {
|
"fail/getAuthz-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, authzTable)
|
assert.Equals(t, bucket, authzTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -662,13 +683,14 @@ func TestAuthorityGetAuthz(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(az)
|
b, err := json.Marshal(az)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, authzTable)
|
assert.Equals(t, bucket, authzTable)
|
||||||
assert.Equals(t, key, []byte(az.getID()))
|
assert.Equals(t, key, []byte(az.getID()))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: az.getID(),
|
id: az.getID(),
|
||||||
|
@ -682,7 +704,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
|
||||||
b, err := json.Marshal(az)
|
b, err := json.Marshal(az)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
count := 0
|
count := 0
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
var ret []byte
|
var ret []byte
|
||||||
switch count {
|
switch count {
|
||||||
|
@ -699,6 +721,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
|
||||||
return ret, nil
|
return ret, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: az.getID(),
|
id: az.getID(),
|
||||||
|
@ -757,7 +780,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
||||||
count = 0
|
count = 0
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
var ret []byte
|
var ret []byte
|
||||||
switch count {
|
switch count {
|
||||||
|
@ -778,6 +801,7 @@ func TestAuthorityGetAuthz(t *testing.T) {
|
||||||
return ret, nil
|
return ret, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: az.getID(),
|
id: az.getID(),
|
||||||
|
@ -822,11 +846,12 @@ func TestAuthorityNewOrder(t *testing.T) {
|
||||||
}
|
}
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/newOrder-error": func(t *testing.T) test {
|
"fail/newOrder-error": func(t *testing.T) test {
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
||||||
return nil, false, errors.New("force")
|
return nil, false, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
ops: defaultOrderOps(),
|
ops: defaultOrderOps(),
|
||||||
|
@ -843,7 +868,7 @@ func TestAuthorityNewOrder(t *testing.T) {
|
||||||
_accID string
|
_accID string
|
||||||
accID = &_accID
|
accID = &_accID
|
||||||
)
|
)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
|
||||||
switch count {
|
switch count {
|
||||||
case 0:
|
case 0:
|
||||||
|
@ -876,6 +901,7 @@ func TestAuthorityNewOrder(t *testing.T) {
|
||||||
return nil, database.ErrNotFound
|
return nil, database.ErrNotFound
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
ops: defaultOrderOps(),
|
ops: defaultOrderOps(),
|
||||||
|
@ -918,13 +944,14 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getOrderIDsByAccount-error": func(t *testing.T) test {
|
"fail/getOrderIDsByAccount-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, ordersByAccountIDTable)
|
assert.Equals(t, bucket, ordersByAccountIDTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -938,7 +965,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
|
||||||
count = 0
|
count = 0
|
||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
var ret []byte
|
var ret []byte
|
||||||
switch count {
|
switch count {
|
||||||
|
@ -956,6 +983,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
|
||||||
return ret, nil
|
return ret, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -973,7 +1001,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
|
||||||
baz, err := newO()
|
baz, err := newO()
|
||||||
bar.Status = StatusInvalid
|
bar.Status = StatusInvalid
|
||||||
|
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
var ret []byte
|
var ret []byte
|
||||||
switch count {
|
switch count {
|
||||||
|
@ -1002,6 +1030,7 @@ func TestAuthorityGetOrdersByAccount(t *testing.T) {
|
||||||
return ret, nil
|
return ret, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -1043,13 +1072,14 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getOrder-error": func(t *testing.T) test {
|
"fail/getOrder-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, orderTable)
|
assert.Equals(t, bucket, orderTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -1061,13 +1091,14 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(o)
|
b, err := json.Marshal(o)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, orderTable)
|
assert.Equals(t, bucket, orderTable)
|
||||||
assert.Equals(t, key, []byte(o.ID))
|
assert.Equals(t, key, []byte(o.ID))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: o.ID,
|
id: o.ID,
|
||||||
|
@ -1081,7 +1112,7 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
|
||||||
o.Expires = time.Now().Add(-time.Minute)
|
o.Expires = time.Now().Add(-time.Minute)
|
||||||
b, err := json.Marshal(o)
|
b, err := json.Marshal(o)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, orderTable)
|
assert.Equals(t, bucket, orderTable)
|
||||||
assert.Equals(t, key, []byte(o.ID))
|
assert.Equals(t, key, []byte(o.ID))
|
||||||
|
@ -1093,6 +1124,7 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
|
||||||
return nil, false, errors.New("force")
|
return nil, false, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: o.ID,
|
id: o.ID,
|
||||||
|
@ -1107,13 +1139,14 @@ func TestAuthorityFinalizeOrder(t *testing.T) {
|
||||||
o.Certificate = "certID"
|
o.Certificate = "certID"
|
||||||
b, err := json.Marshal(o)
|
b, err := json.Marshal(o)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, orderTable)
|
assert.Equals(t, bucket, orderTable)
|
||||||
assert.Equals(t, key, []byte(o.ID))
|
assert.Equals(t, key, []byte(o.ID))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: o.ID,
|
id: o.ID,
|
||||||
|
@ -1161,13 +1194,14 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getChallenge-error": func(t *testing.T) test {
|
"fail/getChallenge-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, challengeTable)
|
assert.Equals(t, bucket, challengeTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -1179,13 +1213,14 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(ch)
|
b, err := json.Marshal(ch)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, challengeTable)
|
assert.Equals(t, bucket, challengeTable)
|
||||||
assert.Equals(t, key, []byte(ch.getID()))
|
assert.Equals(t, key, []byte(ch.getID()))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: ch.getID(),
|
id: ch.getID(),
|
||||||
|
@ -1198,7 +1233,7 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
b, err := json.Marshal(ch)
|
b, err := json.Marshal(ch)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, challengeTable)
|
assert.Equals(t, bucket, challengeTable)
|
||||||
assert.Equals(t, key, []byte(ch.getID()))
|
assert.Equals(t, key, []byte(ch.getID()))
|
||||||
|
@ -1210,6 +1245,7 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
return nil, false, errors.New("force")
|
return nil, false, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: ch.getID(),
|
id: ch.getID(),
|
||||||
|
@ -1226,13 +1262,14 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
_ch.baseChallenge.Validated = clock.Now()
|
_ch.baseChallenge.Validated = clock.Now()
|
||||||
b, err := json.Marshal(ch)
|
b, err := json.Marshal(ch)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, challengeTable)
|
assert.Equals(t, bucket, challengeTable)
|
||||||
assert.Equals(t, key, []byte(ch.getID()))
|
assert.Equals(t, key, []byte(ch.getID()))
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: ch.getID(),
|
id: ch.getID(),
|
||||||
|
@ -1282,13 +1319,14 @@ func TestAuthorityUpdateAccount(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getAccount-error": func(t *testing.T) test {
|
"fail/getAccount-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, accountTable)
|
assert.Equals(t, bucket, accountTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -1302,7 +1340,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
|
||||||
b, err := json.Marshal(acc)
|
b, err := json.Marshal(acc)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
|
@ -1310,6 +1348,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
|
||||||
return nil, false, errors.New("force")
|
return nil, false, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: acc.ID,
|
id: acc.ID,
|
||||||
|
@ -1327,7 +1366,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
|
||||||
_acc := *acc
|
_acc := *acc
|
||||||
clone := &_acc
|
clone := &_acc
|
||||||
clone.Contact = contact
|
clone.Contact = contact
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
|
@ -1337,6 +1376,7 @@ func TestAuthorityUpdateAccount(t *testing.T) {
|
||||||
return nil, true, nil
|
return nil, true, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: acc.ID,
|
id: acc.ID,
|
||||||
|
@ -1384,13 +1424,14 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
|
||||||
tests := map[string]func(t *testing.T) test{
|
tests := map[string]func(t *testing.T) test{
|
||||||
"fail/getAccount-error": func(t *testing.T) test {
|
"fail/getAccount-error": func(t *testing.T) test {
|
||||||
id := "foo"
|
id := "foo"
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
assert.Equals(t, bucket, accountTable)
|
assert.Equals(t, bucket, accountTable)
|
||||||
assert.Equals(t, key, []byte(id))
|
assert.Equals(t, key, []byte(id))
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: id,
|
id: id,
|
||||||
|
@ -1403,7 +1444,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
|
||||||
b, err := json.Marshal(acc)
|
b, err := json.Marshal(acc)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
|
@ -1411,6 +1452,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
|
||||||
return nil, false, errors.New("force")
|
return nil, false, errors.New("force")
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: acc.ID,
|
id: acc.ID,
|
||||||
|
@ -1428,7 +1470,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
|
||||||
clone := &_acc
|
clone := &_acc
|
||||||
clone.Status = StatusDeactivated
|
clone.Status = StatusDeactivated
|
||||||
clone.Deactivated = clock.Now()
|
clone.Deactivated = clock.Now()
|
||||||
auth := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
return b, nil
|
return b, nil
|
||||||
},
|
},
|
||||||
|
@ -1438,6 +1480,7 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
|
||||||
return nil, true, nil
|
return nil, true, nil
|
||||||
},
|
},
|
||||||
}, "ca.smallstep.com", "acme", nil)
|
}, "ca.smallstep.com", "acme", nil)
|
||||||
|
assert.FatalError(t, err)
|
||||||
return test{
|
return test{
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: acc.ID,
|
id: acc.ID,
|
||||||
|
|
|
@ -22,17 +22,6 @@ type Identifier struct {
|
||||||
Value string `json:"value"`
|
Value string `json:"value"`
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
|
||||||
accountTable = []byte("acme-accounts")
|
|
||||||
accountByKeyIDTable = []byte("acme-keyID-accountID-index")
|
|
||||||
authzTable = []byte("acme-authzs")
|
|
||||||
challengeTable = []byte("acme-challenges")
|
|
||||||
nonceTable = []byte("nonce-table")
|
|
||||||
orderTable = []byte("acme-orders")
|
|
||||||
ordersByAccountIDTable = []byte("acme-account-orders-index")
|
|
||||||
certTable = []byte("acme-certs")
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// StatusValid -- valid
|
// StatusValid -- valid
|
||||||
StatusValid = "valid"
|
StatusValid = "valid"
|
||||||
|
|
5
ca/ca.go
5
ca/ca.go
|
@ -124,7 +124,10 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
prefix := "acme"
|
prefix := "acme"
|
||||||
acmeAuth := acme.NewAuthority(auth.GetDatabase().(nosql.DB), dns, prefix, auth)
|
acmeAuth, err := acme.NewAuthority(auth.GetDatabase().(nosql.DB), dns, prefix, auth)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "error creating ACME authority")
|
||||||
|
}
|
||||||
acmeRouterHandler := acmeAPI.New(acmeAuth)
|
acmeRouterHandler := acmeAPI.New(acmeAuth)
|
||||||
mux.Route("/"+prefix, func(r chi.Router) {
|
mux.Route("/"+prefix, func(r chi.Router) {
|
||||||
acmeRouterHandler.Route(r)
|
acmeRouterHandler.Route(r)
|
||||||
|
|
Loading…
Reference in a new issue