forked from TrueCloudLab/certificates
Fix PR comments
This commit is contained in:
parent
af4803b8b8
commit
84ea8bd67a
2 changed files with 29 additions and 6 deletions
|
@ -45,6 +45,22 @@ func TestNewOrderRequest_Validate(t *testing.T) {
|
||||||
err: acme.NewError(acme.ErrorMalformedType, "identifier type unsupported: foo"),
|
err: acme.NewError(acme.ErrorMalformedType, "identifier type unsupported: foo"),
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"fail/bad-ip": func(t *testing.T) test {
|
||||||
|
nbf := time.Now().UTC().Add(time.Minute)
|
||||||
|
naf := time.Now().UTC().Add(5 * time.Minute)
|
||||||
|
return test{
|
||||||
|
nor: &NewOrderRequest{
|
||||||
|
Identifiers: []acme.Identifier{
|
||||||
|
{Type: "ip", Value: "192.168.42.1000"},
|
||||||
|
},
|
||||||
|
NotAfter: naf,
|
||||||
|
NotBefore: nbf,
|
||||||
|
},
|
||||||
|
nbf: nbf,
|
||||||
|
naf: naf,
|
||||||
|
err: acme.NewError(acme.ErrorMalformedType, "invalid IP address: %s", "192.168.42.1000"),
|
||||||
|
}
|
||||||
|
},
|
||||||
"ok": func(t *testing.T) test {
|
"ok": func(t *testing.T) test {
|
||||||
nbf := time.Now().UTC().Add(time.Minute)
|
nbf := time.Now().UTC().Add(time.Minute)
|
||||||
naf := time.Now().UTC().Add(5 * time.Minute)
|
naf := time.Now().UTC().Add(5 * time.Minute)
|
||||||
|
@ -91,7 +107,7 @@ func TestNewOrderRequest_Validate(t *testing.T) {
|
||||||
naf: naf,
|
naf: naf,
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ok/mixed-dns-and-ipv4": func(t *testing.T) test { // TODO: verify that this is allowed and what we want to be possible (in Validate())
|
"ok/mixed-dns-and-ipv4": func(t *testing.T) test {
|
||||||
nbf := time.Now().UTC().Add(time.Minute)
|
nbf := time.Now().UTC().Add(time.Minute)
|
||||||
naf := time.Now().UTC().Add(5 * time.Minute)
|
naf := time.Now().UTC().Add(5 * time.Minute)
|
||||||
return test{
|
return test{
|
||||||
|
|
|
@ -14,10 +14,17 @@ import (
|
||||||
"go.step.sm/crypto/x509util"
|
"go.step.sm/crypto/x509util"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type IdentifierType string
|
||||||
|
|
||||||
|
const (
|
||||||
|
IP IdentifierType = "ip"
|
||||||
|
DNS IdentifierType = "dns"
|
||||||
|
)
|
||||||
|
|
||||||
// Identifier encodes the type that an order pertains to.
|
// Identifier encodes the type that an order pertains to.
|
||||||
type Identifier struct {
|
type Identifier struct {
|
||||||
Type string `json:"type"`
|
Type IdentifierType `json:"type"`
|
||||||
Value string `json:"value"`
|
Value string `json:"value"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Order contains order metadata for the ACME protocol order type.
|
// Order contains order metadata for the ACME protocol order type.
|
||||||
|
@ -222,7 +229,7 @@ func (o *Order) sans(csr *x509.CertificateRequest) ([]x509util.SubjectAlternativ
|
||||||
// Validate identifier names against CSR alternative names.
|
// Validate identifier names against CSR alternative names.
|
||||||
//
|
//
|
||||||
// Note that with certificate templates we are not going to check for the
|
// Note that with certificate templates we are not going to check for the
|
||||||
// absence of other SANs as they will only be set if the templates allows
|
// absence of other SANs as they will only be set if the template allows
|
||||||
// them.
|
// them.
|
||||||
if len(csr.DNSNames) != len(orderNames) {
|
if len(csr.DNSNames) != len(orderNames) {
|
||||||
return sans, NewError(ErrorBadCSRType, "CSR names do not match identifiers exactly: "+
|
return sans, NewError(ErrorBadCSRType, "CSR names do not match identifiers exactly: "+
|
||||||
|
@ -263,7 +270,7 @@ func (o *Order) sans(csr *x509.CertificateRequest) ([]x509util.SubjectAlternativ
|
||||||
|
|
||||||
// numberOfIdentifierType returns the number of Identifiers that
|
// numberOfIdentifierType returns the number of Identifiers that
|
||||||
// are of type typ.
|
// are of type typ.
|
||||||
func numberOfIdentifierType(typ string, ids []Identifier) int {
|
func numberOfIdentifierType(typ IdentifierType, ids []Identifier) int {
|
||||||
c := 0
|
c := 0
|
||||||
for _, id := range ids {
|
for _, id := range ids {
|
||||||
if id.Type == typ {
|
if id.Type == typ {
|
||||||
|
@ -305,7 +312,7 @@ func ipsAreEqual(x, y net.IP) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// matchAddrFamily returns if two IPs are both IPv4 OR IPv6
|
// matchAddrFamily returns true if two IPs are both IPv4 OR IPv6
|
||||||
// Implementation taken and adapted from https://golang.org/src/net/ip.go
|
// Implementation taken and adapted from https://golang.org/src/net/ip.go
|
||||||
func matchAddrFamily(x net.IP, y net.IP) bool {
|
func matchAddrFamily(x net.IP, y net.IP) bool {
|
||||||
return x.To4() != nil && y.To4() != nil || x.To16() != nil && x.To4() == nil && y.To16() != nil && y.To4() == nil
|
return x.To4() != nil && y.To4() != nil || x.To16() != nil && x.To4() == nil && y.To16() != nil && y.To4() == nil
|
||||||
|
|
Loading…
Reference in a new issue