forked from TrueCloudLab/certificates
acme/authority: Fix tests
Also, return early from ValidateChallenge if the challenge is already valid. Interestingly, we aren't actually testing most of the ValidateChallenge func, just the early error and return conditions. We should add some more coverage here.
This commit is contained in:
David Cowden
parent
b061d0af34
commit
976c8f82c6
2 changed files with 20 additions and 8 deletions
|
|
@ -317,6 +317,14 @@ func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID strin
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
switch ch.getStatus() {
|
||||||
|
case StatusPending, StatusProcessing:
|
||||||
|
break
|
||||||
|
case StatusInvalid, StatusValid:
|
||||||
|
return ch.toACME(a.dir, p)
|
||||||
|
default:
|
||||||
|
panic("unknown challenge state: " + ch.getStatus())
|
||||||
|
}
|
||||||
|
|
||||||
// Validate the challenge belongs to the account owned by the requester.
|
// Validate the challenge belongs to the account owned by the requester.
|
||||||
if accID != ch.getAccountID() {
|
if accID != ch.getAccountID() {
|
||||||
|
|
|
||||||
|
|
@ -1224,6 +1224,7 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
err: ServerInternalErr(errors.Errorf("error loading challenge %s: force", id)),
|
err: ServerInternalErr(errors.Errorf("error loading challenge %s: force", id)),
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
"fail/challenge-not-owned-by-account": func(t *testing.T) test {
|
"fail/challenge-not-owned-by-account": func(t *testing.T) test {
|
||||||
ch, err := newHTTPCh()
|
ch, err := newHTTPCh()
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
@ -1244,6 +1245,7 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
err: UnauthorizedErr(errors.New("account does not own challenge")),
|
err: UnauthorizedErr(errors.New("account does not own challenge")),
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
"fail/validate-error": func(t *testing.T) test {
|
"fail/validate-error": func(t *testing.T) test {
|
||||||
ch, err := newHTTPCh()
|
ch, err := newHTTPCh()
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
|
|
@ -1269,15 +1271,16 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
err: ServerInternalErr(errors.New("error saving challenge: error saving acme challenge: force")),
|
err: ServerInternalErr(errors.New("error saving challenge: error saving acme challenge: force")),
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ok": func(t *testing.T) test {
|
|
||||||
|
"ok/already-valid": func(t *testing.T) test {
|
||||||
ch, err := newHTTPCh()
|
ch, err := newHTTPCh()
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
_ch, ok := ch.(*http01Challenge)
|
bc := ch.clone()
|
||||||
assert.Fatal(t, ok)
|
bc.Status = StatusValid
|
||||||
_ch.baseChallenge.Status = StatusValid
|
bc.Validated = clock.Now()
|
||||||
_ch.baseChallenge.Validated = clock.Now()
|
bc.Retry = nil
|
||||||
_ch.baseChallenge.Retry = nil
|
rch := bc.morph()
|
||||||
b, err := json.Marshal(ch)
|
b, err := json.Marshal(rch)
|
||||||
assert.FatalError(t, err)
|
assert.FatalError(t, err)
|
||||||
auth, err := NewAuthority(&db.MockNoSQLDB{
|
auth, err := NewAuthority(&db.MockNoSQLDB{
|
||||||
MGet: func(bucket, key []byte) ([]byte, error) {
|
MGet: func(bucket, key []byte) ([]byte, error) {
|
||||||
|
|
@ -1291,10 +1294,11 @@ func TestAuthorityValidateChallenge(t *testing.T) {
|
||||||
auth: auth,
|
auth: auth,
|
||||||
id: ch.getID(),
|
id: ch.getID(),
|
||||||
accID: ch.getAccountID(),
|
accID: ch.getAccountID(),
|
||||||
ch: ch,
|
ch: rch,
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, run := range tests {
|
for name, run := range tests {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue