Add tests for sans()

2021-06-25 17:21:22 +02:00 · 2021-06-25 17:21:22 +02:00 · a6d33b7d06
commit a6d33b7d06
parent 64c15fde7e
1 changed files with 147 additions and 40 deletions
--- a/acme/order_test.go
+++ b/acme/order_test.go
@ -1284,54 +1284,161 @@ func Test_canonicalize(t *testing.T) {

 func TestOrder_sans(t *testing.T) {
 	type fields struct {
-		ID                string
-		AccountID         string
-		ProvisionerID     string
-		Status            Status
-		ExpiresAt         time.Time
 		Identifiers []Identifier
-		NotBefore         time.Time
-		NotAfter          time.Time
-		Error             *Error
-		AuthorizationIDs  []string
-		AuthorizationURLs []string
-		FinalizeURL       string
-		CertificateID     string
-		CertificateURL    string
-	}
-	type args struct {
-		csr *x509.CertificateRequest
 	}
 	tests := []struct {
 		name   string
 		fields fields
-		args    args
+		csr    *x509.CertificateRequest
 		want   []x509util.SubjectAlternativeName
-		wantErr bool
+		err    error
 	}{
-		// TODO: Add test cases.
+		{
+			name: "ok/dns",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "dns", Value: "example.com"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				Subject: pkix.Name{
+					CommonName: "example.com",
+				},
+			},
+			want: []x509util.SubjectAlternativeName{
+				{Type: "dns", Value: "example.com"},
+			},
+			err: nil,
+		},
+		{
+			name: "fail/error-names-length-mismatch",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "dns", Value: "foo.internal"},
+					{Type: "dns", Value: "bar.internal"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				Subject: pkix.Name{
+					CommonName: "foo.internal",
+				},
+			},
+			want: []x509util.SubjectAlternativeName{},
+			err:  NewError(ErrorBadCSRType, "..."),
+		},
+		{
+			name: "fail/error-names-mismatch",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "dns", Value: "foo.internal"},
+					{Type: "dns", Value: "bar.internal"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				Subject: pkix.Name{
+					CommonName: "foo.internal",
+				},
+				DNSNames: []string{"zap.internal"},
+			},
+			want: []x509util.SubjectAlternativeName{},
+			err:  NewError(ErrorBadCSRType, "..."),
+		},
+		{
+			name: "ok/ipv4",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "ip", Value: "192.168.43.42"},
+					{Type: "ip", Value: "192.168.42.42"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				IPAddresses: []net.IP{net.ParseIP("192.168.43.42"), net.ParseIP("192.168.42.42")},
+			},
+			want: []x509util.SubjectAlternativeName{
+				{Type: "ip", Value: "192.168.42.42"},
+				{Type: "ip", Value: "192.168.43.42"},
+			},
+			err: nil,
+		},
+		{
+			name: "fail/error-ips-length-mismatch",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "ip", Value: "192.168.42.42"},
+					{Type: "ip", Value: "192.168.43.42"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				IPAddresses: []net.IP{net.ParseIP("192.168.42.42")},
+			},
+			want: []x509util.SubjectAlternativeName{},
+			err:  NewError(ErrorBadCSRType, "..."),
+		},
+		{
+			name: "fail/error-ips-mismatch",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "ip", Value: "192.168.42.42"},
+					{Type: "ip", Value: "192.168.43.42"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				IPAddresses: []net.IP{net.ParseIP("192.168.42.42"), net.ParseIP("192.168.42.32")},
+			},
+			want: []x509util.SubjectAlternativeName{},
+			err:  NewError(ErrorBadCSRType, "..."),
+		},
+		{
+			name: "ok/mixed",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "dns", Value: "foo.internal"},
+					{Type: "dns", Value: "bar.internal"},
+					{Type: "ip", Value: "192.168.43.42"},
+					{Type: "ip", Value: "192.168.42.42"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				Subject: pkix.Name{
+					CommonName: "bar.internal",
+				},
+				DNSNames:    []string{"foo.internal"},
+				IPAddresses: []net.IP{net.ParseIP("192.168.43.42"), net.ParseIP("192.168.42.42")},
+			},
+			want: []x509util.SubjectAlternativeName{
+				{Type: "dns", Value: "bar.internal"},
+				{Type: "dns", Value: "foo.internal"},
+				{Type: "ip", Value: "192.168.42.42"},
+				{Type: "ip", Value: "192.168.43.42"},
+			},
+			err: nil,
+		},
+		{
+			name: "fail/unsupported-identifier-type",
+			fields: fields{
+				Identifiers: []Identifier{
+					{Type: "ipv4", Value: "192.168.42.42"},
+				},
+			},
+			csr: &x509.CertificateRequest{
+				IPAddresses: []net.IP{net.ParseIP("192.168.42.42")},
+			},
+			want: []x509util.SubjectAlternativeName{},
+			err:  NewError(ErrorServerInternalType, "..."),
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			o := &Order{
-				ID:                tt.fields.ID,
-				AccountID:         tt.fields.AccountID,
-				ProvisionerID:     tt.fields.ProvisionerID,
-				Status:            tt.fields.Status,
-				ExpiresAt:         tt.fields.ExpiresAt,
 				Identifiers: tt.fields.Identifiers,
-				NotBefore:         tt.fields.NotBefore,
-				NotAfter:          tt.fields.NotAfter,
-				Error:             tt.fields.Error,
-				AuthorizationIDs:  tt.fields.AuthorizationIDs,
-				AuthorizationURLs: tt.fields.AuthorizationURLs,
-				FinalizeURL:       tt.fields.FinalizeURL,
-				CertificateID:     tt.fields.CertificateID,
-				CertificateURL:    tt.fields.CertificateURL,
 			}
-			got, err := o.sans(tt.args.csr)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("Order.sans() error = %v, wantErr %v", err, tt.wantErr)
+			canonicalizedCSR := canonicalize(tt.csr)
+			got, err := o.sans(canonicalizedCSR)
+			if err != nil && tt.err != nil {
+				if tt.err.Error() != err.Error() {
+					t.Errorf("Order.sans() error = %v, wantErr %v", err, tt.err)
+					return
+				}
 				return
 			}
 			if !reflect.DeepEqual(got, tt.want) {