alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

[acme db interface] unit tests compiling

Browse source
This commit is contained in:
max furman 2021-03-10 10:50:51 -08:00
parent f20fcae80e
commit bb8d54e596
13 changed files with 413 additions and 579 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
acme/account_test.go
View file

@ -1,20 +1,10 @@
package acme
import (
"context"
"encoding/json"
"fmt"
"net/url"
"testing"
"time"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/jose"
)
var (
@ -39,7 +29,8 @@ func newProv() Provisioner {
return p
}
func newAcc() (*account, error) {
/*
func newAcc() (*Account, error) {
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
if err != nil {
return nil, err
@ -53,12 +44,14 @@ func newAcc() (*account, error) {
Key: jwk, Contact: []string{"foo", "bar"},
})
}
*/
/*
func TestGetAccountByID(t *testing.T) {
type test struct {
id string
db nosql.DB
acc *account
acc *Account
err *Error
}
tests := map[string]func(t *testing.T) test{
@ -73,7 +66,7 @@ func TestGetAccountByID(t *testing.T) {
return nil, database.ErrNotFound
},
},
err: MalformedErr(errors.Errorf("account %s not found: not found", acc.ID)),
err: NewError(ErrorMalformedType, "account %s not found: not found", acc.ID),
}
},
"fail/db-error": func(t *testing.T) test {
@ -87,7 +80,7 @@ func TestGetAccountByID(t *testing.T) {
return nil, errors.New("force")
},
},
err: ServerInternalErr(errors.Errorf("error loading account %s: force", acc.ID)),
err: NewErrorISE("error loading account %s: force", acc.ID),
}
},
"fail/unmarshal-error": func(t *testing.T) test {
@ -768,3 +761,4 @@ func TestNewAccount(t *testing.T) {
})
}
}
*/

2
acme/api/handler.go
View file

@ -39,7 +39,7 @@ type Handler struct {
db acme.DB
backdate provisioner.Duration
ca acme.CertificateAuthority
linker *Linker
linker Linker
}
// HandlerOptions required to create a new ACME API request handler.

1
acme/api/handler_test.go
View file

@ -503,7 +503,6 @@ func TestHandlerGetChallenge(t *testing.T) {
ch := ch()
ch.Status = "valid"
ch.Validated = time.Now().UTC().Format(time.RFC3339)
count := 0
return test{
db: &acme.MockDB{
MockGetChallenge: func(ctx context.Context, chID, azID string) (*acme.Challenge, error) {

120
acme/api/linker.go
View file

@ -9,18 +9,30 @@ import (
)
// NewLinker returns a new Directory type.
func NewLinker(dns, prefix string) *Linker {
return &Linker{Prefix: prefix, DNS: dns}
func NewLinker(dns, prefix string) Linker {
return &linker{prefix: prefix, dns: dns}
}
// Linker generates ACME links.
type Linker struct {
Prefix string
DNS string
// Linker interface for generating links for ACME resources.
type Linker interface {
GetLink(ctx context.Context, typ LinkType, abs bool, inputs ...string) string
GetLinkExplicit(typ LinkType, provName string, abs bool, baseURL *url.URL, inputs ...string) string
LinkOrder(ctx context.Context, o *acme.Order)
LinkAccount(ctx context.Context, o *acme.Account)
LinkChallenge(ctx context.Context, o *acme.Challenge)
LinkAuthorization(ctx context.Context, o *acme.Authorization)
LinkOrdersByAccountID(ctx context.Context, orders []string)
}
// linker generates ACME links.
type linker struct {
prefix string
dns string
}
// GetLink is a helper for GetLinkExplicit
func (l *Linker) GetLink(ctx context.Context, typ LinkType, abs bool, inputs ...string) string {
func (l *linker) GetLink(ctx context.Context, typ LinkType, abs bool, inputs ...string) string {
var provName string
if p, err := provisionerFromContext(ctx); err == nil && p != nil {
provName = p.GetName()
@ -31,7 +43,7 @@ func (l *Linker) GetLink(ctx context.Context, typ LinkType, abs bool, inputs ...
// GetLinkExplicit returns an absolute or partial path to the given resource and a base
// URL dynamically obtained from the request for which the link is being
// calculated.
func (l *Linker) GetLinkExplicit(typ LinkType, provisionerName string, abs bool, baseURL *url.URL, inputs ...string) string {
func (l *linker) GetLinkExplicit(typ LinkType, provisionerName string, abs bool, baseURL *url.URL, inputs ...string) string {
var link string
switch typ {
case NewNonceLinkType, NewAccountLinkType, NewOrderLinkType, NewAuthzLinkType, DirectoryLinkType, KeyChangeLinkType, RevokeCertLinkType:
@ -60,10 +72,10 @@ func (l *Linker) GetLinkExplicit(typ LinkType, provisionerName string, abs bool,
// If no Host is set, then use the default (first DNS attr in the ca.json).
if u.Host == "" {
u.Host = l.DNS
u.Host = l.dns
}
u.Path = l.Prefix + link
u.Path = l.prefix + link
return u.String()
}
return link
@ -135,7 +147,7 @@ func (l LinkType) String() string {
}
// LinkOrder sets the ACME links required by an ACME order.
func (l *Linker) LinkOrder(ctx context.Context, o *acme.Order) {
func (l *linker) LinkOrder(ctx context.Context, o *acme.Order) {
o.AuthorizationURLs = make([]string, len(o.AuthorizationIDs))
for i, azID := range o.AuthorizationIDs {
o.AuthorizationURLs[i] = l.GetLink(ctx, AuthzLinkType, true, azID)
@ -147,25 +159,103 @@ func (l *Linker) LinkOrder(ctx context.Context, o *acme.Order) {
}
// LinkAccount sets the ACME links required by an ACME account.
func (l *Linker) LinkAccount(ctx context.Context, acc *acme.Account) {
func (l *linker) LinkAccount(ctx context.Context, acc *acme.Account) {
acc.Orders = l.GetLink(ctx, OrdersByAccountLinkType, true, acc.ID)
}
// LinkChallenge sets the ACME links required by an ACME challenge.
func (l *Linker) LinkChallenge(ctx context.Context, ch *acme.Challenge) {
func (l *linker) LinkChallenge(ctx context.Context, ch *acme.Challenge) {
ch.URL = l.GetLink(ctx, ChallengeLinkType, true, ch.AuthzID, ch.ID)
}
// LinkAuthorization sets the ACME links required by an ACME authorization.
func (l *Linker) LinkAuthorization(ctx context.Context, az *acme.Authorization) {
func (l *linker) LinkAuthorization(ctx context.Context, az *acme.Authorization) {
for _, ch := range az.Challenges {
l.LinkChallenge(ctx, ch)
}
}
// LinkOrdersByAccountID converts each order ID to an ACME link.
func (l *Linker) LinkOrdersByAccountID(ctx context.Context, orders []string) {
func (l *linker) LinkOrdersByAccountID(ctx context.Context, orders []string) {
for i, id := range orders {
orders[i] = l.GetLink(ctx, OrderLinkType, true, id)
}
}
// MockLinker implements the Linker interface. Only used for testing.
type MockLinker struct {
MockGetLink func(ctx context.Context, typ LinkType, abs bool, inputs ...string) string
MockGetLinkExplicit func(typ LinkType, provName string, abs bool, baseURL *url.URL, inputs ...string) string
MockLinkOrder func(ctx context.Context, o *acme.Order)
MockLinkAccount func(ctx context.Context, o *acme.Account)
MockLinkChallenge func(ctx context.Context, o *acme.Challenge)
MockLinkAuthorization func(ctx context.Context, o *acme.Authorization)
MockLinkOrdersByAccountID func(ctx context.Context, orders []string)
MockError error
MockRet1 interface{}
}
// GetLink mock.
func (m *MockLinker) GetLink(ctx context.Context, typ LinkType, abs bool, inputs ...string) string {
if m.MockGetLink != nil {
return m.MockGetLink(ctx, typ, abs, inputs...)
}
return m.MockRet1.(string)
}
// GetLinkExplicit mock.
func (m *MockLinker) GetLinkExplicit(typ LinkType, provName string, abs bool, baseURL *url.URL, inputs ...string) string {
if m.MockGetLinkExplicit != nil {
return m.MockGetLinkExplicit(typ, provName, abs, baseURL, inputs...)
}
return m.MockRet1.(string)
}
// LinkOrder mock.
func (m *MockLinker) LinkOrder(ctx context.Context, o *acme.Order) {
if m.MockLinkOrder != nil {
m.MockLinkOrder(ctx, o)
return
}
return
}
// LinkAccount mock.
func (m *MockLinker) LinkAccount(ctx context.Context, o *acme.Account) {
if m.MockLinkAccount != nil {
m.MockLinkAccount(ctx, o)
return
}
return
}
// LinkChallenge mock.
func (m *MockLinker) LinkChallenge(ctx context.Context, o *acme.Challenge) {
if m.MockLinkChallenge != nil {
m.MockLinkChallenge(ctx, o)
return
}
return
}
// LinkAuthorization mock.
func (m *MockLinker) LinkAuthorization(ctx context.Context, o *acme.Authorization) {
if m.MockLinkAuthorization != nil {
m.MockLinkAuthorization(ctx, o)
return
}
return
}
// LinkOrderAccountsByID mock.
func (m *MockLinker) LinkOrderAccountsByID(ctx context.Context, orders []string) {
if m.MockLinkOrdersByAccountID != nil {
m.MockLinkOrdersByAccountID(ctx, orders)
return
}
return
}

248
acme/api/middleware_test.go
View file

@ -170,13 +170,13 @@ func TestHandler_AddNonce(t *testing.T) {
}
}
func TestHandlerAddDirLink(t *testing.T) {
func TestHandler_addDirLink(t *testing.T) {
prov := newProv()
provName := url.PathEscape(prov.GetName())
baseURL := &url.URL{Scheme: "https", Host: "test.ca.smallstep.com"}
type test struct {
db acme.DB
link string
linker Linker
statusCode int
ctx context.Context
err *acme.Error
@ -186,14 +186,7 @@ func TestHandlerAddDirLink(t *testing.T) {
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
db: &acme.MockDB{
/*
getLink: func(ctx context.Context, typ acme.Link, abs bool, ins ...string) string {
assert.Equals(t, baseURLFromContext(ctx), baseURL)
return fmt.Sprintf("%s/acme/%s/directory", baseURL.String(), provName)
},
*/
},
linker: NewLinker("dns", "acme"),
ctx: ctx,
link: fmt.Sprintf("%s/acme/%s/directory", baseURL.String(), provName),
statusCode: 200,
@ -203,7 +196,7 @@ func TestHandlerAddDirLink(t *testing.T) {
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := &Handler{}
h := &Handler{linker: tc.linker}
req := httptest.NewRequest("GET", "/foo", nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -233,7 +226,7 @@ func TestHandlerAddDirLink(t *testing.T) {
}
}
func TestHandlerVerifyContentType(t *testing.T) {
func TestHandler_VerifyContentType(t *testing.T) {
prov := newProv()
provName := prov.GetName()
baseURL := &url.URL{Scheme: "https", Host: "test.ca.smallstep.com"}
@ -250,14 +243,7 @@ func TestHandlerVerifyContentType(t *testing.T) {
"fail/general-bad-content-type": func(t *testing.T) test {
return test{
h: Handler{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.CertificateLink)
assert.Equals(t, abs, false)
assert.Equals(t, in, []string{""})
return fmt.Sprintf("/acme/%s/certificate/", provName)
},
},
linker: NewLinker("dns", "acme"),
},
url: fmt.Sprintf("%s/acme/%s/new-account", baseURL.String(), provName),
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
@ -269,14 +255,7 @@ func TestHandlerVerifyContentType(t *testing.T) {
"fail/certificate-bad-content-type": func(t *testing.T) test {
return test{
h: Handler{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.CertificateLink)
assert.Equals(t, abs, false)
assert.Equals(t, in, []string{""})
return "/certificate/"
},
},
linker: NewLinker("dns", "acme"),
},
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
contentType: "foo",
@ -287,14 +266,7 @@ func TestHandlerVerifyContentType(t *testing.T) {
"ok": func(t *testing.T) test {
return test{
h: Handler{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.CertificateLink)
assert.Equals(t, abs, false)
assert.Equals(t, in, []string{""})
return "/certificate/"
},
},
linker: NewLinker("dns", "acme"),
},
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
contentType: "application/jose+json",
@ -304,14 +276,7 @@ func TestHandlerVerifyContentType(t *testing.T) {
"ok/certificate/pkix-cert": func(t *testing.T) test {
return test{
h: Handler{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.CertificateLink)
assert.Equals(t, abs, false)
assert.Equals(t, in, []string{""})
return "/certificate/"
},
},
linker: NewLinker("dns", "acme"),
},
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
contentType: "application/pkix-cert",
@ -321,14 +286,7 @@ func TestHandlerVerifyContentType(t *testing.T) {
"ok/certificate/jose+json": func(t *testing.T) test {
return test{
h: Handler{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.CertificateLink)
assert.Equals(t, abs, false)
assert.Equals(t, in, []string{""})
return "/certificate/"
},
},
linker: NewLinker("dns", "acme"),
},
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
contentType: "application/jose+json",
@ -338,14 +296,7 @@ func TestHandlerVerifyContentType(t *testing.T) {
"ok/certificate/pkcs7-mime": func(t *testing.T) test {
return test{
h: Handler{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.CertificateLink)
assert.Equals(t, abs, false)
assert.Equals(t, in, []string{""})
return "/certificate/"
},
},
linker: NewLinker("dns", "acme"),
},
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
contentType: "application/pkcs7-mime",
@ -771,6 +722,7 @@ func TestHandlerLookupJWK(t *testing.T) {
parsedJWS, err := jose.ParseJWS(raw)
assert.FatalError(t, err)
type test struct {
linker Linker
db acme.DB
ctx context.Context
next func(http.ResponseWriter, *http.Request)
@ -806,14 +758,7 @@ func TestHandlerLookupJWK(t *testing.T) {
ctx = context.WithValue(ctx, jwsContextKey, _jws)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.AccountLink)
assert.True(t, abs)
assert.Equals(t, in, []string{""})
return prefix
},
},
linker: NewLinker("dns", "acme"),
ctx: ctx,
statusCode: 400,
err: acme.NewError(acme.ErrorMalformedType, "kid does not have required prefix; expected %s, but got ", prefix),
@ -837,14 +782,7 @@ func TestHandlerLookupJWK(t *testing.T) {
ctx = context.WithValue(ctx, jwsContextKey, _parsed)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
db: &acme.MockDB{
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.AccountLink)
assert.True(t, abs)
assert.Equals(t, in, []string{""})
return fmt.Sprintf("%s/acme/%s/account/", baseURL.String(), provName)
},
},
linker: NewLinker("dns", "acme"),
ctx: ctx,
statusCode: 400,
err: acme.NewError(acme.ErrorMalformedType, "kid does not have required prefix; expected %s, but got foo", prefix),
@ -855,24 +793,16 @@ func TestHandlerLookupJWK(t *testing.T) {
ctx = context.WithValue(ctx, jwsContextKey, parsedJWS)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
linker: NewLinker("dns", "acme"),
db: &acme.MockDB{
getAccount: func(ctx context.Context, _accID string) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
MockGetAccount: func(ctx context.Context, accID string) (*acme.Account, error) {
assert.Equals(t, accID, accID)
return nil, database.ErrNotFound
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.AccountLink)
assert.True(t, abs)
assert.Equals(t, in, []string{""})
return fmt.Sprintf("%s/acme/%s/account/", baseURL.String(), provName)
},
},
ctx: ctx,
statusCode: 400,
err: acme.AccountDoesNotExistErr(nil),
err: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
}
},
"fail/GetAccount-error": func(t *testing.T) test {
@ -880,20 +810,12 @@ func TestHandlerLookupJWK(t *testing.T) {
ctx = context.WithValue(ctx, jwsContextKey, parsedJWS)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
linker: NewLinker("dns", "acme"),
db: &acme.MockDB{
getAccount: func(ctx context.Context, _accID string) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, accID, accID)
MockGetAccount: func(ctx context.Context, id string) (*acme.Account, error) {
assert.Equals(t, id, accID)
return nil, acme.NewErrorISE("force")
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.AccountLink)
assert.True(t, abs)
assert.Equals(t, in, []string{""})
return fmt.Sprintf("%s/acme/%s/account/", baseURL.String(), provName)
},
},
ctx: ctx,
statusCode: 500,
@ -906,24 +828,16 @@ func TestHandlerLookupJWK(t *testing.T) {
ctx = context.WithValue(ctx, jwsContextKey, parsedJWS)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
linker: NewLinker("dns", "acme"),
db: &acme.MockDB{
getAccount: func(ctx context.Context, _accID string) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, accID, accID)
MockGetAccount: func(ctx context.Context, id string) (*acme.Account, error) {
assert.Equals(t, id, accID)
return acc, nil
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.AccountLink)
assert.True(t, abs)
assert.Equals(t, in, []string{""})
return fmt.Sprintf("%s/acme/%s/account/", baseURL.String(), provName)
},
},
ctx: ctx,
statusCode: 401,
err: acme.UnauthorizedErr(errors.New("account is not active")),
err: acme.NewError(acme.ErrorUnauthorizedType, "account is not active"),
}
},
"ok": func(t *testing.T) test {
@ -932,27 +846,19 @@ func TestHandlerLookupJWK(t *testing.T) {
ctx = context.WithValue(ctx, jwsContextKey, parsedJWS)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
linker: NewLinker("dns", "acme"),
db: &acme.MockDB{
getAccount: func(ctx context.Context, _accID string) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, accID, accID)
MockGetAccount: func(ctx context.Context, id string) (*acme.Account, error) {
assert.Equals(t, id, accID)
return acc, nil
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.AccountLink)
assert.True(t, abs)
assert.Equals(t, in, []string{""})
return fmt.Sprintf("%s/acme/%s/account/", baseURL.String(), provName)
},
},
ctx: ctx,
next: func(w http.ResponseWriter, r *http.Request) {
_acc, err := acme.AccountFromContext(r.Context())
_acc, err := accountFromContext(r.Context())
assert.FatalError(t, err)
assert.Equals(t, _acc, acc)
_jwk, err := acme.JwkFromContext(r.Context())
_jwk, err := jwkFromContext(r.Context())
assert.FatalError(t, err)
assert.Equals(t, _jwk, jwk)
w.Write(testBody)
@ -964,7 +870,7 @@ func TestHandlerLookupJWK(t *testing.T) {
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := New(tc.auth).(*Handler)
h := &Handler{db: tc.db, linker: tc.linker}
req := httptest.NewRequest("GET", url, nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -978,7 +884,7 @@ func TestHandlerLookupJWK(t *testing.T) {
assert.FatalError(t, err)
if res.StatusCode >= 400 && assert.NotNil(t, tc.err) {
var ae acme.AError
var ae acme.Error
assert.FatalError(t, json.Unmarshal(bytes.TrimSpace(body), &ae))
assert.Equals(t, ae.Type, tc.err.Type)
@ -1057,7 +963,7 @@ func TestHandlerExtractJWK(t *testing.T) {
return test{
ctx: ctx,
statusCode: 400,
problem: acme.MalformedErr(errors.New("jwk expected in protected header")),
err: acme.NewError(acme.ErrorMalformedType, "jwk expected in protected header"),
}
},
"fail/invalid-jwk": func(t *testing.T) test {
@ -1075,7 +981,7 @@ func TestHandlerExtractJWK(t *testing.T) {
return test{
ctx: ctx,
statusCode: 400,
err: acme.MalformedErr(errors.New("invalid jwk in protected header")),
err: acme.NewError(acme.ErrorMalformedType, "invalid jwk in protected header"),
}
},
"fail/GetAccountByKey-error": func(t *testing.T) test {
@ -1084,11 +990,8 @@ func TestHandlerExtractJWK(t *testing.T) {
return test{
ctx: ctx,
db: &acme.MockDB{
getAccountByKey: func(ctx context.Context, jwk *jose.JSONWebKey) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, jwk.KeyID, pub.KeyID)
MockGetAccountByKeyID: func(ctx context.Context, kid string) (*acme.Account, error) {
assert.Equals(t, kid, pub.KeyID)
return nil, acme.NewErrorISE("force")
},
},
@ -1103,16 +1006,13 @@ func TestHandlerExtractJWK(t *testing.T) {
return test{
ctx: ctx,
db: &acme.MockDB{
getAccountByKey: func(ctx context.Context, jwk *jose.JSONWebKey) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, jwk.KeyID, pub.KeyID)
MockGetAccountByKeyID: func(ctx context.Context, kid string) (*acme.Account, error) {
assert.Equals(t, kid, pub.KeyID)
return acc, nil
},
},
statusCode: 401,
err: acme.UnauthorizedErr(errors.New("account is not active")),
err: acme.NewError(acme.ErrorUnauthorizedType, "account is not active"),
}
},
"ok": func(t *testing.T) test {
@ -1122,19 +1022,16 @@ func TestHandlerExtractJWK(t *testing.T) {
return test{
ctx: ctx,
db: &acme.MockDB{
getAccountByKey: func(ctx context.Context, jwk *jose.JSONWebKey) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, jwk.KeyID, pub.KeyID)
MockGetAccountByKeyID: func(ctx context.Context, kid string) (*acme.Account, error) {
assert.Equals(t, kid, pub.KeyID)
return acc, nil
},
},
next: func(w http.ResponseWriter, r *http.Request) {
_acc, err := acme.AccountFromContext(r.Context())
_acc, err := accountFromContext(r.Context())
assert.FatalError(t, err)
assert.Equals(t, _acc, acc)
_jwk, err := acme.JwkFromContext(r.Context())
_jwk, err := jwkFromContext(r.Context())
assert.FatalError(t, err)
assert.Equals(t, _jwk.KeyID, pub.KeyID)
w.Write(testBody)
@ -1148,19 +1045,16 @@ func TestHandlerExtractJWK(t *testing.T) {
return test{
ctx: ctx,
db: &acme.MockDB{
getAccountByKey: func(ctx context.Context, jwk *jose.JSONWebKey) (*acme.Account, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, jwk.KeyID, pub.KeyID)
MockGetAccountByKeyID: func(ctx context.Context, kid string) (*acme.Account, error) {
assert.Equals(t, kid, pub.KeyID)
return nil, database.ErrNotFound
},
},
next: func(w http.ResponseWriter, r *http.Request) {
_acc, err := acme.AccountFromContext(r.Context())
_acc, err := accountFromContext(r.Context())
assert.NotNil(t, err)
assert.Nil(t, _acc)
_jwk, err := acme.JwkFromContext(r.Context())
_jwk, err := jwkFromContext(r.Context())
assert.FatalError(t, err)
assert.Equals(t, _jwk.KeyID, pub.KeyID)
w.Write(testBody)
@ -1172,7 +1066,7 @@ func TestHandlerExtractJWK(t *testing.T) {
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := New(tc.auth).(*Handler)
h := &Handler{db: tc.db}
req := httptest.NewRequest("GET", url, nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -1186,7 +1080,7 @@ func TestHandlerExtractJWK(t *testing.T) {
assert.FatalError(t, err)
if res.StatusCode >= 400 && assert.NotNil(t, tc.err) {
var ae acme.AError
var ae acme.Error
assert.FatalError(t, json.Unmarshal(bytes.TrimSpace(body), &ae))
assert.Equals(t, ae.Type, tc.err.Type)
@ -1229,7 +1123,7 @@ func TestHandlerValidateJWS(t *testing.T) {
return test{
ctx: context.WithValue(context.Background(), jwsContextKey, &jose.JSONWebSignature{}),
statusCode: 400,
err: acme.MalformedErr(errors.New("request body does not contain a signature")),
err: acme.NewError(acme.ErrorMalformedType, "request body does not contain a signature"),
}
},
"fail/more-than-one-signature": func(t *testing.T) test {
@ -1242,7 +1136,7 @@ func TestHandlerValidateJWS(t *testing.T) {
return test{
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.New("request body contains more than one signature")),
err: acme.NewError(acme.ErrorMalformedType, "request body contains more than one signature"),
}
},
"fail/unprotected-header-not-empty": func(t *testing.T) test {
@ -1254,7 +1148,7 @@ func TestHandlerValidateJWS(t *testing.T) {
return test{
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.New("unprotected header must not be used")),
err: acme.NewError(acme.ErrorMalformedType, "unprotected header must not be used"),
}
},
"fail/unsuitable-algorithm-none": func(t *testing.T) test {
@ -1266,7 +1160,7 @@ func TestHandlerValidateJWS(t *testing.T) {
return test{
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.New("unsuitable algorithm: none")),
err: acme.NewError(acme.ErrorMalformedType, "unsuitable algorithm: none"),
}
},
"fail/unsuitable-algorithm-mac": func(t *testing.T) test {
@ -1278,7 +1172,7 @@ func TestHandlerValidateJWS(t *testing.T) {
return test{
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.Errorf("unsuitable algorithm: %s", jose.HS256)),
err: acme.NewError(acme.ErrorMalformedType, "unsuitable algorithm: %s", jose.HS256),
}
},
"fail/rsa-key-&-alg-mismatch": func(t *testing.T) test {
@ -1300,13 +1194,13 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.Errorf("jws key type and algorithm do not match")),
err: acme.NewError(acme.ErrorMalformedType, "jws key type and algorithm do not match"),
}
},
"fail/rsa-key-too-small": func(t *testing.T) test {
@ -1328,13 +1222,13 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.Errorf("rsa keys must be at least 2048 bits (256 bytes) in size")),
err: acme.NewError(acme.ErrorMalformedType, "rsa keys must be at least 2048 bits (256 bytes) in size"),
}
},
"fail/UseNonce-error": func(t *testing.T) test {
@ -1345,7 +1239,7 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return acme.NewErrorISE("force")
},
},
@ -1362,13 +1256,13 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.New("jws missing url protected header")),
err: acme.NewError(acme.ErrorMalformedType, "jws missing url protected header"),
}
},
"fail/url-mismatch": func(t *testing.T) test {
@ -1386,13 +1280,13 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.Errorf("url header in JWS (foo) does not match request url (%s)", url)),
err: acme.NewError(acme.ErrorMalformedType, "url header in JWS (foo) does not match request url (%s)", url),
}
},
"fail/both-jwk-kid": func(t *testing.T) test {
@ -1415,13 +1309,13 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.Errorf("jwk and kid are mutually exclusive")),
err: acme.NewError(acme.ErrorMalformedType, "jwk and kid are mutually exclusive"),
}
},
"fail/no-jwk-kid": func(t *testing.T) test {
@ -1439,13 +1333,13 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
ctx: context.WithValue(context.Background(), jwsContextKey, jws),
statusCode: 400,
err: acme.MalformedErr(errors.Errorf("either jwk or kid must be defined in jws protected header")),
err: acme.NewError(acme.ErrorMalformedType, "either jwk or kid must be defined in jws protected header"),
}
},
"ok/kid": func(t *testing.T) test {
@ -1464,7 +1358,7 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
@ -1494,7 +1388,7 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
@ -1524,7 +1418,7 @@ func TestHandlerValidateJWS(t *testing.T) {
}
return test{
db: &acme.MockDB{
useNonce: func(n string) error {
MockDeleteNonce: func(ctx context.Context, n acme.Nonce) error {
return nil
},
},
@ -1539,7 +1433,7 @@ func TestHandlerValidateJWS(t *testing.T) {
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := New(tc.auth).(*Handler)
h := &Handler{db: tc.db}
req := httptest.NewRequest("GET", url, nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -1553,7 +1447,7 @@ func TestHandlerValidateJWS(t *testing.T) {
assert.FatalError(t, err)
if res.StatusCode >= 400 && assert.NotNil(t, tc.err) {
var ae acme.AError
var ae acme.Error
assert.FatalError(t, json.Unmarshal(bytes.TrimSpace(body), &ae))
assert.Equals(t, ae.Type, tc.err.Type)

341
acme/api/order_test.go
View file

@ -14,7 +14,6 @@ import (
"time"
"github.com/go-chi/chi"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/acme"
"go.step.sm/crypto/pemutil"
@ -30,7 +29,7 @@ func TestNewOrderRequestValidate(t *testing.T) {
"fail/no-identifiers": func(t *testing.T) test {
return test{
nor: &NewOrderRequest{},
err: acme.MalformedErr(errors.Errorf("identifiers list cannot be empty")),
err: acme.NewError(acme.ErrorMalformedType, "identifiers list cannot be empty"),
}
},
"fail/bad-identifier": func(t *testing.T) test {
@ -41,7 +40,7 @@ func TestNewOrderRequestValidate(t *testing.T) {
{Type: "foo", Value: "bar.com"},
},
},
err: acme.MalformedErr(errors.Errorf("identifier type unsupported: foo")),
err: acme.NewError(acme.ErrorMalformedType, "identifier type unsupported: foo"),
}
},
"ok": func(t *testing.T) test {
@ -105,7 +104,7 @@ func TestFinalizeRequestValidate(t *testing.T) {
"fail/parse-csr-error": func(t *testing.T) test {
return test{
fr: &FinalizeRequest{},
err: acme.MalformedErr(errors.Errorf("unable to parse csr: asn1: syntax error: sequence truncated")),
err: acme.NewError(acme.ErrorMalformedType, "unable to parse csr: asn1: syntax error: sequence truncated"),
}
},
"fail/invalid-csr-signature": func(t *testing.T) test {
@ -117,7 +116,7 @@ func TestFinalizeRequestValidate(t *testing.T) {
fr: &FinalizeRequest{
CSR: base64.RawURLEncoding.EncodeToString(c.Raw),
},
err: acme.MalformedErr(errors.Errorf("csr failed signature check: x509: ECDSA verification failure")),
err: acme.NewError(acme.ErrorMalformedType, "csr failed signature check: x509: ECDSA verification failure"),
}
},
"ok": func(t *testing.T) test {
@ -148,15 +147,15 @@ func TestFinalizeRequestValidate(t *testing.T) {
}
}
func TestHandlerGetOrder(t *testing.T) {
func TestHandler_GetOrder(t *testing.T) {
expiry := time.Now().UTC().Add(6 * time.Hour)
nbf := time.Now().UTC()
naf := time.Now().UTC().Add(24 * time.Hour)
o := acme.Order{
ID: "orderID",
Expires: expiry.Format(time.RFC3339),
NotBefore: nbf.Format(time.RFC3339),
NotAfter: naf.Format(time.RFC3339),
Expires: expiry,
NotBefore: nbf,
NotAfter: naf,
Identifiers: []acme.Identifier{
{
Type: "dns",
@ -168,7 +167,7 @@ func TestHandlerGetOrder(t *testing.T) {
},
},
Status: "pending",
Authorizations: []string{"foo", "bar"},
AuthorizationURLs: []string{"foo", "bar"},
}
// Request with chi context
@ -181,67 +180,57 @@ func TestHandlerGetOrder(t *testing.T) {
baseURL.String(), provName, o.ID)
type test struct {
auth acme.Interface
db acme.DB
linker Linker
ctx context.Context
statusCode int
problem *acme.Error
err *acme.Error
}
var tests = map[string]func(t *testing.T) test{
"fail/no-account": func(t *testing.T) test {
return test{
auth: &mockAcmeAuthority{},
ctx: context.WithValue(context.Background(), acme.ProvisionerContextKey, prov),
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
statusCode: 400,
problem: acme.AccountDoesNotExistErr(nil),
err: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
}
},
"fail/nil-account": func(t *testing.T) test {
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, nil)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, nil)
return test{
auth: &mockAcmeAuthority{},
ctx: ctx,
statusCode: 400,
problem: acme.AccountDoesNotExistErr(nil),
err: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
}
},
"fail/getOrder-error": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, chi.RouteCtxKey, chiCtx)
return test{
auth: &mockAcmeAuthority{
err: acme.ServerInternalErr(errors.New("force")),
db: &acme.MockDB{
MockError: acme.NewErrorISE("force"),
},
ctx: ctx,
statusCode: 500,
problem: acme.ServerInternalErr(errors.New("force")),
err: acme.NewErrorISE("force"),
}
},
"ok": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, chi.RouteCtxKey, chiCtx)
ctx = context.WithValue(ctx, acme.BaseURLContextKey, baseURL)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
auth: &mockAcmeAuthority{
getOrder: func(ctx context.Context, accID, id string) (*acme.Order, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, accID, acc.ID)
db: &acme.MockDB{
MockGetOrder: func(ctx context.Context, id string) (*acme.Order, error) {
assert.Equals(t, id, o.ID)
return &o, nil
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.OrderLink)
assert.True(t, abs)
assert.Equals(t, in, []string{o.ID})
return url
},
},
linker: NewLinker("dns", "acme"),
ctx: ctx,
statusCode: 200,
}
@ -250,7 +239,7 @@ func TestHandlerGetOrder(t *testing.T) {
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := New(tc.auth).(*Handler)
h := &Handler{linker: tc.linker, db: tc.db}
req := httptest.NewRequest("GET", url, nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -263,15 +252,14 @@ func TestHandlerGetOrder(t *testing.T) {
res.Body.Close()
assert.FatalError(t, err)
if res.StatusCode >= 400 && assert.NotNil(t, tc.problem) {
var ae acme.AError
if res.StatusCode >= 400 && assert.NotNil(t, tc.err) {
var ae acme.Error
assert.FatalError(t, json.Unmarshal(bytes.TrimSpace(body), &ae))
prob := tc.problem.ToACME()
assert.Equals(t, ae.Type, prob.Type)
assert.Equals(t, ae.Detail, prob.Detail)
assert.Equals(t, ae.Identifier, prob.Identifier)
assert.Equals(t, ae.Subproblems, prob.Subproblems)
assert.Equals(t, ae.Type, tc.err.Type)
assert.Equals(t, ae.Detail, tc.err.Detail)
assert.Equals(t, ae.Identifier, tc.err.Identifier)
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
assert.Equals(t, res.Header["Content-Type"], []string{"application/problem+json"})
} else {
expB, err := json.Marshal(o)
@ -290,15 +278,15 @@ func TestHandlerNewOrder(t *testing.T) {
naf := nbf.Add(17 * time.Hour)
o := acme.Order{
ID: "orderID",
Expires: expiry.Format(time.RFC3339),
NotBefore: nbf.Format(time.RFC3339),
NotAfter: naf.Format(time.RFC3339),
Expires: expiry,
NotBefore: nbf,
NotAfter: naf,
Identifiers: []acme.Identifier{
{Type: "dns", Value: "example.com"},
{Type: "dns", Value: "bar.com"},
},
Status: "pending",
Authorizations: []string{"foo", "bar"},
AuthorizationURLs: []string{"foo", "bar"},
}
prov := newProv()
@ -308,58 +296,59 @@ func TestHandlerNewOrder(t *testing.T) {
baseURL.String(), provName)
type test struct {
auth acme.Interface
db acme.DB
linker Linker
ctx context.Context
statusCode int
problem *acme.Error
err *acme.Error
}
var tests = map[string]func(t *testing.T) test{
"fail/no-account": func(t *testing.T) test {
return test{
ctx: context.WithValue(context.Background(), acme.ProvisionerContextKey, prov),
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
statusCode: 400,
problem: acme.AccountDoesNotExistErr(nil),
err: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
}
},
"fail/nil-account": func(t *testing.T) test {
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, nil)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, nil)
return test{
ctx: ctx,
statusCode: 400,
problem: acme.AccountDoesNotExistErr(nil),
err: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
}
},
"fail/no-payload": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
return test{
ctx: ctx,
statusCode: 500,
problem: acme.ServerInternalErr(errors.New("payload expected in request context")),
err: acme.NewErrorISE("payload expected in request context"),
}
},
"fail/nil-payload": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, nil)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, nil)
return test{
ctx: ctx,
statusCode: 500,
problem: acme.ServerInternalErr(errors.New("payload expected in request context")),
err: acme.NewErrorISE("payload expected in request context"),
}
},
"fail/unmarshal-payload-error": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{})
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{})
return test{
ctx: ctx,
statusCode: 400,
problem: acme.MalformedErr(errors.New("failed to unmarshal new-order request payload: unexpected end of JSON input")),
err: acme.NewError(acme.ErrorMalformedType, "failed to unmarshal new-order request payload: unexpected end of JSON input"),
}
},
"fail/malformed-payload-error": func(t *testing.T) test {
@ -367,13 +356,13 @@ func TestHandlerNewOrder(t *testing.T) {
nor := &NewOrderRequest{}
b, err := json.Marshal(nor)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{value: b})
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
return test{
ctx: ctx,
statusCode: 400,
problem: acme.MalformedErr(errors.New("identifiers list cannot be empty")),
err: acme.NewError(acme.ErrorMalformedType, "identifiers list cannot be empty"),
}
},
"fail/NewOrder-error": func(t *testing.T) test {
@ -386,23 +375,18 @@ func TestHandlerNewOrder(t *testing.T) {
}
b, err := json.Marshal(nor)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{value: b})
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
return test{
auth: &mockAcmeAuthority{
newOrder: func(ctx context.Context, ops acme.OrderOptions) (*acme.Order, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, ops.AccountID, acc.ID)
assert.Equals(t, ops.Identifiers, nor.Identifiers)
return nil, acme.MalformedErr(errors.New("force"))
db: &acme.MockDB{
MockCreateOrder: func(ctx context.Context, o *acme.Order) error {
return acme.NewError(acme.ErrorMalformedType, "force")
},
},
ctx: ctx,
statusCode: 400,
problem: acme.MalformedErr(errors.New("force")),
err: acme.NewError(acme.ErrorMalformedType, "force"),
}
},
"ok": func(t *testing.T) test {
@ -417,29 +401,17 @@ func TestHandlerNewOrder(t *testing.T) {
}
b, err := json.Marshal(nor)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, acme.BaseURLContextKey, baseURL)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
auth: &mockAcmeAuthority{
newOrder: func(ctx context.Context, ops acme.OrderOptions) (*acme.Order, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, ops.AccountID, acc.ID)
assert.Equals(t, ops.Identifiers, nor.Identifiers)
assert.Equals(t, ops.NotBefore, nbf)
assert.Equals(t, ops.NotAfter, naf)
return &o, nil
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.OrderLink)
assert.True(t, abs)
assert.Equals(t, in, []string{o.ID})
return fmt.Sprintf("%s/acme/%s/order/%s", baseURL.String(), provName, o.ID)
db: &acme.MockDB{
MockCreateOrder: func(ctx context.Context, o *acme.Order) error {
return nil
},
},
linker: NewLinker("dns", "acme"),
ctx: ctx,
statusCode: 201,
}
@ -454,30 +426,17 @@ func TestHandlerNewOrder(t *testing.T) {
}
b, err := json.Marshal(nor)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, acme.BaseURLContextKey, baseURL)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
auth: &mockAcmeAuthority{
newOrder: func(ctx context.Context, ops acme.OrderOptions) (*acme.Order, error) {
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, ops.AccountID, acc.ID)
assert.Equals(t, ops.Identifiers, nor.Identifiers)
assert.True(t, ops.NotBefore.IsZero())
assert.True(t, ops.NotAfter.IsZero())
return &o, nil
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.OrderLink)
assert.True(t, abs)
assert.Equals(t, in, []string{o.ID})
return fmt.Sprintf("%s/acme/%s/order/%s", baseURL.String(), provName, o.ID)
db: &acme.MockDB{
MockCreateOrder: func(ctx context.Context, o *acme.Order) error {
return nil
},
},
linker: NewLinker("dns", "acme"),
ctx: ctx,
statusCode: 201,
}
@ -486,7 +445,7 @@ func TestHandlerNewOrder(t *testing.T) {
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := New(tc.auth).(*Handler)
h := &Handler{linker: tc.linker, db: tc.db}
req := httptest.NewRequest("GET", url, nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -499,15 +458,14 @@ func TestHandlerNewOrder(t *testing.T) {
res.Body.Close()
assert.FatalError(t, err)
if res.StatusCode >= 400 && assert.NotNil(t, tc.problem) {
var ae acme.AError
if res.StatusCode >= 400 && assert.NotNil(t, tc.err) {
var ae acme.Error
assert.FatalError(t, json.Unmarshal(bytes.TrimSpace(body), &ae))
prob := tc.problem.ToACME()
assert.Equals(t, ae.Type, prob.Type)
assert.Equals(t, ae.Detail, prob.Detail)
assert.Equals(t, ae.Identifier, prob.Identifier)
assert.Equals(t, ae.Subproblems, prob.Subproblems)
assert.Equals(t, ae.Type, tc.err.Type)
assert.Equals(t, ae.Detail, tc.err.Detail)
assert.Equals(t, ae.Identifier, tc.err.Identifier)
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
assert.Equals(t, res.Header["Content-Type"], []string{"application/problem+json"})
} else {
expB, err := json.Marshal(o)
@ -522,22 +480,22 @@ func TestHandlerNewOrder(t *testing.T) {
}
}
func TestHandlerFinalizeOrder(t *testing.T) {
func TestHandler_FinalizeOrder(t *testing.T) {
expiry := time.Now().UTC().Add(6 * time.Hour)
nbf := time.Now().UTC().Add(5 * time.Hour)
naf := nbf.Add(17 * time.Hour)
o := acme.Order{
ID: "orderID",
Expires: expiry.Format(time.RFC3339),
NotBefore: nbf.Format(time.RFC3339),
NotAfter: naf.Format(time.RFC3339),
Expires: expiry,
NotBefore: nbf,
NotAfter: naf,
Identifiers: []acme.Identifier{
{Type: "dns", Value: "example.com"},
{Type: "dns", Value: "bar.com"},
},
Status: "valid",
Authorizations: []string{"foo", "bar"},
Certificate: "https://ca.smallstep.com/acme/certificate/certID",
AuthorizationURLs: []string{"foo", "bar"},
CertificateURL: "https://ca.smallstep.com/acme/certificate/certID",
}
_csr, err := pemutil.Read("../../authority/testdata/certs/foo.csr")
assert.FatalError(t, err)
@ -554,60 +512,61 @@ func TestHandlerFinalizeOrder(t *testing.T) {
baseURL.String(), provName, o.ID)
type test struct {
auth acme.Interface
db acme.DB
linker Linker
ctx context.Context
statusCode int
problem *acme.Error
err *acme.Error
}
var tests = map[string]func(t *testing.T) test{
"fail/no-account": func(t *testing.T) test {
return test{
auth: &mockAcmeAuthority{},
ctx: context.WithValue(context.Background(), acme.ProvisionerContextKey, prov),
db: &acme.MockDB{},
ctx: context.WithValue(context.Background(), provisionerContextKey, prov),
statusCode: 400,
problem: acme.AccountDoesNotExistErr(nil),
err: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
}
},
"fail/nil-account": func(t *testing.T) test {
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, nil)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, nil)
return test{
auth: &mockAcmeAuthority{},
db: &acme.MockDB{},
ctx: ctx,
statusCode: 400,
problem: acme.AccountDoesNotExistErr(nil),
err: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
}
},
"fail/no-payload": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
return test{
ctx: ctx,
statusCode: 500,
problem: acme.ServerInternalErr(errors.New("payload expected in request context")),
err: acme.NewErrorISE("payload expected in request context"),
}
},
"fail/nil-payload": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, nil)
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, nil)
return test{
ctx: ctx,
statusCode: 500,
problem: acme.ServerInternalErr(errors.New("payload expected in request context")),
err: acme.NewErrorISE("payload expected in request context"),
}
},
"fail/unmarshal-payload-error": func(t *testing.T) test {
acc := &acme.Account{ID: "accID"}
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{})
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{})
return test{
ctx: ctx,
statusCode: 400,
problem: acme.MalformedErr(errors.New("failed to unmarshal finalize-order request payload: unexpected end of JSON input")),
err: acme.NewError(acme.ErrorMalformedType, "failed to unmarshal finalize-order request payload: unexpected end of JSON input"),
}
},
"fail/malformed-payload-error": func(t *testing.T) test {
@ -615,13 +574,13 @@ func TestHandlerFinalizeOrder(t *testing.T) {
fr := &FinalizeRequest{}
b, err := json.Marshal(fr)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{value: b})
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
return test{
ctx: ctx,
statusCode: 400,
problem: acme.MalformedErr(errors.New("unable to parse csr: asn1: syntax error: sequence truncated")),
err: acme.NewError(acme.ErrorMalformedType, "unable to parse csr: asn1: syntax error: sequence truncated"),
}
},
"fail/FinalizeOrder-error": func(t *testing.T) test {
@ -631,25 +590,27 @@ func TestHandlerFinalizeOrder(t *testing.T) {
}
b, err := json.Marshal(nor)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{value: b})
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, chi.RouteCtxKey, chiCtx)
return test{
auth: &mockAcmeAuthority{
finalizeOrder: func(ctx context.Context, accID, id string, incsr *x509.CertificateRequest) (*acme.Order, error) {
db: &acme.MockDB{
MockUpdateOrder: func(ctx context.Context, o *acme.Order) error {
/*
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
assert.Equals(t, accID, acc.ID)
assert.Equals(t, id, o.ID)
assert.Equals(t, incsr.Raw, csr.Raw)
return nil, acme.MalformedErr(errors.New("force"))
*/
return acme.NewError(acme.ErrorMalformedType, "force")
},
},
ctx: ctx,
statusCode: 400,
problem: acme.MalformedErr(errors.New("force")),
err: acme.NewError(acme.ErrorMalformedType, "force"),
}
},
"ok": func(t *testing.T) test {
@ -659,14 +620,16 @@ func TestHandlerFinalizeOrder(t *testing.T) {
}
b, err := json.Marshal(nor)
assert.FatalError(t, err)
ctx := context.WithValue(context.Background(), acme.ProvisionerContextKey, prov)
ctx = context.WithValue(ctx, acme.AccContextKey, acc)
ctx = context.WithValue(ctx, acme.PayloadContextKey, &payloadInfo{value: b})
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
ctx = context.WithValue(ctx, accContextKey, acc)
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
ctx = context.WithValue(ctx, chi.RouteCtxKey, chiCtx)
ctx = context.WithValue(ctx, acme.BaseURLContextKey, baseURL)
ctx = context.WithValue(ctx, baseURLContextKey, baseURL)
return test{
auth: &mockAcmeAuthority{
finalizeOrder: func(ctx context.Context, accID, id string, incsr *x509.CertificateRequest) (*acme.Order, error) {
linker: NewLinker("dns", "acme"),
db: &acme.MockDB{
MockUpdateOrder: func(ctx context.Context, o *acme.Order) error {
/*
p, err := acme.ProvisionerFromContext(ctx)
assert.FatalError(t, err)
assert.Equals(t, p, prov)
@ -674,13 +637,8 @@ func TestHandlerFinalizeOrder(t *testing.T) {
assert.Equals(t, id, o.ID)
assert.Equals(t, incsr.Raw, csr.Raw)
return &o, nil
},
getLink: func(ctx context.Context, typ acme.Link, abs bool, in ...string) string {
assert.Equals(t, typ, acme.OrderLink)
assert.True(t, abs)
assert.Equals(t, in, []string{o.ID})
return fmt.Sprintf("%s/acme/%s/order/%s",
baseURL.String(), provName, o.ID)
*/
return nil
},
},
ctx: ctx,
@ -691,7 +649,7 @@ func TestHandlerFinalizeOrder(t *testing.T) {
for name, run := range tests {
tc := run(t)
t.Run(name, func(t *testing.T) {
h := New(tc.auth).(*Handler)
h := &Handler{linker: tc.linker, db: tc.db}
req := httptest.NewRequest("GET", url, nil)
req = req.WithContext(tc.ctx)
w := httptest.NewRecorder()
@ -704,15 +662,14 @@ func TestHandlerFinalizeOrder(t *testing.T) {
res.Body.Close()
assert.FatalError(t, err)
if res.StatusCode >= 400 && assert.NotNil(t, tc.problem) {
var ae acme.AError
if res.StatusCode >= 400 && assert.NotNil(t, tc.err) {
var ae acme.Error
assert.FatalError(t, json.Unmarshal(bytes.TrimSpace(body), &ae))
prob := tc.problem.ToACME()
assert.Equals(t, ae.Type, prob.Type)
assert.Equals(t, ae.Detail, prob.Detail)
assert.Equals(t, ae.Identifier, prob.Identifier)
assert.Equals(t, ae.Subproblems, prob.Subproblems)
assert.Equals(t, ae.Type, tc.err.Type)
assert.Equals(t, ae.Detail, tc.err.Detail)
assert.Equals(t, ae.Identifier, tc.err.Identifier)
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
assert.Equals(t, res.Header["Content-Type"], []string{"application/problem+json"})
} else {
expB, err := json.Marshal(o)

22
acme/authority_test.go
View file

@ -1,25 +1,6 @@
package acme
import (
"context"
"crypto"
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"
"time"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/jose"
)
/*
func TestAuthorityGetLink(t *testing.T) {
auth, err := NewAuthority(new(db.MockNoSQLDB), "ca.smallstep.com", "acme", nil)
assert.FatalError(t, err)
@ -1737,3 +1718,4 @@ func TestAuthorityDeactivateAccount(t *testing.T) {
})
}
}
*/

18
acme/authz_test.go
View file

@ -1,20 +1,7 @@
package acme
import (
"context"
"encoding/json"
"strings"
"testing"
"time"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
)
func newAz() (authz, error) {
/*
func newAz() (*Authorization, error) {
mockdb := &db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return []byte("foo"), true, nil
@ -834,3 +821,4 @@ func TestAuthzUpdateStatus(t *testing.T) {
})
}
}
*/

19
acme/certificate_test.go
View file

@ -1,20 +1,6 @@
package acme
import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"testing"
"time"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/pemutil"
)
/*
func defaultCertOps() (*CertOptions, error) {
crt, err := pemutil.ReadCertificate("../authority/testdata/certs/foo.crt")
if err != nil {
@ -36,7 +22,7 @@ func defaultCertOps() (*CertOptions, error) {
}, nil
}
func newcert() (*certificate, error) {
func newcert() (*Certificate, error) {
ops, err := defaultCertOps()
if err != nil {
return nil, err
@ -251,3 +237,4 @@ func TestCertificateToACME(t *testing.T) {
assert.FatalError(t, err)
assert.Equals(t, append(cert.Leaf, cert.Intermediates...), acmeCert)
}
*/

43
acme/challenge_test.go
View file

@ -1,38 +1,6 @@
package acme
import (
"bytes"
"context"
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"encoding/base64"
"encoding/hex"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"math/big"
"net"
"net/http"
"net/http/httptest"
"net/url"
"testing"
"time"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/jose"
)
/*
var testOps = ChallengeOptions{
AccountID: "accID",
AuthzID: "authzID",
@ -42,7 +10,7 @@ var testOps = ChallengeOptions{
},
}
func newDNSCh() (challenge, error) {
func newDNSCh() (Challenge, error) {
mockdb := &db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return []byte("foo"), true, nil
@ -51,7 +19,7 @@ func newDNSCh() (challenge, error) {
return newDNS01Challenge(mockdb, testOps)
}
func newTLSALPNCh() (challenge, error) {
func newTLSALPNCh() (Challenge, error) {
mockdb := &db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return []byte("foo"), true, nil
@ -60,7 +28,7 @@ func newTLSALPNCh() (challenge, error) {
return newTLSALPN01Challenge(mockdb, testOps)
}
func newHTTPCh() (challenge, error) {
func newHTTPCh() (Challenge, error) {
mockdb := &db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return []byte("foo"), true, nil
@ -69,7 +37,7 @@ func newHTTPCh() (challenge, error) {
return newHTTP01Challenge(mockdb, testOps)
}
func newHTTPChWithServer(host string) (challenge, error) {
func newHTTPChWithServer(host string) (Challenge, error) {
mockdb := &db.MockNoSQLDB{
MCmpAndSwap: func(bucket, key, old, newval []byte) ([]byte, bool, error) {
return []byte("foo"), true, nil
@ -1992,3 +1960,4 @@ func TestDNS01Validate(t *testing.T) {
})
}
}
*/

13
acme/nonce_test.go
View file

@ -1,16 +1,6 @@
package acme
import (
"testing"
"time"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
)
/*
func TestNewNonce(t *testing.T) {
type test struct {
db nosql.DB
@ -161,3 +151,4 @@ func TestUseNonce(t *testing.T) {
})
}
}
*/

21
acme/order_test.go
View file

@ -1,24 +1,6 @@
package acme
import (
"context"
"crypto/x509"
"crypto/x509/pkix"
"encoding/json"
"fmt"
"net"
"net/url"
"testing"
"time"
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
)
/*
var certDuration = 6 * time.Hour
func defaultOrderOps() OrderOptions {
@ -1735,3 +1717,4 @@ func Test_getOrderIDsByAccount(t *testing.T) {
})
}
}
*/

84
ca/acmeClient_test.go
View file

@ -31,7 +31,7 @@ func TestNewACMEClient(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
NewAccount: srv.URL + "/bar",
NewOrder: srv.URL + "/baz",
@ -58,7 +58,7 @@ func TestNewACMEClient(t *testing.T) {
"fail/get-directory": func(t *testing.T) test {
return test{
ops: []ClientOption{WithTransport(http.DefaultTransport)},
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -76,7 +76,7 @@ func TestNewACMEClient(t *testing.T) {
ops: []ClientOption{WithTransport(http.DefaultTransport)},
r1: dir,
rc1: 200,
r2: acme.AccountDoesNotExistErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorAccountDoesNotExistType, "account does not exist"),
rc2: 400,
err: errors.New("Account does not exist"),
}
@ -142,7 +142,7 @@ func TestNewACMEClient(t *testing.T) {
func TestACMEClient_GetDirectory(t *testing.T) {
c := &ACMEClient{
dir: &acme.Directory{
dir: &acmeAPI.Directory{
NewNonce: "/foo",
NewAccount: "/bar",
NewOrder: "/baz",
@ -166,7 +166,7 @@ func TestACMEClient_GetNonce(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -185,7 +185,7 @@ func TestACMEClient_GetNonce(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/GET-nonce": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -237,7 +237,7 @@ func TestACMEClient_post(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -266,7 +266,7 @@ func TestACMEClient_post(t *testing.T) {
"fail/account-not-configured": func(t *testing.T) test {
return test{
client: &ACMEClient{},
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("acme client not configured with account"),
}
@ -274,7 +274,7 @@ func TestACMEClient_post(t *testing.T) {
"fail/GET-nonce": func(t *testing.T) test {
return test{
client: ac,
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -365,7 +365,7 @@ func TestACMEClient_NewOrder(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
NewOrder: srv.URL + "/bar",
}
@ -388,8 +388,8 @@ func TestACMEClient_NewOrder(t *testing.T) {
assert.FatalError(t, err)
ord := acme.Order{
Status: "valid",
Expires: "soon",
Finalize: "finalize-url",
Expires: time.Now(), // "soon"
FinalizeURL: "finalize-url",
}
ac := &ACMEClient{
client: &http.Client{
@ -404,7 +404,7 @@ func TestACMEClient_NewOrder(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/client-post": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -413,7 +413,7 @@ func TestACMEClient_NewOrder(t *testing.T) {
return test{
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
ops: []withHeaderOption{withKid(ac)},
err: errors.New("The request message was malformed"),
@ -498,7 +498,7 @@ func TestACMEClient_GetOrder(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -510,8 +510,8 @@ func TestACMEClient_GetOrder(t *testing.T) {
assert.FatalError(t, err)
ord := acme.Order{
Status: "valid",
Expires: "soon",
Finalize: "finalize-url",
Expires: time.Now(), // "soon"
FinalizeURL: "finalize-url",
}
ac := &ACMEClient{
client: &http.Client{
@ -526,7 +526,7 @@ func TestACMEClient_GetOrder(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/client-post": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -535,7 +535,7 @@ func TestACMEClient_GetOrder(t *testing.T) {
return test{
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
err: errors.New("The request message was malformed"),
}
@ -618,7 +618,7 @@ func TestACMEClient_GetAuthz(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -628,9 +628,9 @@ func TestACMEClient_GetAuthz(t *testing.T) {
assert.FatalError(t, err)
jwk, err := jose.GenerateJWK("EC", "P-256", "ES256", "sig", "", 0)
assert.FatalError(t, err)
az := acme.Authz{
az := acme.Authorization{
Status: "valid",
Expires: "soon",
Expires: time.Now(),
Identifier: acme.Identifier{Type: "dns", Value: "example.com"},
}
ac := &ACMEClient{
@ -646,7 +646,7 @@ func TestACMEClient_GetAuthz(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/client-post": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -655,7 +655,7 @@ func TestACMEClient_GetAuthz(t *testing.T) {
return test{
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
err: errors.New("The request message was malformed"),
}
@ -738,7 +738,7 @@ func TestACMEClient_GetChallenge(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -766,7 +766,7 @@ func TestACMEClient_GetChallenge(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/client-post": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -775,7 +775,7 @@ func TestACMEClient_GetChallenge(t *testing.T) {
return test{
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
err: errors.New("The request message was malformed"),
}
@ -859,7 +859,7 @@ func TestACMEClient_ValidateChallenge(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -887,7 +887,7 @@ func TestACMEClient_ValidateChallenge(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/client-post": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -896,7 +896,7 @@ func TestACMEClient_ValidateChallenge(t *testing.T) {
return test{
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
err: errors.New("The request message was malformed"),
}
@ -976,7 +976,7 @@ func TestACMEClient_FinalizeOrder(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -988,9 +988,9 @@ func TestACMEClient_FinalizeOrder(t *testing.T) {
assert.FatalError(t, err)
ord := acme.Order{
Status: "valid",
Expires: "soon",
Finalize: "finalize-url",
Certificate: "cert-url",
Expires: time.Now(), // "soon"
FinalizeURL: "finalize-url",
CertificateURL: "cert-url",
}
_csr, err := pemutil.Read("../authority/testdata/certs/foo.csr")
assert.FatalError(t, err)
@ -1012,7 +1012,7 @@ func TestACMEClient_FinalizeOrder(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/client-post": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -1021,7 +1021,7 @@ func TestACMEClient_FinalizeOrder(t *testing.T) {
return test{
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
err: errors.New("The request message was malformed"),
}
@ -1101,7 +1101,7 @@ func TestACMEClient_GetAccountOrders(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -1137,7 +1137,7 @@ func TestACMEClient_GetAccountOrders(t *testing.T) {
"fail/client-post": func(t *testing.T) test {
return test{
client: ac,
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -1147,7 +1147,7 @@ func TestACMEClient_GetAccountOrders(t *testing.T) {
client: ac,
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
err: errors.New("The request message was malformed"),
}
@ -1232,7 +1232,7 @@ func TestACMEClient_GetCertificate(t *testing.T) {
srv := httptest.NewServer(nil)
defer srv.Close()
dir := acme.Directory{
dir := acmeAPI.Directory{
NewNonce: srv.URL + "/foo",
}
// Retrieve transport from options.
@ -1268,7 +1268,7 @@ func TestACMEClient_GetCertificate(t *testing.T) {
tests := map[string]func(t *testing.T) test{
"fail/client-post": func(t *testing.T) test {
return test{
r1: acme.MalformedErr(nil).ToACME(),
r1: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc1: 400,
err: errors.New("The request message was malformed"),
}
@ -1277,7 +1277,7 @@ func TestACMEClient_GetCertificate(t *testing.T) {
return test{
r1: []byte{},
rc1: 200,
r2: acme.MalformedErr(nil).ToACME(),
r2: acme.NewError(acme.ErrorMalformedType, "malformed request"),
rc2: 400,
err: errors.New("The request message was malformed"),
}