forked from TrueCloudLab/certificates
Add AuthorizeChallenge unit tests
This commit is contained in:
parent
bca311b05e
commit
df96b126dc
2 changed files with 125 additions and 4 deletions
|
@ -500,10 +500,12 @@ func TestHandler_GetOrder(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestHandler_newAuthorization(t *testing.T) {
|
func TestHandler_newAuthorization(t *testing.T) {
|
||||||
|
defaultProvisioner := newProv()
|
||||||
type test struct {
|
type test struct {
|
||||||
az *acme.Authorization
|
az *acme.Authorization
|
||||||
db acme.DB
|
prov acme.Provisioner
|
||||||
err *acme.Error
|
db acme.DB
|
||||||
|
err *acme.Error
|
||||||
}
|
}
|
||||||
var tests = map[string]func(t *testing.T) test{
|
var tests = map[string]func(t *testing.T) test{
|
||||||
"fail/error-db.CreateChallenge": func(t *testing.T) test {
|
"fail/error-db.CreateChallenge": func(t *testing.T) test {
|
||||||
|
@ -515,6 +517,7 @@ func TestHandler_newAuthorization(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
return test{
|
return test{
|
||||||
|
prov: defaultProvisioner,
|
||||||
db: &acme.MockDB{
|
db: &acme.MockDB{
|
||||||
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
||||||
assert.Equals(t, ch.AccountID, az.AccountID)
|
assert.Equals(t, ch.AccountID, az.AccountID)
|
||||||
|
@ -542,6 +545,7 @@ func TestHandler_newAuthorization(t *testing.T) {
|
||||||
count := 0
|
count := 0
|
||||||
var ch1, ch2, ch3 **acme.Challenge
|
var ch1, ch2, ch3 **acme.Challenge
|
||||||
return test{
|
return test{
|
||||||
|
prov: defaultProvisioner,
|
||||||
db: &acme.MockDB{
|
db: &acme.MockDB{
|
||||||
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
||||||
switch count {
|
switch count {
|
||||||
|
@ -596,6 +600,7 @@ func TestHandler_newAuthorization(t *testing.T) {
|
||||||
count := 0
|
count := 0
|
||||||
var ch1, ch2, ch3 **acme.Challenge
|
var ch1, ch2, ch3 **acme.Challenge
|
||||||
return test{
|
return test{
|
||||||
|
prov: defaultProvisioner,
|
||||||
db: &acme.MockDB{
|
db: &acme.MockDB{
|
||||||
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
||||||
switch count {
|
switch count {
|
||||||
|
@ -648,6 +653,7 @@ func TestHandler_newAuthorization(t *testing.T) {
|
||||||
}
|
}
|
||||||
var ch1 **acme.Challenge
|
var ch1 **acme.Challenge
|
||||||
return test{
|
return test{
|
||||||
|
prov: defaultProvisioner,
|
||||||
db: &acme.MockDB{
|
db: &acme.MockDB{
|
||||||
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
||||||
ch.ID = "dns"
|
ch.ID = "dns"
|
||||||
|
@ -676,12 +682,86 @@ func TestHandler_newAuthorization(t *testing.T) {
|
||||||
az: az,
|
az: az,
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"ok/permanent-identifier-disabled": func(t *testing.T) test {
|
||||||
|
az := &acme.Authorization{
|
||||||
|
AccountID: "accID",
|
||||||
|
Identifier: acme.Identifier{
|
||||||
|
Type: "permanent-identifier",
|
||||||
|
Value: "7b53aa19-26f7-4fac-824f-7a781de0dab0",
|
||||||
|
},
|
||||||
|
Status: acme.StatusPending,
|
||||||
|
ExpiresAt: clock.Now(),
|
||||||
|
}
|
||||||
|
return test{
|
||||||
|
prov: defaultProvisioner,
|
||||||
|
db: &acme.MockDB{
|
||||||
|
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
||||||
|
t.Errorf("createChallenge should not be called")
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error {
|
||||||
|
assert.Equals(t, _az.AccountID, az.AccountID)
|
||||||
|
assert.Equals(t, _az.Token, az.Token)
|
||||||
|
assert.Equals(t, _az.Status, acme.StatusPending)
|
||||||
|
assert.Equals(t, _az.Identifier, az.Identifier)
|
||||||
|
assert.Equals(t, _az.ExpiresAt, az.ExpiresAt)
|
||||||
|
assert.Equals(t, _az.Challenges, []*acme.Challenge{})
|
||||||
|
assert.Equals(t, _az.Wildcard, false)
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
},
|
||||||
|
az: az,
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ok/permanent-identifier-enabled": func(t *testing.T) test {
|
||||||
|
var ch1 *acme.Challenge
|
||||||
|
az := &acme.Authorization{
|
||||||
|
AccountID: "accID",
|
||||||
|
Identifier: acme.Identifier{
|
||||||
|
Type: "permanent-identifier",
|
||||||
|
Value: "7b53aa19-26f7-4fac-824f-7a781de0dab0",
|
||||||
|
},
|
||||||
|
Status: acme.StatusPending,
|
||||||
|
ExpiresAt: clock.Now(),
|
||||||
|
}
|
||||||
|
deviceAttestProv := newProv()
|
||||||
|
deviceAttestProv.(*provisioner.ACME).Challenges = []string{string(acme.DEVICEATTEST01)}
|
||||||
|
return test{
|
||||||
|
prov: deviceAttestProv,
|
||||||
|
db: &acme.MockDB{
|
||||||
|
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
|
||||||
|
ch.ID = "997bacc2-c175-4214-a3b4-a229ada5f671"
|
||||||
|
assert.Equals(t, ch.Type, acme.DEVICEATTEST01)
|
||||||
|
assert.Equals(t, ch.AccountID, az.AccountID)
|
||||||
|
assert.Equals(t, ch.Token, az.Token)
|
||||||
|
assert.Equals(t, ch.Status, acme.StatusPending)
|
||||||
|
assert.Equals(t, ch.Value, "7b53aa19-26f7-4fac-824f-7a781de0dab0")
|
||||||
|
ch1 = ch
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error {
|
||||||
|
assert.Equals(t, _az.AccountID, az.AccountID)
|
||||||
|
assert.Equals(t, _az.Token, az.Token)
|
||||||
|
assert.Equals(t, _az.Status, acme.StatusPending)
|
||||||
|
assert.Equals(t, _az.Identifier, az.Identifier)
|
||||||
|
assert.Equals(t, _az.ExpiresAt, az.ExpiresAt)
|
||||||
|
assert.Equals(t, _az.Challenges, []*acme.Challenge{ch1})
|
||||||
|
assert.Equals(t, _az.Wildcard, false)
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
},
|
||||||
|
az: az,
|
||||||
|
}
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for name, run := range tests {
|
for name, run := range tests {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
|
if name == "ok/permanent-identifier-enabled" {
|
||||||
|
println(1)
|
||||||
|
}
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
ctx := newBaseContext(context.Background(), tc.db)
|
ctx := newBaseContext(context.Background(), tc.db)
|
||||||
ctx = acme.NewProvisionerContext(ctx, newProv())
|
ctx = acme.NewProvisionerContext(ctx, tc.prov)
|
||||||
if err := newAuthorization(ctx, tc.az); err != nil {
|
if err := newAuthorization(ctx, tc.az); err != nil {
|
||||||
if assert.NotNil(t, tc.err) {
|
if assert.NotNil(t, tc.err) {
|
||||||
switch k := err.(type) {
|
switch k := err.(type) {
|
||||||
|
|
|
@ -204,3 +204,44 @@ func TestACME_AuthorizeSign(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestACME_AuthorizeChallenge(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
type fields struct {
|
||||||
|
Challenges []string
|
||||||
|
}
|
||||||
|
type args struct {
|
||||||
|
ctx context.Context
|
||||||
|
challenge string
|
||||||
|
}
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
fields fields
|
||||||
|
args args
|
||||||
|
wantErr bool
|
||||||
|
}{
|
||||||
|
{"ok http-01", fields{nil}, args{ctx, "http-01"}, false},
|
||||||
|
{"ok dns-01", fields{nil}, args{ctx, "dns-01"}, false},
|
||||||
|
{"ok tls-alpn-01", fields{[]string{}}, args{ctx, "tls-alpn-01"}, false},
|
||||||
|
{"fail device-attest-01", fields{[]string{}}, args{ctx, "device-attest-01"}, true},
|
||||||
|
{"ok http-01 enabled", fields{[]string{"http-01"}}, args{ctx, "http-01"}, false},
|
||||||
|
{"ok dns-01 enabled", fields{[]string{"http-01", "dns-01"}}, args{ctx, "dns-01"}, false},
|
||||||
|
{"ok tls-alpn-01 enabled", fields{[]string{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, "tls-alpn-01"}, false},
|
||||||
|
{"ok device-attest-01 enabled", fields{[]string{"device-attest-01", "dns-01"}}, args{ctx, "device-attest-01"}, false},
|
||||||
|
{"fail http-01", fields{[]string{"dns-01"}}, args{ctx, "http-01"}, true},
|
||||||
|
{"fail dns-01", fields{[]string{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, true},
|
||||||
|
{"fail tls-alpn-01", fields{[]string{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, true},
|
||||||
|
{"fail device-attest-01", fields{[]string{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, true},
|
||||||
|
{"fail unknown", fields{[]string{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, true},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
p := &ACME{
|
||||||
|
Challenges: tt.fields.Challenges,
|
||||||
|
}
|
||||||
|
if err := p.AuthorizeChallenge(tt.args.ctx, tt.args.challenge); (err != nil) != tt.wantErr {
|
||||||
|
t.Errorf("ACME.AuthorizeChallenge() error = %v, wantErr %v", err, tt.wantErr)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue