Add AuthorizeChallenge unit tests

This commit is contained in:
Mariano Cano 2022-08-24 12:31:09 -07:00
parent bca311b05e
commit df96b126dc
2 changed files with 125 additions and 4 deletions

View file

@ -500,10 +500,12 @@ func TestHandler_GetOrder(t *testing.T) {
} }
func TestHandler_newAuthorization(t *testing.T) { func TestHandler_newAuthorization(t *testing.T) {
defaultProvisioner := newProv()
type test struct { type test struct {
az *acme.Authorization az *acme.Authorization
db acme.DB prov acme.Provisioner
err *acme.Error db acme.DB
err *acme.Error
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/error-db.CreateChallenge": func(t *testing.T) test { "fail/error-db.CreateChallenge": func(t *testing.T) test {
@ -515,6 +517,7 @@ func TestHandler_newAuthorization(t *testing.T) {
}, },
} }
return test{ return test{
prov: defaultProvisioner,
db: &acme.MockDB{ db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
assert.Equals(t, ch.AccountID, az.AccountID) assert.Equals(t, ch.AccountID, az.AccountID)
@ -542,6 +545,7 @@ func TestHandler_newAuthorization(t *testing.T) {
count := 0 count := 0
var ch1, ch2, ch3 **acme.Challenge var ch1, ch2, ch3 **acme.Challenge
return test{ return test{
prov: defaultProvisioner,
db: &acme.MockDB{ db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
switch count { switch count {
@ -596,6 +600,7 @@ func TestHandler_newAuthorization(t *testing.T) {
count := 0 count := 0
var ch1, ch2, ch3 **acme.Challenge var ch1, ch2, ch3 **acme.Challenge
return test{ return test{
prov: defaultProvisioner,
db: &acme.MockDB{ db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
switch count { switch count {
@ -648,6 +653,7 @@ func TestHandler_newAuthorization(t *testing.T) {
} }
var ch1 **acme.Challenge var ch1 **acme.Challenge
return test{ return test{
prov: defaultProvisioner,
db: &acme.MockDB{ db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error { MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
ch.ID = "dns" ch.ID = "dns"
@ -676,12 +682,86 @@ func TestHandler_newAuthorization(t *testing.T) {
az: az, az: az,
} }
}, },
"ok/permanent-identifier-disabled": func(t *testing.T) test {
az := &acme.Authorization{
AccountID: "accID",
Identifier: acme.Identifier{
Type: "permanent-identifier",
Value: "7b53aa19-26f7-4fac-824f-7a781de0dab0",
},
Status: acme.StatusPending,
ExpiresAt: clock.Now(),
}
return test{
prov: defaultProvisioner,
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
t.Errorf("createChallenge should not be called")
return nil
},
MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error {
assert.Equals(t, _az.AccountID, az.AccountID)
assert.Equals(t, _az.Token, az.Token)
assert.Equals(t, _az.Status, acme.StatusPending)
assert.Equals(t, _az.Identifier, az.Identifier)
assert.Equals(t, _az.ExpiresAt, az.ExpiresAt)
assert.Equals(t, _az.Challenges, []*acme.Challenge{})
assert.Equals(t, _az.Wildcard, false)
return nil
},
},
az: az,
}
},
"ok/permanent-identifier-enabled": func(t *testing.T) test {
var ch1 *acme.Challenge
az := &acme.Authorization{
AccountID: "accID",
Identifier: acme.Identifier{
Type: "permanent-identifier",
Value: "7b53aa19-26f7-4fac-824f-7a781de0dab0",
},
Status: acme.StatusPending,
ExpiresAt: clock.Now(),
}
deviceAttestProv := newProv()
deviceAttestProv.(*provisioner.ACME).Challenges = []string{string(acme.DEVICEATTEST01)}
return test{
prov: deviceAttestProv,
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
ch.ID = "997bacc2-c175-4214-a3b4-a229ada5f671"
assert.Equals(t, ch.Type, acme.DEVICEATTEST01)
assert.Equals(t, ch.AccountID, az.AccountID)
assert.Equals(t, ch.Token, az.Token)
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, "7b53aa19-26f7-4fac-824f-7a781de0dab0")
ch1 = ch
return nil
},
MockCreateAuthorization: func(ctx context.Context, _az *acme.Authorization) error {
assert.Equals(t, _az.AccountID, az.AccountID)
assert.Equals(t, _az.Token, az.Token)
assert.Equals(t, _az.Status, acme.StatusPending)
assert.Equals(t, _az.Identifier, az.Identifier)
assert.Equals(t, _az.ExpiresAt, az.ExpiresAt)
assert.Equals(t, _az.Challenges, []*acme.Challenge{ch1})
assert.Equals(t, _az.Wildcard, false)
return nil
},
},
az: az,
}
},
} }
for name, run := range tests { for name, run := range tests {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
if name == "ok/permanent-identifier-enabled" {
println(1)
}
tc := run(t) tc := run(t)
ctx := newBaseContext(context.Background(), tc.db) ctx := newBaseContext(context.Background(), tc.db)
ctx = acme.NewProvisionerContext(ctx, newProv()) ctx = acme.NewProvisionerContext(ctx, tc.prov)
if err := newAuthorization(ctx, tc.az); err != nil { if err := newAuthorization(ctx, tc.az); err != nil {
if assert.NotNil(t, tc.err) { if assert.NotNil(t, tc.err) {
switch k := err.(type) { switch k := err.(type) {

View file

@ -204,3 +204,44 @@ func TestACME_AuthorizeSign(t *testing.T) {
}) })
} }
} }
func TestACME_AuthorizeChallenge(t *testing.T) {
ctx := context.Background()
type fields struct {
Challenges []string
}
type args struct {
ctx context.Context
challenge string
}
tests := []struct {
name string
fields fields
args args
wantErr bool
}{
{"ok http-01", fields{nil}, args{ctx, "http-01"}, false},
{"ok dns-01", fields{nil}, args{ctx, "dns-01"}, false},
{"ok tls-alpn-01", fields{[]string{}}, args{ctx, "tls-alpn-01"}, false},
{"fail device-attest-01", fields{[]string{}}, args{ctx, "device-attest-01"}, true},
{"ok http-01 enabled", fields{[]string{"http-01"}}, args{ctx, "http-01"}, false},
{"ok dns-01 enabled", fields{[]string{"http-01", "dns-01"}}, args{ctx, "dns-01"}, false},
{"ok tls-alpn-01 enabled", fields{[]string{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, "tls-alpn-01"}, false},
{"ok device-attest-01 enabled", fields{[]string{"device-attest-01", "dns-01"}}, args{ctx, "device-attest-01"}, false},
{"fail http-01", fields{[]string{"dns-01"}}, args{ctx, "http-01"}, true},
{"fail dns-01", fields{[]string{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, true},
{"fail tls-alpn-01", fields{[]string{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, true},
{"fail device-attest-01", fields{[]string{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, true},
{"fail unknown", fields{[]string{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
p := &ACME{
Challenges: tt.fields.Challenges,
}
if err := p.AuthorizeChallenge(tt.args.ctx, tt.args.challenge); (err != nil) != tt.wantErr {
t.Errorf("ACME.AuthorizeChallenge() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}