Change identifier and challenge types to consts

This commit is contained in:
Herman Slatman 2021-06-18 12:39:36 +02:00
parent 84ea8bd67a
commit 523ae96749
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
5 changed files with 78 additions and 70 deletions

View file

@ -574,13 +574,13 @@ func TestHandler_GetChallenge(t *testing.T) {
assert.Equals(t, azID, "authzID")
return &acme.Challenge{
Status: acme.StatusPending,
Type: "http-01",
Type: acme.HTTP01,
AccountID: "accID",
}, nil
},
MockUpdateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
assert.Equals(t, ch.AccountID, "accID")
assert.Equals(t, ch.AuthorizationID, "authzID")
assert.HasSuffix(t, ch.Error.Type, acme.ErrorConnectionType.String())
@ -616,13 +616,13 @@ func TestHandler_GetChallenge(t *testing.T) {
return &acme.Challenge{
ID: "chID",
Status: acme.StatusPending,
Type: "http-01",
Type: acme.HTTP01,
AccountID: "accID",
}, nil
},
MockUpdateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
assert.Equals(t, ch.AccountID, "accID")
assert.Equals(t, ch.AuthorizationID, "authzID")
assert.HasSuffix(t, ch.Error.Type, acme.ErrorConnectionType.String())
@ -633,7 +633,7 @@ func TestHandler_GetChallenge(t *testing.T) {
ID: "chID",
Status: acme.StatusPending,
AuthorizationID: "authzID",
Type: "http-01",
Type: acme.HTTP01,
AccountID: "accID",
URL: url,
Error: acme.NewError(acme.ErrorConnectionType, "force"),

View file

@ -29,10 +29,10 @@ func (n *NewOrderRequest) Validate() error {
return acme.NewError(acme.ErrorMalformedType, "identifiers list cannot be empty")
}
for _, id := range n.Identifiers {
if !(id.Type == "dns" || id.Type == "ip") {
if !(id.Type == acme.DNS || id.Type == acme.IP) {
return acme.NewError(acme.ErrorMalformedType, "identifier type unsupported: %s", id.Type)
}
if id.Type == "ip" && net.ParseIP(id.Value) == nil {
if id.Type == acme.IP && net.ParseIP(id.Value) == nil {
return acme.NewError(acme.ErrorMalformedType, "invalid IP address: %s", id.Value)
}
}
@ -277,20 +277,20 @@ func (h *Handler) FinalizeOrder(w http.ResponseWriter, r *http.Request) {
// challengeTypes determines the types of challenges that should be used
// for the ACME authorization request.
func challengeTypes(az *acme.Authorization) []string {
var chTypes []string
func challengeTypes(az *acme.Authorization) []acme.ChallengeType {
var chTypes []acme.ChallengeType
switch az.Identifier.Type {
case "ip": // TODO: make these types consts/enum?
chTypes = []string{"http-01", "tls-alpn-01"}
case "dns":
chTypes = []string{"dns-01"}
case acme.IP:
chTypes = []acme.ChallengeType{acme.HTTP01, acme.TLSALPN01}
case acme.DNS:
chTypes = []acme.ChallengeType{acme.DNS01}
// HTTP and TLS challenges can only be used for identifiers without wildcards.
if !az.Wildcard {
chTypes = append(chTypes, []string{"http-01", "tls-alpn-01"}...)
chTypes = append(chTypes, []acme.ChallengeType{acme.HTTP01, acme.TLSALPN01}...)
}
default:
chTypes = []string{}
chTypes = []acme.ChallengeType{}
}
return chTypes

View file

@ -474,7 +474,7 @@ func TestHandler_newAuthorization(t *testing.T) {
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
assert.Equals(t, ch.AccountID, az.AccountID)
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
assert.Equals(t, ch.Token, az.Token)
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, az.Identifier.Value)
@ -503,15 +503,15 @@ func TestHandler_newAuthorization(t *testing.T) {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
@ -557,15 +557,15 @@ func TestHandler_newAuthorization(t *testing.T) {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
@ -607,7 +607,7 @@ func TestHandler_newAuthorization(t *testing.T) {
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
assert.Equals(t, ch.AccountID, az.AccountID)
assert.Equals(t, ch.Token, az.Token)
assert.Equals(t, ch.Status, acme.StatusPending)
@ -774,7 +774,7 @@ func TestHandler_NewOrder(t *testing.T) {
db: &acme.MockDB{
MockCreateChallenge: func(ctx context.Context, ch *acme.Challenge) error {
assert.Equals(t, ch.AccountID, "accID")
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
assert.NotEquals(t, ch.Token, "")
assert.Equals(t, ch.Status, acme.StatusPending)
assert.Equals(t, ch.Value, "zap.internal")
@ -809,15 +809,15 @@ func TestHandler_NewOrder(t *testing.T) {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
@ -881,22 +881,22 @@ func TestHandler_NewOrder(t *testing.T) {
switch chCount {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
assert.Equals(t, ch.Value, "zap.internal")
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
assert.Equals(t, ch.Value, "zap.internal")
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
assert.Equals(t, ch.Value, "zap.internal")
ch3 = &ch
case 3:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
assert.Equals(t, ch.Value, "zar.internal")
ch4 = &ch
default:
@ -921,7 +921,7 @@ func TestHandler_NewOrder(t *testing.T) {
az.ID = "az2ID"
az2ID = &az.ID
assert.Equals(t, az.Identifier, acme.Identifier{
Type: "dns",
Type: acme.DNS,
Value: "zar.internal",
})
assert.Equals(t, az.Wildcard, true)
@ -996,15 +996,15 @@ func TestHandler_NewOrder(t *testing.T) {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
@ -1088,15 +1088,15 @@ func TestHandler_NewOrder(t *testing.T) {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
@ -1179,15 +1179,15 @@ func TestHandler_NewOrder(t *testing.T) {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
@ -1271,15 +1271,15 @@ func TestHandler_NewOrder(t *testing.T) {
switch count {
case 0:
ch.ID = "dns"
assert.Equals(t, ch.Type, "dns-01")
assert.Equals(t, ch.Type, acme.DNS01)
ch1 = &ch
case 1:
ch.ID = "http"
assert.Equals(t, ch.Type, "http-01")
assert.Equals(t, ch.Type, acme.HTTP01)
ch2 = &ch
case 2:
ch.ID = "tls"
assert.Equals(t, ch.Type, "tls-alpn-01")
assert.Equals(t, ch.Type, acme.TLSALPN01)
ch3 = &ch
default:
assert.FatalError(t, errors.New("test logic error"))
@ -1668,7 +1668,7 @@ func TestHandler_challengeTypes(t *testing.T) {
tests := []struct {
name string
args args
want []string
want []acme.ChallengeType
}{
{
name: "ok/dns",
@ -1678,7 +1678,7 @@ func TestHandler_challengeTypes(t *testing.T) {
Wildcard: false,
},
},
want: []string{"dns-01", "http-01", "tls-alpn-01"},
want: []acme.ChallengeType{acme.DNS01, acme.HTTP01, acme.TLSALPN01}, //[]string{"dns-01", "http-01", "tls-alpn-01"},
},
{
name: "ok/wildcard",
@ -1688,7 +1688,7 @@ func TestHandler_challengeTypes(t *testing.T) {
Wildcard: true,
},
},
want: []string{"dns-01"},
want: []acme.ChallengeType{acme.DNS01},
},
{
name: "ok/ip",
@ -1698,7 +1698,7 @@ func TestHandler_challengeTypes(t *testing.T) {
Wildcard: false,
},
},
want: []string{"http-01", "tls-alpn-01"},
want: []acme.ChallengeType{acme.HTTP01, acme.TLSALPN01},
},
}
for _, tt := range tests {

View file

@ -21,18 +21,26 @@ import (
"go.step.sm/crypto/jose"
)
type ChallengeType string
const (
HTTP01 ChallengeType = "http-01"
DNS01 ChallengeType = "dns-01"
TLSALPN01 ChallengeType = "tls-alpn-01"
)
// Challenge represents an ACME response Challenge type.
type Challenge struct {
ID string `json:"-"`
AccountID string `json:"-"`
AuthorizationID string `json:"-"`
Value string `json:"-"`
Type string `json:"type"`
Status Status `json:"status"`
Token string `json:"token"`
ValidatedAt string `json:"validated,omitempty"`
URL string `json:"url"`
Error *Error `json:"error,omitempty"`
ID string `json:"-"`
AccountID string `json:"-"`
AuthorizationID string `json:"-"`
Value string `json:"-"`
Type ChallengeType `json:"type"`
Status Status `json:"status"`
Token string `json:"token"`
ValidatedAt string `json:"validated,omitempty"`
URL string `json:"url"`
Error *Error `json:"error,omitempty"`
}
// ToLog enables response logging.
@ -54,11 +62,11 @@ func (ch *Challenge) Validate(ctx context.Context, db DB, jwk *jose.JSONWebKey,
return nil
}
switch ch.Type {
case "http-01":
case HTTP01:
return http01Validate(ctx, ch, db, jwk, vo)
case "dns-01":
case DNS01:
return dns01Validate(ctx, ch, db, jwk, vo)
case "tls-alpn-01":
case TLSALPN01:
return tlsalpn01Validate(ctx, ch, db, jwk, vo)
default:
return NewErrorISE("unexpected challenge type '%s'", ch.Type)

View file

@ -11,15 +11,15 @@ import (
)
type dbChallenge struct {
ID string `json:"id"`
AccountID string `json:"accountID"`
Type string `json:"type"`
Status acme.Status `json:"status"`
Token string `json:"token"`
Value string `json:"value"`
ValidatedAt string `json:"validatedAt"`
CreatedAt time.Time `json:"createdAt"`
Error *acme.Error `json:"error"`
ID string `json:"id"`
AccountID string `json:"accountID"`
Type acme.ChallengeType `json:"type"`
Status acme.Status `json:"status"`
Token string `json:"token"`
Value string `json:"value"`
ValidatedAt string `json:"validatedAt"`
CreatedAt time.Time `json:"createdAt"`
Error *acme.Error `json:"error"`
}
func (dbc *dbChallenge) clone() *dbChallenge {