mirror of
https://github.com/outbackdingo/certificates.git
synced 2026-01-27 10:18:34 +00:00
Fix tests for new ACME orders with Wire IDs
This commit is contained in:
Herman Slatman
@@ -5,12 +5,13 @@ import (
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"go.step.sm/crypto/kms/uri"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"go.step.sm/crypto/kms/uri"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
|
||||
"go.step.sm/crypto/randutil"
|
||||
@@ -282,13 +283,11 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
|
||||
case acme.WireID:
|
||||
wireId, err := wire.ParseID([]byte(az.Identifier.Value))
|
||||
if err != nil {
|
||||
if err != nil {
|
||||
return acme.NewError(acme.ErrorMalformedType, "WireID cannot be parsed")
|
||||
}
|
||||
return acme.WrapError(acme.ErrorMalformedType, err, "WireID cannot be parsed")
|
||||
}
|
||||
clientID, err := wire.ParseClientID(wireId.ClientID)
|
||||
if err != nil {
|
||||
return acme.NewError(acme.ErrorMalformedType, "DeviceID cannot be parsed")
|
||||
return acme.WrapError(acme.ErrorMalformedType, err, "DeviceID cannot be parsed")
|
||||
}
|
||||
|
||||
var targetProvider interface{ GetTarget(string) (string, error) }
|
||||
@@ -302,7 +301,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
|
||||
|
||||
target, err = targetProvider.GetTarget(clientID.DeviceID)
|
||||
if err != nil {
|
||||
return acme.NewError(acme.ErrorMalformedType, "Invalid Go template registered for 'target'")
|
||||
return acme.WrapError(acme.ErrorMalformedType, err, "Invalid Go template registered for 'target'")
|
||||
}
|
||||
default:
|
||||
}
|
||||
|
||||
@@ -80,7 +80,7 @@ func TestNewOrderRequest_Validate(t *testing.T) {
|
||||
err: acme.NewError(acme.ErrorMalformedType, "invalid DNS name: *.example.com:8080"),
|
||||
}
|
||||
},
|
||||
"fail/bad-ip": func(t *testing.T) test {
|
||||
"fail/bad-identifier/ip": func(t *testing.T) test {
|
||||
nbf := time.Now().UTC().Add(time.Minute)
|
||||
naf := time.Now().UTC().Add(5 * time.Minute)
|
||||
return test{
|
||||
@@ -103,7 +103,7 @@ func TestNewOrderRequest_Validate(t *testing.T) {
|
||||
{Type: "wireapp-id", Value: "{}"},
|
||||
},
|
||||
},
|
||||
err: acme.NewError(acme.ErrorMalformedType, "missing client ID prefix"),
|
||||
err: acme.NewError(acme.ErrorMalformedType, "invalid client ID, it's supposed to be a valid URI"),
|
||||
}
|
||||
},
|
||||
"ok": func(t *testing.T) test {
|
||||
@@ -853,7 +853,6 @@ func TestHandler_newAuthorization(t *testing.T) {
|
||||
assert.Nil(t, tc.err)
|
||||
}
|
||||
})
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1696,15 +1695,39 @@ func TestHandler_NewOrder(t *testing.T) {
|
||||
}
|
||||
},
|
||||
"ok/default-naf-nbf-wireapp": func(t *testing.T) test {
|
||||
acmeWireProv := newACMEProvWithOptions(t, &provisioner.Options{
|
||||
OIDC: &provisioner.OIDCOptions{
|
||||
Provider: provisioner.ProviderJSON{
|
||||
IssuerURL: "",
|
||||
AuthURL: "",
|
||||
TokenURL: "",
|
||||
JWKSURL: "",
|
||||
UserInfoURL: "",
|
||||
Algorithms: []string{},
|
||||
},
|
||||
Config: provisioner.ConfigJSON{
|
||||
ClientID: "integration test",
|
||||
SupportedSigningAlgs: []string{},
|
||||
SkipClientIDCheck: true,
|
||||
SkipExpiryCheck: true,
|
||||
SkipIssuerCheck: true,
|
||||
InsecureSkipSignatureCheck: true,
|
||||
Now: time.Now,
|
||||
},
|
||||
},
|
||||
DPOP: &provisioner.DPOPOptions{
|
||||
ValidationExecPath: "true", // true will always exit with code 0
|
||||
},
|
||||
})
|
||||
acc := &acme.Account{ID: "accID"}
|
||||
nor := &NewOrderRequest{
|
||||
Identifiers: []acme.Identifier{
|
||||
{Type: "wireapp-id", Value: `{"client-id": "wireapp://user:client@domain"}`},
|
||||
{Type: "wireapp-id", Value: `{"client-id": "wireapp://user!client@domain"}`},
|
||||
},
|
||||
}
|
||||
b, err := json.Marshal(nor)
|
||||
assert.FatalError(t, err)
|
||||
ctx := acme.NewProvisionerContext(context.Background(), prov)
|
||||
ctx := acme.NewProvisionerContext(context.Background(), acmeWireProv)
|
||||
ctx = context.WithValue(ctx, accContextKey, acc)
|
||||
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
|
||||
var (
|
||||
@@ -1736,7 +1759,7 @@ func TestHandler_NewOrder(t *testing.T) {
|
||||
assert.Equals(t, ch.AccountID, "accID")
|
||||
assert.NotEquals(t, ch.Token, "")
|
||||
assert.Equals(t, ch.Status, acme.StatusPending)
|
||||
assert.Equals(t, ch.Value, `{"client-id": "wireapp://user:client@domain"}`)
|
||||
assert.Equals(t, ch.Value, `{"client-id": "wireapp://user!client@domain"}`)
|
||||
return nil
|
||||
},
|
||||
MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error {
|
||||
|
||||
@@ -3,8 +3,9 @@ package wire
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"go.step.sm/crypto/kms/uri"
|
||||
"strings"
|
||||
|
||||
"go.step.sm/crypto/kms/uri"
|
||||
)
|
||||
|
||||
type WireIDJSON struct {
|
||||
|
||||
Reference in New Issue
Block a user