diff --git a/acme/api/order.go b/acme/api/order.go index 9b5dda43..b2048c25 100644 --- a/acme/api/order.go +++ b/acme/api/order.go @@ -5,12 +5,13 @@ import ( "crypto/x509" "encoding/base64" "encoding/json" - "go.step.sm/crypto/kms/uri" "net" "net/http" "strings" "time" + "go.step.sm/crypto/kms/uri" + "github.com/go-chi/chi/v5" "go.step.sm/crypto/randutil" @@ -282,13 +283,11 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error { case acme.WireID: wireId, err := wire.ParseID([]byte(az.Identifier.Value)) if err != nil { - if err != nil { - return acme.NewError(acme.ErrorMalformedType, "WireID cannot be parsed") - } + return acme.WrapError(acme.ErrorMalformedType, err, "WireID cannot be parsed") } clientID, err := wire.ParseClientID(wireId.ClientID) if err != nil { - return acme.NewError(acme.ErrorMalformedType, "DeviceID cannot be parsed") + return acme.WrapError(acme.ErrorMalformedType, err, "DeviceID cannot be parsed") } var targetProvider interface{ GetTarget(string) (string, error) } @@ -302,7 +301,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error { target, err = targetProvider.GetTarget(clientID.DeviceID) if err != nil { - return acme.NewError(acme.ErrorMalformedType, "Invalid Go template registered for 'target'") + return acme.WrapError(acme.ErrorMalformedType, err, "Invalid Go template registered for 'target'") } default: } diff --git a/acme/api/order_test.go b/acme/api/order_test.go index 04753557..79539eb3 100644 --- a/acme/api/order_test.go +++ b/acme/api/order_test.go @@ -80,7 +80,7 @@ func TestNewOrderRequest_Validate(t *testing.T) { err: acme.NewError(acme.ErrorMalformedType, "invalid DNS name: *.example.com:8080"), } }, - "fail/bad-ip": func(t *testing.T) test { + "fail/bad-identifier/ip": func(t *testing.T) test { nbf := time.Now().UTC().Add(time.Minute) naf := time.Now().UTC().Add(5 * time.Minute) return test{ @@ -103,7 +103,7 @@ func TestNewOrderRequest_Validate(t *testing.T) { {Type: "wireapp-id", Value: "{}"}, }, }, - err: acme.NewError(acme.ErrorMalformedType, "missing client ID prefix"), + err: acme.NewError(acme.ErrorMalformedType, "invalid client ID, it's supposed to be a valid URI"), } }, "ok": func(t *testing.T) test { @@ -853,7 +853,6 @@ func TestHandler_newAuthorization(t *testing.T) { assert.Nil(t, tc.err) } }) - } } @@ -1696,15 +1695,39 @@ func TestHandler_NewOrder(t *testing.T) { } }, "ok/default-naf-nbf-wireapp": func(t *testing.T) test { + acmeWireProv := newACMEProvWithOptions(t, &provisioner.Options{ + OIDC: &provisioner.OIDCOptions{ + Provider: provisioner.ProviderJSON{ + IssuerURL: "", + AuthURL: "", + TokenURL: "", + JWKSURL: "", + UserInfoURL: "", + Algorithms: []string{}, + }, + Config: provisioner.ConfigJSON{ + ClientID: "integration test", + SupportedSigningAlgs: []string{}, + SkipClientIDCheck: true, + SkipExpiryCheck: true, + SkipIssuerCheck: true, + InsecureSkipSignatureCheck: true, + Now: time.Now, + }, + }, + DPOP: &provisioner.DPOPOptions{ + ValidationExecPath: "true", // true will always exit with code 0 + }, + }) acc := &acme.Account{ID: "accID"} nor := &NewOrderRequest{ Identifiers: []acme.Identifier{ - {Type: "wireapp-id", Value: `{"client-id": "wireapp://user:client@domain"}`}, + {Type: "wireapp-id", Value: `{"client-id": "wireapp://user!client@domain"}`}, }, } b, err := json.Marshal(nor) assert.FatalError(t, err) - ctx := acme.NewProvisionerContext(context.Background(), prov) + ctx := acme.NewProvisionerContext(context.Background(), acmeWireProv) ctx = context.WithValue(ctx, accContextKey, acc) ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b}) var ( @@ -1736,7 +1759,7 @@ func TestHandler_NewOrder(t *testing.T) { assert.Equals(t, ch.AccountID, "accID") assert.NotEquals(t, ch.Token, "") assert.Equals(t, ch.Status, acme.StatusPending) - assert.Equals(t, ch.Value, `{"client-id": "wireapp://user:client@domain"}`) + assert.Equals(t, ch.Value, `{"client-id": "wireapp://user!client@domain"}`) return nil }, MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error { diff --git a/wire/id.go b/wire/id.go index dead8fbe..5ba8438a 100644 --- a/wire/id.go +++ b/wire/id.go @@ -3,8 +3,9 @@ package wire import ( "encoding/json" "fmt" - "go.step.sm/crypto/kms/uri" "strings" + + "go.step.sm/crypto/kms/uri" ) type WireIDJSON struct {