1f349/orchid
4
0
Fork 0
mirror of https://github.com/1f349/orchid.git synced 2024-10-18 08:52:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
25e1065f05
orchid/http-acme/http-acme-provider_test.go

108 lines
2.8 KiB
Go
Raw Normal View History

Port previous service code
2023-06-26 11:56:21 +01:00
package http_acme
Add http acme provider
2023-06-23 23:00:09 +01:00
import (
"crypto/rand"
"crypto/rsa"
"fmt"
Add endpoint for grabbing owned certificates
2023-11-14 13:24:30 +00:00
"github.com/1f349/mjwt"
"github.com/1f349/mjwt/auth"
"github.com/1f349/mjwt/claims"
Add http acme provider
2023-06-23 23:00:09 +01:00
"github.com/stretchr/testify/assert"
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"
"time"
)
Partial work
2023-07-03 16:27:24 +01:00
func makeQuickHttpProv(accessToken string, ft http.RoundTripper) *HttpAcmeProvider {
return &HttpAcmeProvider{
Use yaml and fix up setup code
2023-07-07 15:47:38 +01:00
"",
Partial work
2023-07-03 16:27:24 +01:00
accessToken,
"",
Use yaml and fix up setup code
2023-07-07 15:47:38 +01:00
"https://api.example.com/acme/present/$domain/$token/$content",
"https://api.example.com/acme/clean/$domain/$token",
Partial work
2023-07-03 16:27:24 +01:00
"https://api.example.com/acme/token",
ft,
}
}
// fakeTransport captures any requests and responds with a successful answer if
// applicable
Add http acme provider
2023-06-23 23:00:09 +01:00
type fakeTransport struct {
verify mjwt.Verifier
req *http.Request
clean bool
}
func (f *fakeTransport) RoundTrip(req *http.Request) (*http.Response, error) {
Partial work
2023-07-03 16:27:24 +01:00
// check bearer token and extract claims
Add http acme provider
2023-06-23 23:00:09 +01:00
bearer := req.Header.Get("Authorization")
if !strings.HasPrefix(bearer, "Bearer ") {
return nil, fmt.Errorf("invalid bearer token")
}
_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](f.verify, bearer[7:])
if err != nil {
return nil, err
}
// check perms
if !f.clean && !b.Claims.Perms.Has("test:acme:present") {
return nil, fmt.Errorf("missing perm 'test:acme:present'")
}
if f.clean && !b.Claims.Perms.Has("test:acme:clean") {
return nil, fmt.Errorf("missing perm 'test:acme:clean'")
}
rec := httptest.NewRecorder()
Auto generate domain certificate private key if it doesn't already exist
2023-07-11 15:04:59 +01:00
rec.WriteHeader(http.StatusAccepted)
Add http acme provider
2023-06-23 23:00:09 +01:00
f.req = req
return rec.Result(), nil
}
func TestHttpAcmeProvider_Present(t *testing.T) {
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
assert.NoError(t, err)
// perms
ps := claims.NewPermStorage()
ps.Set("test:acme:present")
// signer
signer := mjwt.NewMJwtSigner("Test", privateKey)
accessToken, err := signer.GenerateJwt("", "", nil, 5*time.Minute, auth.AccessTokenClaims{Perms: ps})
assert.NoError(t, err)
ft := &fakeTransport{verify: signer}
Partial work
2023-07-03 16:27:24 +01:00
prov := makeQuickHttpProv(accessToken, ft)
Add http acme provider
2023-06-23 23:00:09 +01:00
assert.NoError(t, prov.Present("example.com", "1234", "1234abcd"))
assert.Equal(t, *ft.req.URL, url.URL{
Scheme: "https",
Host: "api.example.com",
Path: "/acme/present/example.com/1234/1234abcd",
})
}
func TestHttpAcmeProvider_CleanUp(t *testing.T) {
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
assert.NoError(t, err)
// perms
ps := claims.NewPermStorage()
ps.Set("test:acme:clean")
// signer
signer := mjwt.NewMJwtSigner("Test", privateKey)
accessToken, err := signer.GenerateJwt("", "", nil, 5*time.Minute, auth.AccessTokenClaims{Perms: ps})
assert.NoError(t, err)
ft := &fakeTransport{verify: signer, clean: true}
Partial work
2023-07-03 16:27:24 +01:00
prov := makeQuickHttpProv(accessToken, ft)
Add http acme provider
2023-06-23 23:00:09 +01:00
assert.NoError(t, prov.CleanUp("example.com", "1234", "1234abcd"))
assert.Equal(t, *ft.req.URL, url.URL{
Scheme: "https",
Host: "api.example.com",
Path: "/acme/clean/example.com/1234",
})
}
Reference in New Issue Copy Permalink