55be6d8695
This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
79 lines
2.8 KiB
Go
79 lines
2.8 KiB
Go
// Copyright 2015 Matthew Holt
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package certmagic
|
|
|
|
import (
|
|
"path"
|
|
"testing"
|
|
)
|
|
|
|
func TestPrefixAndKeyBuilders(t *testing.T) {
|
|
am := &ACMEIssuer{CA: "https://example.com/acme-ca/directory"}
|
|
|
|
base := path.Join("certificates", "example.com-acme-ca-directory")
|
|
|
|
for i, testcase := range []struct {
|
|
in, folder, certFile, keyFile, metaFile string
|
|
}{
|
|
{
|
|
in: "example.com",
|
|
folder: path.Join(base, "example.com"),
|
|
certFile: path.Join(base, "example.com", "example.com.crt"),
|
|
keyFile: path.Join(base, "example.com", "example.com.key"),
|
|
metaFile: path.Join(base, "example.com", "example.com.json"),
|
|
},
|
|
{
|
|
in: "*.example.com",
|
|
folder: path.Join(base, "wildcard_.example.com"),
|
|
certFile: path.Join(base, "wildcard_.example.com", "wildcard_.example.com.crt"),
|
|
keyFile: path.Join(base, "wildcard_.example.com", "wildcard_.example.com.key"),
|
|
metaFile: path.Join(base, "wildcard_.example.com", "wildcard_.example.com.json"),
|
|
},
|
|
{
|
|
// prevent directory traversal! very important, esp. with on-demand TLS
|
|
// see issue #2092
|
|
in: "a/../../../foo",
|
|
folder: path.Join(base, "afoo"),
|
|
certFile: path.Join(base, "afoo", "afoo.crt"),
|
|
keyFile: path.Join(base, "afoo", "afoo.key"),
|
|
metaFile: path.Join(base, "afoo", "afoo.json"),
|
|
},
|
|
{
|
|
in: "b\\..\\..\\..\\foo",
|
|
folder: path.Join(base, "bfoo"),
|
|
certFile: path.Join(base, "bfoo", "bfoo.crt"),
|
|
keyFile: path.Join(base, "bfoo", "bfoo.key"),
|
|
metaFile: path.Join(base, "bfoo", "bfoo.json"),
|
|
},
|
|
{
|
|
in: "c/foo",
|
|
folder: path.Join(base, "cfoo"),
|
|
certFile: path.Join(base, "cfoo", "cfoo.crt"),
|
|
keyFile: path.Join(base, "cfoo", "cfoo.key"),
|
|
metaFile: path.Join(base, "cfoo", "cfoo.json"),
|
|
},
|
|
} {
|
|
if actual := StorageKeys.SiteCert(am.IssuerKey(), testcase.in); actual != testcase.certFile {
|
|
t.Errorf("Test %d: site cert file: Expected '%s' but got '%s'", i, testcase.certFile, actual)
|
|
}
|
|
if actual := StorageKeys.SitePrivateKey(am.IssuerKey(), testcase.in); actual != testcase.keyFile {
|
|
t.Errorf("Test %d: site key file: Expected '%s' but got '%s'", i, testcase.keyFile, actual)
|
|
}
|
|
if actual := StorageKeys.SiteMeta(am.IssuerKey(), testcase.in); actual != testcase.metaFile {
|
|
t.Errorf("Test %d: site meta file: Expected '%s' but got '%s'", i, testcase.metaFile, actual)
|
|
}
|
|
}
|
|
}
|