BREAKING CHANGE(smartacme): Make wildcard certificates opt-in to fix HTTP-01 only configurations

2025-05-19 10:01:31 +00:00
parent dcc89f0088
commit 086eea1aa2
8 changed files with 359 additions and 11 deletions
--- a/test/test.wildcard-options.ts
+++ b/test/test.wildcard-options.ts
@ -0,0 +1,94 @@
+import { tap, expect } from '@push.rocks/tapbundle';
+import { SmartAcme, certmanagers } from '../ts/index.js';
+import { SmartacmeCert as Cert } from '../ts/smartacme.classes.cert.js';
+
+// Simple test to verify wildcard options are correctly processed
+tap.test('should not include wildcard by default for regular domain', async () => {
+  let orderPayload: any = null;
+  
+  // Override the SmartAcme prototype methods for testing
+  const origGetCert = SmartAcme.prototype.getCertificateForDomain;
+  
+  // Create a minimal test version of getCertificateForDomain
+  SmartAcme.prototype.getCertificateForDomain = async function(
+    domainArg: string,
+    options?: { includeWildcard?: boolean }
+  ) {
+    const certDomainName = domainArg.replace('*.', '');
+    const identifiers = [];
+    
+    if (domainArg.startsWith('*.')) {
+      identifiers.push({ type: 'dns', value: domainArg });
+    } else {
+      identifiers.push({ type: 'dns', value: certDomainName });
+      
+      if (options?.includeWildcard) {
+        const hasDnsHandler = this.challengeHandlers.some((h) =>
+          h.getSupportedTypes().includes('dns-01')
+        );
+        
+        if (hasDnsHandler) {
+          identifiers.push({ type: 'dns', value: `*.${certDomainName}` });
+        }
+      }
+    }
+    
+    orderPayload = { identifiers };
+    return new Cert({ domainName: certDomainName });
+  };
+  
+  try {
+    // Create instance with HTTP-01 only
+    const smartAcme = new SmartAcme({
+      accountEmail: 'test@example.com',
+      certManager: new certmanagers.MemoryCertManager(),
+      environment: 'integration',
+      challengeHandlers: [{
+        getSupportedTypes: () => ['http-01'],
+        prepare: async () => {},
+        cleanup: async () => {},
+        checkWetherDomainIsSupported: async () => true,
+      }],
+    });
+    
+    // Test 1: Regular domain without wildcard option
+    await smartAcme.getCertificateForDomain('example.com');
+    expect(orderPayload.identifiers.length).toEqual(1);
+    expect(orderPayload.identifiers[0].value).toEqual('example.com');
+    
+    // Test 2: Regular domain with wildcard option (but no DNS-01 handler)
+    await smartAcme.getCertificateForDomain('example.com', { includeWildcard: true });
+    expect(orderPayload.identifiers.length).toEqual(1);
+    expect(orderPayload.identifiers[0].value).toEqual('example.com');
+    
+    // Create instance with DNS-01
+    const smartAcmeDns = new SmartAcme({
+      accountEmail: 'test@example.com',
+      certManager: new certmanagers.MemoryCertManager(),
+      environment: 'integration',
+      challengeHandlers: [{
+        getSupportedTypes: () => ['dns-01'],
+        prepare: async () => {},
+        cleanup: async () => {},
+        checkWetherDomainIsSupported: async () => true,
+      }],
+    });
+    
+    // Test 3: Regular domain with wildcard option and DNS-01 handler
+    await smartAcmeDns.getCertificateForDomain('example.com', { includeWildcard: true });
+    expect(orderPayload.identifiers.length).toEqual(2);
+    expect(orderPayload.identifiers[0].value).toEqual('example.com');
+    expect(orderPayload.identifiers[1].value).toEqual('*.example.com');
+    
+    // Test 4: Direct wildcard request
+    await smartAcmeDns.getCertificateForDomain('*.example.com');
+    expect(orderPayload.identifiers.length).toEqual(1);
+    expect(orderPayload.identifiers[0].value).toEqual('*.example.com');
+    
+  } finally {
+    // Restore original method
+    SmartAcme.prototype.getCertificateForDomain = origGetCert;
+  }
+});
+
+export default tap.start();