178 lines
6.9 KiB
TypeScript
178 lines
6.9 KiB
TypeScript
import { tap, expect } from '@push.rocks/tapbundle';
|
|
import { SmartAcme, certmanagers } from '../ts/index.js';
|
|
import { Http01MemoryHandler } from '../ts/handlers/Http01MemoryHandler.js';
|
|
|
|
// Test that HTTP-01 only configuration works without wildcard certificates
|
|
tap.test('HTTP-01 only configuration should work for regular domains', async () => {
|
|
const memHandler = new Http01MemoryHandler();
|
|
|
|
// Stub the domain support check to always return true for testing
|
|
memHandler.checkWetherDomainIsSupported = async () => true;
|
|
|
|
const smartAcmeInstance = new SmartAcme({
|
|
accountEmail: 'test@example.com',
|
|
certManager: new certmanagers.MemoryCertManager(),
|
|
environment: 'integration',
|
|
retryOptions: {},
|
|
challengeHandlers: [memHandler],
|
|
challengePriority: ['http-01'],
|
|
});
|
|
|
|
// Stub the start method to avoid actual ACME connections
|
|
smartAcmeInstance.start = async () => {
|
|
smartAcmeInstance.certmatcher = {
|
|
getCertificateDomainNameByDomainName: (domain: string) => domain.replace('*.', '')
|
|
} as any;
|
|
smartAcmeInstance.interestMap = {
|
|
checkInterest: async () => false,
|
|
addInterest: async () => ({ interestFullfilled: new Promise(() => {}) } as any)
|
|
} as any;
|
|
await smartAcmeInstance.certmanager.init();
|
|
};
|
|
await smartAcmeInstance.start();
|
|
|
|
// Stub the core certificate methods to avoid actual ACME calls
|
|
smartAcmeInstance.client = {
|
|
createOrder: async (orderPayload: any) => {
|
|
// Verify no wildcard is included in default request
|
|
const identifiers = orderPayload.identifiers;
|
|
expect(identifiers.length).toEqual(1);
|
|
expect(identifiers[0].value).toEqual('example.com');
|
|
expect(identifiers.find((id: any) => id.value.startsWith('*.'))).toBeUndefined();
|
|
return { status: 'pending', authorizations: [], finalize: '', certificate: '' };
|
|
},
|
|
getAuthorizations: async () => [],
|
|
finalizeOrder: async () => {},
|
|
getCertificate: async () => '-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----',
|
|
} as any;
|
|
|
|
smartAcmeInstance.retry = async (fn: () => Promise<any>) => fn();
|
|
|
|
// Mock certmanager methods
|
|
smartAcmeInstance.certmanager.retrieveCertificate = async () => null;
|
|
smartAcmeInstance.certmanager.storeCertificate = async (cert: any) => cert;
|
|
|
|
// Request certificate without wildcard
|
|
const cert = await smartAcmeInstance.getCertificateForDomain('example.com');
|
|
expect(cert).toBeDefined();
|
|
});
|
|
|
|
tap.test('should only include wildcard when explicitly requested with DNS-01', async () => {
|
|
const dnsHandler = {
|
|
getSupportedTypes: () => ['dns-01'],
|
|
prepare: async () => {},
|
|
cleanup: async () => {},
|
|
checkWetherDomainIsSupported: async () => true,
|
|
};
|
|
|
|
const smartAcmeInstance = new SmartAcme({
|
|
accountEmail: 'test@example.com',
|
|
certManager: new certmanagers.MemoryCertManager(),
|
|
environment: 'integration',
|
|
retryOptions: {},
|
|
challengeHandlers: [dnsHandler],
|
|
challengePriority: ['dns-01'],
|
|
});
|
|
|
|
// Stub the start method to avoid actual ACME connections
|
|
smartAcmeInstance.start = async () => {
|
|
smartAcmeInstance.certmatcher = {
|
|
getCertificateDomainNameByDomainName: (domain: string) => domain.replace('*.', '')
|
|
} as any;
|
|
smartAcmeInstance.interestMap = {
|
|
checkInterest: async () => false,
|
|
addInterest: async () => ({ interestFullfilled: new Promise(() => {}) } as any)
|
|
} as any;
|
|
await smartAcmeInstance.certmanager.init();
|
|
};
|
|
await smartAcmeInstance.start();
|
|
|
|
// Stub the core certificate methods
|
|
smartAcmeInstance.client = {
|
|
createOrder: async (orderPayload: any) => {
|
|
const identifiers = orderPayload.identifiers;
|
|
expect(identifiers.length).toEqual(2);
|
|
expect(identifiers[0].value).toEqual('example.com');
|
|
expect(identifiers[1].value).toEqual('*.example.com');
|
|
return { status: 'pending', authorizations: [], finalize: '', certificate: '' };
|
|
},
|
|
getAuthorizations: async () => [],
|
|
finalizeOrder: async () => {},
|
|
getCertificate: async () => '-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----',
|
|
} as any;
|
|
|
|
smartAcmeInstance.retry = async (fn: () => Promise<any>) => fn();
|
|
|
|
// Mock certmanager methods
|
|
smartAcmeInstance.certmanager.retrieveCertificate = async () => null;
|
|
smartAcmeInstance.certmanager.storeCertificate = async (cert: any) => cert;
|
|
|
|
// Request certificate with wildcard
|
|
const cert = await smartAcmeInstance.getCertificateForDomain('example.com', { includeWildcard: true });
|
|
expect(cert).toBeDefined();
|
|
});
|
|
|
|
tap.test('should skip wildcard if requested but no DNS-01 handler available', async () => {
|
|
const httpHandler = new Http01MemoryHandler();
|
|
httpHandler.checkWetherDomainIsSupported = async () => true;
|
|
|
|
const smartAcmeInstance = new SmartAcme({
|
|
accountEmail: 'test@example.com',
|
|
certManager: new certmanagers.MemoryCertManager(),
|
|
environment: 'integration',
|
|
retryOptions: {},
|
|
challengeHandlers: [httpHandler],
|
|
challengePriority: ['http-01'],
|
|
});
|
|
|
|
// Stub the start method to avoid actual ACME connections
|
|
smartAcmeInstance.start = async () => {
|
|
smartAcmeInstance.certmatcher = {
|
|
getCertificateDomainNameByDomainName: (domain: string) => domain.replace('*.', '')
|
|
} as any;
|
|
smartAcmeInstance.interestMap = {
|
|
checkInterest: async () => false,
|
|
addInterest: async () => ({ interestFullfilled: new Promise(() => {}) } as any)
|
|
} as any;
|
|
await smartAcmeInstance.certmanager.init();
|
|
};
|
|
await smartAcmeInstance.start();
|
|
|
|
// Mock logger to capture warning
|
|
const logSpy = { called: false, message: '' };
|
|
smartAcmeInstance.logger.log = async (level: string, message: string) => {
|
|
if (level === 'warn') {
|
|
logSpy.called = true;
|
|
logSpy.message = message;
|
|
}
|
|
};
|
|
|
|
// Stub the core certificate methods
|
|
smartAcmeInstance.client = {
|
|
createOrder: async (orderPayload: any) => {
|
|
const identifiers = orderPayload.identifiers;
|
|
// Should only have regular domain, no wildcard
|
|
expect(identifiers.length).toEqual(1);
|
|
expect(identifiers[0].value).toEqual('example.com');
|
|
return { status: 'pending', authorizations: [], finalize: '', certificate: '' };
|
|
},
|
|
getAuthorizations: async () => [],
|
|
finalizeOrder: async () => {},
|
|
getCertificate: async () => '-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----',
|
|
} as any;
|
|
|
|
smartAcmeInstance.retry = async (fn: () => Promise<any>) => fn();
|
|
|
|
// Mock certmanager methods
|
|
smartAcmeInstance.certmanager.retrieveCertificate = async () => null;
|
|
smartAcmeInstance.certmanager.storeCertificate = async (cert: any) => cert;
|
|
|
|
// Request certificate with wildcard (should be skipped)
|
|
const cert = await smartAcmeInstance.getCertificateForDomain('example.com', { includeWildcard: true });
|
|
|
|
expect(cert).toBeDefined();
|
|
expect(logSpy.called).toBeTrue();
|
|
expect(logSpy.message).toContain('Wildcard certificate requested but no DNS-01 handler available');
|
|
});
|
|
|
|
export default tap.start(); |