(t *testing.T)
| 20 | ) |
| 21 | |
| 22 | func TestPrefixAndKeyBuilders(t *testing.T) { |
| 23 | am := &ACMEIssuer{CA: "https://example.com/acme-ca/directory"} |
| 24 | |
| 25 | base := path.Join("certificates", "example.com-acme-ca-directory") |
| 26 | |
| 27 | for i, testcase := range []struct { |
| 28 | in, folder, certFile, keyFile, metaFile string |
| 29 | }{ |
| 30 | { |
| 31 | in: "example.com", |
| 32 | folder: path.Join(base, "example.com"), |
| 33 | certFile: path.Join(base, "example.com", "example.com.crt"), |
| 34 | keyFile: path.Join(base, "example.com", "example.com.key"), |
| 35 | metaFile: path.Join(base, "example.com", "example.com.json"), |
| 36 | }, |
| 37 | { |
| 38 | in: "*.example.com", |
| 39 | folder: path.Join(base, "wildcard_.example.com"), |
| 40 | certFile: path.Join(base, "wildcard_.example.com", "wildcard_.example.com.crt"), |
| 41 | keyFile: path.Join(base, "wildcard_.example.com", "wildcard_.example.com.key"), |
| 42 | metaFile: path.Join(base, "wildcard_.example.com", "wildcard_.example.com.json"), |
| 43 | }, |
| 44 | { |
| 45 | // prevent directory traversal! very important, esp. with on-demand TLS |
| 46 | // see issue #2092 |
| 47 | in: "a/../../../foo", |
| 48 | folder: path.Join(base, "afoo"), |
| 49 | certFile: path.Join(base, "afoo", "afoo.crt"), |
| 50 | keyFile: path.Join(base, "afoo", "afoo.key"), |
| 51 | metaFile: path.Join(base, "afoo", "afoo.json"), |
| 52 | }, |
| 53 | { |
| 54 | in: "b\\..\\..\\..\\foo", |
| 55 | folder: path.Join(base, "bfoo"), |
| 56 | certFile: path.Join(base, "bfoo", "bfoo.crt"), |
| 57 | keyFile: path.Join(base, "bfoo", "bfoo.key"), |
| 58 | metaFile: path.Join(base, "bfoo", "bfoo.json"), |
| 59 | }, |
| 60 | { |
| 61 | in: "c/foo", |
| 62 | folder: path.Join(base, "cfoo"), |
| 63 | certFile: path.Join(base, "cfoo", "cfoo.crt"), |
| 64 | keyFile: path.Join(base, "cfoo", "cfoo.key"), |
| 65 | metaFile: path.Join(base, "cfoo", "cfoo.json"), |
| 66 | }, |
| 67 | } { |
| 68 | if actual := StorageKeys.SiteCert(am.IssuerKey(), testcase.in); actual != testcase.certFile { |
| 69 | t.Errorf("Test %d: site cert file: Expected '%s' but got '%s'", i, testcase.certFile, actual) |
| 70 | } |
| 71 | if actual := StorageKeys.SitePrivateKey(am.IssuerKey(), testcase.in); actual != testcase.keyFile { |
| 72 | t.Errorf("Test %d: site key file: Expected '%s' but got '%s'", i, testcase.keyFile, actual) |
| 73 | } |
| 74 | if actual := StorageKeys.SiteMeta(am.IssuerKey(), testcase.in); actual != testcase.metaFile { |
| 75 | t.Errorf("Test %d: site meta file: Expected '%s' but got '%s'", i, testcase.metaFile, actual) |
| 76 | } |
| 77 | } |
| 78 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…