diff --git a/src/cert/acme.js b/src/cert/acme.js index 6b47fb449..974e75fc6 100644 --- a/src/cert/acme.js +++ b/src/cert/acme.js @@ -19,7 +19,10 @@ var CA_PROD = 'https://acme-v01.api.letsencrypt.org', LE_AGREEMENT = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf'; exports = module.exports = { - getCertificate: getCertificate + getCertificate: getCertificate, + + // testing + _name: 'acme' }; function AcmeError(reason, errorOrMessage) { diff --git a/src/cert/caas.js b/src/cert/caas.js index b87ec6f32..0b5a95421 100644 --- a/src/cert/caas.js +++ b/src/cert/caas.js @@ -1,7 +1,10 @@ 'use strict'; exports = module.exports = { - getCertificate: getCertificate + getCertificate: getCertificate, + + // testing + _name: 'caas' }; var assert = require('assert'), diff --git a/src/certificates.js b/src/certificates.js index 3e0e684f8..533cfef19 100644 --- a/src/certificates.js +++ b/src/certificates.js @@ -8,7 +8,10 @@ exports = module.exports = { CertificatesError: CertificatesError, validateCertificate: validateCertificate, ensureCertificate: ensureCertificate, - getAdminCertificatePath: getAdminCertificatePath + getAdminCertificatePath: getAdminCertificatePath, + + // exported for testing + _getApi: getApi }; var acme = require('./cert/acme.js'), @@ -66,11 +69,15 @@ function getApi(app, callback) { settings.getTlsConfig(function (error, tlsConfig) { if (error) return callback(error); - var api = !app.altDomain && tlsConfig.provider === 'caas' ? caas : acme; + // use acme if we have altDomain or the tlsConfig is not caas + var api = (app.altDomain || tlsConfig.provider) !== 'caas' ? acme : caas; var options = { }; - // used by acme backend to determine the LE origin. - options.prod = (api === caas) ? !config.isDev() : tlsConfig.provider.match(/.*-prod/) !== null; + if (tlsConfig.provider === 'caas') { + options.prod = !config.isDev(); // with altDomain, we will choose acme setting based on this + } else { // acme + options.prod = tlsConfig.provider.match(/.*-prod/) !== null; + } // registering user with an email requires A or MX record (https://github.com/letsencrypt/boulder/issues/1197) // we cannot use admin@fqdn because the user might not have set it up. diff --git a/src/test/certificates-test.js b/src/test/certificates-test.js index 8d2af5f7c..96170df6d 100644 --- a/src/test/certificates-test.js +++ b/src/test/certificates-test.js @@ -1,4 +1,3 @@ -/* jslint node:true */ /* global it:false */ /* global describe:false */ /* global before:false */ @@ -6,8 +5,23 @@ 'use strict'; -var certificates = require('../certificates.js'), - expect = require('expect.js'); +var async = require('async'), + certificates = require('../certificates.js'), + config = require('../config.js'), + database = require('../database.js'), + expect = require('expect.js'), + settings = require('../settings.js'); + +function setup(done) { + async.series([ + database.initialize, + database._clear + ], done); +} + +function cleanup(done) { + database._clear(done); +} describe('Certificates', function () { describe('validateCertificate', function () { @@ -87,4 +101,147 @@ describe('Certificates', function () { expect(certificates.validateCertificate(validCert0, validKey1, 'foobar.com')).to.be.an(Error); }); }); + + describe('getApi - caas', function () { + before(function (done) { + async.series([ + setup, + settings.setTlsConfig.bind(null, { provider: 'caas' }) + ], done); + }); + + after(cleanup); + + it('returns prod caas for prod cloudron', function (done) { + config.set('boxVersionsUrl', 'http://prod/release.json'); + + certificates._getApi({ }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('caas'); + expect(options.prod).to.be(true); + done(); + }); + }); + + it('returns non-prod caas for dev cloudron', function (done) { + config.set('boxVersionsUrl', 'http://dev/release.json'); + + certificates._getApi({ }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('caas'); + expect(options.prod).to.be(false); + done(); + }); + }); + + it('returns prod-acme with altDomain in prod cloudron', function (done) { + config.set('boxVersionsUrl', 'http://prod/release.json'); + + certificates._getApi({ altDomain: 'foo.something.com' }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(true); + done(); + }); + }); + + it('returns non-prod acme with altDomain in dev cloudron', function (done) { + config.set('boxVersionsUrl', 'http://dev/release.json'); + + certificates._getApi({ altDomain: 'foo.something.com' }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(false); + done(); + }); + }); + }); + + describe('getApi - le-prod', function () { + before(function (done) { + async.series([ + setup, + settings.setTlsConfig.bind(null, { provider: 'le-prod' }) + ], done); + }); + + after(cleanup); + + it('returns prod acme in prod cloudron', function (done) { + config.set('boxVersionsUrl', 'http://prod/release.json'); + + certificates._getApi({ }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(true); + done(); + }); + }); + + it('returns prod acme with altDomain in prod cloudron', function (done) { + config.set('boxVersionsUrl', 'http://prod/release.json'); + + certificates._getApi({ altDomain: 'foo.bar.com' }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(true); + done(); + }); + }); + + it('returns prod acme in dev cloudron', function (done) { + config.set('boxVersionsUrl', 'http://dev/release.json'); + + certificates._getApi({ }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(true); + done(); + }); + }); + }); + + describe('getApi - le-staging', function () { + before(function (done) { + async.series([ + setup, + settings.setTlsConfig.bind(null, { provider: 'le-staging' }) + ], done); + }); + + after(cleanup); + + it('returns staging acme in prod cloudron', function (done) { + config.set('boxVersionsUrl', 'http://prod/release.json'); + + certificates._getApi({ }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(false); + done(); + }); + }); + + it('returns staging acme in dev cloudron', function (done) { + config.set('boxVersionsUrl', 'http://dev/release.json'); + + certificates._getApi({ }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(false); + done(); + }); + }); + + it('returns staging acme with altDomain in prod cloudron', function (done) { + config.set('boxVersionsUrl', 'http://prod/release.json'); + + certificates._getApi({ altDomain: 'foo.bar.com' }, function (error, api, options) { + expect(error).to.be(null); + expect(api._name).to.be('acme'); + expect(options.prod).to.be(false); + done(); + }); + }); + }); });