chore: clean up tests and code (#2602)

Author: ldez

acme/api/certificate.go

@@ -2,15 +2,12 @@ package api
 
 import (
 	"bytes"
-	"crypto/x509"
 	"encoding/pem"
 	"errors"
 	"io"
 	"net/http"
 
 	"github.com/go-acme/lego/v4/acme"
-	"github.com/go-acme/lego/v4/certcrypto"
-	"github.com/go-acme/lego/v4/log"
 )
 
 // maxBodySize is the maximum size of body that we will read.
@@ -77,62 +74,22 @@ func (c *CertificateService) get(certURL string, bundle bool) (*acme.RawCertific
 		return nil, resp.Header, err
 	}
 
-	cert := c.getCertificateChain(data, resp.Header, bundle, certURL)
+	cert := c.getCertificateChain(data, bundle)
 
 	return cert, resp.Header, err
 }
 
 // getCertificateChain Returns the certificate and the issuer certificate.
-func (c *CertificateService) getCertificateChain(cert []byte, headers http.Header, bundle bool, certURL string) *acme.RawCertificate {
+func (c *CertificateService) getCertificateChain(cert []byte, bundle bool) *acme.RawCertificate {
 	// Get issuerCert from bundled response from Let's Encrypt
 	// See https://community.letsencrypt.org/t/acme-v2-no-up-link-in-response/64962
 	_, issuer := pem.Decode(cert)
-	if issuer != nil {
-		// If bundle is false, we want to return a single certificate.
-		// To do this, we remove the issuer cert(s) from the issued cert.
-		if !bundle {
-			cert = bytes.TrimSuffix(cert, issuer)
-		}
-		return &acme.RawCertificate{Cert: cert, Issuer: issuer}
-	}
-
-	// The issuer certificate link may be supplied via an "up" link
-	// in the response headers of a new certificate.
-	// See https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
-	up := getLink(headers, "up")
 
-	issuer, err := c.getIssuerFromLink(up)
-	if err != nil {
-		// If we fail to acquire the issuer cert, return the issued certificate - do not fail.
-		log.Warnf("acme: Could not bundle issuer certificate [%s]: %v", certURL, err)
-	} else if len(issuer) > 0 {
-		// If bundle is true, we want to return a certificate bundle.
-		// To do this, we append the issuer cert to the issued cert.
-		if bundle {
-			cert = append(cert, issuer...)
-		}
+	// If bundle is false, we want to return a single certificate.
+	// To do this, we remove the issuer cert(s) from the issued cert.
+	if !bundle {
+		cert = bytes.TrimSuffix(cert, issuer)
 	}
 
 	return &acme.RawCertificate{Cert: cert, Issuer: issuer}
 }
-
-// getIssuerFromLink requests the issuer certificate.
-func (c *CertificateService) getIssuerFromLink(up string) ([]byte, error) {
-	if up == "" {
-		return nil, nil
-	}
-
-	log.Infof("acme: Requesting issuer cert from %s", up)
-
-	cert, _, err := c.get(up, false)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = x509.ParseCertificate(cert.Cert)
-	if err != nil {
-		return nil, err
-	}
-
-	return certcrypto.PEMEncode(certcrypto.DERCertificateBytes(cert.Cert)), nil
-}

acme/api/certificate_test.go

@@ -3,11 +3,11 @@ package api
 import (
 	"crypto/rand"
 	"crypto/rsa"
-	"encoding/pem"
 	"net/http"
 	"testing"
 
 	"github.com/go-acme/lego/v4/platform/tester"
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -74,25 +74,9 @@ rzFL1KZfz+HZdnFwFW2T2gVW8L3ii1l9AJDuKzlvjUH3p6bgihVq02sjT8mx+GM2
 `
 
 func TestCertificateService_Get_issuerRelUp(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
-	mux.HandleFunc("/certificate", func(w http.ResponseWriter, _ *http.Request) {
-		w.Header().Set("Link", "<"+apiURL+`/issuer>; rel="up"`)
-		_, err := w.Write([]byte(certResponseMock))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
-
-	mux.HandleFunc("/issuer", func(w http.ResponseWriter, _ *http.Request) {
-		p, _ := pem.Decode([]byte(issuerMock))
-		_, err := w.Write(p.Bytes)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /certificate", servermock.RawStringResponse(certResponseMock)).
+		Build(t)
 
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err, "Could not generate test key")
@@ -107,15 +91,9 @@ func TestCertificateService_Get_issuerRelUp(t *testing.T) {
 }
 
 func TestCertificateService_Get_embeddedIssuer(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
-	mux.HandleFunc("/certificate", func(w http.ResponseWriter, _ *http.Request) {
-		_, err := w.Write([]byte(certResponseMock))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /certificate", servermock.RawStringResponse(certResponseMock)).
+		Build(t)
 
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err, "Could not generate test key")

acme/api/order_test.go

@@ -11,55 +11,48 @@ import (
 
 	"github.com/go-acme/lego/v4/acme"
 	"github.com/go-acme/lego/v4/platform/tester"
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
 	"github.com/go-jose/go-jose/v4"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
 func TestOrderService_NewWithOptions(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
 	// small value keeps test fast
 	privateKey, errK := rsa.GenerateKey(rand.Reader, 1024)
 	require.NoError(t, errK, "Could not generate test key")
 
-	mux.HandleFunc("/newOrder", func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != http.MethodPost {
-			http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
-			return
-		}
-
-		body, err := readSignedBody(r, privateKey)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-
-		order := acme.Order{}
-		err = json.Unmarshal(body, &order)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-
-		err = tester.WriteJSONResponse(w, acme.Order{
-			Status:         acme.StatusValid,
-			Expires:        order.Expires,
-			Identifiers:    order.Identifiers,
-			Profile:        order.Profile,
-			NotBefore:      order.NotBefore,
-			NotAfter:       order.NotAfter,
-			Error:          order.Error,
-			Authorizations: order.Authorizations,
-			Finalize:       order.Finalize,
-			Certificate:    order.Certificate,
-			Replaces:       order.Replaces,
-		})
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /newOrder",
+			http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+				body, err := readSignedBody(req, privateKey)
+				if err != nil {
+					http.Error(rw, err.Error(), http.StatusBadRequest)
+					return
+				}
+
+				order := acme.Order{}
+				err = json.Unmarshal(body, &order)
+				if err != nil {
+					http.Error(rw, err.Error(), http.StatusBadRequest)
+					return
+				}
+
+				servermock.JSONEncode(acme.Order{
+					Status:         acme.StatusValid,
+					Expires:        order.Expires,
+					Identifiers:    order.Identifiers,
+					Profile:        order.Profile,
+					NotBefore:      order.NotBefore,
+					NotAfter:       order.NotAfter,
+					Error:          order.Error,
+					Authorizations: order.Authorizations,
+					Finalize:       order.Finalize,
+					Certificate:    order.Certificate,
+					Replaces:       order.Replaces,
+				}).ServeHTTP(rw, req)
+			})).
+		Build(t)
 
 	core, err := New(http.DefaultClient, "lego-test", apiURL+"/dir", "", privateKey)
 	require.NoError(t, err)

certificate/certificates_test.go

@@ -3,7 +3,6 @@ package certificate
 import (
 	"crypto/rand"
 	"crypto/rsa"
-	"encoding/pem"
 	"fmt"
 	"net/http"
 	"testing"
@@ -12,6 +11,7 @@ import (
 	"github.com/go-acme/lego/v4/acme/api"
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/platform/tester"
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -175,15 +175,9 @@ Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
 `
 
 func Test_checkResponse(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
-	mux.HandleFunc("/certificate", func(w http.ResponseWriter, _ *http.Request) {
-		_, err := w.Write([]byte(certResponseMock))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /certificate", servermock.RawStringResponse(certResponseMock)).
+		Build(t)
 
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err, "Could not generate test key")
@@ -215,25 +209,9 @@ func Test_checkResponse(t *testing.T) {
 }
 
 func Test_checkResponse_issuerRelUp(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
-	mux.HandleFunc("/certificate", func(w http.ResponseWriter, _ *http.Request) {
-		w.Header().Set("Link", "<"+apiURL+`/issuer>; rel="up"`)
-		_, err := w.Write([]byte(certResponseMock))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
-
-	mux.HandleFunc("/issuer", func(w http.ResponseWriter, _ *http.Request) {
-		p, _ := pem.Decode([]byte(issuerMock))
-		_, err := w.Write(p.Bytes)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /certificate", servermock.RawStringResponse(certResponseMock)).
+		Build(t)
 
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err, "Could not generate test key")
@@ -265,15 +243,9 @@ func Test_checkResponse_issuerRelUp(t *testing.T) {
 }
 
 func Test_checkResponse_no_bundle(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
-	mux.HandleFunc("/certificate", func(w http.ResponseWriter, _ *http.Request) {
-		_, err := w.Write([]byte(certResponseMock))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /certificate", servermock.RawStringResponse(certResponseMock)).
+		Build(t)
 
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err, "Could not generate test key")
@@ -305,25 +277,16 @@ func Test_checkResponse_no_bundle(t *testing.T) {
 }
 
 func Test_checkResponse_alternate(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
-	mux.HandleFunc("/certificate", func(w http.ResponseWriter, _ *http.Request) {
-		w.Header().Add("Link", fmt.Sprintf(`<%s/certificate/1>;title="foo";rel="alternate"`, apiURL))
-
-		_, err := w.Write([]byte(certResponseMock))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
-
-	mux.HandleFunc("/certificate/1", func(w http.ResponseWriter, _ *http.Request) {
-		_, err := w.Write([]byte(certResponseMock2))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /certificate",
+			http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+				rw.Header().Add("Link",
+					fmt.Sprintf(`<http://%s/certificate/1>;title="foo";rel="alternate"`, req.Context().Value(http.LocalAddrContextKey)))
+
+				servermock.RawStringResponse(certResponseMock).ServeHTTP(rw, req)
+			})).
+		Route("/certificate/1", servermock.RawStringResponse(certResponseMock2)).
+		Build(t)
 
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err, "Could not generate test key")
@@ -358,15 +321,9 @@ func Test_checkResponse_alternate(t *testing.T) {
 }
 
 func Test_Get(t *testing.T) {
-	mux, apiURL := tester.SetupFakeAPI(t)
-
-	mux.HandleFunc("/acme/cert/test-cert", func(w http.ResponseWriter, _ *http.Request) {
-		_, err := w.Write([]byte(certResponseMock))
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	})
+	apiURL := tester.MockACMEServer().
+		Route("POST /acme/cert/test-cert", servermock.RawStringResponse(certResponseMock)).
+		Build(t)
 
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err, "Could not generate test key")