[acme db interface] nosql authz unit tests

acme/api/handler_test.go

@@ -121,9 +121,9 @@ func TestHandler_GetAuthorization(t *testing.T) {
 			Type:  "dns",
 			Value: "example.com",
 		},
-		Status:   "pending",
-		Expires:  expiry,
-		Wildcard: false,
+		Status:    "pending",
+		ExpiresAt: expiry,
+		Wildcard:  false,
 		Challenges: []*acme.Challenge{
 			{
 				Type:    "http-01",
@@ -220,7 +220,7 @@ func TestHandler_GetAuthorization(t *testing.T) {
 						return &acme.Authorization{
 							AccountID: "accID",
 							Status:    acme.StatusPending,
-							Expires:   time.Now().Add(-1 * time.Hour),
+							ExpiresAt: time.Now().Add(-1 * time.Hour),
 						}, nil
 					},
 					MockUpdateAuthorization: func(ctx context.Context, az *acme.Authorization) error {

acme/api/order.go

@@ -89,14 +89,24 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	now := clock.Now()
+	expiry := now.Add(defaultOrderExpiry)
 	// New order.
-	o := &acme.Order{Identifiers: nor.Identifiers}
+	o := &acme.Order{
+		AccountID:     acc.ID,
+		ProvisionerID: prov.GetID(),
+		Status:        acme.StatusPending,
+		ExpiresAt:     expiry,
+		Identifiers:   nor.Identifiers,
+	}
 
 	o.AuthorizationIDs = make([]string, len(o.Identifiers))
 	for i, identifier := range o.Identifiers {
 		az := &acme.Authorization{
 			AccountID:  acc.ID,
 			Identifier: identifier,
+			ExpiresAt:  expiry,
+			Status:     acme.StatusPending,
 		}
 		if err := h.newAuthorization(ctx, az); err != nil {
 			api.WriteError(w, err)
@@ -105,14 +115,12 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
 		o.AuthorizationIDs[i] = az.ID
 	}
 
-	now := clock.Now()
 	if o.NotBefore.IsZero() {
 		o.NotBefore = now
 	}
 	if o.NotAfter.IsZero() {
 		o.NotAfter = o.NotBefore.Add(prov.DefaultTLSCertDuration())
 	}
-	o.Expires = now.Add(defaultOrderExpiry)
 
 	if err := h.db.CreateOrder(ctx, o); err != nil {
 		api.WriteError(w, acme.WrapErrorISE(err, "error creating order"))
@@ -156,6 +164,7 @@ func (h *Handler) newAuthorization(ctx context.Context, az *acme.Authorization)
 			Value:     az.Identifier.Value,
 			Type:      typ,
 			Token:     az.Token,
+			Status:    acme.StatusPending,
 		}
 		if err := h.db.CreateChallenge(ctx, ch); err != nil {
 			return err

acme/api/order_test.go

@@ -166,9 +166,9 @@ func TestHandler_GetOrder(t *testing.T) {
 				Value: "*.smallstep.com",
 			},
 		},
-		Expires: expiry,
-		Status:  acme.StatusInvalid,
-		Error:   acme.NewError(acme.ErrorMalformedType, "order has expired"),
+		ExpiresAt: expiry,
+		Status:    acme.StatusInvalid,
+		Error:     acme.NewError(acme.ErrorMalformedType, "order has expired"),
 		AuthorizationURLs: []string{
 			"https://test.ca.smallstep.com/acme/test@acme-provisioner.com/authz/foo",
 			"https://test.ca.smallstep.com/acme/test@acme-provisioner.com/authz/bar",
@@ -285,7 +285,7 @@ func TestHandler_GetOrder(t *testing.T) {
 						return &acme.Order{
 							AccountID:     "accountID",
 							ProvisionerID: "acme/test@acme-provisioner.com",
-							Expires:       clock.Now().Add(-time.Hour),
+							ExpiresAt:     clock.Now().Add(-time.Hour),
 							Status:        acme.StatusReady,
 						}, nil
 					},
@@ -311,7 +311,7 @@ func TestHandler_GetOrder(t *testing.T) {
 							ID:               "orderID",
 							AccountID:        "accountID",
 							ProvisionerID:    "acme/test@acme-provisioner.com",
-							Expires:          expiry,
+							ExpiresAt:        expiry,
 							Status:           acme.StatusReady,
 							AuthorizationIDs: []string{"foo", "bar", "baz"},
 							NotBefore:        nbf,
@@ -380,7 +380,7 @@ func TestHandler_NewOrder(t *testing.T) {
 	naf := nbf.Add(17 * time.Hour)
 	o := acme.Order{
 		ID:        "orderID",
-		Expires:   expiry,
+		ExpiresAt: expiry,
 		NotBefore: nbf,
 		NotAfter:  naf,
 		Identifiers: []acme.Identifier{
@@ -607,8 +607,8 @@ func TestHandler_FinalizeOrder(t *testing.T) {
 				Value: "*.smallstep.com",
 			},
 		},
-		Expires: naf,
-		Status:  acme.StatusValid,
+		ExpiresAt: naf,
+		Status:    acme.StatusValid,
 		AuthorizationURLs: []string{
 			"https://test.ca.smallstep.com/acme/test@acme-provisioner.com/authz/foo",
 			"https://test.ca.smallstep.com/acme/test@acme-provisioner.com/authz/bar",
@@ -788,7 +788,7 @@ func TestHandler_FinalizeOrder(t *testing.T) {
 						return &acme.Order{
 							AccountID:     "accountID",
 							ProvisionerID: "acme/test@acme-provisioner.com",
-							Expires:       clock.Now().Add(-time.Hour),
+							ExpiresAt:     clock.Now().Add(-time.Hour),
 							Status:        acme.StatusReady,
 						}, nil
 					},
@@ -815,7 +815,7 @@ func TestHandler_FinalizeOrder(t *testing.T) {
 							ID:               "orderID",
 							AccountID:        "accountID",
 							ProvisionerID:    "acme/test@acme-provisioner.com",
-							Expires:          naf,
+							ExpiresAt:        naf,
 							Status:           acme.StatusValid,
 							AuthorizationIDs: []string{"foo", "bar", "baz"},
 							NotBefore:        nbf,

acme/authorization.go

@@ -13,6 +13,7 @@ type Authorization struct {
 	ExpiresAt  time.Time    `json:"expires"`
 	Challenges []*Challenge `json:"challenges"`
 	Wildcard   bool         `json:"wildcard"`
+	Error      *Error       `json:"error,omitempty"`
 	ID         string       `json:"-"`
 	AccountID  string       `json:"-"`
 	Token      string       `json:"-"`

acme/db/nosql/authz.go

@@ -23,6 +23,7 @@ type dbAuthz struct {
 	Wildcard   bool            `json:"wildcard"`
 	CreatedAt  time.Time       `json:"createdAt"`
 	Error      *acme.Error     `json:"error"`
+	Token      string          `json:"token"`
 }
 
 func (ba *dbAuthz) clone() *dbAuthz {
@@ -35,14 +36,14 @@ func (ba *dbAuthz) clone() *dbAuthz {
 func (db *DB) getDBAuthz(ctx context.Context, id string) (*dbAuthz, error) {
 	data, err := db.db.Get(authzTable, []byte(id))
 	if nosql.IsErrNotFound(err) {
-		return nil, errors.Wrapf(err, "authz %s not found", id)
+		return nil, acme.NewError(acme.ErrorMalformedType, "authz %s not found", id)
 	} else if err != nil {
 		return nil, errors.Wrapf(err, "error loading authz %s", id)
 	}
 
 	var dbaz dbAuthz
 	if err = json.Unmarshal(data, &dbaz); err != nil {
-		return nil, errors.Wrap(err, "error unmarshaling authz type into dbAuthz")
+		return nil, errors.Wrapf(err, "error unmarshaling authz %s into dbAuthz", id)
 	}
 	return &dbaz, nil
 }
@@ -62,12 +63,15 @@ func (db *DB) GetAuthorization(ctx context.Context, id string) (*acme.Authorizat
 		}
 	}
 	return &acme.Authorization{
+		ID:         dbaz.ID,
+		AccountID:  dbaz.AccountID,
 		Identifier: dbaz.Identifier,
 		Status:     dbaz.Status,
 		Challenges: chs,
 		Wildcard:   dbaz.Wildcard,
 		ExpiresAt:  dbaz.ExpiresAt,
-		ID:         dbaz.ID,
+		Token:      dbaz.Token,
+		Error:      dbaz.Error,
 	}, nil
 }
 
@@ -89,11 +93,12 @@ func (db *DB) CreateAuthorization(ctx context.Context, az *acme.Authorization) e
 	dbaz := &dbAuthz{
 		ID:         az.ID,
 		AccountID:  az.AccountID,
-		Status:     acme.StatusPending,
+		Status:     az.Status,
 		CreatedAt:  now,
-		ExpiresAt:  now.Add(defaultExpiryDuration),
+		ExpiresAt:  az.ExpiresAt,
 		Identifier: az.Identifier,
 		Challenges: chIDs,
+		Token:      az.Token,
 		Wildcard:   az.Wildcard,
 	}
 
@@ -102,9 +107,6 @@ func (db *DB) CreateAuthorization(ctx context.Context, az *acme.Authorization) e
 
 // UpdateAuthorization saves an updated ACME Authorization to the database.
 func (db *DB) UpdateAuthorization(ctx context.Context, az *acme.Authorization) error {
-	if len(az.ID) == 0 {
-		return errors.New("id cannot be empty")
-	}
 	old, err := db.getDBAuthz(ctx, az.ID)
 	if err != nil {
 		return err
@@ -113,5 +115,6 @@ func (db *DB) UpdateAuthorization(ctx context.Context, az *acme.Authorization) e
 	nu := old.clone()
 
 	nu.Status = az.Status
+	nu.Error = az.Error
 	return db.save(ctx, old.ID, nu, old, "authz", authzTable)
 }