From c528d3817016661db1ded9057e7034c2f987a1ba Mon Sep 17 00:00:00 2001 From: Mojtaba Chenani Date: Tue, 30 Jan 2024 21:31:47 +0100 Subject: [PATCH] fix(e2ei): pass challenges to usecase and add tests --- .../wire/kalium/logic/data/e2ei/AcmeMapper.kt | 8 +- .../kalium/logic/data/e2ei/E2EIRepository.kt | 20 +- .../wire/kalium/logic/di/MapperProvider.kt | 3 + .../feature/e2ei/usecase/EnrollE2EIUseCase.kt | 9 +- .../logic/data/e2ei/E2EIRepositoryTest.kt | 148 +++++-- .../client/RegisterClientUseCaseTest.kt | 91 +---- .../client/RegisterMLSClientUseCaseTest.kt | 103 ++++- .../e2ei/EnrollE2EICertificateUseCaseTest.kt | 365 ++++++++---------- 8 files changed, 401 insertions(+), 346 deletions(-) diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/AcmeMapper.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/AcmeMapper.kt index 4b8ddcc9882..6d075ef8428 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/AcmeMapper.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/AcmeMapper.kt @@ -21,8 +21,12 @@ import com.wire.kalium.cryptography.NewAcmeAuthz import com.wire.kalium.network.api.base.unbound.acme.ACMEAuthorizationResponse import com.wire.kalium.network.api.base.unbound.acme.DtoAuthorizationChallengeType -class AcmeMapper { - fun fromDto(dto: ACMEAuthorizationResponse, newAcmeAuthz: NewAcmeAuthz) = AcmeAuthorization( +interface AcmeMapper{ + fun fromDto(dto: ACMEAuthorizationResponse, newAcmeAuthz: NewAcmeAuthz): AcmeAuthorization +} + +class AcmeMapperImpl: AcmeMapper { + override fun fromDto(dto: ACMEAuthorizationResponse, newAcmeAuthz: NewAcmeAuthz) = AcmeAuthorization( nonce = Nonce(dto.nonce), location = dto.location, response = dto.response, diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt index 208fa984cb6..209de9e2479 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt @@ -15,7 +15,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see http://www.gnu.org/licenses/. */ -@file:Suppress("konsist.repositoriesShouldNotAccessFeaturePackageClasses", "TooManyFunctions") +@file:Suppress("TooManyFunctions") package com.wire.kalium.logic.data.e2ei @@ -30,6 +30,7 @@ import com.wire.kalium.logic.data.client.MLSClientProvider import com.wire.kalium.logic.data.conversation.ClientId import com.wire.kalium.logic.data.conversation.MLSConversationRepository import com.wire.kalium.logic.data.id.CurrentClientIdProvider +import com.wire.kalium.logic.di.MapperProvider import com.wire.kalium.logic.feature.e2ei.usecase.E2EIEnrollmentResult import com.wire.kalium.logic.functional.Either import com.wire.kalium.logic.functional.flatMap @@ -51,7 +52,7 @@ import kotlinx.serialization.encodeToString import kotlinx.serialization.json.Json interface E2EIRepository { - suspend fun initE2EIClient(clientId: ClientId? = null, isNewClient: Boolean = false): Either + suspend fun initFreshE2EIClient(clientId: ClientId? = null, isNewClient: Boolean = false): Either suspend fun fetchAndSetTrustAnchors(): Either suspend fun loadACMEDirectories(): Either suspend fun getACMENonce(endpoint: String): Either @@ -102,17 +103,19 @@ class E2EIRepositoryImpl( private val currentClientIdProvider: CurrentClientIdProvider, private val mlsConversationRepository: MLSConversationRepository, private val userConfigRepository: UserConfigRepository, - private val acmeMapper: AcmeMapper = AcmeMapper() + private val acmeMapper: AcmeMapper = MapperProvider.acmeMapper() ) : E2EIRepository { - override suspend fun initE2EIClient(clientId: ClientId?, isNewClient: Boolean): Either = - e2EIClientProvider.getE2EIClient(clientId, isNewClient).fold({ + override suspend fun initFreshE2EIClient(clientId: ClientId?, isNewClient: Boolean): Either { + nukeE2EIClient() + return e2EIClientProvider.getE2EIClient(clientId, isNewClient).fold({ kaliumLogger.w("E2EI client initialization failed: $it") Either.Left(it) }, { kaliumLogger.w("E2EI client initialized for enrollment") Either.Right(Unit) }) + } override suspend fun fetchAndSetTrustAnchors(): Either = userConfigRepository.getE2EISettings().flatMap { wrapApiRequest { @@ -184,8 +187,8 @@ class E2EIRepositoryImpl( ): Either { var nonce = prevNonce val challenges = mutableMapOf() - val oidcAuthorization: NewAcmeAuthz? = null - val dpopAuthorization: NewAcmeAuthz? = null + var oidcAuthorization: NewAcmeAuthz? = null + var dpopAuthorization: NewAcmeAuthz? = null authorizationsEndpoints.forEach { endPoint -> val authorizationResponse = createAuthorization(nonce, endPoint).getOrFail { @@ -195,6 +198,9 @@ class E2EIRepositoryImpl( challenges[authorizationResponse.challengeType] = authorizationResponse.newAcmeAuthz } + oidcAuthorization = challenges[AuthorizationChallengeType.OIDC] + dpopAuthorization = challenges[AuthorizationChallengeType.DPoP] + if (oidcAuthorization == null || dpopAuthorization == null) return Either.Left(CoreFailure.Unknown(Throwable("Missing ACME Challenges"))) diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/di/MapperProvider.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/di/MapperProvider.kt index fe8c971356a..f2714d2c56f 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/di/MapperProvider.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/di/MapperProvider.kt @@ -49,6 +49,8 @@ import com.wire.kalium.logic.data.conversation.ProtocolInfoMapper import com.wire.kalium.logic.data.conversation.ProtocolInfoMapperImpl import com.wire.kalium.logic.data.conversation.ReceiptModeMapper import com.wire.kalium.logic.data.conversation.ReceiptModeMapperImpl +import com.wire.kalium.logic.data.e2ei.AcmeMapper +import com.wire.kalium.logic.data.e2ei.AcmeMapperImpl import com.wire.kalium.logic.data.event.EventMapper import com.wire.kalium.logic.data.featureConfig.FeatureConfigMapper import com.wire.kalium.logic.data.featureConfig.FeatureConfigMapperImpl @@ -171,4 +173,5 @@ internal object MapperProvider { fun sendMessagePartialFailureMapper(): SendMessagePartialFailureMapper = SendMessagePartialFailureMapperImpl() fun serviceMapper(): ServiceMapper = ServiceMapper() fun legalHoldStatusMapper(): LegalHoldStatusMapper = LegalHoldStatusMapperImpl + fun acmeMapper(): AcmeMapper = AcmeMapperImpl() } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt index 054d8da31a1..108cf1ddf97 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt @@ -54,7 +54,7 @@ class EnrollE2EIUseCaseImpl internal constructor( override suspend fun initialEnrollment(isNewClientRegistration: Boolean): Either { kaliumLogger.i("start E2EI Enrollment Initialization") - e2EIRepository.initE2EIClient(isNewClient = isNewClientRegistration) + e2EIRepository.initFreshE2EIClient(isNewClient = isNewClientRegistration) e2EIRepository.fetchAndSetTrustAnchors() @@ -105,7 +105,7 @@ class EnrollE2EIUseCaseImpl internal constructor( oidcAuthorizations.challenge.url ), dPopAuthorizations = dPopAuthorizations, - oidcAuthorizations = dPopAuthorizations, + oidcAuthorizations = oidcAuthorizations, lastNonce = prevNonce, orderLocation = newOrderResponse.third, isNewClientRegistration = isNewClientRegistration @@ -201,8 +201,6 @@ class EnrollE2EIUseCaseImpl internal constructor( ).toEitherLeft() } - e2EIRepository.nukeE2EIClient() - return Either.Right(E2EIEnrollmentResult.Finalized(certificateRequest.response.decodeToString())) } @@ -235,7 +233,6 @@ class EnrollE2EIUseCaseImpl internal constructor( sealed interface E2EIEnrollmentResult { enum class E2EIStep { - TrustAnchors, AcmeNonce, AcmeDirectories, AcmeNewAccount, @@ -254,7 +251,7 @@ sealed interface E2EIEnrollmentResult { } @Suppress("LongParameterList") - class Initialized( + data class Initialized( val target: String, val oAuthState: String?, val oAuthClaims: JsonObject, diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt index c64784f9ce1..1a2c95167fa 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt @@ -50,8 +50,8 @@ import com.wire.kalium.network.api.base.unbound.acme.ACMEApi import com.wire.kalium.network.api.base.unbound.acme.ACMEAuthorizationResponse import com.wire.kalium.network.api.base.unbound.acme.ACMEResponse import com.wire.kalium.network.api.base.unbound.acme.AcmeDirectoriesResponse -import com.wire.kalium.network.api.base.unbound.acme.DtoAuthorizationChallengeType import com.wire.kalium.network.api.base.unbound.acme.ChallengeResponse +import com.wire.kalium.network.api.base.unbound.acme.DtoAuthorizationChallengeType import com.wire.kalium.network.exceptions.KaliumException import com.wire.kalium.network.utils.NetworkResponse import com.wire.kalium.util.DateTimeUtil @@ -65,11 +65,12 @@ import io.mockative.given import io.mockative.mock import io.mockative.once import io.mockative.thenDoNothing +import io.mockative.time import io.mockative.verify -import kotlinx.coroutines.ExperimentalCoroutinesApi import kotlinx.coroutines.test.runTest -import kotlin.test.Ignore import kotlin.test.Test +import kotlin.test.assertEquals +import kotlin.test.assertIs class E2EIRepositoryTest { @Test @@ -303,18 +304,17 @@ class E2EIRepositoryTest { .wasNotInvoked() } - //todo: fix later - @Ignore @Test - fun givenSendAcmeRequestSucceed_whenCallingCreateAuthz_thenItSucceed() = runTest { + fun givenSendAuthorizationRequestSucceed_whenCallingCreateAuthz_thenItSucceed() = runTest { // Given val (arrangement, e2eiRepository) = Arrangement() - .withSendAuthorizationRequestSucceed() + .withGetNewAuthzRequestSuccessful() + .withSendAuthorizationRequestSucceed(url = RANDOM_URL ,DtoAuthorizationChallengeType.DPoP) + .withSendAcmeRequestApiSucceed() .withSetAuthzResponseSuccessful() .withSendAcmeRequestApiSucceed() .withGetE2EIClientSuccessful() .withGetMLSClientSuccessful() - .withGetNewAuthzRequestSuccessful() .arrange() // When @@ -329,7 +329,7 @@ class E2EIRepositoryTest { .wasInvoked(once) verify(arrangement.acmeApi) - .suspendFunction(arrangement.acmeApi::sendACMERequest) + .suspendFunction(arrangement.acmeApi::sendAuthorizationRequest) .with(anyInstanceOf(String::class), any()) .wasInvoked(once) @@ -339,14 +339,47 @@ class E2EIRepositoryTest { .wasInvoked(once) } - //todo: fix later - @Ignore @Test - fun givenSendAcmeRequestFails_whenCallingCreateAuthz_thenItFail() = runTest { + fun givenSendAuthorizationRequestFails_whenCallingCreateAuthz_thenItFail() = runTest { // Given val (arrangement, e2eiRepository) = Arrangement() - .withSendAuthorizationRequestSucceed() - .withSendAcmeRequestApiFails() + .withGetNewAuthzRequestSuccessful() + .withSendAuthorizationRequestFails() + .withSendAcmeRequestApiSucceed() + .withSetAuthzResponseSuccessful() + .withSendAcmeRequestApiSucceed() + .withGetE2EIClientSuccessful() + .withGetMLSClientSuccessful() + .arrange() + + // When + val result = e2eiRepository.createAuthorization(RANDOM_NONCE, RANDOM_URL) + + // Then + result.shouldFail() + + verify(arrangement.e2eiClient) + .suspendFunction(arrangement.e2eiClient::getNewAuthzRequest) + .with(anyInstanceOf(String::class)) + .wasInvoked(once) + + verify(arrangement.acmeApi) + .suspendFunction(arrangement.acmeApi::sendAuthorizationRequest) + .with(anyInstanceOf(String::class), any()) + .wasInvoked(once) + + verify(arrangement.e2eiClient) + .suspendFunction(arrangement.e2eiClient::setAuthzResponse) + .with(anyInstanceOf(ByteArray::class)) + .wasNotInvoked() + } + + @Test + fun givenSendAuthorizationRequestFails_whenCallingGetAuthorizations_thenItFail() = runTest { + val authorizationsUrls = listOf(RANDOM_URL, RANDOM_URL) + // Given + val (arrangement, e2eiRepository) = Arrangement() + .withSendAuthorizationRequestFails() .withGetE2EIClientSuccessful() .withGetMLSClientSuccessful() .withGetNewAuthzRequestSuccessful() @@ -354,7 +387,7 @@ class E2EIRepositoryTest { .arrange() // When - val result = e2eiRepository.getAuthorizations(RANDOM_NONCE, listOf(RANDOM_URL)) + val result = e2eiRepository.getAuthorizations(RANDOM_NONCE, authorizationsUrls) // Then result.shouldFail() @@ -372,7 +405,47 @@ class E2EIRepositoryTest { verify(arrangement.e2eiClient) .suspendFunction(arrangement.e2eiClient::setAuthzResponse) .with(anyInstanceOf(ByteArray::class)) - .wasInvoked(once) + .wasNotInvoked() + } + + @Test + fun givenSendAuthorizationRequestSucceed_whenCallingGetAuthorizations_thenItSucceed() = runTest { + val authorizationsUrls = listOf("$RANDOM_URL/oidc", "$RANDOM_URL/dpop") + val expected = Arrangement.AUTHORIZATIONS_RESULT + // Given + val (arrangement, e2eiRepository) = Arrangement() + .withSendAuthorizationRequestSucceed(url = authorizationsUrls[0],DtoAuthorizationChallengeType.DPoP) + .withSendAuthorizationRequestSucceed(url = authorizationsUrls[1], DtoAuthorizationChallengeType.OIDC) + .withGetE2EIClientSuccessful() + .withGetMLSClientSuccessful() + .withGetNewAuthzRequestSuccessful() + .withSetAuthzResponseSuccessful() + .arrange() + + // When + val result = e2eiRepository.getAuthorizations(RANDOM_NONCE, authorizationsUrls) + + // Then + result.shouldSucceed() + + assertIs(result.value) + + assertEquals(expected, result.value as AuthorizationResult) + + verify(arrangement.e2eiClient) + .suspendFunction(arrangement.e2eiClient::getNewAuthzRequest) + .with(anyInstanceOf(String::class)) + .wasInvoked(authorizationsUrls.size.time) + + verify(arrangement.acmeApi) + .suspendFunction(arrangement.acmeApi::sendAuthorizationRequest) + .with(anyInstanceOf(String::class), any()) + .wasInvoked(authorizationsUrls.size.time) + + verify(arrangement.e2eiClient) + .suspendFunction(arrangement.e2eiClient::setAuthzResponse) + .with(anyInstanceOf(ByteArray::class)) + .wasInvoked(authorizationsUrls.size.time) } @Test @@ -720,7 +793,6 @@ class E2EIRepositoryTest { .wasInvoked(once) } - @OptIn(ExperimentalCoroutinesApi::class) @Test fun givenCertificate_whenCallingRotateKeysAndMigrateConversationFails_thenReturnFailure() = runTest { // Given @@ -849,14 +921,11 @@ class E2EIRepositoryTest { .wasNotInvoked() } - //todo: fix later - @Ignore @Test fun givenACMETrustAnchorsApiSucceed_whenFetchACMETrustAnchors_thenItSucceed() = runTest { // Given val (arrangement, e2eiRepository) = Arrangement() - .withSendAuthorizationRequestSucceed() .withGettingE2EISettingsReturns(Either.Right(E2EI_TEAM_SETTINGS.copy(discoverUrl = RANDOM_URL+"/random/path"))) .withFetchAcmeTrustAnchorsApiSucceed() .withGetMLSClientSuccessful() @@ -881,7 +950,7 @@ class E2EIRepositoryTest { verify(arrangement.mlsClient) .suspendFunction(arrangement.mlsClient::registerTrustAnchors) - .with(eq("")) + .with(eq(Arrangement.RANDOM_BYTE_ARRAY.decodeToString())) .wasInvoked(once) } private class Arrangement { @@ -963,7 +1032,6 @@ class E2EIRepositoryTest { .thenReturn(Either.Right(TestClient.CLIENT_ID)) } - fun withFinalizeResponseSuccessful() = apply { given(e2eiClient) .suspendFunction(e2eiClient::finalizeResponse) @@ -1003,7 +1071,7 @@ class E2EIRepositoryTest { given(e2eiClient) .suspendFunction(e2eiClient::setAuthzResponse) .whenInvokedWith(anything()) - .thenReturn(ACME_AUTHZ) + .thenReturn(OIDC_AUTHZ) } fun withGetMLSClientSuccessful() = apply { @@ -1033,7 +1101,6 @@ class E2EIRepositoryTest { .thenReturn(NetworkResponse.Error(INVALID_REQUEST_ERROR)) } - fun withSendAcmeRequestApiSucceed() = apply { given(acmeApi) .suspendFunction(acmeApi::sendACMERequest) @@ -1048,11 +1115,22 @@ class E2EIRepositoryTest { .thenReturn(NetworkResponse.Error(INVALID_REQUEST_ERROR)) } - fun withSendAuthorizationRequestSucceed() = apply { + fun withSendAuthorizationRequestSucceed(url: String, challengeType: DtoAuthorizationChallengeType) = apply { + given(acmeApi).suspendFunction(acmeApi::sendAuthorizationRequest).whenInvokedWith(eq(url), any()) + .thenReturn( + NetworkResponse.Success( + ACME_AUTHORIZATION_RESPONSE.copy(challengeType = challengeType), + headers = HEADERS, + 200 + ) + ) + } + + fun withSendAuthorizationRequestFails() = apply { given(acmeApi) .suspendFunction(acmeApi::sendAuthorizationRequest) .whenInvokedWith(any(), any()) - .thenReturn(NetworkResponse.Success(ACME_AUTHORIZATION_RESPONSE, mapOf(), 200)) + .thenReturn(NetworkResponse.Error(INVALID_REQUEST_ERROR)) } fun withSendChallengeRequestApiSucceed() = apply { @@ -1164,7 +1242,6 @@ class E2EIRepositoryTest { val ACME_BASE_URL = "https://balderdash.hogwash.work:9000" - val ACME_DIRECTORIES_RESPONSE = AcmeDirectoriesResponse( newNonce = "$ACME_BASE_URL/acme/wire/new-nonce", newAccount = "$ACME_BASE_URL/acme/wire/new-account", @@ -1196,7 +1273,13 @@ class E2EIRepositoryTest { target = RANDOM_URL ) - val ACME_AUTHZ = NewAcmeAuthz( + val OIDC_AUTHZ = NewAcmeAuthz( + identifier = "identifier", + keyAuth = "keyauth", + challenge = ACME_CHALLENGE + ) + + val DPOP_AUTHZ = NewAcmeAuthz( identifier = "identifier", keyAuth = "keyauth", challenge = ACME_CHALLENGE @@ -1218,6 +1301,15 @@ class E2EIRepositoryTest { challengeType = DtoAuthorizationChallengeType.DPoP ) + val AUTHORIZATIONS_RESULT = AuthorizationResult( + oidcAuthorization = OIDC_AUTHZ, + dpopAuthorization = DPOP_AUTHZ, + nonce = RANDOM_NONCE + ) + const val NONCE_HEADER_KEY = "Replay-Nonce" + const val LOCATION_HEADER_KEY = "location" + val HEADERS = mapOf(NONCE_HEADER_KEY to RANDOM_NONCE.value, LOCATION_HEADER_KEY to RANDOM_URL) + val E2EI_TEAM_SETTINGS = E2EISettings( true, RANDOM_URL, DateTimeUtil.currentInstant() ) diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterClientUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterClientUseCaseTest.kt index f4b40fa2076..133542caec6 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterClientUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterClientUseCaseTest.kt @@ -301,16 +301,12 @@ class RegisterClientUseCaseTest { .wasNotInvoked() } - //todo: fix later - @Ignore @Test fun givenMLSClientRegistrationFails_whenRegistering_thenNoPersistenceShouldBeDone() = runTest { val registeredClient = CLIENT val (arrangement, registerClient) = Arrangement() .withRegisterClient(Either.Right(registeredClient)) - .withMLSClient(Either.Right(MLS_CLIENT)) - .withGetMLSPublicKey(MLS_PUBLIC_KEY) .withRegisterMLSClient(Either.Left(TEST_FAILURE)) .withSelfCookieLabel(Either.Right(TEST_COOKIE_LABEL)) .arrange() @@ -323,41 +319,13 @@ class RegisterClientUseCaseTest { .wasNotInvoked() } - //todo: fix later - @Ignore - @Test - fun givenKeyPackageUploadFails_whenRegistering_thenNoPersistenceShouldBeDone() = runTest { - val registeredClient = CLIENT - - val (arrangement, registerClient) = Arrangement() - .withRegisterClient(Either.Right(registeredClient)) - .withMLSClient(Either.Right(MLS_CLIENT)) - .withGetMLSPublicKey(MLS_PUBLIC_KEY) - .withRegisterMLSClient(Either.Right(Unit)) - .withUploadNewKeyPackages(Either.Left(TEST_FAILURE)) - .withSelfCookieLabel(Either.Right(TEST_COOKIE_LABEL)) - .arrange() - - registerClient(RegisterClientUseCase.RegisterClientParam(TEST_PASSWORD, TEST_CAPABILITIES)) - - verify(arrangement.clientRepository) - .suspendFunction(arrangement.clientRepository::persistClientId) - .with(anything()) - .wasNotInvoked() - } - - //todo: fix later - @Ignore @Test fun givenRegisteringSucceedsAndPersistingClientIdSucceeds_whenRegistering_thenSuccessShouldBePropagated() = runTest { val registeredClient = CLIENT val (arrangement, registerClient) = Arrangement() .withRegisterClient(Either.Right(registeredClient)) - .withMLSClient(Either.Right(MLS_CLIENT)) - .withGetMLSPublicKey(MLS_PUBLIC_KEY) - .withRegisterMLSClient(Either.Right(Unit)) - .withUploadNewKeyPackages(Either.Right(Unit)) + .withRegisterMLSClient(Either.Right(RegisterMLSClientResult.Success)) .withUpdateOTRLastPreKeyId(Either.Right(Unit)) .withSelfCookieLabel(Either.Right(TEST_COOKIE_LABEL)) .arrange() @@ -421,27 +389,9 @@ class RegisterClientUseCaseTest { .wasInvoked(exactly = once) } - @Test - fun givenWeAreNotAllowedToRegisterMLSClient_whenRegistering_thenMLSClientIsNotRegistered() = runTest { - val registeredClient = CLIENT - - val (arrangement, registerClient) = Arrangement() - .withIsAllowedToRegisterMLSClient(false) - .withRegisterClient(Either.Right(registeredClient)) - .withUpdateOTRLastPreKeyId(Either.Right(Unit)) - .withSelfCookieLabel(Either.Right(TEST_COOKIE_LABEL)) - .arrange() - - val result = registerClient(RegisterClientUseCase.RegisterClientParam(TEST_PASSWORD, TEST_CAPABILITIES)) - - verify(arrangement.clientRepository) - .suspendFunction(arrangement.clientRepository::registerMLSClient) - .with(any(), any()) - .wasNotInvoked() - - assertIs(result) - assertEquals(registeredClient, result.client) - } + //mls returns e2ei is required + //make sure we invoked the team settings fetched + //finalizing the client registration private companion object { const val KEY_PACKAGE_LIMIT = 100 @@ -489,12 +439,6 @@ class RegisterClientUseCaseTest { @Mock val preKeyRepository = mock(classOf()) - @Mock - val keyPackageRepository = mock(classOf()) - - @Mock - val mlsClientProvider = mock(classOf()) - @Mock val keyPackageLimitsProvider = mock(classOf()) @@ -557,34 +501,13 @@ class RegisterClientUseCaseTest { .then { result } } - fun withMLSClient(result: Either) = apply { - given(mlsClientProvider) - .suspendFunction(mlsClientProvider::getMLSClient) + fun withRegisterMLSClient(result: Either) = apply { + given(registerMLSClient) + .suspendFunction(registerMLSClient::invoke) .whenInvokedWith(eq(CLIENT.id)) .then { result } } - fun withGetMLSPublicKey(result: ByteArray) = apply { - given(MLS_CLIENT) - .suspendFunction(MLS_CLIENT::getPublicKey) - .whenInvoked() - .thenReturn(result) - } - - fun withRegisterMLSClient(result: Either) = apply { - given(clientRepository) - .suspendFunction(clientRepository::registerMLSClient) - .whenInvokedWith(eq(CLIENT.id), eq(MLS_PUBLIC_KEY)) - .thenReturn(result) - } - - fun withUploadNewKeyPackages(result: Either) = apply { - given(keyPackageRepository) - .suspendFunction(keyPackageRepository::uploadNewKeyPackages) - .whenInvokedWith(anything(), eq(100)) - .thenReturn(result) - } - fun withGenerateNewPreKeys(result: Either>) = apply { given(preKeyRepository) .suspendFunction(preKeyRepository::generateNewPreKeys) diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt index f2e896f92f6..2799788e5c6 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/client/RegisterMLSClientUseCaseTest.kt @@ -20,13 +20,18 @@ package com.wire.kalium.logic.feature.client import com.wire.kalium.cryptography.MLSClient import com.wire.kalium.logic.CoreFailure +import com.wire.kalium.logic.StorageFailure +import com.wire.kalium.logic.configuration.E2EISettings import com.wire.kalium.logic.configuration.UserConfigRepository import com.wire.kalium.logic.data.client.ClientRepository import com.wire.kalium.logic.data.client.MLSClientProvider import com.wire.kalium.logic.data.keypackage.KeyPackageLimitsProvider import com.wire.kalium.logic.data.keypackage.KeyPackageRepository +import com.wire.kalium.logic.feature.client.RegisterMLSClientUseCaseTest.Arrangement.Companion.E2EI_TEAM_SETTINGS import com.wire.kalium.logic.framework.TestClient import com.wire.kalium.logic.functional.Either +import com.wire.kalium.logic.util.shouldSucceed +import com.wire.kalium.util.DateTimeUtil import io.mockative.Mock import io.mockative.anything import io.mockative.classOf @@ -36,24 +41,93 @@ import io.mockative.mock import io.mockative.once import io.mockative.verify import kotlinx.coroutines.test.runTest -import kotlin.test.Ignore import kotlin.test.Test +import kotlin.test.assertIs class RegisterMLSClientUseCaseTest { - //todo: fix later - @Ignore @Test - fun givenRegisterMLSClientUseCase_whenInvoked_thenRegisterMLSClient() = + fun givenRegisterMLSClientUseCaseAndE2EIIsRequired_whenInvokedAndE2EIIsEnrolled_thenRegisterMLSClient() = runTest() { + val e2eiIsRequired = true + val e2eiIsEnrolled = true val (arrangement, registerMLSClient) = Arrangement() .withGetMLSClientSuccessful() + .withMLSClientE2EIIsEnabledReturns(e2eiIsEnrolled) + .withGettingE2EISettingsReturns(Either.Right(E2EI_TEAM_SETTINGS.copy(isRequired = e2eiIsRequired))) .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY) .withRegisterMLSClient(Either.Right(Unit)) .withKeyPackageLimits(Arrangement.REFILL_AMOUNT) .withUploadKeyPackagesSuccessful() .arrange() - registerMLSClient(TestClient.CLIENT_ID) + val result = registerMLSClient(TestClient.CLIENT_ID) + + result.shouldSucceed() + + assertIs(result.value) + + + verify(arrangement.clientRepository) + .suspendFunction(arrangement.clientRepository::registerMLSClient) + .with(eq(TestClient.CLIENT_ID), eq(Arrangement.MLS_PUBLIC_KEY)) + .wasInvoked(exactly = once) + + verify(arrangement.keyPackageRepository) + .suspendFunction(arrangement.keyPackageRepository::uploadNewKeyPackages) + .with(eq(TestClient.CLIENT_ID), eq(Arrangement.REFILL_AMOUNT)) + } + + @Test + fun givenRegisterMLSClientUseCaseAndE2EIIsRequired_whenInvokedAndE2EIIsNotEnrolled_thenNotRegisterMLSClient() = + runTest() { + val e2eiIsRequired = true + val e2eiIsEnrolled = false + val (arrangement, registerMLSClient) = Arrangement() + .withGetMLSClientSuccessful() + .withMLSClientE2EIIsEnabledReturns(e2eiIsEnrolled) + .withGettingE2EISettingsReturns(Either.Right(E2EI_TEAM_SETTINGS.copy(isRequired = e2eiIsRequired))) + .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY) + .withRegisterMLSClient(Either.Right(Unit)) + .withKeyPackageLimits(Arrangement.REFILL_AMOUNT) + .withUploadKeyPackagesSuccessful() + .arrange() + + val result = registerMLSClient(TestClient.CLIENT_ID) + + result.shouldSucceed() + + assertIs(result.value) + + + verify(arrangement.clientRepository) + .suspendFunction(arrangement.clientRepository::registerMLSClient) + .with(eq(TestClient.CLIENT_ID), eq(Arrangement.MLS_PUBLIC_KEY)) + .wasNotInvoked() + + verify(arrangement.keyPackageRepository) + .suspendFunction(arrangement.keyPackageRepository::uploadNewKeyPackages) + .with(eq(TestClient.CLIENT_ID), eq(Arrangement.REFILL_AMOUNT)) + .wasNotInvoked() + } + + @Test + fun givenRegisterMLSClientUseCaseAndE2EIIsNotRequired_whenInvoked_thenRegisterMLSClient() = + runTest() { + val e2eiIsRequired = false + val (arrangement, registerMLSClient) = Arrangement() + .withGetMLSClientSuccessful() + .withGettingE2EISettingsReturns(Either.Right(E2EI_TEAM_SETTINGS.copy(isRequired = e2eiIsRequired))) + .withGetPublicKey(Arrangement.MLS_PUBLIC_KEY) + .withRegisterMLSClient(Either.Right(Unit)) + .withKeyPackageLimits(Arrangement.REFILL_AMOUNT) + .withUploadKeyPackagesSuccessful() + .arrange() + + val result = registerMLSClient(TestClient.CLIENT_ID) + + result.shouldSucceed() + + assertIs(result.value) verify(arrangement.clientRepository) .suspendFunction(arrangement.clientRepository::registerMLSClient) @@ -81,9 +155,24 @@ class RegisterMLSClientUseCaseTest { @Mock val keyPackageLimitsProvider = mock(classOf()) + @Mock val userConfigRepository = mock(classOf()) + fun withGettingE2EISettingsReturns(result: Either) = apply { + given(userConfigRepository) + .function(userConfigRepository::getE2EISettings) + .whenInvoked() + .thenReturn(result) + } + + fun withMLSClientE2EIIsEnabledReturns(result: Boolean) = apply { + given(mlsClient) + .suspendFunction(mlsClient::isE2EIEnabled) + .whenInvoked() + .thenReturn(result) + } + fun withRegisterMLSClient(result: Either) = apply { given(clientRepository) .suspendFunction(clientRepository::registerMLSClient) @@ -128,6 +217,10 @@ class RegisterMLSClientUseCaseTest { companion object { val MLS_PUBLIC_KEY = "public_key".encodeToByteArray() const val REFILL_AMOUNT = 100 + val RANDOM_URL = "https://random.rn" + val E2EI_TEAM_SETTINGS = E2EISettings( + true, RANDOM_URL, DateTimeUtil.currentInstant() + ) } } diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt index 9dec278e60f..1775aa8ff54 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt @@ -22,7 +22,6 @@ import com.wire.kalium.cryptography.AcmeDirectory import com.wire.kalium.cryptography.NewAcmeAuthz import com.wire.kalium.cryptography.NewAcmeOrder import com.wire.kalium.logic.CoreFailure -import com.wire.kalium.logic.data.e2ei.AuthorizationChallengeType import com.wire.kalium.logic.data.e2ei.AuthorizationResult import com.wire.kalium.logic.data.e2ei.E2EIRepository import com.wire.kalium.logic.data.e2ei.Nonce @@ -34,12 +33,12 @@ import com.wire.kalium.logic.util.shouldFail import com.wire.kalium.logic.util.shouldSucceed import com.wire.kalium.network.api.base.authenticated.e2ei.AccessTokenResponse import com.wire.kalium.network.api.base.unbound.acme.ACMEResponse -import com.wire.kalium.network.api.base.unbound.acme.AuthorizationResponse import com.wire.kalium.network.api.base.unbound.acme.ChallengeResponse import io.mockative.Mock import io.mockative.any import io.mockative.anything import io.mockative.classOf +import io.mockative.eq import io.mockative.given import io.mockative.mock import io.mockative.once @@ -48,14 +47,13 @@ import kotlinx.coroutines.ExperimentalCoroutinesApi import kotlinx.coroutines.test.runTest import kotlinx.serialization.json.JsonObject import kotlinx.serialization.json.JsonPrimitive -import kotlin.test.Ignore import kotlin.test.Test +import kotlin.test.assertEquals +import kotlin.test.assertIs @ExperimentalCoroutinesApi class EnrollE2EICertificateUseCaseTest { - //todo: fix later - @Ignore @Test fun givenLoadACMEDirectoriesFails_whenInvokeUseCase_thenReturnFailure() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() @@ -97,6 +95,7 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getAuthorizations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getOAuthRefreshToken).with().wasNotInvoked() verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getWireNonce) .with() @@ -133,10 +132,9 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations).with().wasNotInvoked() } - //todo: fix later - @Ignore @Test fun givenGetACMENonceFails_whenInvokeUseCase_thenReturnFailure() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() @@ -157,17 +155,14 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::fetchAndSetTrustAnchors) .with() .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::loadACMEDirectories) .with() .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getACMENonce) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::createNewAccount) .with() @@ -180,6 +175,7 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getAuthorizations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getOAuthRefreshToken).with().wasNotInvoked() verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getWireNonce) .with() @@ -204,16 +200,13 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::checkOrderRequest) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::checkOrderRequest) + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::finalize) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::finalize) + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::certificateRequest) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::certificateRequest) + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() verify(arrangement.e2EIRepository) @@ -222,8 +215,6 @@ class EnrollE2EICertificateUseCaseTest { .wasNotInvoked() } - //todo: fix later - @Ignore @Test fun givenCreateNewAccountFails_whenInvokeUseCase_thenReturnFailure() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() @@ -269,6 +260,7 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getAuthorizations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getOAuthRefreshToken).with().wasNotInvoked() verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getWireNonce) .with() @@ -298,7 +290,8 @@ class EnrollE2EICertificateUseCaseTest { .with() .wasNotInvoked() verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::certificateRequest) + .function(arrangement.e2EIRepository::certificateRequest).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() verify(arrangement.e2EIRepository) @@ -307,8 +300,6 @@ class EnrollE2EICertificateUseCaseTest { .wasNotInvoked() } - //todo: fix later - @Ignore @Test fun givenUseCase_whenCreateNewOrderFailing_thenReturnFailure() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() @@ -353,7 +344,8 @@ class EnrollE2EICertificateUseCaseTest { .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getAuthorizations) + .function(arrangement.e2EIRepository::getAuthorizations).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getOAuthRefreshToken) .with() .wasNotInvoked() verify(arrangement.e2EIRepository) @@ -385,7 +377,8 @@ class EnrollE2EICertificateUseCaseTest { .with() .wasNotInvoked() verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::certificateRequest) + .function(arrangement.e2EIRepository::certificateRequest).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() verify(arrangement.e2EIRepository) @@ -394,8 +387,6 @@ class EnrollE2EICertificateUseCaseTest { .wasNotInvoked() } - //todo: fix later - @Ignore @Test fun givenUseCase_whenCreateAuthorizationsFailing_thenReturnFailure() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() @@ -445,6 +436,7 @@ class EnrollE2EICertificateUseCaseTest { .with(any(), any>()) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getOAuthRefreshToken).with().wasNotInvoked() verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getWireNonce) .with() @@ -474,7 +466,8 @@ class EnrollE2EICertificateUseCaseTest { .with() .wasNotInvoked() verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::certificateRequest) + .function(arrangement.e2EIRepository::certificateRequest).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() verify(arrangement.e2EIRepository) @@ -484,9 +477,11 @@ class EnrollE2EICertificateUseCaseTest { } @Test - fun givenUseCase_whenGetWireNonceFailing_thenReturnFailure() = runTest { + fun givenUseCase_whenCallingInitialization_thenReturnInitializationResult() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() + val expected = INITIALIZATION_RESULT + // given arrangement.withInitializingE2EIClientSucceed() arrangement.withLoadTrustAnchorsResulting(Either.Right(Unit)) @@ -494,7 +489,54 @@ class EnrollE2EICertificateUseCaseTest { arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) + arrangement.withGettingRefreshTokenSucceeding() arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) + + // when + val result = enrollE2EICertificateUseCase.initialEnrollment() + + // then + + result.shouldSucceed() + + assertIs(result.value) + + assertEquals(expected, result.value as E2EIEnrollmentResult.Initialized) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::fetchAndSetTrustAnchors).with().wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::loadACMEDirectories).with().wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getACMENonce).with(any()).wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::createNewAccount).with(any(), any()) + .wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::createNewOrder).with(any(), any()) + .wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getAuthorizations).with(any(), any>()) + .wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getOAuthRefreshToken).with().wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getWireNonce).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getDPoPToken).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getWireAccessToken).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::validateDPoPChallenge).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::validateOIDCChallenge).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::checkOrderRequest).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::finalize).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::certificateRequest).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations).with().wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations).with().wasNotInvoked() + } + + @Test + fun givenUseCase_whenGetWireNonceFailing_thenReturnFailure() = runTest { + val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() + + // given arrangement.withGetWireNonceResulting(TEST_EITHER_LEFT) // when @@ -540,10 +582,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() } @Test @@ -551,11 +589,6 @@ class EnrollE2EICertificateUseCaseTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(TEST_EITHER_LEFT) @@ -604,10 +637,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() } @Test @@ -615,11 +644,6 @@ class EnrollE2EICertificateUseCaseTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(TEST_EITHER_LEFT) @@ -641,8 +665,7 @@ class EnrollE2EICertificateUseCaseTest { .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) + .function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) @@ -669,10 +692,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() } @Test @@ -680,11 +699,6 @@ class EnrollE2EICertificateUseCaseTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -707,13 +721,12 @@ class EnrollE2EICertificateUseCaseTest { .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) + .function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) - .with(any(), any(), any()) + .with(eq(WIRE_ACCESS_TOKEN.token), any(), eq(DPOP_AUTHZ.challenge)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) @@ -736,10 +749,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() } @Test @@ -747,11 +756,6 @@ class EnrollE2EICertificateUseCaseTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -774,18 +778,19 @@ class EnrollE2EICertificateUseCaseTest { .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) + .function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) - .with(any(), any(), any()) + .with(eq(WIRE_ACCESS_TOKEN.token), any(), eq(DPOP_AUTHZ.challenge)) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateOIDCChallenge) - .with(any(), any(), any(), any()) + .with(eq(RANDOM_ID_TOKEN), eq(REFRESH_TOKEN), any(), eq(OIDC_AUTHZ.challenge)) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::checkOrderRequest) .with() @@ -802,10 +807,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() } @Test @@ -813,11 +814,6 @@ class EnrollE2EICertificateUseCaseTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -839,22 +835,24 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getDPoPToken) .with(any()) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) + .function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) - .with(any(), any(), any()) + .with(eq(WIRE_ACCESS_TOKEN.token), any(), eq(DPOP_AUTHZ.challenge)).wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::validateOIDCChallenge) + .with(eq(RANDOM_ID_TOKEN), eq(REFRESH_TOKEN), any(), eq(OIDC_AUTHZ.challenge)) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::checkOrderRequest) .with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::checkOrderRequest) - .with() - .wasNotInvoked() + verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::finalize) .with() @@ -867,10 +865,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() } @Test @@ -878,11 +872,6 @@ class EnrollE2EICertificateUseCaseTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -906,13 +895,17 @@ class EnrollE2EICertificateUseCaseTest { .with(any()) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) + .function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) - .with(any(), any(), any()) + .with(eq(WIRE_ACCESS_TOKEN.token), any(), eq(DPOP_AUTHZ.challenge)).wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::validateOIDCChallenge) + .with(eq(RANDOM_ID_TOKEN), eq(REFRESH_TOKEN), any(), eq(OIDC_AUTHZ.challenge)) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::checkOrderRequest) .with(any(), any()) @@ -925,25 +918,16 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::certificateRequest) .with() .wasNotInvoked() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() } - //todo: fix later - @Ignore @Test - fun givenUseCase_whenRotatingKeysAndMigratingConversationsFailing_thenReturnFailure() = runTest { + fun givenUseCase_whenCertificateRequestFailing_thenReturnFailure() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) - arrangement.withGettingRefreshTokenSucceeding() arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -951,8 +935,8 @@ class EnrollE2EICertificateUseCaseTest { arrangement.withValidateOIDCChallengeResulting(Either.Right(ACME_CHALLENGE_RESPONSE)) arrangement.withCheckOrderRequestResulting(Either.Right((ACME_RESPONSE to RANDOM_LOCATION))) arrangement.withFinalizeResulting(Either.Right((ACME_RESPONSE to RANDOM_LOCATION))) - arrangement.withCertificateRequestResulting(Either.Right(ACME_RESPONSE)) - arrangement.withRotateKeysAndMigrateConversations(TEST_EITHER_LEFT) + arrangement.withRotateKeysAndMigrateConversations(Either.Right(Unit)) + arrangement.withCertificateRequestResulting(TEST_EITHER_LEFT) // when val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT) @@ -960,56 +944,35 @@ class EnrollE2EICertificateUseCaseTest { // then result.shouldFail() - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireNonce) - .with() - .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getDPoPToken) - .with(any()) - .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) - .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::validateDPoPChallenge) - .with(any(), any(), any()) - .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::validateOIDCChallenge) - .with(any(), any(), any(), any()) + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getWireNonce).with().wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getDPoPToken).with(any()).wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::checkOrderRequest) - .with(any(), any()) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::validateDPoPChallenge) + .with(eq(WIRE_ACCESS_TOKEN.token), any(), eq(DPOP_AUTHZ.challenge)).wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::validateOIDCChallenge) + .with(eq(RANDOM_ID_TOKEN), eq(REFRESH_TOKEN), any(), eq(OIDC_AUTHZ.challenge)).wasInvoked(exactly = once) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::checkOrderRequest).with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::finalize) - .with(any(), any()) + + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::finalize).with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) - .with(any(), any()) + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::certificateRequest).with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() + verify(arrangement.e2EIRepository).function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations).with().wasNotInvoked() } @Test - fun givenUseCase_whenCertificateRequestFailing_thenReturnFailure() = runTest { + fun givenUseCase_whenRotatingKeysAndMigratingConversationsFailing_thenReturnFailure() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) - arrangement.withGettingRefreshTokenSucceeding() arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -1017,8 +980,8 @@ class EnrollE2EICertificateUseCaseTest { arrangement.withValidateOIDCChallengeResulting(Either.Right(ACME_CHALLENGE_RESPONSE)) arrangement.withCheckOrderRequestResulting(Either.Right((ACME_RESPONSE to RANDOM_LOCATION))) arrangement.withFinalizeResulting(Either.Right((ACME_RESPONSE to RANDOM_LOCATION))) - arrangement.withRotateKeysAndMigrateConversations(Either.Right(Unit)) - arrangement.withCertificateRequestResulting(TEST_EITHER_LEFT) + arrangement.withCertificateRequestResulting(Either.Right(ACME_RESPONSE)) + arrangement.withRotateKeysAndMigrateConversations(TEST_EITHER_LEFT) // when val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT) @@ -1030,59 +993,43 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getWireNonce) .with() .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getDPoPToken) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) + .function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) - .with(any(), any(), any()) + .with(eq(WIRE_ACCESS_TOKEN.token), any(), eq(DPOP_AUTHZ.challenge)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateOIDCChallenge) - .with(any(), any(), any(), any()) + .with(eq(RANDOM_ID_TOKEN), eq(REFRESH_TOKEN), any(), eq(OIDC_AUTHZ.challenge)) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::checkOrderRequest) .with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::finalize) .with(any(), any()) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::certificateRequest) - .with(any(), any()) + .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) + .with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasNotInvoked() } - //todo: fix later - @Ignore @Test fun givenUseCase_whenEveryStepSucceed_thenShouldSucceed() = runTest { val (arrangement, enrollE2EICertificateUseCase) = Arrangement().arrange() // given - arrangement.withLoadACMEDirectoriesResulting(Either.Right(ACME_DIRECTORIES)) - arrangement.withGetACMENonceResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) - arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) - arrangement.withGettingChallenges(Either.Right(AUTHORIZATIONS)) arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -1110,18 +1057,17 @@ class EnrollE2EICertificateUseCaseTest { .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::getWireAccessToken) - .with(any()) + .function(arrangement.e2EIRepository::getWireAccessToken).with(eq(RANDOM_DPoP_TOKEN)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) - .with(any(), any(), any()) + .with(eq(WIRE_ACCESS_TOKEN.token), any(), eq(DPOP_AUTHZ.challenge)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateOIDCChallenge) - .with(any(), any(), any(), any()) + .with(eq(RANDOM_ID_TOKEN), eq(REFRESH_TOKEN), any(), eq(OIDC_AUTHZ.challenge)) .wasInvoked(exactly = once) verify(arrangement.e2EIRepository) @@ -1143,21 +1089,15 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) - .function(arrangement.e2EIRepository::nukeE2EIClient) - .with() - .wasInvoked(exactly = once) } - private class Arrangement { @Mock val e2EIRepository = mock(classOf()) fun withInitializingE2EIClientSucceed() = apply { - given(e2EIRepository) - .suspendFunction(e2EIRepository::initE2EIClient) + given(e2EIRepository).suspendFunction(e2EIRepository::initFreshE2EIClient) .whenInvokedWith(anything(), anything() ) .thenReturn(Either.Right(Unit)) } @@ -1204,6 +1144,11 @@ class EnrollE2EICertificateUseCaseTest { .thenReturn(result) } + fun withGettingRefreshTokenSucceeding() = apply { + given(e2EIRepository).suspendFunction(e2EIRepository::getOAuthRefreshToken).whenInvoked() + .thenReturn(Either.Right(REFRESH_TOKEN)) + } + fun withGetWireNonceResulting(result: Either) = apply { given(e2EIRepository) .suspendFunction(e2EIRepository::getWireNonce) @@ -1267,13 +1212,6 @@ class EnrollE2EICertificateUseCaseTest { .thenReturn(result) } - fun withGettingRefreshTokenSucceeding() = apply { - given(e2EIRepository) - .suspendFunction(e2EIRepository::getOAuthRefreshToken) - .whenInvoked() - .thenReturn(Either.Right(" ")) - } - fun arrange(): Pair = this to EnrollE2EIUseCaseImpl(e2EIRepository) } @@ -1287,21 +1225,6 @@ class EnrollE2EICertificateUseCaseTest { val ACME_BASE_URL = "https://balderdash.hogwash.work:9000" val RANDOM_LOCATION = "https://balderdash.hogwash.work:9000" val RANDOM_BYTE_ARRAY = "random-value".encodeToByteArray() - val OAUTH_CLAIMS = JsonObject( - mapOf( - "id_token" to JsonObject( - mapOf( - "keyauth" to JsonObject( - mapOf("essential" to JsonPrimitive(true), "value" to JsonPrimitive("keyAuth")) - ), - "acme_aud" to JsonObject( - mapOf("essential" to JsonPrimitive(true), "value" to JsonPrimitive("acmeAud")) - ) - ) - ) - ) - ) - val ACME_DIRECTORIES = AcmeDirectory( newNonce = "${ACME_BASE_URL}/acme/wire/new-nonce", newAccount = "${ACME_BASE_URL}/acme/wire/new-account", @@ -1318,15 +1241,31 @@ class EnrollE2EICertificateUseCaseTest { target = RANDOM_LOCATION ) - val ACME_AUTHZ = NewAcmeAuthz( + val OIDC_AUTHZ = NewAcmeAuthz( identifier = "identifier", keyAuth = "keyauth", challenge = ACME_CHALLENGE ) + val DPOP_AUTHZ = NewAcmeAuthz( + identifier = "identifier", keyAuth = null, challenge = ACME_CHALLENGE + ) + val OAUTH_CLAIMS = JsonObject( + mapOf( + "id_token" to JsonObject( + mapOf( + "keyauth" to JsonObject( + mapOf("essential" to JsonPrimitive(true), "value" to JsonPrimitive(OIDC_AUTHZ.keyAuth)) + ), "acme_aud" to JsonObject( + mapOf("essential" to JsonPrimitive(true), "value" to JsonPrimitive(OIDC_AUTHZ.challenge.url)) + ) + ) + ) + ) + ) + val AUTHORIZATIONS = AuthorizationResult( - oidcAuthorization = ACME_AUTHZ, - dpopAuthorization = ACME_AUTHZ, + oidcAuthorization = OIDC_AUTHZ, dpopAuthorization = DPOP_AUTHZ, nonce = RANDOM_NONCE ) @@ -1353,9 +1292,7 @@ class EnrollE2EICertificateUseCaseTest { val INITIALIZATION_RESULT = E2EIEnrollmentResult.Initialized( target = ACME_CHALLENGE.target, - oAuthState = REFRESH_TOKEN, - dPopAuthorizations = ACME_AUTHZ, - oidcAuthorizations = ACME_AUTHZ, + oAuthState = REFRESH_TOKEN, dPopAuthorizations = DPOP_AUTHZ, oidcAuthorizations = OIDC_AUTHZ, oAuthClaims = OAUTH_CLAIMS, lastNonce = RANDOM_NONCE, orderLocation = RANDOM_LOCATION