🔱: [acme] sync upgrade with 7 commits [trident-sync]

CHANGELOG Fix tls-alpn-01 pebble test on Node v18+ Return correct tls-alpn-01 key authorization, tests Support tls-alpn-01 internal challenge verification Add tls-alpn-01 challenge test server support Add ALPN crypto utility methods
2026-04-28 07:57:25 +08:00 · 2024-01-30 19:24:20 +00:00
parent 08c1f338d5
commit fc9e71bed2
14 changed files with 389 additions and 42 deletions
@@ -95,6 +95,7 @@ describe('crypto', () => {
                let testSanCsr;
                let testNonCnCsr;
                let testNonAsciiCsr;
+                let testAlpnCertificate;


                /**
@@ -215,6 +216,31 @@ describe('crypto', () => {
                    assert.strictEqual(result.commonName, testCsrDomain);
                    assert.deepStrictEqual(result.altNames, [testCsrDomain]);
                });
+
+
+                /**
+                 * ALPN
+                 */
+
+                it(`${n}/should generate alpn certificate`, async () => {
+                    const authz = { identifier: { value: 'test.example.com' } };
+                    const [key, cert] = await crypto.createAlpnCertificate(authz, 'super-secret.12345', await createFn());
+
+                    assert.isTrue(Buffer.isBuffer(key));
+                    assert.isTrue(Buffer.isBuffer(cert));
+
+                    testAlpnCertificate = cert;
+                });
+
+                it(`${n}/should not validate invalid alpn certificate key authorization`, () => {
+                    assert.isFalse(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate, 'aaaaaaa'));
+                    assert.isFalse(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate, 'bbbbbbb'));
+                    assert.isFalse(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate, 'ccccccc'));
+                });
+
+                it(`${n}/should validate valid alpn certificate key authorization`, () => {
+                    assert.isTrue(crypto.isAlpnCertificateAuthorizationValid(testAlpnCertificate, 'super-secret.12345'));
+                });
            });
        });
    });
@@ -250,7 +276,7 @@ describe('crypto', () => {
         * CSR with auto-generated key
         */

-        it('should generate a csr with auto-generated key', async () => {
+        it('should generate a csr with default key', async () => {
            const [key, csr] = await crypto.createCsr({
                commonName: testCsrDomain
            });
@@ -281,6 +307,19 @@ describe('crypto', () => {
        });


+        /**
+         * ALPN
+         */
+
+        it('should generate alpn certificate with default key', async () => {
+            const authz = { identifier: { value: 'test.example.com' } };
+            const [key, cert] = await crypto.createAlpnCertificate(authz, 'abc123');
+
+            assert.isTrue(Buffer.isBuffer(key));
+            assert.isTrue(Buffer.isBuffer(cert));
+        });
+
+
        /**
         * PEM utils
         */