fixup! Tests: test external account binding support.

bavshin-f5 · bavshin-f5 · commit d19c6a76e972 · 2025-08-20T08:40:09.000-07:00
diff --git a/t/acme_external_account.t b/t/acme_external_account.t
@@ -26,7 +26,7 @@ use Test::Nginx::DNS;
 select STDERR; $| = 1;
 select STDOUT; $| = 1;
 
-my $t = Test::Nginx->new()->has(qw/http http_ssl socket_ssl/)
+my $t = Test::Nginx->new()->has(qw/http http_ssl sni socket_ssl_sni/)
 	->has_daemon('openssl');
 
 $t->write_file_expand('nginx.conf', <<'EOF');
@@ -43,11 +43,20 @@ http {
 
     resolver 127.0.0.1:%%PORT_8980_UDP%%;
 
-    acme_issuer default {
+    acme_issuer eab-data {
         uri https://acme.test:%%PORT_9000%%/dir;
-        external_account_key eab-kid eab-secret;
+        external_account_key eab-data
+          data:0Xl6zTksEz1MqVDw5dn680nma9vYwJoI30LjRdbrDSjTfRxtcX_6YOAYzVDImRQV;
         ssl_trusted_certificate acme.test.crt;
-        state_path %%TESTDIR%%;
+        state_path %%TESTDIR%%/eab-data;
+        accept_terms_of_service;
+    }
+
+    acme_issuer eab-file {
+        uri https://acme.test:%%PORT_9000%%/dir;
+        external_account_key eab-file eab-secret;
+        ssl_trusted_certificate acme.test.crt;
+        state_path %%TESTDIR%%/eab-file;
         accept_terms_of_service;
     }
 
@@ -58,9 +67,19 @@ http {
 
     server {
         listen       127.0.0.1:8443 ssl;
-        server_name  example.test;
+        server_name  data.example.test;
+
+        acme_certificate eab-data;
+
+        ssl_certificate $acme_certificate;
+        ssl_certificate_key $acme_certificate_key;
+    }
+
+    server {
+        listen       127.0.0.1:8443 ssl;
+        server_name  file.example.test;
 
-        acme_certificate default;
+        acme_certificate eab-file;
 
         ssl_certificate $acme_certificate;
         ssl_certificate_key $acme_certificate_key;
@@ -90,7 +109,8 @@ foreach my $name ('acme.test') {
 my $dp = port(8980, udp=>1);
 my @dc = (
 	{ name => 'acme.test', A => '127.0.0.1' },
-	{ name => 'example.test', A => '127.0.0.1' }
+	{ name => 'data.example.test', A => '127.0.0.1' },
+	{ name => 'file.example.test', A => '127.0.0.1' }
 );
 
 my $eab_secret = gen_hmac_secret(48);
@@ -99,11 +119,15 @@ my $acme = Test::Nginx::ACME->new($t, port(9000), port(9001),
 	$t->testdir . '/acme.test.crt',
 	$t->testdir . '/acme.test.key',
 	http_port => port(8080),
-	tls_port => port(8443),
 	dns_port => $dp,
 	conf => {
 		externalAccountBindingRequired => \1,
-		externalAccountMACKeys => { 'eab-kid' => $eab_secret },
+		externalAccountMACKeys => {
+			'eab-data' =>
+				'0Xl6zTksEz1MqVDw5dn680nma9vYwJoI3'
+				. '0LjRdbrDSjTfRxtcX_6YOAYzVDImRQV',
+			'eab-file' => $eab_secret
+		},
 	}
 )->has(qw/eab/);
 
@@ -116,13 +140,15 @@ $t->write_file('acme-root.crt', $acme->trusted_ca());
 $t->write_file('eab-secret', $eab_secret);
 
 $t->write_file('index.html', 'SUCCESS');
-$t->plan(1)->run();
+$t->plan(2)->run();
 
 ###############################################################################
 
-$acme->wait_certificate('example.test') or die "no certificate";
+$acme->wait_certificate('eab-data/data.example.test') or die "no certificate";
+$acme->wait_certificate('eab-file/file.example.test') or die "no certificate";
 
-like(get(8443, 'example.test', 'acme-root'), qr/SUCCESS/, 'tls request');
+like(get(8443, 'data.example.test', 'acme-root'), qr/SUCCESS/, 'inline key');
+like(get(8443, 'file.example.test', 'acme-root'), qr/SUCCESS/, 'key file');
 
 ###############################################################################
 
@@ -135,6 +161,7 @@ sub get {
 	http_get('/',
 		PeerAddr => '127.0.0.1:' . port($port),
 		SSL => 1,
+		SSL_hostname => $host,
 		$ca ? (
 		SSL_ca_file => "$d/$ca.crt",
 		SSL_verifycn_name => $host,
