Tests run against a real Metacrypt instance, guarded by
//go:build integration tag and METACRYPT_LIVE_TEST=1 env var.
Covers: directory discovery, nonce issuance, full account creation
with EAB (including reuse rejection), order creation with DNS
identifiers, and authorization retrieval with HTTP-01/DNS-01
challenges.
Handles server/client URL mismatch when ExternalURL is not
configured (JWS URL fields use server's base URL, HTTP requests
use the configured address).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Test coverage for the entire ACME server implementation:
- helpers_test.go: memBarrier, key generation, JWS/EAB signing, test fixtures
- nonce_test.go: issue/consume lifecycle, reuse rejection, concurrency
- jws_test.go: JWS parsing/verification (ES256, ES384, RS256), JWK parsing,
RFC 7638 thumbprints, EAB HMAC verification, key authorization
- eab_test.go: EAB credential CRUD, account/order listing
- validate_test.go: HTTP-01 challenge validation with httptest servers,
authorization/order state machine transitions
- handlers_test.go: full ACME protocol flow via chi router — directory,
nonce, account creation with EAB, order creation, authorization retrieval,
challenge triggering, finalize (order-not-ready), cert retrieval/revocation,
CSR identifier validation
One production change: extract dnsResolver variable in validate.go for
DNS-01 test injection (no behavior change).
All 60 tests pass with -race. Full project vet and test clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
