RA: fix error returned through WFE2 for too big NewOrders. (#4572)
We need the RA's `NewOrder` RPC to return a `berrors.Malformed` instance when there are too many identifiers. A bare error will be turned into a server internal problem by the WFE2's `web.ProblemDetailsForError` call while a `berrors.Malformed` will produce the expected malformed problem. This commit fixes the err, updates the unit test, and adds an end-to-end integration test so we don't mess this up again.
This commit is contained in:
Daniel McCarney
GitHub
parent
4e9ab5f04e
commit
a86ed0f753
3
ra/ra.go
3
ra/ra.go
|
|
@ -1796,7 +1796,8 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
|
|||
}
|
||||
|
||||
if len(order.Names) > ra.maxNames {
|
||||
return nil, fmt.Errorf("Order cannot contain more than %d DNS names", ra.maxNames)
|
||||
return nil, berrors.MalformedError(
|
||||
"Order cannot contain more than %d DNS names", ra.maxNames)
|
||||
}
|
||||
|
||||
// Validate that our policy allows issuing for each of the names in the order
|
||||
|
|
|
|||
|
|
@ -3781,6 +3781,7 @@ func TestNewOrderMaxNames(t *testing.T) {
|
|||
})
|
||||
test.AssertError(t, err, "NewOrder didn't fail with too many names in request")
|
||||
test.AssertEquals(t, err.Error(), "Order cannot contain more than 2 DNS names")
|
||||
test.AssertEquals(t, berrors.Is(err, berrors.Malformed), true)
|
||||
}
|
||||
|
||||
var CAkeyPEM = `
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ func authAndIssue(c *client, csrKey *ecdsa.PrivateKey, domains []string) (*issua
|
|||
}
|
||||
order, err := c.Client.NewOrder(c.Account, ids)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("making order: %s", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
for _, authUrl := range order.Authorizations {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
// +build integration
|
||||
|
||||
package integration
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/eggsampler/acme/v3"
|
||||
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
)
|
||||
|
||||
// TestTooBigOrderError tests that submitting an order with more than 100 names
|
||||
// produces the expected problem result.
|
||||
func TestTooBigOrderError(t *testing.T) {
|
||||
t.Parallel()
|
||||
os.Setenv("DIRECTORY", "http://boulder:4001/directory")
|
||||
|
||||
var domains []string
|
||||
for i := 0; i < 101; i++ {
|
||||
domains = append(domains, fmt.Sprintf("%d.example.com", i))
|
||||
}
|
||||
|
||||
_, err := authAndIssue(nil, nil, domains)
|
||||
test.AssertError(t, err, "authAndIssue failed")
|
||||
|
||||
if prob, ok := err.(acme.Problem); !ok {
|
||||
t.Fatalf("expected problem result, got %#v\n", err)
|
||||
} else {
|
||||
test.AssertEquals(t, prob.Type, "urn:ietf:params:acme:error:malformed")
|
||||
test.AssertEquals(t, prob.Detail, "Error creating new order :: Order cannot contain more than 100 DNS names")
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue