integration: Move test_order_finalize_early to the Go tests (#8258)

Hyrum’s Law strikes again: our Python integration tests were implicitly relying on behavior that was changed upstream in Certbot’s ACME client (see https://github.com/certbot/certbot/pull/10239). To ensure continued coverage, replicate this test in our Go integration test suite.
2025-06-17 17:19:34 -04:00 · 2025-06-17 17:19:34 -04:00 · c97b312e65
parent aa3c9f0eee
commit c97b312e65
2 changed files with 45 additions and 21 deletions
--- a/test/integration/errors_test.go
+++ b/test/integration/errors_test.go
@ -5,9 +5,12 @@ package integration
 import (
 	"bytes"
 	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@ -277,3 +280,45 @@ func TestBadSignatureAlgorithm(t *testing.T) {
 		t.Error("problem document MUST contain acceptable algorithms, got none")
 	}
 }
+
+// TestOrderFinalizeEarly tests that finalizing an order before it is fully
+// authorized results in an orderNotReady error.
+func TestOrderFinalizeEarly(t *testing.T) {
+	t.Parallel()
+
+	client, err := makeClient()
+	if err != nil {
+		t.Fatalf("creating acme client: %s", err)
+	}
+
+	idents := []acme.Identifier{{Type: "dns", Value: randomDomain(t)}}
+
+	order, err := client.Client.NewOrder(client.Account, idents)
+	if err != nil {
+		t.Fatalf("creating order: %s", err)
+	}
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatalf("generating key: %s", err)
+	}
+	csr, err := makeCSR(key, idents, false)
+	if err != nil {
+		t.Fatalf("generating CSR: %s", err)
+	}
+
+	order, err = client.Client.FinalizeOrder(client.Account, order, csr)
+	if err == nil {
+		t.Fatal("expected finalize to fail, but got success")
+	}
+	var prob acme.Problem
+	ok := errors.As(err, &prob)
+	if !ok {
+		t.Fatalf("expected error to be of type acme.Problem, got: %T", err)
+	}
+	if prob.Type != "urn:ietf:params:acme:error:orderNotReady" {
+		t.Errorf("expected problem type 'urn:ietf:params:acme:error:orderNotReady', got: %s", prob.Type)
+	}
+	if order.Status != "pending" {
+		t.Errorf("expected order status to be pending, got: %s", order.Status)
+	}
+}
--- a/test/v2_integration.py
+++ b/test/v2_integration.py
@ -647,27 +647,6 @@ def test_order_reuse_failed_authz():
    finally:
        cleanup()

-def test_order_finalize_early():
-    """
-    Test that finalizing an order before its fully authorized results in the
-    order having an error set and the status being invalid.
-    """
-    # Create a client
-    client = chisel2.make_client(None)
-
-    # Create a random domain and a csr
-    domains = [ random_domain() ]
-    csr_pem = chisel2.make_csr(domains)
-
-    # Create an order for the domain
-    order = client.new_order(csr_pem)
-
-    deadline = datetime.datetime.now() + datetime.timedelta(seconds=5)
-
-    # Finalizing an order early should generate an orderNotReady error.
-    chisel2.expect_problem("urn:ietf:params:acme:error:orderNotReady",
-        lambda: client.finalize_order(order, deadline))
-
 def test_only_return_existing_reg():
    client = chisel2.uninitialized_client()
    email = "test@not-example.com"