letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

integration: Move test_order_finalize_early to the Go tests (#8258) 

Hyrum’s Law strikes again: our Python integration tests were implicitly
relying on behavior that was changed upstream in Certbot’s ACME client
(see https://github.com/certbot/certbot/pull/10239). To ensure continued
coverage, replicate this test in our Go integration test suite.
This commit is contained in:
Samantha Frank 2025-06-17 17:19:34 -04:00 committed by GitHub
parent aa3c9f0eee
commit c97b312e65
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 45 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
test/integration/errors_test.go
View File

@ -5,9 +5,12 @@ package integration
import ( import (
"bytes" "bytes"
"crypto" "crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand" "crypto/rand"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
@ -277,3 +280,45 @@ func TestBadSignatureAlgorithm(t *testing.T) {
t.Error("problem document MUST contain acceptable algorithms, got none") t.Error("problem document MUST contain acceptable algorithms, got none")
} }
} }
// TestOrderFinalizeEarly tests that finalizing an order before it is fully
// authorized results in an orderNotReady error.
func TestOrderFinalizeEarly(t *testing.T) {
t.Parallel()
client, err := makeClient()
if err != nil {
t.Fatalf("creating acme client: %s", err)
}
idents := []acme.Identifier{{Type: "dns", Value: randomDomain(t)}}
order, err := client.Client.NewOrder(client.Account, idents)
if err != nil {
t.Fatalf("creating order: %s", err)
}
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
t.Fatalf("generating key: %s", err)
}
csr, err := makeCSR(key, idents, false)
if err != nil {
t.Fatalf("generating CSR: %s", err)
}
order, err = client.Client.FinalizeOrder(client.Account, order, csr)
if err == nil {
t.Fatal("expected finalize to fail, but got success")
}
var prob acme.Problem
ok := errors.As(err, &prob)
if !ok {
t.Fatalf("expected error to be of type acme.Problem, got: %T", err)
}
if prob.Type != "urn:ietf:params:acme:error:orderNotReady" {
t.Errorf("expected problem type 'urn:ietf:params:acme:error:orderNotReady', got: %s", prob.Type)
}
if order.Status != "pending" {
t.Errorf("expected order status to be pending, got: %s", order.Status)
}
}

21
test/v2_integration.py
View File

@ -647,27 +647,6 @@ def test_order_reuse_failed_authz():
finally: finally:
cleanup() cleanup()
def test_order_finalize_early():
"""
Test that finalizing an order before its fully authorized results in the
order having an error set and the status being invalid.
"""
# Create a client
client = chisel2.make_client(None)
# Create a random domain and a csr
domains = [ random_domain() ]
csr_pem = chisel2.make_csr(domains)
# Create an order for the domain
order = client.new_order(csr_pem)
deadline = datetime.datetime.now() + datetime.timedelta(seconds=5)
# Finalizing an order early should generate an orderNotReady error.
chisel2.expect_problem("urn:ietf:params:acme:error:orderNotReady",
lambda: client.finalize_order(order, deadline))
def test_only_return_existing_reg(): def test_only_return_existing_reg():
client = chisel2.uninitialized_client() client = chisel2.uninitialized_client()
email = "test@not-example.com" email = "test@not-example.com"