//go:build integration package integration import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/rsa" "testing" "github.com/eggsampler/acme/v3" "github.com/letsencrypt/boulder/test" ) // TestAccountKeyChange tests that the whole account key rollover process works, // including between different kinds of keys. func TestAccountKeyChange(t *testing.T) { t.Parallel() c, err := acme.NewClient("http://boulder.service.consul:4001/directory") test.AssertNotError(t, err, "creating client") // We could test all five key types (RSA 2048, 3072, and 4096, and ECDSA P-256 // and P-384) supported by go-jose and goodkey, but doing so results in a very // slow integration test. Instead, just test rollover once in each direction, // ECDSA->RSA and vice versa. key1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) test.AssertNotError(t, err, "creating P-256 account key") acct1, err := c.NewAccount(key1, false, true) test.AssertNotError(t, err, "creating account") key2, err := rsa.GenerateKey(rand.Reader, 2048) test.AssertNotError(t, err, "creating RSA 2048 account key") acct2, err := c.AccountKeyChange(acct1, key2) test.AssertNotError(t, err, "rolling over account key") test.AssertEquals(t, acct2.URL, acct1.URL) key3, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) test.AssertNotError(t, err, "creating P-384 account key") acct3, err := c.AccountKeyChange(acct1, key3) test.AssertNotError(t, err, "rolling over account key") test.AssertEquals(t, acct3.URL, acct1.URL) }