79 lines
2.4 KiB
Go
79 lines
2.4 KiB
Go
//go:build integration
|
|
|
|
package integration
|
|
|
|
import (
|
|
"context"
|
|
"strconv"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/eggsampler/acme/v3"
|
|
"github.com/jmhodges/clock"
|
|
|
|
"github.com/letsencrypt/boulder/cmd"
|
|
"github.com/letsencrypt/boulder/config"
|
|
bgrpc "github.com/letsencrypt/boulder/grpc"
|
|
"github.com/letsencrypt/boulder/identifier"
|
|
"github.com/letsencrypt/boulder/metrics"
|
|
sapb "github.com/letsencrypt/boulder/sa/proto"
|
|
"github.com/letsencrypt/boulder/test"
|
|
)
|
|
|
|
func TestIdentifiersPausedForAccount(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tlsCerts := &cmd.TLSConfig{
|
|
CACertFile: "test/certs/ipki/minica.pem",
|
|
CertFile: "test/certs/ipki/ra.boulder/cert.pem",
|
|
KeyFile: "test/certs/ipki/ra.boulder/key.pem",
|
|
}
|
|
tlsConf, err := tlsCerts.Load(metrics.NoopRegisterer)
|
|
test.AssertNotError(t, err, "Failed to load TLS config")
|
|
saConn, err := bgrpc.ClientSetup(
|
|
&cmd.GRPCClientConfig{
|
|
DNSAuthority: "consul.service.consul",
|
|
SRVLookup: &cmd.ServiceDomain{
|
|
Service: "sa",
|
|
Domain: "service.consul",
|
|
},
|
|
|
|
Timeout: config.Duration{Duration: 5 * time.Second},
|
|
NoWaitForReady: true,
|
|
HostOverride: "sa.boulder",
|
|
},
|
|
tlsConf,
|
|
metrics.NoopRegisterer,
|
|
clock.NewFake(),
|
|
)
|
|
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
|
|
saClient := sapb.NewStorageAuthorityClient(saConn)
|
|
|
|
c, err := makeClient()
|
|
parts := strings.SplitAfter(c.URL, "/")
|
|
regID, err := strconv.ParseInt(parts[len(parts)-1], 10, 64)
|
|
domain := random_domain()
|
|
serverIdents := identifier.ACMEIdentifiers{identifier.NewDNS(domain)}
|
|
clientIdents := []acme.Identifier{{Type: "dns", Value: domain}}
|
|
|
|
_, err = saClient.PauseIdentifiers(context.Background(), &sapb.PauseRequest{
|
|
RegistrationID: regID,
|
|
Identifiers: serverIdents.ToProtoSlice(),
|
|
})
|
|
test.AssertNotError(t, err, "Failed to pause domain")
|
|
|
|
_, err = authAndIssue(c, nil, clientIdents, true, "")
|
|
test.AssertError(t, err, "Should not be able to issue a certificate for a paused domain")
|
|
test.AssertContains(t, err.Error(), "Your account is temporarily prevented from requesting certificates for")
|
|
test.AssertContains(t, err.Error(), "https://boulder.service.consul:4003/sfe/v1/unpause?jwt=")
|
|
|
|
_, err = saClient.UnpauseAccount(context.Background(), &sapb.RegistrationID{
|
|
Id: regID,
|
|
})
|
|
test.AssertNotError(t, err, "Failed to unpause domain")
|
|
|
|
_, err = authAndIssue(c, nil, clientIdents, true, "")
|
|
test.AssertNotError(t, err, "Should be able to issue a certificate for an unpaused domain")
|
|
}
|