letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/test/integration/ratelimit_test.go

60 lines
2.0 KiB
Go
Raw Blame History

//go:build integration
package integration
import (
"crypto/rand"
"encoding/hex"
"fmt"
"testing"
"github.com/eggsampler/acme/v3"
"github.com/letsencrypt/boulder/test"
)
func TestDuplicateFQDNRateLimit(t *testing.T) {
t.Parallel()
idents := []acme.Identifier{{Type: "dns", Value: random_domain()}}
// The global rate limit for a duplicate certificates is 2 per 3 hours.
_, err := authAndIssue(nil, nil, idents, true, "")
test.AssertNotError(t, err, "Failed to issue first certificate")
_, err = authAndIssue(nil, nil, idents, true, "")
test.AssertNotError(t, err, "Failed to issue second certificate")
_, err = authAndIssue(nil, nil, idents, true, "")
test.AssertError(t, err, "Somehow managed to issue third certificate")
test.AssertContains(t, err.Error(), "too many certificates (2) already issued for this exact set of domains in the last 3h0m0s")
}
func TestCertificatesPerDomain(t *testing.T) {
t.Parallel()
randomDomain := random_domain()
randomSubDomain := func() string {
var bytes [3]byte
rand.Read(bytes[:])
return fmt.Sprintf("%s.%s", hex.EncodeToString(bytes[:]), randomDomain)
}
firstSubDomain := randomSubDomain()
_, err := authAndIssue(nil, nil, []acme.Identifier{{Type: "dns", Value: firstSubDomain}}, true, "")
test.AssertNotError(t, err, "Failed to issue first certificate")
_, err = authAndIssue(nil, nil, []acme.Identifier{{Type: "dns", Value: randomSubDomain()}}, true, "")
test.AssertNotError(t, err, "Failed to issue second certificate")
_, err = authAndIssue(nil, nil, []acme.Identifier{{Type: "dns", Value: randomSubDomain()}}, true, "")
test.AssertError(t, err, "Somehow managed to issue third certificate")
test.AssertContains(t, err.Error(), fmt.Sprintf("too many certificates (2) already issued for %q in the last 2160h0m0s", randomDomain))
// Issue a certificate for the first subdomain, which should succeed because
// it's a renewal.
_, err = authAndIssue(nil, nil, []acme.Identifier{{Type: "dns", Value: firstSubDomain}}, true, "")
test.AssertNotError(t, err, "Failed to issue renewal certificate")
}
Reference in New Issue View Git Blame Copy Permalink