github.com/letsencrypt/boulder@v0.20251208.0/goodkey/sagoodkey/good_key_test.go (about) 1 package sagoodkey 2 3 import ( 4 "context" 5 "crypto/ecdsa" 6 "crypto/elliptic" 7 "crypto/rand" 8 "testing" 9 10 "google.golang.org/grpc" 11 12 "github.com/letsencrypt/boulder/goodkey" 13 sapb "github.com/letsencrypt/boulder/sa/proto" 14 "github.com/letsencrypt/boulder/test" 15 ) 16 17 func TestDBBlocklistAccept(t *testing.T) { 18 for _, testCheck := range []BlockedKeyCheckFunc{ 19 nil, 20 func(context.Context, *sapb.SPKIHash, ...grpc.CallOption) (*sapb.Exists, error) { 21 return &sapb.Exists{Exists: false}, nil 22 }, 23 } { 24 policy, err := NewPolicy(&goodkey.Config{}, testCheck) 25 test.AssertNotError(t, err, "NewKeyPolicy failed") 26 27 k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 28 test.AssertNotError(t, err, "ecdsa.GenerateKey failed") 29 err = policy.GoodKey(context.Background(), k.Public()) 30 test.AssertNotError(t, err, "GoodKey failed with a non-blocked key") 31 } 32 } 33 34 func TestDBBlocklistReject(t *testing.T) { 35 testCheck := func(context.Context, *sapb.SPKIHash, ...grpc.CallOption) (*sapb.Exists, error) { 36 return &sapb.Exists{Exists: true}, nil 37 } 38 39 policy, err := NewPolicy(&goodkey.Config{}, testCheck) 40 test.AssertNotError(t, err, "NewKeyPolicy failed") 41 42 k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) 43 test.AssertNotError(t, err, "ecdsa.GenerateKey failed") 44 err = policy.GoodKey(context.Background(), k.Public()) 45 test.AssertError(t, err, "GoodKey didn't fail with a blocked key") 46 test.AssertErrorIs(t, err, goodkey.ErrBadKey) 47 test.AssertEquals(t, err.Error(), "public key is forbidden") 48 }