github.com/letsencrypt/boulder@v0.20251208.0/test/integration/authz_test.go

github.com/letsencrypt/boulder@v0.20251208.0/test/integration/authz_test.go (about)

     1  //go:build integration
     2  
     3  package integration
     4  
     5  import (
     6  	"testing"
     7  	"time"
     8  
     9  	"github.com/eggsampler/acme/v3"
    10  
    11  	"github.com/letsencrypt/boulder/test"
    12  )
    13  
    14  const (
    15  	// validAuthorizationLifetime is the expected valid authorization lifetime. It
    16  	// should match the value in the RA config's "authorizationLifetimeDays"
    17  	// configuration field.
    18  	validAuthorizationLifetime = 30
    19  )
    20  
    21  // TestValidAuthzExpires checks that a valid authorization has the expected
    22  // expires time.
    23  func TestValidAuthzExpires(t *testing.T) {
    24  	t.Parallel()
    25  	c, err := makeClient()
    26  	test.AssertNotError(t, err, "makeClient failed")
    27  
    28  	// Issue for a random domain
    29  	idents := []acme.Identifier{{Type: "dns", Value: random_domain()}}
    30  	result, err := authAndIssue(c, nil, idents, true, "")
    31  	// There should be no error
    32  	test.AssertNotError(t, err, "authAndIssue failed")
    33  	// The order should be valid
    34  	test.AssertEquals(t, result.Order.Status, "valid")
    35  	// There should be one authorization URL
    36  	test.AssertEquals(t, len(result.Order.Authorizations), 1)
    37  
    38  	// Fetching the authz by URL shouldn't fail
    39  	authzURL := result.Order.Authorizations[0]
    40  	authzOb, err := c.FetchAuthorization(c.Account, authzURL)
    41  	test.AssertNotError(t, err, "FetchAuthorization failed")
    42  
    43  	// The authz should be valid and for the correct identifier
    44  	test.AssertEquals(t, authzOb.Status, "valid")
    45  	test.AssertEquals(t, authzOb.Identifier.Type, idents[0].Type)
    46  	test.AssertEquals(t, authzOb.Identifier.Value, idents[0].Value)
    47  
    48  	// The authz should have the expected expiry date, plus or minus a minute
    49  	expectedExpiresMin := time.Now().AddDate(0, 0, validAuthorizationLifetime).Add(-time.Minute)
    50  	expectedExpiresMax := expectedExpiresMin.Add(2 * time.Minute)
    51  	actualExpires := authzOb.Expires
    52  	if actualExpires.Before(expectedExpiresMin) || actualExpires.After(expectedExpiresMax) {
    53  		t.Errorf("Wrong expiry. Got %s, expected it to be between %s and %s",
    54  			actualExpires, expectedExpiresMin, expectedExpiresMax)
    55  	}
    56  }