github.com/letsencrypt/boulder@v0.20251208.0/test/integration/key_rollover_test.go (about)

     1  //go:build integration
     2  
     3  package integration
     4  
     5  import (
     6  	"crypto/ecdsa"
     7  	"crypto/elliptic"
     8  	"crypto/rand"
     9  	"crypto/rsa"
    10  	"testing"
    11  
    12  	"github.com/eggsampler/acme/v3"
    13  	"github.com/letsencrypt/boulder/test"
    14  )
    15  
    16  // TestAccountKeyChange tests that the whole account key rollover process works,
    17  // including between different kinds of keys.
    18  func TestAccountKeyChange(t *testing.T) {
    19  	t.Parallel()
    20  
    21  	c, err := acme.NewClient("http://boulder.service.consul:4001/directory")
    22  	test.AssertNotError(t, err, "creating client")
    23  
    24  	// We could test all five key types (RSA 2048, 3072, and 4096, and ECDSA P-256
    25  	// and P-384) supported by go-jose and goodkey, but doing so results in a very
    26  	// slow integration test. Instead, just test rollover once in each direction,
    27  	// ECDSA->RSA and vice versa.
    28  	key1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    29  	test.AssertNotError(t, err, "creating P-256 account key")
    30  
    31  	acct1, err := c.NewAccount(key1, false, true)
    32  	test.AssertNotError(t, err, "creating account")
    33  
    34  	key2, err := rsa.GenerateKey(rand.Reader, 2048)
    35  	test.AssertNotError(t, err, "creating RSA 2048 account key")
    36  
    37  	acct2, err := c.AccountKeyChange(acct1, key2)
    38  	test.AssertNotError(t, err, "rolling over account key")
    39  	test.AssertEquals(t, acct2.URL, acct1.URL)
    40  
    41  	key3, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
    42  	test.AssertNotError(t, err, "creating P-384 account key")
    43  
    44  	acct3, err := c.AccountKeyChange(acct1, key3)
    45  	test.AssertNotError(t, err, "rolling over account key")
    46  	test.AssertEquals(t, acct3.URL, acct1.URL)
    47  }