github.com/letsencrypt/boulder@v0.20251208.0/test/integration/nonce_test.go

github.com/letsencrypt/boulder@v0.20251208.0/test/integration/nonce_test.go (about)

     1  //go:build integration
     2  
     3  package integration
     4  
     5  import (
     6  	"context"
     7  	"testing"
     8  
     9  	"github.com/jmhodges/clock"
    10  	"google.golang.org/grpc/status"
    11  
    12  	"github.com/letsencrypt/boulder/cmd"
    13  	bgrpc "github.com/letsencrypt/boulder/grpc"
    14  	nb "github.com/letsencrypt/boulder/grpc/noncebalancer"
    15  	"github.com/letsencrypt/boulder/metrics"
    16  	"github.com/letsencrypt/boulder/nonce"
    17  	noncepb "github.com/letsencrypt/boulder/nonce/proto"
    18  	"github.com/letsencrypt/boulder/test"
    19  )
    20  
    21  type nonceBalancerTestConfig struct {
    22  	NotWFE struct {
    23  		TLS                cmd.TLSConfig
    24  		GetNonceService    *cmd.GRPCClientConfig
    25  		RedeemNonceService *cmd.GRPCClientConfig
    26  		NonceHMACKey       cmd.HMACKeyConfig
    27  	}
    28  }
    29  
    30  func TestNonceBalancer_NoBackendMatchingPrefix(t *testing.T) {
    31  	t.Parallel()
    32  
    33  	// We're going to use a minimal nonce service client called "notwfe" which
    34  	// masquerades as a wfe for the purpose of redeeming nonces.
    35  
    36  	// Load the test config.
    37  	var c nonceBalancerTestConfig
    38  	err := cmd.ReadConfigFile("test/integration/testdata/nonce-client.json", &c)
    39  	test.AssertNotError(t, err, "Could not read config file")
    40  
    41  	tlsConfig, err := c.NotWFE.TLS.Load(metrics.NoopRegisterer)
    42  	test.AssertNotError(t, err, "Could not load TLS config")
    43  
    44  	rncKey, err := c.NotWFE.NonceHMACKey.Load()
    45  	test.AssertNotError(t, err, "Failed to load nonceHMACKey")
    46  
    47  	clk := clock.New()
    48  
    49  	redeemNonceConn, err := bgrpc.ClientSetup(c.NotWFE.RedeemNonceService, tlsConfig, metrics.NoopRegisterer, clk)
    50  	test.AssertNotError(t, err, "Failed to load credentials and create gRPC connection to redeem nonce service")
    51  	rnc := nonce.NewRedeemer(redeemNonceConn)
    52  
    53  	// Attempt to redeem a nonce with a prefix that doesn't match any backends.
    54  	ctx := context.WithValue(context.Background(), nonce.PrefixCtxKey{}, "12345678")
    55  	ctx = context.WithValue(ctx, nonce.HMACKeyCtxKey{}, rncKey)
    56  	_, err = rnc.Redeem(ctx, &noncepb.NonceMessage{Nonce: "0123456789"})
    57  
    58  	// We expect to get a specific gRPC status error with code NotFound.
    59  	gotRPCStatus, ok := status.FromError(err)
    60  	test.Assert(t, ok, "Failed to convert error to status")
    61  	test.AssertEquals(t, gotRPCStatus, nb.ErrNoBackendsMatchPrefix)
    62  }