github.com/letsencrypt/boulder@v0.20251208.0/test/integration/pausing_test.go

github.com/letsencrypt/boulder@v0.20251208.0/test/integration/pausing_test.go (about)

     1  //go:build integration
     2  
     3  package integration
     4  
     5  import (
     6  	"context"
     7  	"strconv"
     8  	"strings"
     9  	"testing"
    10  	"time"
    11  
    12  	"github.com/eggsampler/acme/v3"
    13  	"github.com/jmhodges/clock"
    14  
    15  	"github.com/letsencrypt/boulder/cmd"
    16  	"github.com/letsencrypt/boulder/config"
    17  	bgrpc "github.com/letsencrypt/boulder/grpc"
    18  	"github.com/letsencrypt/boulder/identifier"
    19  	"github.com/letsencrypt/boulder/metrics"
    20  	sapb "github.com/letsencrypt/boulder/sa/proto"
    21  	"github.com/letsencrypt/boulder/test"
    22  )
    23  
    24  func TestIdentifiersPausedForAccount(t *testing.T) {
    25  	t.Parallel()
    26  
    27  	tlsCerts := &cmd.TLSConfig{
    28  		CACertFile: "test/certs/ipki/minica.pem",
    29  		CertFile:   "test/certs/ipki/ra.boulder/cert.pem",
    30  		KeyFile:    "test/certs/ipki/ra.boulder/key.pem",
    31  	}
    32  	tlsConf, err := tlsCerts.Load(metrics.NoopRegisterer)
    33  	test.AssertNotError(t, err, "Failed to load TLS config")
    34  	saConn, err := bgrpc.ClientSetup(
    35  		&cmd.GRPCClientConfig{
    36  			DNSAuthority: "consul.service.consul",
    37  			SRVLookup: &cmd.ServiceDomain{
    38  				Service: "sa",
    39  				Domain:  "service.consul",
    40  			},
    41  
    42  			Timeout:        config.Duration{Duration: 5 * time.Second},
    43  			NoWaitForReady: true,
    44  			HostOverride:   "sa.boulder",
    45  		},
    46  		tlsConf,
    47  		metrics.NoopRegisterer,
    48  		// We're calling the integration test SA, which uses a real clock.
    49  		// We need to use a real clock here too, or the SA will reject the
    50  		// request as having the wrong time attached.
    51  		clock.New(),
    52  	)
    53  	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
    54  	saClient := sapb.NewStorageAuthorityClient(saConn)
    55  
    56  	c, err := makeClient()
    57  	parts := strings.SplitAfter(c.URL, "/")
    58  	regID, err := strconv.ParseInt(parts[len(parts)-1], 10, 64)
    59  	domain := random_domain()
    60  	serverIdents := identifier.ACMEIdentifiers{identifier.NewDNS(domain)}
    61  	clientIdents := []acme.Identifier{{Type: "dns", Value: domain}}
    62  
    63  	_, err = saClient.PauseIdentifiers(context.Background(), &sapb.PauseRequest{
    64  		RegistrationID: regID,
    65  		Identifiers:    serverIdents.ToProtoSlice(),
    66  	})
    67  	test.AssertNotError(t, err, "Failed to pause domain")
    68  
    69  	_, err = authAndIssue(c, nil, clientIdents, true, "")
    70  	test.AssertError(t, err, "Should not be able to issue a certificate for a paused domain")
    71  	test.AssertContains(t, err.Error(), "Your account is temporarily prevented from requesting certificates for")
    72  	test.AssertContains(t, err.Error(), "https://boulder.service.consul:4003/sfe/v1/unpause?jwt=")
    73  
    74  	_, err = saClient.UnpauseAccount(context.Background(), &sapb.RegistrationID{
    75  		Id: regID,
    76  	})
    77  	test.AssertNotError(t, err, "Failed to unpause domain")
    78  
    79  	_, err = authAndIssue(c, nil, clientIdents, true, "")
    80  	test.AssertNotError(t, err, "Should be able to issue a certificate for an unpaused domain")
    81  }