github.com/letsencrypt/boulder@v0.20251208.0/test/integration/subordinate_ca_chains_test.go (about)

     1  //go:build integration
     2  
     3  package integration
     4  
     5  import (
     6  	"crypto/ecdsa"
     7  	"crypto/elliptic"
     8  	"crypto/rand"
     9  	"strings"
    10  	"testing"
    11  
    12  	"github.com/eggsampler/acme/v3"
    13  
    14  	"github.com/letsencrypt/boulder/test"
    15  )
    16  
    17  func TestSubordinateCAChainsServedByWFE(t *testing.T) {
    18  	t.Parallel()
    19  
    20  	client, err := makeClient("mailto:example@letsencrypt.org")
    21  	test.AssertNotError(t, err, "creating acme client")
    22  
    23  	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    24  	test.AssertNotError(t, err, "creating random cert key")
    25  
    26  	chains, err := authAndIssueFetchAllChains(client, key, []acme.Identifier{{Type: "dns", Value: random_domain()}}, true)
    27  	test.AssertNotError(t, err, "failed to issue test cert")
    28  
    29  	// An ECDSA intermediate signed by an ECDSA root, and an ECDSA cross-signed by an RSA root.
    30  	test.AssertEquals(t, len(chains.certs), 2)
    31  
    32  	seenECDSAIntermediate := false
    33  	seenECDSACrossSignedIntermediate := false
    34  	for _, certUrl := range chains.certs {
    35  		for _, cert := range certUrl {
    36  			if strings.Contains(cert.Subject.CommonName, "int ecdsa") && cert.Issuer.CommonName == "root ecdsa" {
    37  				seenECDSAIntermediate = true
    38  			}
    39  			if strings.Contains(cert.Subject.CommonName, "int ecdsa") && cert.Issuer.CommonName == "root rsa" {
    40  				seenECDSACrossSignedIntermediate = true
    41  			}
    42  		}
    43  	}
    44  	test.Assert(t, seenECDSAIntermediate, "did not see ECDSA intermediate and should have")
    45  	test.Assert(t, seenECDSACrossSignedIntermediate, "did not see ECDSA by RSA cross-signed intermediate and should have")
    46  }