"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "cmd/ocsp-updater/main_test.go" between
boulder-release-2020-06-23.tar.gz and boulder-release-2020-06-29.tar.gz

About: Boulder is an ACME-based Certificate Authority (CA) used by Let’s Encrypt (written in Go).

main_test.go  (boulder-release-2020-06-23):main_test.go  (boulder-release-2020-06-29)
skipping to change at line 113 skipping to change at line 113
status, err := sa.GetCertificateStatus(ctx, core.SerialToString(parsedCer t.SerialNumber)) status, err := sa.GetCertificateStatus(ctx, core.SerialToString(parsedCer t.SerialNumber))
test.AssertNotError(t, err, "Couldn't get the core.CertificateStatus from the database") test.AssertNotError(t, err, "Couldn't get the core.CertificateStatus from the database")
meta, err := updater.generateResponse(ctx, status) meta, err := updater.generateResponse(ctx, status)
test.AssertNotError(t, err, "Couldn't generate OCSP response") test.AssertNotError(t, err, "Couldn't generate OCSP response")
err = updater.storeResponse(meta) err = updater.storeResponse(meta)
test.AssertNotError(t, err, "Couldn't store certificate status") test.AssertNotError(t, err, "Couldn't store certificate status")
} }
func TestGenerateOCSPResponses(t *testing.T) { func TestGenerateOCSPResponses(t *testing.T) {
updater, sa, dbMap, fc, cleanUp := setup(t) updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
parsedCertA, err := core.LoadCert("test-cert.pem") parsedCertA, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate") test.AssertNotError(t, err, "Couldn't read test certificate")
issued := fc.Now().UnixNano() issued := fc.Now().UnixNano()
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ _, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCertA.Raw, Der: parsedCertA.Raw,
RegID: &reg.ID, RegID: &reg.ID,
Ocsp: nil, Ocsp: nil,
skipping to change at line 137 skipping to change at line 137
parsedCertB, err := core.LoadCert("test-cert-b.pem") parsedCertB, err := core.LoadCert("test-cert-b.pem")
test.AssertNotError(t, err, "Couldn't read test certificate") test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ _, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCertB.Raw, Der: parsedCertB.Raw,
RegID: &reg.ID, RegID: &reg.ID,
Ocsp: nil, Ocsp: nil,
Issued: &issued, Issued: &issued,
}) })
test.AssertNotError(t, err, "Couldn't add test-cert-b.pem") test.AssertNotError(t, err, "Couldn't add test-cert-b.pem")
// We need to set a fake "ocspLastUpdated" value for the two certs we cre // Jump time forward by 2 hours so the ocspLastUpdate value will be older
ated than
// in order to satisfy the "ocspStaleMaxAge" constraint. // the earliest lastUpdate time we care about.
fakeLastUpdate := fc.Now().Add(-time.Hour * 24 * 3) fc.Set(fc.Now().Add(2 * time.Hour))
_, err = dbMap.Exec(
"UPDATE certificateStatus SET ocspLastUpdated = ? WHERE serial IN
(?, ?)",
fakeLastUpdate,
core.SerialToString(parsedCertA.SerialNumber),
core.SerialToString(parsedCertB.SerialNumber))
test.AssertNotError(t, err, "Couldn't update ocspLastUpdated")
earliest := fc.Now().Add(-time.Hour) earliest := fc.Now().Add(-time.Hour)
certs, err := updater.findStaleOCSPResponses(earliest, 10)
// We should have 2 stale responses now.
statuses, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find stale responses") test.AssertNotError(t, err, "Couldn't find stale responses")
test.AssertEquals(t, len(certs), 2) test.AssertEquals(t, len(statuses), 2)
// Hacky test of parallelism: Make each request to the CA take 1 second, and // Hacky test of parallelism: Make each request to the CA take 1 second, and
// produce 2 requests to the CA. If the pair of requests complete in abou t a // produce 2 requests to the CA. If the pair of requests complete in abou t a
// second, they were made in parallel. // second, they were made in parallel.
// Note that this test also tests the basic functionality of // Note that this test also tests the basic functionality of
// generateOCSPResponses. // generateOCSPResponses.
start := time.Now() start := time.Now()
updater.ogc = &mockOCSP{time.Second} updater.ogc = &mockOCSP{time.Second}
updater.parallelGenerateOCSPRequests = 10 updater.parallelGenerateOCSPRequests = 10
err = updater.generateOCSPResponses(ctx, certs) err = updater.generateOCSPResponses(ctx, statuses)
test.AssertNotError(t, err, "Couldn't generate OCSP responses") test.AssertNotError(t, err, "Couldn't generate OCSP responses")
elapsed := time.Since(start) elapsed := time.Since(start)
if elapsed > 1500*time.Millisecond { if elapsed > 1500*time.Millisecond {
t.Errorf("generateOCSPResponses took too long, expected it to mak e calls in parallel.") t.Errorf("generateOCSPResponses took too long, expected it to mak e calls in parallel.")
} }
certs, err = updater.findStaleOCSPResponses(earliest, 10) // generateOCSPResponses should have updated the ocspLastUpdate for each
// cert, so there shouldn't be any stale responses anymore.
statuses, err = updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Failed to find stale responses") test.AssertNotError(t, err, "Failed to find stale responses")
test.AssertEquals(t, len(certs), 0) test.AssertEquals(t, len(statuses), 0)
} }
func TestFindStaleOCSPResponses(t *testing.T) { func TestFindStaleOCSPResponses(t *testing.T) {
updater, sa, dbMap, fc, cleanUp := setup(t) updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem") parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate") test.AssertNotError(t, err, "Couldn't read test certificate")
issued := fc.Now().UnixNano() issued := fc.Now().UnixNano()
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ _, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCert.Raw, Der: parsedCert.Raw,
RegID: &reg.ID, RegID: &reg.ID,
Ocsp: nil, Ocsp: nil,
Issued: &issued, Issued: &issued,
}) })
test.AssertNotError(t, err, "Couldn't add test-cert.pem") test.AssertNotError(t, err, "Couldn't add test-cert.pem")
// We need to set a fake "ocspLastUpdated" value for the cert we created // Jump time forward by 2 hours so the ocspLastUpdate value will be older
// in order to satisfy the "ocspStaleMaxAge" constraint. than
fakeLastUpdate := fc.Now().Add(-time.Hour * 24 * 3) // the earliest lastUpdate time we care about.
_, err = dbMap.Exec( fc.Set(fc.Now().Add(2 * time.Hour))
"UPDATE certificateStatus SET ocspLastUpdated = ? WHERE serial =
?",
fakeLastUpdate,
core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Couldn't update ocspLastUpdated")
earliest := fc.Now().Add(-time.Hour) earliest := fc.Now().Add(-time.Hour)
// We should have 1 stale response now.
statuses, err := updater.findStaleOCSPResponses(earliest, 10) statuses, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find status") test.AssertNotError(t, err, "Couldn't find status")
test.AssertEquals(t, len(statuses), 1) test.AssertEquals(t, len(statuses), 1)
status, err := sa.GetCertificateStatus(ctx, core.SerialToString(parsedCer t.SerialNumber)) status, err := sa.GetCertificateStatus(ctx, core.SerialToString(parsedCer t.SerialNumber))
test.AssertNotError(t, err, "Couldn't get the core.Certificate from the d atabase") test.AssertNotError(t, err, "Couldn't get the core.Certificate from the d atabase")
// Generate and store an updated response, which will update the
// ocspLastUpdate field for this cert.
meta, err := updater.generateResponse(ctx, status) meta, err := updater.generateResponse(ctx, status)
test.AssertNotError(t, err, "Couldn't generate OCSP response") test.AssertNotError(t, err, "Couldn't generate OCSP response")
err = updater.storeResponse(meta) err = updater.storeResponse(meta)
test.AssertNotError(t, err, "Couldn't store OCSP response") test.AssertNotError(t, err, "Couldn't store OCSP response")
// We should have 0 stale responses now.
statuses, err = updater.findStaleOCSPResponses(earliest, 10) statuses, err = updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Failed to find stale responses") test.AssertNotError(t, err, "Failed to find stale responses")
test.AssertEquals(t, len(statuses), 0) test.AssertEquals(t, len(statuses), 0)
} }
func TestFindStaleOCSPResponsesRevokedReason(t *testing.T) { func TestFindStaleOCSPResponsesRevokedReason(t *testing.T) {
updater, sa, dbMap, fc, cleanUp := setup(t) updater, sa, dbMap, fc, cleanUp := setup(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
skipping to change at line 231 skipping to change at line 227
test.AssertNotError(t, err, "Couldn't read test certificate") test.AssertNotError(t, err, "Couldn't read test certificate")
issued := fc.Now().UnixNano() issued := fc.Now().UnixNano()
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ _, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCert.Raw, Der: parsedCert.Raw,
RegID: &reg.ID, RegID: &reg.ID,
Ocsp: nil, Ocsp: nil,
Issued: &issued, Issued: &issued,
}) })
test.AssertNotError(t, err, "Couldn't add test-cert.pem") test.AssertNotError(t, err, "Couldn't add test-cert.pem")
// We need to set a fake "ocspLastUpdated" value for the cert we created // Set a revokedReason to ensure it gets written into the OCSPResponse.
// in order to satisfy the "ocspStaleMaxAge" constraint.
fakeLastUpdate := fc.Now().Add(-time.Hour * 24 * 3)
_, err = dbMap.Exec( _, err = dbMap.Exec(
"UPDATE certificateStatus SET ocspLastUpdated = ?, revokedReason "UPDATE certificateStatus SET revokedReason = 1 WHERE serial = ?"
= 1 WHERE serial = ?", ,
fakeLastUpdate,
core.SerialToString(parsedCert.SerialNumber)) core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Couldn't update ocspLastUpdated") test.AssertNotError(t, err, "Couldn't update revokedReason")
// Jump time forward by 2 hours so the ocspLastUpdate value will be older
than
// the earliest lastUpdate time we care about.
fc.Set(fc.Now().Add(2 * time.Hour))
earliest := fc.Now().Add(-time.Hour) earliest := fc.Now().Add(-time.Hour)
statuses, err := updater.findStaleOCSPResponses(earliest, 10) statuses, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find status") test.AssertNotError(t, err, "Couldn't find status")
test.AssertEquals(t, len(statuses), 1) test.AssertEquals(t, len(statuses), 1)
test.AssertEquals(t, int(statuses[0].RevokedReason), 1) test.AssertEquals(t, int(statuses[0].RevokedReason), 1)
} }
func TestFindStaleOCSPResponsesStaleMaxAge(t *testing.T) {
updater, sa, dbMap, fc, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCertA, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
issued := fc.Now().UnixNano()
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCertA.Raw,
RegID: &reg.ID,
Ocsp: nil,
Issued: &issued,
})
test.AssertNotError(t, err, "Couldn't add test-cert.pem")
parsedCertB, err := core.LoadCert("test-cert-b.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCertB.Raw,
RegID: &reg.ID,
Ocsp: nil,
Issued: &issued,
})
test.AssertNotError(t, err, "Couldn't add test-cert-b.pem")
// Set a "ocspLastUpdated" value of 3 days ago for parsedCertA
okLastUpdated := fc.Now().Add(-time.Hour * 24 * 3)
_, err = dbMap.Exec(
"UPDATE certificateStatus SET ocspLastUpdated = ? WHERE serial =
?",
okLastUpdated,
core.SerialToString(parsedCertA.SerialNumber))
test.AssertNotError(t, err, "Couldn't update ocspLastUpdated for parsedCe
rtA")
// Set a "ocspLastUpdated" value of 35 days ago for parsedCertB
excludedLastUpdated := fc.Now().Add(-time.Hour * 24 * 35)
_, err = dbMap.Exec(
"UPDATE certificateStatus SET ocspLastUpdated = ? WHERE serial =
?",
excludedLastUpdated,
core.SerialToString(parsedCertB.SerialNumber))
test.AssertNotError(t, err, "Couldn't update ocspLastUpdated for parsedCe
rtB")
// Running `findStaleOCSPResponses should only find *ONE* of the above
// certificates, parsedCertA. The second should be excluded by the
// `ocspStaleMaxAge` cutoff.
earliest := fc.Now().Add(-time.Hour)
statuses, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find stale responses")
test.AssertEquals(t, len(statuses), 1)
test.AssertEquals(t, statuses[0].Serial, core.SerialToString(parsedCertA.
SerialNumber))
}
func TestOldOCSPResponsesTick(t *testing.T) { func TestOldOCSPResponsesTick(t *testing.T) {
updater, sa, _, fc, cleanUp := setup(t) updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem") parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate") test.AssertNotError(t, err, "Couldn't read test certificate")
issued := fc.Now().UnixNano() issued := fc.Now().UnixNano()
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ _, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCert.Raw, Der: parsedCert.Raw,
skipping to change at line 326 skipping to change at line 272
test.AssertNotError(t, err, "Couldn't run updateOCSPResponses") test.AssertNotError(t, err, "Couldn't run updateOCSPResponses")
certs, err := updater.findStaleOCSPResponses(fc.Now().Add(-updater.ocspMi nTimeToExpiry), 10) certs, err := updater.findStaleOCSPResponses(fc.Now().Add(-updater.ocspMi nTimeToExpiry), 10)
test.AssertNotError(t, err, "Failed to find stale responses") test.AssertNotError(t, err, "Failed to find stale responses")
test.AssertEquals(t, len(certs), 0) test.AssertEquals(t, len(certs), 0)
} }
// TestOldOCSPResponsesTickIsExpired checks that the old OCSP responses tick // TestOldOCSPResponsesTickIsExpired checks that the old OCSP responses tick
// updates the `IsExpired` field opportunistically as it encounters certificates // updates the `IsExpired` field opportunistically as it encounters certificates
// that are expired but whose certificate status rows do not have `IsExpired` // that are expired but whose certificate status rows do not have `IsExpired`
// set. // set, and that expired certs don't show up as having stale responses.
func TestOldOCSPResponsesTickIsExpired(t *testing.T) { func TestOldOCSPResponsesTickIsExpired(t *testing.T) {
updater, sa, dbMap, fc, cleanUp := setup(t) updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem") parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate") test.AssertNotError(t, err, "Couldn't read test certificate")
serial := core.SerialToString(parsedCert.SerialNumber) serial := core.SerialToString(parsedCert.SerialNumber)
// Add a new test certificate // Add a new test certificate
issued := fc.Now().UnixNano() issued := fc.Now().UnixNano()
_, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ _, err = sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: parsedCert.Raw, Der: parsedCert.Raw,
RegID: &reg.ID, RegID: &reg.ID,
Ocsp: nil, Ocsp: nil,
Issued: &issued, Issued: &issued,
}) })
test.AssertNotError(t, err, "Couldn't add test-cert.pem") test.AssertNotError(t, err, "Couldn't add test-cert.pem")
// We need to set a fake "ocspLastUpdated" value for the cert we created // Jump time forward by 2 hours so the ocspLastUpdate value will be older
// in order to satisfy the "ocspStaleMaxAge" constraint. It needs to fall than
// within the range of the updater.ocspMinTimeToExpiry we set later. // the earliest lastUpdate time we care about.
fakeLastUpdate := parsedCert.NotAfter.Add(-time.Hour) fc.Set(fc.Now().Add(2 * time.Hour))
_, err = dbMap.Exec( earliest := fc.Now().Add(-time.Hour)
"UPDATE certificateStatus SET ocspLastUpdated = ? WHERE serial =
?",
fakeLastUpdate,
serial)
test.AssertNotError(t, err, "Couldn't update ocspLastUpdated")
// The certificate isn't expired, so the certificate status should have // The certificate isn't expired, so the certificate status should have
// a false `IsExpired` // a false `IsExpired` and it should show up as stale.
cs, err := sa.GetCertificateStatus(ctx, serial) cs, err := sa.GetCertificateStatus(ctx, serial)
test.AssertNotError(t, err, fmt.Sprintf("Couldn't get certificate status for %q", serial)) test.AssertNotError(t, err, fmt.Sprintf("Couldn't get certificate status for %q", serial))
test.AssertEquals(t, cs.IsExpired, false) test.AssertEquals(t, cs.IsExpired, false)
statuses, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find status")
test.AssertEquals(t, len(statuses), 1)
// Advance the clock to the point that the certificate we added is now ex pired // Advance the clock to the point that the certificate we added is now ex pired
fc.Set(parsedCert.NotAfter.Add(time.Hour)) fc.Set(parsedCert.NotAfter.Add(2 * time.Hour))
earliest = fc.Now().Add(-time.Hour)
// Run the updateOCSPResponses so that it can have a chance to find expir ed // Run the updateOCSPResponses so that it can have a chance to find expir ed
// certificates // certificates
updater.ocspMinTimeToExpiry = 1 * time.Hour updater.ocspMinTimeToExpiry = 1 * time.Hour
err = updater.updateOCSPResponses(ctx, 10) err = updater.updateOCSPResponses(ctx, 10)
test.AssertNotError(t, err, "Couldn't run updateOCSPResponses") test.AssertNotError(t, err, "Couldn't run updateOCSPResponses")
// Since we advanced the fakeclock beyond our test certificate's NotAfter we // Since we advanced the fakeclock beyond our test certificate's NotAfter we
// expect the certificate status has been updated to have a true `IsExpir ed` // expect the certificate status has been updated to have a true `IsExpir ed`
cs, err = sa.GetCertificateStatus(ctx, serial) cs, err = sa.GetCertificateStatus(ctx, serial)
test.AssertNotError(t, err, fmt.Sprintf("Couldn't get certificate status for %q", serial)) test.AssertNotError(t, err, fmt.Sprintf("Couldn't get certificate status for %q", serial))
test.AssertEquals(t, cs.IsExpired, true) test.AssertEquals(t, cs.IsExpired, true)
statuses, err = updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find status")
test.AssertEquals(t, len(statuses), 0)
} }
func TestStoreResponseGuard(t *testing.T) { func TestStoreResponseGuard(t *testing.T) {
updater, sa, _, fc, cleanUp := setup(t) updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem") parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate") test.AssertNotError(t, err, "Couldn't read test certificate")
issued := fc.Now().UnixNano() issued := fc.Now().UnixNano()
skipping to change at line 430 skipping to change at line 378
err = updater.storeResponse(&status) err = updater.storeResponse(&status)
test.AssertNotError(t, err, "Failed to updated certificate status") test.AssertNotError(t, err, "Failed to updated certificate status")
// Make sure the OCSP response has been updated // Make sure the OCSP response has been updated
changedStatus, err := sa.GetCertificateStatus(ctx, core.SerialToString(pa rsedCert.SerialNumber)) changedStatus, err := sa.GetCertificateStatus(ctx, core.SerialToString(pa rsedCert.SerialNumber))
test.AssertNotError(t, err, "Failed to get certificate status") test.AssertNotError(t, err, "Failed to get certificate status")
test.AssertEquals(t, len(changedStatus.OCSPResponse), 3) test.AssertEquals(t, len(changedStatus.OCSPResponse), 3)
} }
func TestGenerateOCSPResponsePrecert(t *testing.T) { func TestGenerateOCSPResponsePrecert(t *testing.T) {
updater, sa, dbMap, fc, cleanUp := setup(t) updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
// Create a throw-away self signed certificate with some names // Create a throw-away self signed certificate with some names
serial, testCert := test.ThrowAwayCert(t, 5) serial, testCert := test.ThrowAwayCert(t, 5)
// Use AddPrecertificate to set up a precertificate, serials, and // Use AddPrecertificate to set up a precertificate, serials, and
// certificateStatus row for the testcert. // certificateStatus row for the testcert.
ocspResp := []byte{0, 0, 1} ocspResp := []byte{0, 0, 1}
regID := reg.ID regID := reg.ID
issuedTime := fc.Now().UnixNano() issuedTime := fc.Now().UnixNano()
_, err := sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{ _, err := sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
Der: testCert.Raw, Der: testCert.Raw,
RegID: &regID, RegID: &regID,
Ocsp: ocspResp, Ocsp: ocspResp,
Issued: &issuedTime, Issued: &issuedTime,
}) })
test.AssertNotError(t, err, "Couldn't add test-cert2.der") test.AssertNotError(t, err, "Couldn't add test-cert2.der")
// We need to set a fake "ocspLastUpdated" value for the precert we creat // Jump time forward by 2 hours so the ocspLastUpdate value will be older
ed than
// in order to satisfy the "ocspStaleMaxAge" constraint. // the earliest lastUpdate time we care about.
fakeLastUpdate := fc.Now().Add(-time.Hour * 24 * 3) fc.Set(fc.Now().Add(2 * time.Hour))
_, err = dbMap.Exec( earliest := fc.Now().Add(-time.Hour)
"UPDATE certificateStatus SET ocspLastUpdated = ? WHERE serial =
?",
fakeLastUpdate,
serial)
test.AssertNotError(t, err, "Couldn't update ocspLastUpdated")
// There should be one stale ocsp response found for the precert // There should be one stale ocsp response found for the precert
earliest := fc.Now().Add(-time.Hour)
certs, err := updater.findStaleOCSPResponses(earliest, 10) certs, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find stale responses") test.AssertNotError(t, err, "Couldn't find stale responses")
test.AssertEquals(t, len(certs), 1) test.AssertEquals(t, len(certs), 1)
test.AssertEquals(t, certs[0].Serial, serial) test.AssertEquals(t, certs[0].Serial, serial)
// Directly call generateResponse again with the same result. It should n ot // Directly call generateResponse again with the same result. It should n ot
// error and should instead update the precertificate's OCSP status even // error and should instead update the precertificate's OCSP status even
// though no certificate row exists. // though no certificate row exists.
_, err = updater.generateResponse(ctx, certs[0]) _, err = updater.generateResponse(ctx, certs[0])
test.AssertNotError(t, err, "generateResponse for precert errored") test.AssertNotError(t, err, "generateResponse for precert errored")
 End of changes. 28 change blocks. 
118 lines changed or deleted 55 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)