"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "test/integration/revocation_test.go" between
boulder-release-2020-06-23.tar.gz and boulder-release-2020-06-29.tar.gz

About: Boulder is an ACME-based Certificate Authority (CA) used by Let’s Encrypt (written in Go).

revocation_test.go  (boulder-release-2020-06-23):revocation_test.go  (boulder-release-2020-06-29)
skipping to change at line 125 skipping to change at line 125
t.Fatalf("couldn't find rejected precert for %q", tc.domain) t.Fatalf("couldn't find rejected precert for %q", tc.domain)
} }
// To be confident that we're testing the right thing als o verify that the // To be confident that we're testing the right thing als o verify that the
// rejection is a poisoned precertificate. // rejection is a poisoned precertificate.
if !isPrecert(cert) { if !isPrecert(cert) {
t.Fatal("precert was missing poison extension") t.Fatal("precert was missing poison extension")
} }
// To start with the precertificate should have a Good OC SP response. // To start with the precertificate should have a Good OC SP response.
_, err = ocsp_helper.ReqDER(cert.Raw, ocsp.Good) ocspConfig := ocsp_helper.DefaultConfig.WithExpectStatus(
ocsp.Good)
_, err = ocsp_helper.ReqDER(cert.Raw, ocspConfig)
test.AssertNotError(t, err, "requesting OCSP for precert" ) test.AssertNotError(t, err, "requesting OCSP for precert" )
// Revoke the precertificate using the specified key and client // Revoke the precertificate using the specified key and client
err = tc.revokeClient.RevokeCertificate( err = tc.revokeClient.RevokeCertificate(
tc.revokeClient.Account, tc.revokeClient.Account,
cert, cert,
tc.revokeKey, tc.revokeKey,
ocsp.Unspecified) ocsp.Unspecified)
test.AssertNotError(t, err, "revoking precert") test.AssertNotError(t, err, "revoking precert")
// Check the OCSP response for the precertificate again. It should now be // Check the OCSP response for the precertificate again. It should now be
// revoked. // revoked.
_, err = ocsp_helper.ReqDER(cert.Raw, ocsp.Revoked) ocspConfig = ocsp_helper.DefaultConfig.WithExpectStatus(o
csp.Revoked)
_, err = ocsp_helper.ReqDER(cert.Raw, ocspConfig)
test.AssertNotError(t, err, "requesting OCSP for revoked precert") test.AssertNotError(t, err, "requesting OCSP for revoked precert")
}) })
} }
} }
func TestRevokeWithKeyCompromise(t *testing.T) { func TestRevokeWithKeyCompromise(t *testing.T) {
t.Parallel() t.Parallel()
if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") { if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") {
return return
} }
skipping to change at line 176 skipping to change at line 178
ocsp.KeyCompromise, ocsp.KeyCompromise,
) )
test.AssertNotError(t, err, "failed to revoke certificate") test.AssertNotError(t, err, "failed to revoke certificate")
// attempt to create a new account using the blacklisted key // attempt to create a new account using the blacklisted key
_, err = c.NewAccount(certKey, false, true) _, err = c.NewAccount(certKey, false, true)
test.AssertError(t, err, "NewAccount didn't fail with a blacklisted key") test.AssertError(t, err, "NewAccount didn't fail with a blacklisted key")
test.AssertEquals(t, err.Error(), `acme: error code 400 "urn:ietf:params: acme:error:badPublicKey": public key is forbidden`) test.AssertEquals(t, err.Error(), `acme: error code 400 "urn:ietf:params: acme:error:badPublicKey": public key is forbidden`)
// Check the OCSP response. It should be revoked with reason = 1 (keyComp romise) // Check the OCSP response. It should be revoked with reason = 1 (keyComp romise)
response, err := ocsp_helper.ReqDER(cert.Raw, ocsp.Revoked) ocspConfig := ocsp_helper.DefaultConfig.WithExpectStatus(ocsp.Revoked)
response, err := ocsp_helper.ReqDER(cert.Raw, ocspConfig)
test.AssertNotError(t, err, "requesting OCSP for revoked cert") test.AssertNotError(t, err, "requesting OCSP for revoked cert")
test.AssertEquals(t, response.RevocationReason, 1) test.AssertEquals(t, response.RevocationReason, 1)
} }
func TestBadKeyRevoker(t *testing.T) { func TestBadKeyRevoker(t *testing.T) {
t.Parallel() t.Parallel()
if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") { if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") {
return return
} }
skipping to change at line 221 skipping to change at line 224
} }
} }
err = cA.RevokeCertificate( err = cA.RevokeCertificate(
cA.Account, cA.Account,
badCert.certs[0], badCert.certs[0],
cA.Account.PrivateKey, cA.Account.PrivateKey,
ocsp.KeyCompromise, ocsp.KeyCompromise,
) )
test.AssertNotError(t, err, "failed to revoke certificate") test.AssertNotError(t, err, "failed to revoke certificate")
_, err = ocsp_helper.ReqDER(badCert.certs[0].Raw, ocsp.Revoked) ocspConfig := ocsp_helper.DefaultConfig.WithExpectStatus(ocsp.Revoked)
_, err = ocsp_helper.ReqDER(badCert.certs[0].Raw, ocspConfig)
test.AssertNotError(t, err, "ReqDER failed") test.AssertNotError(t, err, "ReqDER failed")
for _, cert := range certs { for _, cert := range certs {
for i := 0; i < 5; i++ { for i := 0; i < 5; i++ {
_, err = ocsp_helper.ReqDER(cert.Raw, ocsp.Revoked) _, err = ocsp_helper.ReqDER(cert.Raw, ocspConfig)
if err == nil { if err == nil {
break break
} }
if i == 5 { if i == 5 {
t.Fatal("timed out waiting for revoked OCSP statu s") t.Fatal("timed out waiting for revoked OCSP statu s")
} }
time.Sleep(time.Second) time.Sleep(time.Second)
} }
} }
 End of changes. 5 change blocks. 
5 lines changed or deleted 11 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)