1 package notmain
2
3 import (
4 "context"
5 "fmt"
6 "math/big"
7 "testing"
8 "time"
9
10 "github.com/jmhodges/clock"
11 capb "github.com/letsencrypt/boulder/ca/proto"
12 "github.com/letsencrypt/boulder/cmd"
13 "github.com/letsencrypt/boulder/core"
14 blog "github.com/letsencrypt/boulder/log"
15 "github.com/letsencrypt/boulder/metrics"
16 "github.com/letsencrypt/boulder/rocsp"
17 "github.com/letsencrypt/boulder/sa"
18 "github.com/letsencrypt/boulder/test"
19 "github.com/letsencrypt/boulder/test/vars"
20 "github.com/redis/go-redis/v9"
21 "golang.org/x/crypto/ocsp"
22 "google.golang.org/grpc"
23 )
24
25 func makeClient() (*rocsp.RWClient, clock.Clock) {
26 CACertFile := "../../test/redis-tls/minica.pem"
27 CertFile := "../../test/redis-tls/boulder/cert.pem"
28 KeyFile := "../../test/redis-tls/boulder/key.pem"
29 tlsConfig := cmd.TLSConfig{
30 CACertFile: CACertFile,
31 CertFile: CertFile,
32 KeyFile: KeyFile,
33 }
34 tlsConfig2, err := tlsConfig.Load(metrics.NoopRegisterer)
35 if err != nil {
36 panic(err)
37 }
38
39 rdb := redis.NewRing(&redis.RingOptions{
40 Addrs: map[string]string{
41 "shard1": "10.33.33.2:4218",
42 "shard2": "10.33.33.3:4218",
43 },
44 Username: "unittest-rw",
45 Password: "824968fa490f4ecec1e52d5e34916bdb60d45f8d",
46 TLSConfig: tlsConfig2,
47 })
48 clk := clock.NewFake()
49 return rocsp.NewWritingClient(rdb, 500*time.Millisecond, clk, metrics.NoopRegisterer), clk
50 }
51
52 func TestGetStartingID(t *testing.T) {
53 ctx := context.Background()
54
55 clk := clock.NewFake()
56 dbMap, err := sa.DBMapForTest(vars.DBConnSAFullPerms)
57 test.AssertNotError(t, err, "failed setting up db client")
58 defer test.ResetBoulderTestDatabase(t)()
59
60 cs := core.CertificateStatus{
61 Serial: "1337",
62 NotAfter: clk.Now().Add(12 * time.Hour),
63 }
64 err = dbMap.Insert(ctx, &cs)
65 test.AssertNotError(t, err, "inserting certificate status")
66 firstID := cs.ID
67
68 cs = core.CertificateStatus{
69 Serial: "1338",
70 NotAfter: clk.Now().Add(36 * time.Hour),
71 }
72 err = dbMap.Insert(ctx, &cs)
73 test.AssertNotError(t, err, "inserting certificate status")
74 secondID := cs.ID
75 t.Logf("first ID %d, second ID %d", firstID, secondID)
76
77 clk.Sleep(48 * time.Hour)
78
79 startingID, err := getStartingID(context.Background(), clk, dbMap)
80 test.AssertNotError(t, err, "getting starting ID")
81
82 test.AssertEquals(t, startingID, secondID)
83 }
84
85 func TestStoreResponse(t *testing.T) {
86 redisClient, clk := makeClient()
87
88 issuer, err := core.LoadCert("../../test/hierarchy/int-e1.cert.pem")
89 test.AssertNotError(t, err, "loading int-e1")
90
91 issuerKey, err := test.LoadSigner("../../test/hierarchy/int-e1.key.pem")
92 test.AssertNotError(t, err, "loading int-e1 key ")
93 response, err := ocsp.CreateResponse(issuer, issuer, ocsp.Response{
94 SerialNumber: big.NewInt(1337),
95 Status: 0,
96 ThisUpdate: clk.Now(),
97 NextUpdate: clk.Now().Add(time.Hour),
98 }, issuerKey)
99 test.AssertNotError(t, err, "creating OCSP response")
100
101 cl := client{
102 redis: redisClient,
103 db: nil,
104 ocspGenerator: nil,
105 clk: clk,
106 logger: blog.NewMock(),
107 }
108
109 err = cl.storeResponse(context.Background(), response)
110 test.AssertNotError(t, err, "storing response")
111 }
112
113 type mockOCSPGenerator struct{}
114
115 func (mog mockOCSPGenerator) GenerateOCSP(ctx context.Context, in *capb.GenerateOCSPRequest, opts ...grpc.CallOption) (*capb.OCSPResponse, error) {
116 return &capb.OCSPResponse{
117 Response: []byte("phthpbt"),
118 }, nil
119
120 }
121
122 func TestLoadFromDB(t *testing.T) {
123 redisClient, clk := makeClient()
124
125 dbMap, err := sa.DBMapForTest(vars.DBConnSA)
126 if err != nil {
127 t.Fatalf("Failed to create dbMap: %s", err)
128 }
129
130 defer test.ResetBoulderTestDatabase(t)
131
132 for i := 0; i < 100; i++ {
133 err = dbMap.Insert(context.Background(), &core.CertificateStatus{
134 Serial: fmt.Sprintf("%036x", i),
135 NotAfter: clk.Now().Add(200 * time.Hour),
136 OCSPLastUpdated: clk.Now(),
137 })
138 if err != nil {
139 t.Fatalf("Failed to insert certificateStatus: %s", err)
140 }
141 }
142
143 rocspToolClient := client{
144 redis: redisClient,
145 db: dbMap,
146 ocspGenerator: mockOCSPGenerator{},
147 clk: clk,
148 scanBatchSize: 10,
149 logger: blog.NewMock(),
150 }
151
152 speed := ProcessingSpeed{
153 RowsPerSecond: 10000,
154 ParallelSigns: 100,
155 }
156
157 err = rocspToolClient.loadFromDB(context.Background(), speed, 0)
158 if err != nil {
159 t.Fatalf("loading from DB: %s", err)
160 }
161 }
162
View as plain text