Source file src/github.com/letsencrypt/boulder/test/integration/nonce_test.go

Documentation: github.com/letsencrypt/boulder/test/integration

     1  //go:build integration
     2  
     3  package integration
     4  
     5  import (
     6  	"context"
     7  	"os"
     8  	"strings"
     9  	"testing"
    10  
    11  	"github.com/jmhodges/clock"
    12  
    13  	"github.com/letsencrypt/boulder/cmd"
    14  	bgrpc "github.com/letsencrypt/boulder/grpc"
    15  	nb "github.com/letsencrypt/boulder/grpc/noncebalancer"
    16  	"github.com/letsencrypt/boulder/metrics"
    17  	"github.com/letsencrypt/boulder/nonce"
    18  	noncepb "github.com/letsencrypt/boulder/nonce/proto"
    19  	"github.com/letsencrypt/boulder/test"
    20  	"google.golang.org/grpc/status"
    21  )
    22  
    23  type nonceBalancerTestConfig struct {
    24  	NotWFE struct {
    25  		TLS                cmd.TLSConfig
    26  		GetNonceService    *cmd.GRPCClientConfig
    27  		RedeemNonceService *cmd.GRPCClientConfig
    28  		NoncePrefixKey     cmd.PasswordConfig
    29  	}
    30  }
    31  
    32  func TestNonceBalancer_NoBackendMatchingPrefix(t *testing.T) {
    33  	t.Parallel()
    34  
    35  	if !strings.Contains(os.Getenv("BOULDER_CONFIG_DIR"), "test/config-next") {
    36  		t.Skip("Derived nonce prefixes are only configured in config-next")
    37  	}
    38  
    39  	// We're going to use a minimal nonce service client called "notwfe" which
    40  	// masquerades as a wfe for the purpose of redeeming nonces.
    41  
    42  	// Load the test config.
    43  	var c nonceBalancerTestConfig
    44  	err := cmd.ReadConfigFile("test/integration/testdata/nonce-client.json", &c)
    45  	test.AssertNotError(t, err, "Could not read config file")
    46  
    47  	tlsConfig, err := c.NotWFE.TLS.Load(metrics.NoopRegisterer)
    48  	test.AssertNotError(t, err, "Could not load TLS config")
    49  
    50  	rncKey, err := c.NotWFE.NoncePrefixKey.Pass()
    51  	test.AssertNotError(t, err, "Failed to load noncePrefixKey")
    52  
    53  	clk := clock.New()
    54  
    55  	redeemNonceConn, err := bgrpc.ClientSetup(c.NotWFE.RedeemNonceService, tlsConfig, metrics.NoopRegisterer, clk)
    56  	test.AssertNotError(t, err, "Failed to load credentials and create gRPC connection to redeem nonce service")
    57  	rnc := nonce.NewRedeemer(redeemNonceConn)
    58  
    59  	// Attempt to redeem a nonce with a prefix that doesn't match any backends.
    60  	ctx := context.WithValue(context.Background(), nonce.PrefixCtxKey{}, "12345678")
    61  	ctx = context.WithValue(ctx, nonce.HMACKeyCtxKey{}, rncKey)
    62  	_, err = rnc.Redeem(ctx, &noncepb.NonceMessage{Nonce: "0123456789"})
    63  
    64  	// We expect to get a specific gRPC status error with code NotFound.
    65  	gotRPCStatus, ok := status.FromError(err)
    66  	test.Assert(t, ok, "Failed to convert error to status")
    67  	test.AssertEquals(t, gotRPCStatus, nb.ErrNoBackendsMatchPrefix)
    68  }
    69  

View as plain text