1
2
3 package integration
4
5 import (
6 "crypto/ecdsa"
7 "crypto/elliptic"
8 "crypto/rand"
9 "os"
10 "testing"
11
12 "github.com/letsencrypt/boulder/test"
13 )
14
15 func TestSubordinateCAChainsServedByWFE(t *testing.T) {
16 t.Parallel()
17
18 if os.Getenv("BOULDER_CONFIG_DIR") != "test/config-next" {
19 t.Skip("Skipping test in config")
20 }
21
22 client, err := makeClient("mailto:example@letsencrypt.org")
23 test.AssertNotError(t, err, "creating acme client")
24
25 key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
26 test.AssertNotError(t, err, "creating random cert key")
27
28 name := random_domain()
29 chains, err := authAndIssueFetchAllChains(client, key, []string{name}, true)
30 test.AssertNotError(t, err, "failed to issue test cert")
31
32
33 test.AssertEquals(t, len(chains.certs), 2)
34
35 seenECDSAIntermediate := false
36 seenECDSACrossSignedIntermediate := false
37 for _, certUrl := range chains.certs {
38 for _, cert := range certUrl {
39 if cert.Subject.String() == "CN=CA intermediate (ECDSA) A,O=good guys,C=US" && cert.Issuer.String() == "CN=CA root (ECDSA),O=good guys,C=US" {
40 seenECDSAIntermediate = true
41 }
42 if cert.Subject.String() == "CN=CA intermediate (ECDSA) A,O=good guys,C=US" && cert.Issuer.String() == "CN=CA root (RSA),O=good guys,C=US" {
43 seenECDSACrossSignedIntermediate = true
44 }
45 }
46 }
47 test.Assert(t, seenECDSAIntermediate, "did not see ECDSA intermediate and should have")
48 test.Assert(t, seenECDSACrossSignedIntermediate, "did not see ECDSA by RSA cross-signed intermediate and should have")
49 }
50
View as plain text