forked from adamlaska/boulder
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrate_limits_test.go
More file actions
116 lines (101 loc) · 3.49 KB
/
rate_limits_test.go
File metadata and controls
116 lines (101 loc) · 3.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package sa
import (
"context"
"fmt"
"testing"
"time"
"github.com/letsencrypt/boulder/test"
)
func TestCertsPerNameRateLimitTable(t *testing.T) {
sa, _, cleanUp := initSA(t)
defer cleanUp()
aprilFirst, err := time.Parse(time.RFC3339, "2019-04-01T00:00:00Z")
if err != nil {
t.Fatal(err)
}
type inputCase struct {
time time.Time
names []string
}
inputs := []inputCase{
{aprilFirst, []string{"example.com"}},
{aprilFirst, []string{"example.com", "www.example.com"}},
{aprilFirst, []string{"example.com", "other.example.com"}},
{aprilFirst, []string{"dyndns.org"}},
{aprilFirst, []string{"mydomain.dyndns.org"}},
{aprilFirst, []string{"mydomain.dyndns.org"}},
{aprilFirst, []string{"otherdomain.dyndns.org"}},
}
// For each hour in a week, add an enry for a certificate that has
// progressively more names.
var manyNames []string
for i := 0; i < 7*24; i++ {
manyNames = append(manyNames, fmt.Sprintf("%d.manynames.example.net", i))
inputs = append(inputs, inputCase{aprilFirst.Add(time.Duration(i) * time.Hour), manyNames})
}
for _, input := range inputs {
tx, err := sa.dbMap.Begin()
if err != nil {
t.Fatal(err)
}
err = sa.addCertificatesPerName(context.Background(), tx, input.names, input.time)
if err != nil {
t.Fatal(err)
}
err = tx.Commit()
if err != nil {
t.Fatal(err)
}
}
const aWeek = time.Duration(7*24) * time.Hour
testCases := []struct {
caseName string
domainName string
expected int
}{
{"name doesn't exist", "non.example.org", 0},
{"base name gets dinged for all certs including it", "example.com", 3},
{"subdomain gets dinged for neighbors", "www.example.com", 3},
{"other subdomain", "other.example.com", 3},
{"many subdomains", "1.manynames.example.net", 168},
{"public suffix gets its own bucket", "dyndns.org", 1},
{"subdomain of public suffix gets its own bucket", "mydomain.dyndns.org", 2},
{"subdomain of public suffix gets its own bucket 2", "otherdomain.dyndns.org", 1},
}
for _, tc := range testCases {
t.Run(tc.caseName, func(t *testing.T) {
count, err := sa.countCertificatesByName(sa.dbMap, tc.domainName, aprilFirst.Add(-1*time.Second), aprilFirst.Add(aWeek))
if err != nil {
t.Fatal(err)
}
if count != tc.expected {
t.Errorf("Expected count of %d for %q, got %d", tc.expected, tc.domainName, count)
}
})
}
}
func TestNewOrdersRateLimitTable(t *testing.T) {
sa, _, cleanUp := initSA(t)
defer cleanUp()
zeroCountRegID := int64(1)
manyCountRegID := int64(2)
start := time.Now().Truncate(time.Minute)
for i := 0; i <= 10; i++ {
tx, err := sa.dbMap.Begin()
test.AssertNotError(t, err, "failed to open tx")
for j := 0; j < i+1; j++ {
err = addNewOrdersRateLimit(context.Background(), tx, manyCountRegID, start.Add(time.Minute*time.Duration(i)))
}
test.AssertNotError(t, err, "addNewOrdersRateLimit failed")
test.AssertNotError(t, tx.Commit(), "failed to commit tx")
}
count, err := countNewOrders(context.Background(), sa.dbMap, zeroCountRegID, start, start.Add(time.Minute*10))
test.AssertNotError(t, err, "countNewOrders failed")
test.AssertEquals(t, count, 0)
count, err = countNewOrders(context.Background(), sa.dbMap, manyCountRegID, start, start.Add(time.Minute*10))
test.AssertNotError(t, err, "countNewOrders failed")
test.AssertEquals(t, count, 65)
count, err = countNewOrders(context.Background(), sa.dbMap, manyCountRegID, start.Add(time.Minute*5), start.Add(time.Minute*10))
test.AssertNotError(t, err, "countNewOrders failed")
test.AssertEquals(t, count, 45)
}