Skip to content

Commit f13b8db

Browse files
beautifulentropybeautifulentropy
authored
Update publisher tests to use new realistic test certs (letsencrypt#5280)
A new, more realistic, test certificate hierarchy was added in letsencrypt#5273. Update publisher tests to use the test certificate hierarchy now present at test/hierarchy. Fixes letsencrypt#5279
1 parent 0a4b600 commit f13b8db

File tree

1 file changed

+23
-15
lines changed

1 file changed

+23
-15
lines changed

publisher/publisher_test.go

Lines changed: 23 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -119,34 +119,42 @@ func errorBodyLogSrv() *httptest.Server {
119119
}
120120

121121
func setup(t *testing.T) (*Impl, *x509.Certificate, *ecdsa.PrivateKey) {
122-
// Load our first chain using issuance.LoadChain
122+
// Load chain: R3 <- Root DST
123123
chain1, err := issuance.LoadChain([]string{
124-
"../test/test-ca2.pem",
125-
"../test/test-root.pem",
124+
"../test/hierarchy/int-r3-cross.cert.pem",
125+
"../test/hierarchy/root-dst.cert.pem",
126126
})
127127
test.AssertNotError(t, err, "failed to load chain1.")
128128

129-
// Load our second chain using issuance.LoadChain
129+
// Load chain: R3 <- Root X1
130130
chain2, err := issuance.LoadChain([]string{
131-
"../test/test-ca-cross.pem",
132-
"../test/test-root2.pem",
131+
"../test/hierarchy/int-r3.cert.pem",
132+
"../test/hierarchy/root-x1.cert.pem",
133133
})
134134
test.AssertNotError(t, err, "failed to load chain2.")
135135

136-
// Load our third chain using core.LoadCertBundle
136+
// Load chain: E1 <- Root X2
137+
chain3, err := issuance.LoadChain([]string{
138+
"../test/hierarchy/int-e1.cert.pem",
139+
"../test/hierarchy/root-x2.cert.pem",
140+
})
141+
test.AssertNotError(t, err, "failed to load chain3.")
142+
143+
// Load our fourth chain using core.LoadCertBundle
137144
// TODO(5269): Remove this after all configs have migrated to
138145
// `Chains`.
139-
chain3, err := core.LoadCertBundle("test/testIntermediate.pem")
140-
test.AssertNotError(t, err, "failed to load chain3.")
141-
chain3Issuer := issuance.Certificate{Certificate: chain3[0]}
146+
chain4, err := core.LoadCertBundle("test/testIntermediate.pem")
147+
test.AssertNotError(t, err, "failed to load chain4.")
148+
chain4Issuer := issuance.Certificate{Certificate: chain4[0]}
142149

143150
// Create an example issuerNameID to CT bundle mapping
144151
issuerBundles := map[issuance.IssuerNameID][]ct.ASN1Cert{
145152
chain1[0].NameID(): GetCTBundleForChain(chain1),
146153
chain2[0].NameID(): GetCTBundleForChain(chain2),
154+
chain3[0].NameID(): GetCTBundleForChain(chain3),
147155
// TODO(5269): Remove this after all configs have migrated to
148156
// `Chains`.
149-
chain3Issuer.NameID(): GetCTBundleForCerts(chain3),
157+
chain4Issuer.NameID(): GetCTBundleForCerts(chain4),
150158
}
151159
pub := New(
152160
issuerBundles,
@@ -155,8 +163,8 @@ func setup(t *testing.T) (*Impl, *x509.Certificate, *ecdsa.PrivateKey) {
155163
metrics.NoopRegisterer)
156164

157165
// Load leaf certificate
158-
leaf, err := core.LoadCert("../test/test-ee.pem")
159-
test.AssertNotError(t, err, "unable to load ../test/test-ee.pem")
166+
leaf, err := core.LoadCert("../test/hierarchy/ee-r3.cert.pem")
167+
test.AssertNotError(t, err, "unable to load leaf certificate.")
160168

161169
k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
162170
test.AssertNotError(t, err, "Couldn't generate test key")
@@ -378,8 +386,8 @@ func TestHTTPStatusMetric(t *testing.T) {
378386
}
379387
func Test_GetCTBundleForChain(t *testing.T) {
380388
chain, err := issuance.LoadChain([]string{
381-
"../test/test-ca2-cross.pem",
382-
"../test/test-root2.pem",
389+
"../test/hierarchy/int-r3.cert.pem",
390+
"../test/hierarchy/root-x1.cert.pem",
383391
})
384392
test.AssertNotError(t, err, "Failed to load chain.")
385393
expect := []ct.ASN1Cert{{Data: chain[0].Raw}}

0 commit comments

Comments
 (0)