Skip to content

Commit e1a907b

Browse files
cpucpu
committed
pebble: add integration test for subproblems
Trying to issue for an order that contains a forbidden identifier should produce a top-level problem with one sub-problem that identifiers the specific identifier at fault.
1 parent d6f377c commit e1a907b

File tree

1 file changed

+43
-1
lines changed

1 file changed

+43
-1
lines changed

tests/pebble.rs

Lines changed: 43 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ use hyper_util::client::legacy::Client as HyperClient;
2020
use hyper_util::client::legacy::connect::HttpConnector;
2121
use hyper_util::rt::TokioExecutor;
2222
use instant_acme::{
23-
Account, AuthorizationStatus, Challenge, ChallengeType, Identifier, KeyAuthorization,
23+
Account, AuthorizationStatus, Challenge, ChallengeType, Error, Identifier, KeyAuthorization,
2424
NewAccount, NewOrder, Order, OrderStatus,
2525
};
2626
use rcgen::{CertificateParams, DistinguishedName, KeyPair};
@@ -88,6 +88,48 @@ async fn tls_alpn_01() -> Result<(), Box<dyn StdError>> {
8888
.await
8989
}
9090

91+
/// Test subproblem handling by trying to issue for a forbidden identifier.
92+
#[tokio::test]
93+
#[ignore]
94+
async fn forbidden_identifier() -> Result<(), Box<dyn StdError>> {
95+
let _ = tracing_subscriber::registry()
96+
.with(fmt::layer())
97+
.with(EnvFilter::from_default_env())
98+
.try_init();
99+
100+
debug!("starting Pebble CA environment");
101+
let config = EnvironmentConfig::default();
102+
let forbidden_name = config.pebble.domain_blocklist.first().unwrap();
103+
let err = Environment::new(EnvironmentConfig::default())
104+
.await?
105+
.test::<Http01>(&["valid.example.com", forbidden_name])
106+
.await
107+
.expect_err("issuing for blocked domain name should fail");
108+
109+
let Error::Api(problem) = *err.downcast::<Error>()? else {
110+
panic!("unexpected error result");
111+
};
112+
113+
assert_eq!(
114+
problem.r#type.as_deref(),
115+
Some("urn:ietf:params:acme:error:rejectedIdentifier")
116+
);
117+
let subproblems = problem.subproblems;
118+
assert_eq!(subproblems.len(), 1);
119+
120+
let first_subproblem = subproblems.first().unwrap();
121+
assert_eq!(
122+
first_subproblem.identifier,
123+
Some(Identifier::Dns(forbidden_name.to_string()))
124+
);
125+
assert_eq!(
126+
problem.r#type.as_deref(),
127+
Some("urn:ietf:params:acme:error:rejectedIdentifier")
128+
);
129+
130+
Ok(())
131+
}
132+
91133
/// A test environment running Pebble and a challenge test server
92134
///
93135
/// Subprocesses are torn down cleanly on drop to avoid leaving

0 commit comments

Comments
 (0)