- Squash previous commits for rebase.

- Add validated timestamp test to SA - Add validated timestamp test to RA
letsencrypt · Mar 2, 2021 · fede924 · fede924
1 parent 16a30be
commit fede924
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/ra/ra_test.go b/ra/ra_test.go
@@ -924,7 +924,7 @@ func TestPerformValidationAlreadyValid(t *testing.T) {
 }
 
 func TestPerformValidationSuccess(t *testing.T) {
-	va, sa, ra, _, cleanUp := initAuthorities(t)
+	va, sa, ra, fc, cleanUp := initAuthorities(t)
 	defer cleanUp()
 
 	// We know this is OK because of TestNewAuthorization
@@ -982,12 +982,16 @@ func TestPerformValidationSuccess(t *testing.T) {
 
 	// The DB authz's expiry should be equal to the current time plus the
 	// configured authorization lifetime
-	expectedExpires := ra.clk.Now().Add(ra.authorizationLifetime)
+	expectedExpires := fc.Now().Add(ra.authorizationLifetime)
 	test.AssertEquals(t, *dbAuthz.Expires, expectedExpires)
+
+	// Check that validated timestamp was recorded, stored, and retrieved
+	expectedValidated := fc.Now()
+	test.Assert(t, *dbAuthz.Challenges[challIdx].Validated == expectedValidated, "Validated timestamp incorrect or missing")
 }
 
 func TestPerformValidationVAError(t *testing.T) {
-	va, sa, ra, _, cleanUp := initAuthorities(t)
+	va, sa, ra, fc, cleanUp := initAuthorities(t)
 	defer cleanUp()
 
 	authz, err := ra.NewAuthorization(ctx, AuthzRequest, Registration.ID)
@@ -1032,6 +1036,10 @@ func TestPerformValidationVAError(t *testing.T) {
 	test.Assert(t, dbAuthz.Challenges[challIdx].Status == core.StatusInvalid, "challenge was not marked as invalid")
 	test.AssertContains(t, dbAuthz.Challenges[challIdx].Error.Error(), "Could not communicate with VA")
 	test.Assert(t, dbAuthz.Challenges[challIdx].ValidationRecord == nil, "challenge had a ValidationRecord")
+
+	// Check that validated timestamp was recorded, stored, and retrieved
+	expectedValidated := fc.Now()
+	test.Assert(t, *dbAuthz.Challenges[challIdx].Validated == expectedValidated, "Validated timestamp incorrect or missing")
 }
 
 func TestCertificateKeyNotEqualAccountKey(t *testing.T) {

diff --git a/sa/sa_test.go b/sa/sa_test.go
@@ -1870,7 +1870,10 @@ func TestFinalizeAuthorization2(t *testing.T) {
 	ids, err := sa.NewAuthorizations2(context.Background(), &sapb.AddPendingAuthorizationsRequest{Authz: []*corepb.Authorization{apb}})
 	test.AssertNotError(t, err, "sa.NewAuthorization failed")
 
+	fc.Set(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
 	expires = fc.Now().Add(time.Hour * 2).UTC().UnixNano()
+	attemptedAt := fc.Now().UnixNano()
+
 	ip, _ := net.ParseIP("1.1.1.1").MarshalText()
 	err = sa.FinalizeAuthorization2(context.Background(), &sapb.FinalizeAuthorizationRequest{
 		Id: ids.Ids[0],
@@ -1882,9 +1885,10 @@ func TestFinalizeAuthorization2(t *testing.T) {
 				AddressUsed: ip,
 			},
 		},
-		Status:    string(core.StatusValid),
-		Expires:   expires,
-		Attempted: string(core.ChallengeTypeDNS01),
+		Status:      string(core.StatusValid),
+		Expires:     expires,
+		Attempted:   string(core.ChallengeTypeDNS01),
+		AttemptedAt: attemptedAt,
 	})
 	test.AssertNotError(t, err, "sa.FinalizeAuthorization2 failed")
 
@@ -1894,6 +1898,7 @@ func TestFinalizeAuthorization2(t *testing.T) {
 	test.AssertEquals(t, time.Unix(0, dbVer.Expires).UTC(), fc.Now().Add(time.Hour*2).UTC())
 	test.AssertEquals(t, dbVer.Challenges[0].Status, string(core.StatusValid))
 	test.AssertEquals(t, len(dbVer.Challenges[0].Validationrecords), 1)
+	test.AssertEquals(t, time.Unix(0, dbVer.Challenges[0].Validated).UTC(), fc.Now().UTC())
 
 	apb2 := &corepb.Authorization{
 		Identifier:     "aaa",