[Unix] Create a framework for certbot integration tests: PART 3e (#6951)

Following #6821, this PR continues to convert certbot integration tests into certbot-ci. This PR add tests covering checks on L430-447 in tests/certbot-boulder-integration.sh. Previous lines are covered with existing tests, or by #6946, #6947, #6948, #6949. * Add tests * Change param * Increase coverage min to 64% * Disable OCSP Must-Staple test for Pebble
2026-01-26 07:41:33 +03:00 · 2019-04-18 00:24:39 +02:00
parent 0ee1002edc
commit a58ad22002
2 changed files with 30 additions and 3 deletions
--- a/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py
+++ b/certbot-ci/certbot_integration_tests/certbot_tests/test_main.py
@@ -396,8 +396,35 @@ def test_reuse_key(context):
        cert3 = file.read()

    assert len({cert1, cert2, cert3}) == 3
-    
-    
+
+
+def test_ecdsa(context):
+    """Test certificate issuance with ECDSA key."""
+    key_path = join(context.workspace, 'privkey-p384.pem')
+    csr_path = join(context.workspace, 'csr-p384.der')
+    cert_path = join(context.workspace, 'cert-p384.pem')
+    chain_path = join(context.workspace, 'chain-p384.pem')
+
+    misc.generate_csr([context.get_domain('ecdsa')], key_path, csr_path, key_type=misc.ECDSA_KEY_TYPE)
+    context.certbot(['auth', '--csr', csr_path, '--cert-path', cert_path, '--chain-path', chain_path])
+
+    certificate = misc.read_certificate(cert_path)
+    assert 'ASN1 OID: secp384r1' in certificate
+
+
+def test_ocsp_must_staple(context):
+    """Test that OCSP Must-Staple is correctly set in the generated certificate."""
+    if context.acme_server == 'pebble':
+        pytest.skip('Pebble does not support OCSP Must-Staple.')
+
+    certname = context.get_domain('must-staple')
+    context.certbot(['auth', '--must-staple', '--domains', certname])
+
+    certificate = misc.read_certificate(join(context.config_dir,
+                                             'live/{0}/cert.pem').format(certname))
+    assert 'status_request' in certificate or '1.3.6.1.5.5.7.1.24' in certificate
+
+
 def test_revoke_simple(context):
    """Test various scenarios that revokes a certificate."""
    # Default action after revoke is to delete the certificate.
--- a/tox.ini
+++ b/tox.ini
@@ -259,6 +259,6 @@ commands =
        --cov=acme --cov=certbot --cov=certbot_nginx --cov-report= \
        --cov-config={toxinidir}/certbot-ci/certbot_integration_tests/.coveragerc \
        -W 'ignore:Unverified HTTPS request'
-    coverage report --include 'certbot/*' --show-missing --fail-under=56
+    coverage report --include 'certbot/*' --show-missing --fail-under=64
 passenv =
    DOCKER_*