integration: Move test_order_finalize_early to the Go tests (letsencrypt#8258)

Hyrum’s Law strikes again: our Python integration tests were implicitly
relying on behavior that was changed upstream in Certbot’s ACME client
(see certbot/certbot#10239). To ensure continued
coverage, replicate this test in our Go integration test suite.

Author: beautifulentropy

test/integration/errors_test.go

@@ -5,9 +5,12 @@ package integration
 import (
 	"bytes"
 	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -277,3 +280,45 @@ func TestBadSignatureAlgorithm(t *testing.T) {
 		t.Error("problem document MUST contain acceptable algorithms, got none")
 	}
 }
+
+// TestOrderFinalizeEarly tests that finalizing an order before it is fully
+// authorized results in an orderNotReady error.
+func TestOrderFinalizeEarly(t *testing.T) {
+	t.Parallel()
+
+	client, err := makeClient()
+	if err != nil {
+		t.Fatalf("creating acme client: %s", err)
+	}
+
+	idents := []acme.Identifier{{Type: "dns", Value: randomDomain(t)}}
+
+	order, err := client.Client.NewOrder(client.Account, idents)
+	if err != nil {
+		t.Fatalf("creating order: %s", err)
+	}
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatalf("generating key: %s", err)
+	}
+	csr, err := makeCSR(key, idents, false)
+	if err != nil {
+		t.Fatalf("generating CSR: %s", err)
+	}
+
+	order, err = client.Client.FinalizeOrder(client.Account, order, csr)
+	if err == nil {
+		t.Fatal("expected finalize to fail, but got success")
+	}
+	var prob acme.Problem
+	ok := errors.As(err, &prob)
+	if !ok {
+		t.Fatalf("expected error to be of type acme.Problem, got: %T", err)
+	}
+	if prob.Type != "urn:ietf:params:acme:error:orderNotReady" {
+		t.Errorf("expected problem type 'urn:ietf:params:acme:error:orderNotReady', got: %s", prob.Type)
+	}
+	if order.Status != "pending" {
+		t.Errorf("expected order status to be pending, got: %s", order.Status)
+	}
+}

test/v2_integration.py

@@ -647,27 +647,6 @@ def test_order_reuse_failed_authz():
     finally:
         cleanup()
 
-def test_order_finalize_early():
-    """
-    Test that finalizing an order before its fully authorized results in the
-    order having an error set and the status being invalid.
-    """
-    # Create a client
-    client = chisel2.make_client(None)
-
-    # Create a random domain and a csr
-    domains = [ random_domain() ]
-    csr_pem = chisel2.make_csr(domains)
-
-    # Create an order for the domain
-    order = client.new_order(csr_pem)
-
-    deadline = datetime.datetime.now() + datetime.timedelta(seconds=5)
-
-    # Finalizing an order early should generate an orderNotReady error.
-    chisel2.expect_problem("urn:ietf:params:acme:error:orderNotReady",
-        lambda: client.finalize_order(order, deadline))
-
 def test_only_return_existing_reg():
     client = chisel2.uninitialized_client()
     email = "[email protected]"