Reduce duplicated logging of errors in WFE (#3071)
In7d04ea9we introduced the notion of a requestEvent, which had an AddError method that could be called to log an error. In that change we also added an AddError call before every wfe.sendError, to ensure errors got logged. Indc58017, we made it so that sendError would automatically add its errors to the request event, so we wouldn't need to write AddError everywhere. However, we never cleaned up the existing AddError calls, and since then have tended to "follow local style" and add a redundant AddError before many of our sendError calls. This change attempts to undo some of that, by removing all AddError calls that appear to be redundant with the sendError call immediately following. It also adds a section on error handling to CONTRIBUTING.md.
This commit is contained in:
Jacob Hoffman-Andrews
Roland Bracewell Shoemaker
parent
9ab2ff4e03
commit
254537ea48
|
|
@ -39,6 +39,41 @@ request into the body of the commit message.
|
||||||
|
|
||||||
If the Travis tests are failing on your branch, you should look at the logs to figure out why. Sometimes they fail spuriously, in which case you can post a comment requesting that a project owner kick the build.
|
If the Travis tests are failing on your branch, you should look at the logs to figure out why. Sometimes they fail spuriously, in which case you can post a comment requesting that a project owner kick the build.
|
||||||
|
|
||||||
|
# Error handling
|
||||||
|
|
||||||
|
All errors must be addressed in some way: That may be simply by returning an
|
||||||
|
error up the stack, or by handling it in some intelligent way where it is
|
||||||
|
generated, or by explicitly ignoring it and assigning to `_`. We use the `errcheck`
|
||||||
|
tool in our integration tests to make sure all errors are addressed. Note that
|
||||||
|
ignoring errors, even in tests, should be rare, since they may generate
|
||||||
|
hard-to-debug problems.
|
||||||
|
|
||||||
|
We define two special types of error. `BoulderError`, defined in
|
||||||
|
errors/errors.go, is used specifically when an typed error needs to be passed
|
||||||
|
across an RPC boundary. For instance, if the SA returns "not found", callers
|
||||||
|
need to be able to distinguish that from a network error. Not every error that
|
||||||
|
may pass across an RPC boundary needs to be a BoulderError, only those errors
|
||||||
|
that need to be handled by type elsewhere. Handling by type may be as simple as
|
||||||
|
turning a BoulderError into a specific type of ProblemDetail.
|
||||||
|
|
||||||
|
The other special type of error is `ProblemDetails`. We try to treat these as a
|
||||||
|
presentation-layer detail, and use them only in parts of the system that are
|
||||||
|
responsible for rendering errors to end-users, i.e. wfe and wfe2. Note
|
||||||
|
one exception: The VA RPC layer defines its own `ProblemDetails` type, which is
|
||||||
|
returned to the RA and stored as part of a challenge (to eventually be rendered
|
||||||
|
to the user).
|
||||||
|
|
||||||
|
Within WFE and WFE2, ProblemDetails are sent to the client by calling
|
||||||
|
`sendError()`, which also logs the error. For internal errors like timeout,
|
||||||
|
or any error type that we haven't specifically turned into a ProblemDetail, we
|
||||||
|
return a ServerInternal error. This avoids unnecessarily exposing internals.
|
||||||
|
It's possible to add additional errors to a logEvent using `.AddError()`, but
|
||||||
|
this should only be done when there is is internal-only information to log
|
||||||
|
that isn't redundant with the ProblemDetails sent to the user. Note that the
|
||||||
|
final argument to `sendError()`, `ierr`, will automatically get added to the
|
||||||
|
logEvent for ServerInternal errors, so when sending a ServerInternal error it's
|
||||||
|
not necessary to separately call `.AddError`.
|
||||||
|
|
||||||
# Deployability
|
# Deployability
|
||||||
|
|
||||||
We want to ensure that a new Boulder revision can be deployed to the currently running Boulder production instance without requiring config changes first. We also want to ensure that during a deploy, services can be restarted in any order. That means two things:
|
We want to ensure that a new Boulder revision can be deployed to the currently running Boulder production instance without requiring config changes first. We also want to ensure that during a deploy, services can be restarted in any order. That means two things:
|
||||||
|
|
|
||||||
62
wfe/wfe.go
62
wfe/wfe.go
|
|
@ -480,21 +480,18 @@ func (wfe *WebFrontEndImpl) verifyPOST(ctx context.Context, logEvent *requestEve
|
||||||
|
|
||||||
if _, ok := request.Header["Content-Length"]; !ok {
|
if _, ok := request.Header["Content-Length"]; !ok {
|
||||||
wfe.stats.Inc("HTTP.ClientErrors.LengthRequiredError", 1)
|
wfe.stats.Inc("HTTP.ClientErrors.LengthRequiredError", 1)
|
||||||
logEvent.AddError("missing Content-Length header on POST")
|
|
||||||
return nil, nil, reg, probs.ContentLengthRequired()
|
return nil, nil, reg, probs.ContentLengthRequired()
|
||||||
}
|
}
|
||||||
|
|
||||||
// Read body
|
// Read body
|
||||||
if request.Body == nil {
|
if request.Body == nil {
|
||||||
wfe.stats.Inc("Errors.NoPOSTBody", 1)
|
wfe.stats.Inc("Errors.NoPOSTBody", 1)
|
||||||
logEvent.AddError("no body on POST")
|
|
||||||
return nil, nil, reg, probs.Malformed("No body on POST")
|
return nil, nil, reg, probs.Malformed("No body on POST")
|
||||||
}
|
}
|
||||||
|
|
||||||
bodyBytes, err := ioutil.ReadAll(request.Body)
|
bodyBytes, err := ioutil.ReadAll(request.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
wfe.stats.Inc("Errors.UnableToReadRequestBody", 1)
|
wfe.stats.Inc("Errors.UnableToReadRequestBody", 1)
|
||||||
logEvent.AddError("unable to read request body")
|
|
||||||
return nil, nil, reg, probs.ServerInternal("unable to read request body")
|
return nil, nil, reg, probs.ServerInternal("unable to read request body")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -508,7 +505,6 @@ func (wfe *WebFrontEndImpl) verifyPOST(ctx context.Context, logEvent *requestEve
|
||||||
// the signature itself.
|
// the signature itself.
|
||||||
submittedKey, parsedJws, err := wfe.extractJWSKey(body)
|
submittedKey, parsedJws, err := wfe.extractJWSKey(body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError(err.Error())
|
|
||||||
return nil, nil, reg, probs.Malformed(err.Error())
|
return nil, nil, reg, probs.Malformed(err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -523,7 +519,6 @@ func (wfe *WebFrontEndImpl) verifyPOST(ctx context.Context, logEvent *requestEve
|
||||||
// to check its quality before doing the verify.
|
// to check its quality before doing the verify.
|
||||||
if err = wfe.keyPolicy.GoodKey(submittedKey.Key); err != nil {
|
if err = wfe.keyPolicy.GoodKey(submittedKey.Key); err != nil {
|
||||||
wfe.stats.Inc("Errors.JWKRejectedByGoodKey", 1)
|
wfe.stats.Inc("Errors.JWKRejectedByGoodKey", 1)
|
||||||
logEvent.AddError("JWK in request was rejected by GoodKey: %s", err)
|
|
||||||
return nil, nil, reg, probs.Malformed(err.Error())
|
return nil, nil, reg, probs.Malformed(err.Error())
|
||||||
}
|
}
|
||||||
key = submittedKey
|
key = submittedKey
|
||||||
|
|
@ -570,12 +565,10 @@ func (wfe *WebFrontEndImpl) verifyPOST(ctx context.Context, logEvent *requestEve
|
||||||
logEvent.RequestNonce = nonce
|
logEvent.RequestNonce = nonce
|
||||||
if len(nonce) == 0 {
|
if len(nonce) == 0 {
|
||||||
wfe.stats.Inc("Errors.JWSMissingNonce", 1)
|
wfe.stats.Inc("Errors.JWSMissingNonce", 1)
|
||||||
logEvent.AddError("JWS is missing an anti-replay nonce")
|
|
||||||
return nil, nil, reg, probs.BadNonce("JWS has no anti-replay nonce")
|
return nil, nil, reg, probs.BadNonce("JWS has no anti-replay nonce")
|
||||||
} else if !wfe.nonceService.Valid(nonce) {
|
} else if !wfe.nonceService.Valid(nonce) {
|
||||||
wfe.stats.Inc("Errors.JWSInvalidNonce", 1)
|
wfe.stats.Inc("Errors.JWSInvalidNonce", 1)
|
||||||
logEvent.AddError("JWS has an invalid anti-replay nonce: %s", nonce)
|
return nil, nil, reg, probs.BadNonce(fmt.Sprintf("JWS has invalid anti-replay nonce %s", nonce))
|
||||||
return nil, nil, reg, probs.BadNonce(fmt.Sprintf("JWS has invalid anti-replay nonce %v", nonce))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check that the "resource" field is present and has the correct value
|
// Check that the "resource" field is present and has the correct value
|
||||||
|
|
@ -585,16 +578,13 @@ func (wfe *WebFrontEndImpl) verifyPOST(ctx context.Context, logEvent *requestEve
|
||||||
err = json.Unmarshal([]byte(payload), &parsedRequest)
|
err = json.Unmarshal([]byte(payload), &parsedRequest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
wfe.stats.Inc("Errors.UnparseableJWSPayload", 1)
|
wfe.stats.Inc("Errors.UnparseableJWSPayload", 1)
|
||||||
logEvent.AddError("unable to JSON parse resource from JWS payload: %s", err)
|
|
||||||
return nil, nil, reg, probs.Malformed("Request payload did not parse as JSON")
|
return nil, nil, reg, probs.Malformed("Request payload did not parse as JSON")
|
||||||
}
|
}
|
||||||
if parsedRequest.Resource == "" {
|
if parsedRequest.Resource == "" {
|
||||||
wfe.stats.Inc("Errors.NoResourceInJWSPayload", 1)
|
wfe.stats.Inc("Errors.NoResourceInJWSPayload", 1)
|
||||||
logEvent.AddError("JWS request payload does not specify a resource")
|
|
||||||
return nil, nil, reg, probs.Malformed("Request payload does not specify a resource")
|
return nil, nil, reg, probs.Malformed("Request payload does not specify a resource")
|
||||||
} else if resource != core.AcmeResource(parsedRequest.Resource) {
|
} else if resource != core.AcmeResource(parsedRequest.Resource) {
|
||||||
wfe.stats.Inc("Errors.MismatchedResourceInJWSPayload", 1)
|
wfe.stats.Inc("Errors.MismatchedResourceInJWSPayload", 1)
|
||||||
logEvent.AddError("JWS request payload does not match resource")
|
|
||||||
return nil, nil, reg, probs.Malformed("JWS resource payload does not match the HTTP resource: %s != %s", parsedRequest.Resource, resource)
|
return nil, nil, reg, probs.Malformed("JWS resource payload does not match the HTTP resource: %s != %s", parsedRequest.Resource, resource)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -687,7 +677,6 @@ func (wfe *WebFrontEndImpl) NewRegistration(ctx context.Context, logEvent *reque
|
||||||
|
|
||||||
reg, err := wfe.RA.NewRegistration(ctx, init)
|
reg, err := wfe.RA.NewRegistration(ctx, init)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to create new registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new registration"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -709,7 +698,6 @@ func (wfe *WebFrontEndImpl) NewRegistration(ctx context.Context, logEvent *reque
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because we just created this registration, and it
|
// ServerInternal because we just created this registration, and it
|
||||||
// should be OK.
|
// should be OK.
|
||||||
logEvent.AddError("unable to marshal registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Error marshaling registration"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Error marshaling registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -734,7 +722,6 @@ func (wfe *WebFrontEndImpl) NewAuthorization(ctx context.Context, logEvent *requ
|
||||||
|
|
||||||
var init core.Authorization
|
var init core.Authorization
|
||||||
if err := json.Unmarshal(body, &init); err != nil {
|
if err := json.Unmarshal(body, &init); err != nil {
|
||||||
logEvent.AddError("unable to JSON unmarshal Authorization: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling JSON"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling JSON"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -743,7 +730,6 @@ func (wfe *WebFrontEndImpl) NewAuthorization(ctx context.Context, logEvent *requ
|
||||||
// Create new authz and return
|
// Create new authz and return
|
||||||
authz, err := wfe.RA.NewAuthorization(ctx, init, currReg.ID)
|
authz, err := wfe.RA.NewAuthorization(ctx, init, currReg.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to create new authz: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new authz"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new authz"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -799,14 +785,12 @@ func (wfe *WebFrontEndImpl) RevokeCertificate(ctx context.Context, logEvent *req
|
||||||
}
|
}
|
||||||
var revokeRequest RevokeRequest
|
var revokeRequest RevokeRequest
|
||||||
if err := json.Unmarshal(body, &revokeRequest); err != nil {
|
if err := json.Unmarshal(body, &revokeRequest); err != nil {
|
||||||
logEvent.AddError(fmt.Sprintf("Couldn't unmarshal in revoke request %s", string(body)))
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Unable to JSON parse revoke request"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Unable to JSON parse revoke request"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
providedCert, err := x509.ParseCertificate(revokeRequest.CertificateDER)
|
providedCert, err := x509.ParseCertificate(revokeRequest.CertificateDER)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to parse revoke certificate DER: %s", err)
|
wfe.sendError(response, logEvent, probs.Malformed("Unable to parse revoke certificate DER"), err)
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Unable to parse certificate DER"), err)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -839,7 +823,6 @@ func (wfe *WebFrontEndImpl) RevokeCertificate(ctx context.Context, logEvent *req
|
||||||
logEvent.Extra["CertificateStatus"] = certStatus.Status
|
logEvent.Extra["CertificateStatus"] = certStatus.Status
|
||||||
|
|
||||||
if certStatus.Status == core.OCSPStatusRevoked {
|
if certStatus.Status == core.OCSPStatusRevoked {
|
||||||
logEvent.AddError("Certificate already revoked: %#v", serial)
|
|
||||||
wfe.sendError(response, logEvent, probs.Conflict("Certificate already revoked"), nil)
|
wfe.sendError(response, logEvent, probs.Conflict("Certificate already revoked"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -847,7 +830,6 @@ func (wfe *WebFrontEndImpl) RevokeCertificate(ctx context.Context, logEvent *req
|
||||||
if !(core.KeyDigestEquals(requestKey, parsedCertificate.PublicKey) || registration.ID == cert.RegistrationID) {
|
if !(core.KeyDigestEquals(requestKey, parsedCertificate.PublicKey) || registration.ID == cert.RegistrationID) {
|
||||||
valid, err := wfe.regHoldsAuthorizations(ctx, registration.ID, parsedCertificate.DNSNames)
|
valid, err := wfe.regHoldsAuthorizations(ctx, registration.ID, parsedCertificate.DNSNames)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("regHoldsAuthorizations failed: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to retrieve authorizations for names in certificate"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to retrieve authorizations for names in certificate"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -864,7 +846,6 @@ func (wfe *WebFrontEndImpl) RevokeCertificate(ctx context.Context, logEvent *req
|
||||||
reason := revocation.Reason(0)
|
reason := revocation.Reason(0)
|
||||||
if revokeRequest.Reason != nil && wfe.AcceptRevocationReason {
|
if revokeRequest.Reason != nil && wfe.AcceptRevocationReason {
|
||||||
if _, present := revocation.UserAllowedReasons[*revokeRequest.Reason]; !present {
|
if _, present := revocation.UserAllowedReasons[*revokeRequest.Reason]; !present {
|
||||||
logEvent.AddError("unsupported revocation reason code provided")
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("unsupported revocation reason code provided"), nil)
|
wfe.sendError(response, logEvent, probs.Malformed("unsupported revocation reason code provided"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -873,7 +854,6 @@ func (wfe *WebFrontEndImpl) RevokeCertificate(ctx context.Context, logEvent *req
|
||||||
|
|
||||||
err = wfe.RA.RevokeCertificateWithReg(ctx, *parsedCertificate, reason, registration.ID)
|
err = wfe.RA.RevokeCertificateWithReg(ctx, *parsedCertificate, reason, registration.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("failed to revoke certificate: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Failed to revoke certificate"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Failed to revoke certificate"), err)
|
||||||
} else {
|
} else {
|
||||||
wfe.log.Debug(fmt.Sprintf("Revoked %v", serial))
|
wfe.log.Debug(fmt.Sprintf("Revoked %v", serial))
|
||||||
|
|
@ -915,7 +895,6 @@ func (wfe *WebFrontEndImpl) NewCertificate(ctx context.Context, logEvent *reques
|
||||||
var rawCSR core.RawCertificateRequest
|
var rawCSR core.RawCertificateRequest
|
||||||
err := json.Unmarshal(body, &rawCSR)
|
err := json.Unmarshal(body, &rawCSR)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to JSON unmarshal CertificateRequest: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling certificate request"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling certificate request"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -940,7 +919,6 @@ func (wfe *WebFrontEndImpl) NewCertificate(ctx context.Context, logEvent *reques
|
||||||
certificateRequest := core.CertificateRequest{Bytes: rawCSR.CSR}
|
certificateRequest := core.CertificateRequest{Bytes: rawCSR.CSR}
|
||||||
certificateRequest.CSR, err = x509.ParseCertificateRequest(rawCSR.CSR)
|
certificateRequest.CSR, err = x509.ParseCertificateRequest(rawCSR.CSR)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to parse certificate request: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error parsing certificate request: %s", err), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error parsing certificate request: %s", err), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -952,7 +930,6 @@ func (wfe *WebFrontEndImpl) NewCertificate(ctx context.Context, logEvent *reques
|
||||||
// a bad key from the client is just a malformed request and doesn't need to
|
// a bad key from the client is just a malformed request and doesn't need to
|
||||||
// be audited.
|
// be audited.
|
||||||
if err := wfe.keyPolicy.GoodKey(certificateRequest.CSR.PublicKey); err != nil {
|
if err := wfe.keyPolicy.GoodKey(certificateRequest.CSR.PublicKey); err != nil {
|
||||||
logEvent.AddError("CSR public key failed GoodKey: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Invalid key in certificate request :: %s", err), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Invalid key in certificate request :: %s", err), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -971,7 +948,6 @@ func (wfe *WebFrontEndImpl) NewCertificate(ctx context.Context, logEvent *reques
|
||||||
// RA for secondary validation.
|
// RA for secondary validation.
|
||||||
cert, err := wfe.RA.NewCertificate(ctx, certificateRequest, reg.ID)
|
cert, err := wfe.RA.NewCertificate(ctx, certificateRequest, reg.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to create new cert: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new cert"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new cert"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -982,7 +958,6 @@ func (wfe *WebFrontEndImpl) NewCertificate(ctx context.Context, logEvent *reques
|
||||||
// enumerate and mirror our certificates.
|
// enumerate and mirror our certificates.
|
||||||
parsedCertificate, err := x509.ParseCertificate([]byte(cert.DER))
|
parsedCertificate, err := x509.ParseCertificate([]byte(cert.DER))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to parse certificate: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Unable to parse certificate"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Unable to parse certificate"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -993,7 +968,6 @@ func (wfe *WebFrontEndImpl) NewCertificate(ctx context.Context, logEvent *reques
|
||||||
response.Header().Add("Location", certURL)
|
response.Header().Add("Location", certURL)
|
||||||
if features.Enabled(features.UseAIAIssuerURL) {
|
if features.Enabled(features.UseAIAIssuerURL) {
|
||||||
if err = wfe.addIssuingCertificateURLs(response, parsedCertificate.IssuingCertificateURL); err != nil {
|
if err = wfe.addIssuingCertificateURLs(response, parsedCertificate.IssuingCertificateURL); err != nil {
|
||||||
logEvent.AddError("unable to parse IssuingCertificateURL: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("unable to parse IssuingCertificateURL"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("unable to parse IssuingCertificateURL"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1049,7 +1023,6 @@ func (wfe *WebFrontEndImpl) Challenge(
|
||||||
|
|
||||||
// After expiring, challenges are inaccessible
|
// After expiring, challenges are inaccessible
|
||||||
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
||||||
logEvent.AddError("Authorization %v expired in the past (%v)", authz.ID, *authz.Expires)
|
|
||||||
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1124,7 +1097,6 @@ func (wfe *WebFrontEndImpl) getChallenge(
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// InternalServerError because this is a failure to decode data passed in
|
// InternalServerError because this is a failure to decode data passed in
|
||||||
// by the caller, which got it from the DB.
|
// by the caller, which got it from the DB.
|
||||||
logEvent.AddError("unable to marshal challenge: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1166,7 +1138,6 @@ func (wfe *WebFrontEndImpl) postChallenge(
|
||||||
|
|
||||||
var challengeUpdate core.Challenge
|
var challengeUpdate core.Challenge
|
||||||
if err := json.Unmarshal(body, &challengeUpdate); err != nil {
|
if err := json.Unmarshal(body, &challengeUpdate); err != nil {
|
||||||
logEvent.AddError("error JSON unmarshaling challenge response: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling challenge response"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling challenge response"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1174,7 +1145,6 @@ func (wfe *WebFrontEndImpl) postChallenge(
|
||||||
// Ask the RA to update this authorization
|
// Ask the RA to update this authorization
|
||||||
updatedAuthorization, err := wfe.RA.UpdateAuthorization(ctx, authz, challengeIndex, challengeUpdate)
|
updatedAuthorization, err := wfe.RA.UpdateAuthorization(ctx, authz, challengeIndex, challengeUpdate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to update challenge: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update challenge"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update challenge"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1190,7 +1160,6 @@ func (wfe *WebFrontEndImpl) postChallenge(
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, challenge)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, challenge)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because we made the challenges, they should be OK
|
// ServerInternal because we made the challenges, they should be OK
|
||||||
logEvent.AddError("failed to marshal challenge: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1212,16 +1181,13 @@ func (wfe *WebFrontEndImpl) Registration(ctx context.Context, logEvent *requestE
|
||||||
idStr := request.URL.Path
|
idStr := request.URL.Path
|
||||||
id, err := strconv.ParseInt(idStr, 10, 64)
|
id, err := strconv.ParseInt(idStr, 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("registration ID must be an integer, was %#v", idStr)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Registration ID must be an integer"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Registration ID must be an integer"), err)
|
||||||
return
|
return
|
||||||
} else if id <= 0 {
|
} else if id <= 0 {
|
||||||
msg := fmt.Sprintf("Registration ID must be a positive non-zero integer, was %d", id)
|
msg := fmt.Sprintf("Registration ID must be a positive non-zero integer, was %d", id)
|
||||||
logEvent.AddError(msg)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
||||||
return
|
return
|
||||||
} else if id != currReg.ID {
|
} else if id != currReg.ID {
|
||||||
logEvent.AddError("Request signing key did not match registration key: %d != %d", id, currReg.ID)
|
|
||||||
wfe.sendError(response, logEvent, probs.Unauthorized("Request signing key did not match registration key"), nil)
|
wfe.sendError(response, logEvent, probs.Unauthorized("Request signing key did not match registration key"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1229,7 +1195,6 @@ func (wfe *WebFrontEndImpl) Registration(ctx context.Context, logEvent *requestE
|
||||||
var update core.Registration
|
var update core.Registration
|
||||||
err = json.Unmarshal(body, &update)
|
err = json.Unmarshal(body, &update)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to JSON parse registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling registration"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1262,7 +1227,6 @@ func (wfe *WebFrontEndImpl) Registration(ctx context.Context, logEvent *requestE
|
||||||
if len(update.Agreement) > 0 && update.Agreement != currReg.Agreement &&
|
if len(update.Agreement) > 0 && update.Agreement != currReg.Agreement &&
|
||||||
update.Agreement != wfe.SubscriberAgreementURL {
|
update.Agreement != wfe.SubscriberAgreementURL {
|
||||||
msg := fmt.Sprintf("Provided agreement URL [%s] does not match current agreement URL [%s]", update.Agreement, wfe.SubscriberAgreementURL)
|
msg := fmt.Sprintf("Provided agreement URL [%s] does not match current agreement URL [%s]", update.Agreement, wfe.SubscriberAgreementURL)
|
||||||
logEvent.AddError(msg)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1276,7 +1240,6 @@ func (wfe *WebFrontEndImpl) Registration(ctx context.Context, logEvent *requestE
|
||||||
|
|
||||||
updatedReg, err := wfe.RA.UpdateRegistration(ctx, currReg, update)
|
updatedReg, err := wfe.RA.UpdateRegistration(ctx, currReg, update)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to update registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update registration"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1289,7 +1252,6 @@ func (wfe *WebFrontEndImpl) Registration(ctx context.Context, logEvent *requestE
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, updatedReg)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, updatedReg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because we just generated the reg, it should be OK
|
// ServerInternal because we just generated the reg, it should be OK
|
||||||
logEvent.AddError("unable to marshal updated registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal registration"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1303,7 +1265,6 @@ func (wfe *WebFrontEndImpl) deactivateAuthorization(ctx context.Context, authz *
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if reg.ID != authz.RegistrationID {
|
if reg.ID != authz.RegistrationID {
|
||||||
logEvent.AddError("registration ID doesn't match ID for authorization")
|
|
||||||
wfe.sendError(response, logEvent, probs.Unauthorized("Registration ID doesn't match ID for authorization"), nil)
|
wfe.sendError(response, logEvent, probs.Unauthorized("Registration ID doesn't match ID for authorization"), nil)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
@ -1316,13 +1277,11 @@ func (wfe *WebFrontEndImpl) deactivateAuthorization(ctx context.Context, authz *
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if req.Status != core.StatusDeactivated {
|
if req.Status != core.StatusDeactivated {
|
||||||
logEvent.AddError("invalid status value")
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Invalid status value"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Invalid status value"), err)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
err = wfe.RA.DeactivateAuthorization(ctx, *authz)
|
err = wfe.RA.DeactivateAuthorization(ctx, *authz)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to deactivate authorization", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error deactivating authorization"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error deactivating authorization"), err)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
@ -1353,8 +1312,6 @@ func (wfe *WebFrontEndImpl) Authorization(ctx context.Context, logEvent *request
|
||||||
|
|
||||||
// After expiring, authorizations are inaccessible
|
// After expiring, authorizations are inaccessible
|
||||||
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
||||||
msg := fmt.Sprintf("Authorization %v expired in the past (%v)", authz.ID, *authz.Expires)
|
|
||||||
logEvent.AddError(msg)
|
|
||||||
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1375,7 +1332,6 @@ func (wfe *WebFrontEndImpl) Authorization(ctx context.Context, logEvent *request
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, authz)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, authz)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// InternalServerError because this is a failure to decode from our DB.
|
// InternalServerError because this is a failure to decode from our DB.
|
||||||
logEvent.AddError("Failed to JSON marshal authz: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to JSON marshal authz"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to JSON marshal authz"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1391,7 +1347,6 @@ func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *requestEv
|
||||||
// Certificate paths consist of the CertBase path, plus exactly sixteen hex
|
// Certificate paths consist of the CertBase path, plus exactly sixteen hex
|
||||||
// digits.
|
// digits.
|
||||||
if !core.ValidSerial(serial) {
|
if !core.ValidSerial(serial) {
|
||||||
logEvent.AddError("certificate serial provided was not valid: %s", serial)
|
|
||||||
wfe.sendError(response, logEvent, probs.NotFound("Certificate not found"), nil)
|
wfe.sendError(response, logEvent, probs.NotFound("Certificate not found"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1414,12 +1369,10 @@ func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *requestEv
|
||||||
if features.Enabled(features.UseAIAIssuerURL) {
|
if features.Enabled(features.UseAIAIssuerURL) {
|
||||||
parsedCertificate, err := x509.ParseCertificate([]byte(cert.DER))
|
parsedCertificate, err := x509.ParseCertificate([]byte(cert.DER))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to parse certificate: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Unable to parse certificate"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Unable to parse certificate"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err = wfe.addIssuingCertificateURLs(response, parsedCertificate.IssuingCertificateURL); err != nil {
|
if err = wfe.addIssuingCertificateURLs(response, parsedCertificate.IssuingCertificateURL); err != nil {
|
||||||
logEvent.AddError("unable to parse IssuingCertificateURL: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("unable to parse IssuingCertificateURL"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("unable to parse IssuingCertificateURL"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1458,7 +1411,6 @@ func (wfe *WebFrontEndImpl) BuildID(ctx context.Context, logEvent *requestEvent,
|
||||||
response.WriteHeader(http.StatusOK)
|
response.WriteHeader(http.StatusOK)
|
||||||
detailsString := fmt.Sprintf("Boulder=(%s %s)", core.GetBuildID(), core.GetBuildTime())
|
detailsString := fmt.Sprintf("Boulder=(%s %s)", core.GetBuildID(), core.GetBuildTime())
|
||||||
if _, err := fmt.Fprintln(response, detailsString); err != nil {
|
if _, err := fmt.Fprintln(response, detailsString); err != nil {
|
||||||
logEvent.AddError("unable to print build information: %s", err)
|
|
||||||
wfe.log.Warning(fmt.Sprintf("Could not write response: %s", err))
|
wfe.log.Warning(fmt.Sprintf("Could not write response: %s", err))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1530,13 +1482,11 @@ func (wfe *WebFrontEndImpl) KeyRollover(ctx context.Context, logEvent *requestEv
|
||||||
// Parse as JWS
|
// Parse as JWS
|
||||||
newKey, parsedJWS, err := wfe.extractJWSKey(string(body))
|
newKey, parsedJWS, err := wfe.extractJWSKey(string(body))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError(err.Error())
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed(err.Error()), err)
|
wfe.sendError(response, logEvent, probs.Malformed(err.Error()), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
payload, err := parsedJWS.Verify(newKey)
|
payload, err := parsedJWS.Verify(newKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("verification of the inner JWS with the inner JWK failed: %v", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("JWS verification error"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("JWS verification error"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1546,25 +1496,21 @@ func (wfe *WebFrontEndImpl) KeyRollover(ctx context.Context, logEvent *requestEv
|
||||||
}
|
}
|
||||||
err = json.Unmarshal(payload, &rolloverRequest)
|
err = json.Unmarshal(payload, &rolloverRequest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to JSON parse resource from JWS payload: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Request payload did not parse as JSON"), nil)
|
wfe.sendError(response, logEvent, probs.Malformed("Request payload did not parse as JSON"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if wfe.relativeEndpoint(request, fmt.Sprintf("%s%d", regPath, reg.ID)) != rolloverRequest.Account {
|
if wfe.relativeEndpoint(request, fmt.Sprintf("%s%d", regPath, reg.ID)) != rolloverRequest.Account {
|
||||||
logEvent.AddError("incorrect account URL provided")
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Incorrect account URL provided in payload"), nil)
|
wfe.sendError(response, logEvent, probs.Malformed("Incorrect account URL provided in payload"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
keysEqual, err := core.PublicKeysEqual(rolloverRequest.NewKey.Key, newKey.Key)
|
keysEqual, err := core.PublicKeysEqual(rolloverRequest.NewKey.Key, newKey.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to marshal new key: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Unable to marshal new JWK"), nil)
|
wfe.sendError(response, logEvent, probs.Malformed("Unable to marshal new JWK"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !keysEqual {
|
if !keysEqual {
|
||||||
logEvent.AddError("new key in inner payload doesn't match key used to sign inner JWS")
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("New JWK in inner payload doesn't match key used to sign inner JWS"), nil)
|
wfe.sendError(response, logEvent, probs.Malformed("New JWK in inner payload doesn't match key used to sign inner JWS"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1572,14 +1518,12 @@ func (wfe *WebFrontEndImpl) KeyRollover(ctx context.Context, logEvent *requestEv
|
||||||
// Update registration key
|
// Update registration key
|
||||||
updatedReg, err := wfe.RA.UpdateRegistration(ctx, reg, core.Registration{Key: newKey})
|
updatedReg, err := wfe.RA.UpdateRegistration(ctx, reg, core.Registration{Key: newKey})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to update registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update registration"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonReply, err := marshalIndent(updatedReg)
|
jsonReply, err := marshalIndent(updatedReg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to marshal updated registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal registration"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1591,7 +1535,6 @@ func (wfe *WebFrontEndImpl) KeyRollover(ctx context.Context, logEvent *requestEv
|
||||||
func (wfe *WebFrontEndImpl) deactivateRegistration(ctx context.Context, reg core.Registration, response http.ResponseWriter, request *http.Request, logEvent *requestEvent) {
|
func (wfe *WebFrontEndImpl) deactivateRegistration(ctx context.Context, reg core.Registration, response http.ResponseWriter, request *http.Request, logEvent *requestEvent) {
|
||||||
err := wfe.RA.DeactivateRegistration(ctx, reg)
|
err := wfe.RA.DeactivateRegistration(ctx, reg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to deactivate registration", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error deactivating registration"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error deactivating registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1600,7 +1543,6 @@ func (wfe *WebFrontEndImpl) deactivateRegistration(ctx context.Context, reg core
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, reg)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, reg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because registration is from DB and should be fine
|
// ServerInternal because registration is from DB and should be fine
|
||||||
logEvent.AddError("unable to marshal updated registration: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal registration"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal registration"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
31
wfe2/wfe.go
31
wfe2/wfe.go
|
|
@ -501,7 +501,6 @@ func (wfe *WebFrontEndImpl) NewAccount(
|
||||||
|
|
||||||
acct, err := wfe.RA.NewRegistration(ctx, init)
|
acct, err := wfe.RA.NewRegistration(ctx, init)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to create new account: %s", err)
|
|
||||||
wfe.sendError(response, logEvent,
|
wfe.sendError(response, logEvent,
|
||||||
problemDetailsForError(err, "Error creating new account"), err)
|
problemDetailsForError(err, "Error creating new account"), err)
|
||||||
return
|
return
|
||||||
|
|
@ -521,7 +520,6 @@ func (wfe *WebFrontEndImpl) NewAccount(
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because we just created this account, and it
|
// ServerInternal because we just created this account, and it
|
||||||
// should be OK.
|
// should be OK.
|
||||||
logEvent.AddError("unable to marshal account: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Error marshaling account"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Error marshaling account"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -803,7 +801,6 @@ func (wfe *WebFrontEndImpl) Challenge(
|
||||||
|
|
||||||
// After expiring, challenges are inaccessible
|
// After expiring, challenges are inaccessible
|
||||||
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
||||||
logEvent.AddError("Authorization %v expired in the past (%v)", authz.ID, *authz.Expires)
|
|
||||||
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -878,7 +875,6 @@ func (wfe *WebFrontEndImpl) getChallenge(
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// InternalServerError because this is a failure to decode data passed in
|
// InternalServerError because this is a failure to decode data passed in
|
||||||
// by the caller, which got it from the DB.
|
// by the caller, which got it from the DB.
|
||||||
logEvent.AddError("unable to marshal challenge: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -910,7 +906,6 @@ func (wfe *WebFrontEndImpl) postChallenge(
|
||||||
// Check that the account ID matching the key used matches
|
// Check that the account ID matching the key used matches
|
||||||
// the account ID on the authz object
|
// the account ID on the authz object
|
||||||
if currAcct.ID != authz.RegistrationID {
|
if currAcct.ID != authz.RegistrationID {
|
||||||
logEvent.AddError("User account id: %d != Authorization account id: %v", currAcct.ID, authz.RegistrationID)
|
|
||||||
wfe.sendError(response,
|
wfe.sendError(response,
|
||||||
logEvent,
|
logEvent,
|
||||||
probs.Unauthorized("User account ID doesn't match account ID in authorization"),
|
probs.Unauthorized("User account ID doesn't match account ID in authorization"),
|
||||||
|
|
@ -921,7 +916,6 @@ func (wfe *WebFrontEndImpl) postChallenge(
|
||||||
|
|
||||||
var challengeUpdate core.Challenge
|
var challengeUpdate core.Challenge
|
||||||
if err := json.Unmarshal(body, &challengeUpdate); err != nil {
|
if err := json.Unmarshal(body, &challengeUpdate); err != nil {
|
||||||
logEvent.AddError("error JSON unmarshaling challenge response: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling challenge response"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling challenge response"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -929,7 +923,6 @@ func (wfe *WebFrontEndImpl) postChallenge(
|
||||||
// Ask the RA to update this authorization
|
// Ask the RA to update this authorization
|
||||||
updatedAuthorization, err := wfe.RA.UpdateAuthorization(ctx, authz, challengeIndex, challengeUpdate)
|
updatedAuthorization, err := wfe.RA.UpdateAuthorization(ctx, authz, challengeIndex, challengeUpdate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to update challenge: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update challenge"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Unable to update challenge"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -945,7 +938,6 @@ func (wfe *WebFrontEndImpl) postChallenge(
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, challenge)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, challenge)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because we made the challenges, they should be OK
|
// ServerInternal because we made the challenges, they should be OK
|
||||||
logEvent.AddError("failed to marshal challenge: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal challenge"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -970,16 +962,13 @@ func (wfe *WebFrontEndImpl) Account(
|
||||||
idStr := request.URL.Path
|
idStr := request.URL.Path
|
||||||
id, err := strconv.ParseInt(idStr, 10, 64)
|
id, err := strconv.ParseInt(idStr, 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("account ID must be an integer, was %#v", idStr)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Account ID must be an integer"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Account ID must be an integer"), err)
|
||||||
return
|
return
|
||||||
} else if id <= 0 {
|
} else if id <= 0 {
|
||||||
msg := fmt.Sprintf("Account ID must be a positive non-zero integer, was %d", id)
|
msg := fmt.Sprintf("Account ID must be a positive non-zero integer, was %d", id)
|
||||||
logEvent.AddError(msg)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
||||||
return
|
return
|
||||||
} else if id != currAcct.ID {
|
} else if id != currAcct.ID {
|
||||||
logEvent.AddError("Request signing key did not match account key: %d != %d", id, currAcct.ID)
|
|
||||||
wfe.sendError(response, logEvent,
|
wfe.sendError(response, logEvent,
|
||||||
probs.Unauthorized("Request signing key did not match account key"), nil)
|
probs.Unauthorized("Request signing key did not match account key"), nil)
|
||||||
return
|
return
|
||||||
|
|
@ -988,7 +977,6 @@ func (wfe *WebFrontEndImpl) Account(
|
||||||
var update core.Registration
|
var update core.Registration
|
||||||
err = json.Unmarshal(body, &update)
|
err = json.Unmarshal(body, &update)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to JSON parse account: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling account"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling account"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1022,7 +1010,6 @@ func (wfe *WebFrontEndImpl) Account(
|
||||||
update.Agreement != wfe.SubscriberAgreementURL {
|
update.Agreement != wfe.SubscriberAgreementURL {
|
||||||
msg := fmt.Sprintf("Provided agreement URL [%s] does not match current agreement URL [%s]",
|
msg := fmt.Sprintf("Provided agreement URL [%s] does not match current agreement URL [%s]",
|
||||||
update.Agreement, wfe.SubscriberAgreementURL)
|
update.Agreement, wfe.SubscriberAgreementURL)
|
||||||
logEvent.AddError(msg)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
wfe.sendError(response, logEvent, probs.Malformed(msg), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1036,7 +1023,6 @@ func (wfe *WebFrontEndImpl) Account(
|
||||||
|
|
||||||
updatedAcct, err := wfe.RA.UpdateRegistration(ctx, *currAcct, update)
|
updatedAcct, err := wfe.RA.UpdateRegistration(ctx, *currAcct, update)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to update account: %s", err)
|
|
||||||
wfe.sendError(response, logEvent,
|
wfe.sendError(response, logEvent,
|
||||||
problemDetailsForError(err, "Unable to update account"), err)
|
problemDetailsForError(err, "Unable to update account"), err)
|
||||||
return
|
return
|
||||||
|
|
@ -1049,7 +1035,6 @@ func (wfe *WebFrontEndImpl) Account(
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, updatedAcct)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusAccepted, updatedAcct)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because we just generated the account, it should be OK
|
// ServerInternal because we just generated the account, it should be OK
|
||||||
logEvent.AddError("unable to marshal updated account: %s", err)
|
|
||||||
wfe.sendError(response, logEvent,
|
wfe.sendError(response, logEvent,
|
||||||
probs.ServerInternal("Failed to marshal account"), err)
|
probs.ServerInternal("Failed to marshal account"), err)
|
||||||
return
|
return
|
||||||
|
|
@ -1069,7 +1054,6 @@ func (wfe *WebFrontEndImpl) deactivateAuthorization(
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if acct.ID != authz.RegistrationID {
|
if acct.ID != authz.RegistrationID {
|
||||||
logEvent.AddError("account ID doesn't match ID for authorization")
|
|
||||||
wfe.sendError(response, logEvent,
|
wfe.sendError(response, logEvent,
|
||||||
probs.Unauthorized("Account ID doesn't match ID for authorization"), nil)
|
probs.Unauthorized("Account ID doesn't match ID for authorization"), nil)
|
||||||
return false
|
return false
|
||||||
|
|
@ -1083,13 +1067,11 @@ func (wfe *WebFrontEndImpl) deactivateAuthorization(
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if req.Status != core.StatusDeactivated {
|
if req.Status != core.StatusDeactivated {
|
||||||
logEvent.AddError("invalid status value")
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Invalid status value"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Invalid status value"), err)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
err = wfe.RA.DeactivateAuthorization(ctx, *authz)
|
err = wfe.RA.DeactivateAuthorization(ctx, *authz)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to deactivate authorization", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error deactivating authorization"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error deactivating authorization"), err)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
@ -1107,7 +1089,6 @@ func (wfe *WebFrontEndImpl) Authorization(ctx context.Context, logEvent *request
|
||||||
id := request.URL.Path
|
id := request.URL.Path
|
||||||
authz, err := wfe.SA.GetAuthorization(ctx, id)
|
authz, err := wfe.SA.GetAuthorization(ctx, id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("No such authorization at id %s", id)
|
|
||||||
// TODO(#1199): handle db errors
|
// TODO(#1199): handle db errors
|
||||||
wfe.sendError(response, logEvent, probs.NotFound("Unable to find authorization"), err)
|
wfe.sendError(response, logEvent, probs.NotFound("Unable to find authorization"), err)
|
||||||
return
|
return
|
||||||
|
|
@ -1120,8 +1101,6 @@ func (wfe *WebFrontEndImpl) Authorization(ctx context.Context, logEvent *request
|
||||||
|
|
||||||
// After expiring, authorizations are inaccessible
|
// After expiring, authorizations are inaccessible
|
||||||
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
if authz.Expires == nil || authz.Expires.Before(wfe.clk.Now()) {
|
||||||
msg := fmt.Sprintf("Authorization %v expired in the past (%v)", authz.ID, *authz.Expires)
|
|
||||||
logEvent.AddError(msg)
|
|
||||||
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
wfe.sendError(response, logEvent, probs.NotFound("Expired authorization"), nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1140,7 +1119,6 @@ func (wfe *WebFrontEndImpl) Authorization(ctx context.Context, logEvent *request
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, authz)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, authz)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// InternalServerError because this is a failure to decode from our DB.
|
// InternalServerError because this is a failure to decode from our DB.
|
||||||
logEvent.AddError("Failed to JSON marshal authz: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to JSON marshal authz"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to JSON marshal authz"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1178,7 +1156,6 @@ func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *requestEv
|
||||||
response.Header().Set("Content-Type", "application/pkix-cert")
|
response.Header().Set("Content-Type", "application/pkix-cert")
|
||||||
parsedCertificate, err := x509.ParseCertificate([]byte(cert.DER))
|
parsedCertificate, err := x509.ParseCertificate([]byte(cert.DER))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to parse certificate: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Unable to parse certificate"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Unable to parse certificate"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1219,7 +1196,6 @@ func (wfe *WebFrontEndImpl) BuildID(ctx context.Context, logEvent *requestEvent,
|
||||||
response.WriteHeader(http.StatusOK)
|
response.WriteHeader(http.StatusOK)
|
||||||
detailsString := fmt.Sprintf("Boulder=(%s %s)", core.GetBuildID(), core.GetBuildTime())
|
detailsString := fmt.Sprintf("Boulder=(%s %s)", core.GetBuildID(), core.GetBuildTime())
|
||||||
if _, err := fmt.Fprintln(response, detailsString); err != nil {
|
if _, err := fmt.Fprintln(response, detailsString); err != nil {
|
||||||
logEvent.AddError("unable to print build information: %s", err)
|
|
||||||
wfe.log.Warning(fmt.Sprintf("Could not write response: %s", err))
|
wfe.log.Warning(fmt.Sprintf("Could not write response: %s", err))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1357,7 +1333,6 @@ func (wfe *WebFrontEndImpl) KeyRollover(
|
||||||
|
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, updatedAcct)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, updatedAcct)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("failed to marshal updated account: %q", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal updated account"), err)
|
wfe.sendError(response, logEvent, probs.ServerInternal("Failed to marshal updated account"), err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1370,7 +1345,6 @@ func (wfe *WebFrontEndImpl) deactivateAccount(
|
||||||
logEvent *requestEvent) {
|
logEvent *requestEvent) {
|
||||||
err := wfe.RA.DeactivateRegistration(ctx, acct)
|
err := wfe.RA.DeactivateRegistration(ctx, acct)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to deactivate account", err)
|
|
||||||
wfe.sendError(response, logEvent,
|
wfe.sendError(response, logEvent,
|
||||||
problemDetailsForError(err, "Error deactivating account"), err)
|
problemDetailsForError(err, "Error deactivating account"), err)
|
||||||
return
|
return
|
||||||
|
|
@ -1380,7 +1354,6 @@ func (wfe *WebFrontEndImpl) deactivateAccount(
|
||||||
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, acct)
|
err = wfe.writeJsonResponse(response, logEvent, http.StatusOK, acct)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// ServerInternal because account is from DB and should be fine
|
// ServerInternal because account is from DB and should be fine
|
||||||
logEvent.AddError("unable to marshal updated account: %s", err)
|
|
||||||
wfe.sendError(response, logEvent,
|
wfe.sendError(response, logEvent,
|
||||||
probs.ServerInternal("Failed to marshal account"), err)
|
probs.ServerInternal("Failed to marshal account"), err)
|
||||||
return
|
return
|
||||||
|
|
@ -1430,7 +1403,6 @@ func (wfe *WebFrontEndImpl) NewOrder(
|
||||||
// in the request
|
// in the request
|
||||||
err := json.Unmarshal(body, &rawCSR)
|
err := json.Unmarshal(body, &rawCSR)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to JSON unmarshal order request: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling order request"), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling order request"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1442,7 +1414,6 @@ func (wfe *WebFrontEndImpl) NewOrder(
|
||||||
// and encoding/asn1 will refuse to parse it. If this is the case exit early
|
// and encoding/asn1 will refuse to parse it. If this is the case exit early
|
||||||
// with a more useful error message.
|
// with a more useful error message.
|
||||||
if len(rawCSR.CSR) >= 10 && rawCSR.CSR[8] == 2 && rawCSR.CSR[9] == 0 {
|
if len(rawCSR.CSR) >= 10 && rawCSR.CSR[8] == 2 && rawCSR.CSR[9] == 0 {
|
||||||
logEvent.AddError("Pre-1.0.2 OpenSSL malformed CSR")
|
|
||||||
wfe.sendError(
|
wfe.sendError(
|
||||||
response,
|
response,
|
||||||
logEvent,
|
logEvent,
|
||||||
|
|
@ -1455,7 +1426,6 @@ func (wfe *WebFrontEndImpl) NewOrder(
|
||||||
// Check for a malformed CSR early to avoid unnecessary RPCs
|
// Check for a malformed CSR early to avoid unnecessary RPCs
|
||||||
_, err = x509.ParseCertificateRequest(rawCSR.CSR)
|
_, err = x509.ParseCertificateRequest(rawCSR.CSR)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to parse CSR: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, probs.Malformed("Error parsing certificate request: %s", err), err)
|
wfe.sendError(response, logEvent, probs.Malformed("Error parsing certificate request: %s", err), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -1465,7 +1435,6 @@ func (wfe *WebFrontEndImpl) NewOrder(
|
||||||
Csr: rawCSR.CSR,
|
Csr: rawCSR.CSR,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logEvent.AddError("unable to create order: %s", err)
|
|
||||||
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new order"), err)
|
wfe.sendError(response, logEvent, problemDetailsForError(err, "Error creating new order"), err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue