letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into blacklist

This commit is contained in:
Roland Shoemaker 2015-08-26 12:09:21 -07:00
parent 0e1e38011a 8639abf282
commit 2f406e2af0
5 changed files with 41 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM golang:1.5rc1 FROM golang:1.5
MAINTAINER J.C. Jones "jjones@letsencrypt.org" MAINTAINER J.C. Jones "jjones@letsencrypt.org"
MAINTAINER William Budington "bill@eff.org" MAINTAINER William Budington "bill@eff.org"

14
ca/certificate-authority.go
View File

@ -186,20 +186,6 @@ func loadIssuer(filename string) (issuerCert *x509.Certificate, err error) {
return return
} }
func loadIssuerKey(filename string) (issuerKey crypto.Signer, err error) {
if filename == "" {
err = errors.New("IssuerKey must be provided in test mode.")
return
}
pem, err := ioutil.ReadFile(filename)
if err != nil {
return
}
issuerKey, err = helpers.ParsePrivateKeyPEM(pem)
return
}
// GenerateOCSP produces a new OCSP response and returns it // GenerateOCSP produces a new OCSP response and returns it
func (ca *CertificateAuthorityImpl) GenerateOCSP(xferObj core.OCSPSigningRequest) ([]byte, error) { func (ca *CertificateAuthorityImpl) GenerateOCSP(xferObj core.OCSPSigningRequest) ([]byte, error) {
cert, err := x509.ParseCertificate(xferObj.CertDER) cert, err := x509.ParseCertificate(xferObj.CertDER)

2
cmd/boulder-va/main.go
View File

@ -54,7 +54,7 @@ func main() {
vas, err := rpc.NewAmqpRPCServer(c.AMQP.VA.Server, connectionHandler) vas, err := rpc.NewAmqpRPCServer(c.AMQP.VA.Server, connectionHandler)
cmd.FailOnError(err, "Unable to create VA RPC server") cmd.FailOnError(err, "Unable to create VA RPC server")
rpc.NewValidationAuthorityServer(vas, &vai) rpc.NewValidationAuthorityServer(vas, vai)
auditlogger.Info(app.VersionString()) auditlogger.Info(app.VersionString())

42
test/startservers.py
View File

@ -32,19 +32,31 @@ if config is None:
processes = [] processes = []
def run(path, race_detection): def install(progs, race_detection):
install = "go install" cmd = "go install"
if race_detection: if race_detection:
install = """GORACE="halt_on_error=1" go install -race""" cmd = """go install -race"""
for prog in progs:
cmd += " ./" + prog
p = subprocess.Popen(cmd, shell=True)
out, err = p.communicate()
if p.returncode != 0:
sys.stderr.write("unable to run go install: %s\n" % cmd)
sys.stderr.write("stdout:\n" + out + "\n")
sys.stderr.write("stderr: \n" + err + "\n")
return False
print('installed %s with pid %d' % (cmd, p.pid))
return True
def run(path, race_detection):
binary = os.path.basename(path) binary = os.path.basename(path)
cmd = """%s ./%s && exec %s --config %s""" % (install, path, binary, config) cmd = """GORACE="halt_on_error=1" %s --config %s""" % (binary, config)
p = subprocess.Popen(cmd, shell=True) p = subprocess.Popen(cmd, shell=True)
p.cmd = cmd p.cmd = cmd
print('started %s with pid %d' % (p.cmd, p.pid)) print('started %s with pid %d' % (p.cmd, p.pid))
return p return p
def start(race_detection): def start(race_detection):
"""Return True if everything builds and starts. """Return True if everything builds and starts.
@ -56,14 +68,18 @@ def start(race_detection):
t = ToSServerThread() t = ToSServerThread()
t.daemon = True t.daemon = True
t.start() t.start()
for prog in [ progs = [
'cmd/boulder-wfe', 'cmd/boulder-wfe',
'cmd/boulder-ra', 'cmd/boulder-ra',
'cmd/boulder-sa', 'cmd/boulder-sa',
'cmd/boulder-ca', 'cmd/boulder-ca',
'cmd/boulder-va', 'cmd/boulder-va',
'cmd/ocsp-responder', 'cmd/ocsp-responder',
'test/dns-test-srv']: 'test/dns-test-srv'
]
if not install(progs, race_detection):
return False
for prog in progs:
try: try:
processes.append(run(prog, race_detection)) processes.append(run(prog, race_detection))
except Exception as e: except Exception as e:

20
va/validation-authority.go
View File

@ -52,20 +52,20 @@ type ValidationAuthorityImpl struct {
// NewValidationAuthorityImpl constructs a new VA, and may place it // NewValidationAuthorityImpl constructs a new VA, and may place it
// into Test Mode (tm) // into Test Mode (tm)
func NewValidationAuthorityImpl(tm bool) ValidationAuthorityImpl { func NewValidationAuthorityImpl(tm bool) *ValidationAuthorityImpl {
logger := blog.GetAuditLogger() logger := blog.GetAuditLogger()
logger.Notice("Validation Authority Starting") logger.Notice("Validation Authority Starting")
// TODO(jsha): Remove TestMode entirely. Instead, the various validation ports // TODO(jsha): Remove TestMode entirely. Instead, the various validation ports
// should be exported, so the cmd file can set them based on a config. // should be exported, so the cmd file can set them based on a config.
if tm { if tm {
return ValidationAuthorityImpl{ return &ValidationAuthorityImpl{
log: logger, log: logger,
simpleHTTPPort: 5001, simpleHTTPPort: 5001,
simpleHTTPSPort: 5001, simpleHTTPSPort: 5001,
dvsniPort: 5001, dvsniPort: 5001,
} }
} else { } else {
return ValidationAuthorityImpl{ return &ValidationAuthorityImpl{
log: logger, log: logger,
simpleHTTPPort: 80, simpleHTTPPort: 80,
simpleHTTPSPort: 443, simpleHTTPSPort: 443,
@ -142,7 +142,7 @@ func problemDetailsFromDNSError(err error) *core.ProblemDetails {
// This is the same choice made by the Go internal resolution library used by // This is the same choice made by the Go internal resolution library used by
// net/http, except we only send A queries and accept IPv4 addresses. // net/http, except we only send A queries and accept IPv4 addresses.
// TODO(#593): Add IPv6 support // TODO(#593): Add IPv6 support
func (va ValidationAuthorityImpl) getAddr(hostname string) (addr net.IP, addrs []net.IP, problem *core.ProblemDetails) { func (va *ValidationAuthorityImpl) getAddr(hostname string) (addr net.IP, addrs []net.IP, problem *core.ProblemDetails) {
addrs, _, err := va.DNSResolver.LookupHost(hostname) addrs, _, err := va.DNSResolver.LookupHost(hostname)
if err != nil { if err != nil {
problem = problemDetailsFromDNSError(err) problem = problemDetailsFromDNSError(err)
@ -172,7 +172,7 @@ func (d *dialer) Dial(_, _ string) (net.Conn, error) {
// resolveAndConstructDialer gets the prefered address using va.getAddr and returns // resolveAndConstructDialer gets the prefered address using va.getAddr and returns
// the chosen address and dialer for that address and correct port. // the chosen address and dialer for that address and correct port.
func (va ValidationAuthorityImpl) resolveAndConstructDialer(name, defaultPort string) (dialer, *core.ProblemDetails) { func (va *ValidationAuthorityImpl) resolveAndConstructDialer(name, defaultPort string) (dialer, *core.ProblemDetails) {
port := fmt.Sprintf("%d", va.simpleHTTPPort) port := fmt.Sprintf("%d", va.simpleHTTPPort)
if defaultPort != "" { if defaultPort != "" {
port = defaultPort port = defaultPort
@ -195,7 +195,7 @@ func (va ValidationAuthorityImpl) resolveAndConstructDialer(name, defaultPort st
// Validation methods // Validation methods
func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) { func (va *ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) {
challenge := input challenge := input
if identifier.Type != core.IdentifierDNS { if identifier.Type != core.IdentifierDNS {
@ -376,7 +376,7 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif
return challenge, nil return challenge, nil
} }
func (va ValidationAuthorityImpl) validateDvsni(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) { func (va *ValidationAuthorityImpl) validateDvsni(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) {
challenge := input challenge := input
if identifier.Type != "dns" { if identifier.Type != "dns" {
@ -497,7 +497,7 @@ func parseHTTPConnError(err error) core.ProblemType {
return core.ConnectionProblem return core.ConnectionProblem
} }
func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) { func (va *ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, input core.Challenge, accountKey jose.JsonWebKey) (core.Challenge, error) {
challenge := input challenge := input
if identifier.Type != core.IdentifierDNS { if identifier.Type != core.IdentifierDNS {
@ -557,7 +557,7 @@ func (va ValidationAuthorityImpl) validateDNS(identifier core.AcmeIdentifier, in
// Overall validation process // Overall validation process
func (va ValidationAuthorityImpl) validate(authz core.Authorization, challengeIndex int, accountKey jose.JsonWebKey) { func (va *ValidationAuthorityImpl) validate(authz core.Authorization, challengeIndex int, accountKey jose.JsonWebKey) {
logEvent := verificationRequestEvent{ logEvent := verificationRequestEvent{
ID: authz.ID, ID: authz.ID,
Requester: authz.RegistrationID, Requester: authz.RegistrationID,
@ -603,7 +603,7 @@ func (va ValidationAuthorityImpl) validate(authz core.Authorization, challengeIn
} }
// UpdateValidations runs the validate() method asynchronously using goroutines. // UpdateValidations runs the validate() method asynchronously using goroutines.
func (va ValidationAuthorityImpl) UpdateValidations(authz core.Authorization, challengeIndex int, accountKey jose.JsonWebKey) error { func (va *ValidationAuthorityImpl) UpdateValidations(authz core.Authorization, challengeIndex int, accountKey jose.JsonWebKey) error {
go va.validate(authz, challengeIndex, accountKey) go va.validate(authz, challengeIndex, accountKey)
return nil return nil
} }