Testing and logging improvements

Pass log as an argument to SA. This allows us to mock it out.
Use a mockSA in CA test.
Use mockSA in orphan-finder test.
Improve logging from assert functions: Use our own printing style plus FailNow() so that each failure message isn't prefixed by "test-tools.go:60"
Remove duplicate TraceOn.

Part of #1642.

https://github.com/letsencrypt/boulder/pull/1683

ca/certificate-authority.go

@@ -117,6 +117,10 @@ const (
 	maxCNLength = 64
 )
 
+type certificateStorage interface {
+	AddCertificate([]byte, int64) (string, error)
+}
+
 // CertificateAuthorityImpl represents a CA that signs certificates, CRLs, and
 // OCSP responses.
 type CertificateAuthorityImpl struct {
@@ -126,7 +130,7 @@ type CertificateAuthorityImpl struct {
 	issuers map[string]*internalIssuer
 	// The common name of the default issuer cert
 	defaultIssuer    *internalIssuer
-	SA               core.StorageAuthority
+	SA               certificateStorage
 	PA               core.PolicyAuthority
 	Publisher        core.Publisher
 	keyPolicy        core.KeyPolicy

ca/certificate-authority_test.go

@@ -26,7 +26,6 @@ import (
 	"github.com/letsencrypt/boulder/mocks"
 	"github.com/letsencrypt/boulder/policy"
 	"github.com/letsencrypt/boulder/sa"
-	"github.com/letsencrypt/boulder/sa/satest"
 	"github.com/letsencrypt/boulder/test"
 	"github.com/letsencrypt/boulder/test/vars"
 )
@@ -152,9 +151,7 @@ func mustRead(path string) []byte {
 }
 
 type testCtx struct {
-	sa        core.StorageAuthority
 	caConfig  cmd.CAConfig
-	reg       core.Registration
 	pa        core.PolicyAuthority
 	issuers   []Issuer
 	keyPolicy core.KeyPolicy
@@ -163,6 +160,15 @@ type testCtx struct {
 	cleanUp   func()
 }
 
+type mockSA struct {
+	certificate core.Certificate
+}
+
+func (m *mockSA) AddCertificate(der []byte, _ int64) (string, error) {
+	m.certificate.DER = der
+	return "", nil
+}
+
 var caKey crypto.Signer
 var caCert *x509.Certificate
 
@@ -179,18 +185,8 @@ func init() {
 }
 
 func setup(t *testing.T) *testCtx {
-	// Create an SA
-	dbMap, err := sa.NewDbMap(vars.DBConnSA)
-	if err != nil {
-		t.Fatalf("Failed to create dbMap: %s", err)
-	}
 	fc := clock.NewFake()
 	fc.Add(1 * time.Hour)
-	ssa, err := sa.NewSQLStorageAuthority(dbMap, fc)
-	if err != nil {
-		t.Fatalf("Failed to create SA: %s", err)
-	}
-	saDBCleanUp := test.ResetSATestDatabase(t)
 
 	paDbMap, err := sa.NewDbMap(vars.DBConnPolicy)
 	test.AssertNotError(t, err, "Could not construct dbMap")
@@ -199,13 +195,9 @@ func setup(t *testing.T) *testCtx {
 	paDBCleanUp := test.ResetPolicyTestDatabase(t)
 
 	cleanUp := func() {
-		saDBCleanUp()
 		paDBCleanUp()
 	}
 
-	// TODO(jmhodges): use of this pkg here is a bug caused by using a real SA
-	reg := satest.CreateWorkingRegistration(t, ssa)
-
 	// Create a CA
 	caConfig := cmd.CAConfig{
 		RSAProfile:   rsaProfileName,
@@ -282,9 +274,7 @@ func setup(t *testing.T) *testCtx {
 	}
 
 	return &testCtx{
-		ssa,
 		caConfig,
-		reg,
 		pa,
 		issuers,
 		keyPolicy,
@@ -320,14 +310,15 @@ func TestIssueCertificate(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	sa := &mockSA{}
+	ca.SA = sa
 
 	csrs := [][]byte{CNandSANCSR, NoSANCSR}
 	for _, csrDER := range csrs {
 		csr, _ := x509.ParseCertificateRequest(csrDER)
 
 		// Sign CSR
-		issuedCert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+		issuedCert, err := ca.IssueCertificate(*csr, 1001)
 		test.AssertNotError(t, err, "Failed to sign certificate")
 		if err != nil {
 			continue
@@ -367,16 +358,7 @@ func TestIssueCertificate(t *testing.T) {
 		if cert.Subject.SerialNumber != serialString {
 			t.Errorf("SerialNumber: want %#v, got %#v", serialString, cert.Subject.SerialNumber)
 		}
-		storedCert, err := ctx.sa.GetCertificate(serialString)
-		test.AssertNotError(t, err,
-			fmt.Sprintf("Certificate %s not found in database", serialString))
-		test.Assert(t, bytes.Equal(issuedCert.DER, storedCert.DER), "Retrieved cert not equal to issued cert.")
-
-		certStatus, err := ctx.sa.GetCertificateStatus(serialString)
-		test.AssertNotError(t, err,
-			fmt.Sprintf("Error fetching status for certificate %s", serialString))
-		test.Assert(t, certStatus.Status == core.OCSPStatusGood, "Certificate status was not good")
-		test.Assert(t, certStatus.SubscriberApproved == false, "Subscriber shouldn't have approved cert yet.")
+		test.Assert(t, bytes.Equal(issuedCert.DER, sa.certificate.DER), "Retrieved cert not equal to issued cert.")
 	}
 }
 
@@ -406,10 +388,10 @@ func TestIssueCertificateMultipleIssuers(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to remake CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	csr, _ := x509.ParseCertificateRequest(CNandSANCSR)
-	issuedCert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+	issuedCert, err := ca.IssueCertificate(*csr, 1001)
 	test.AssertNotError(t, err, "Failed to sign certificate")
 
 	cert, err := x509.ParseCertificate(issuedCert.DER)
@@ -431,10 +413,10 @@ func TestOCSP(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	csr, _ := x509.ParseCertificateRequest(CNandSANCSR)
-	cert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+	cert, err := ca.IssueCertificate(*csr, 1001)
 	test.AssertNotError(t, err, "Failed to issue")
 	parsedCert, err := x509.ParseCertificate(cert.DER)
 	test.AssertNotError(t, err, "Failed to parse cert")
@@ -479,10 +461,10 @@ func TestOCSP(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to remake CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	// Now issue a new cert, signed by newIssuerCert
-	newCert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+	newCert, err := ca.IssueCertificate(*csr, 1001)
 	test.AssertNotError(t, err, "Failed to issue newCert")
 	parsedNewCert, err := x509.ParseCertificate(newCert.DER)
 	test.AssertNotError(t, err, "Failed to parse newCert")
@@ -526,10 +508,10 @@ func TestNoHostnames(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	csr, _ := x509.ParseCertificateRequest(NoNamesCSR)
-	_, err = ca.IssueCertificate(*csr, ctx.reg.ID)
+	_, err = ca.IssueCertificate(*csr, 1001)
 	test.AssertError(t, err, "Issued certificate with no names")
 	_, ok := err.(core.MalformedRequestError)
 	test.Assert(t, ok, "Incorrect error type returned")
@@ -547,11 +529,11 @@ func TestRejectTooManyNames(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	// Test that the CA rejects a CSR with too many names
 	csr, _ := x509.ParseCertificateRequest(TooManyNameCSR)
-	_, err = ca.IssueCertificate(*csr, ctx.reg.ID)
+	_, err = ca.IssueCertificate(*csr, 1001)
 	test.AssertError(t, err, "Issued certificate with too many names")
 	_, ok := err.(core.MalformedRequestError)
 	test.Assert(t, ok, "Incorrect error type returned")
@@ -569,11 +551,11 @@ func TestDeduplication(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	// Test that the CA collapses duplicate names
 	csr, _ := x509.ParseCertificateRequest(DupeNameCSR)
-	cert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+	cert, err := ca.IssueCertificate(*csr, 1001)
 	test.AssertNotError(t, err, "Failed to gracefully handle a CSR with duplicate names")
 
 	parsedCert, err := x509.ParseCertificate(cert.DER)
@@ -597,7 +579,7 @@ func TestRejectValidityTooLong(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to create CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	// This time is a few minutes before the notAfter in testdata/ca_cert.pem
 	future, err := time.Parse(time.RFC3339, "2025-02-10T00:30:00Z")
@@ -623,11 +605,11 @@ func TestShortKey(t *testing.T) {
 		ctx.keyPolicy)
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	// Test that the CA rejects CSRs that would expire after the intermediate cert
 	csr, _ := x509.ParseCertificateRequest(ShortKeyCSR)
-	_, err = ca.IssueCertificate(*csr, ctx.reg.ID)
+	_, err = ca.IssueCertificate(*csr, 1001)
 	test.AssertError(t, err, "Issued a certificate with too short a key.")
 	_, ok := err.(core.MalformedRequestError)
 	test.Assert(t, ok, "Incorrect error type returned")
@@ -645,11 +627,11 @@ func TestAllowNoCN(t *testing.T) {
 	test.AssertNotError(t, err, "Couldn't create new CA")
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	csr, err := x509.ParseCertificateRequest(NoCNCSR)
 	test.AssertNotError(t, err, "Couldn't parse CSR")
-	issuedCert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+	issuedCert, err := ca.IssueCertificate(*csr, 1001)
 	test.AssertNotError(t, err, "Failed to sign certificate")
 	cert, err := x509.ParseCertificate(issuedCert.DER)
 	test.AssertNotError(t, err, fmt.Sprintf("unable to parse no CN cert: %s", err))
@@ -685,10 +667,10 @@ func TestLongCommonName(t *testing.T) {
 		ctx.keyPolicy)
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	csr, _ := x509.ParseCertificateRequest(LongCNCSR)
-	_, err = ca.IssueCertificate(*csr, ctx.reg.ID)
+	_, err = ca.IssueCertificate(*csr, 1001)
 	test.AssertError(t, err, "Issued a certificate with a CN over 64 bytes.")
 	_, ok := err.(core.MalformedRequestError)
 	test.Assert(t, ok, "Incorrect error type returned")
@@ -705,11 +687,11 @@ func TestRejectBadAlgorithm(t *testing.T) {
 		ctx.keyPolicy)
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	// Test that the CA rejects CSRs that would expire after the intermediate cert
 	csr, _ := x509.ParseCertificateRequest(BadAlgorithmCSR)
-	_, err = ca.IssueCertificate(*csr, ctx.reg.ID)
+	_, err = ca.IssueCertificate(*csr, 1001)
 	test.AssertError(t, err, "Issued a certificate based on a CSR with a weak algorithm.")
 	_, ok := err.(core.MalformedRequestError)
 	test.Assert(t, ok, "Incorrect error type returned")
@@ -727,10 +709,10 @@ func TestCapitalizedLetters(t *testing.T) {
 		ctx.keyPolicy)
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	csr, _ := x509.ParseCertificateRequest(CapitalizedCSR)
-	cert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+	cert, err := ca.IssueCertificate(*csr, 1001)
 	test.AssertNotError(t, err, "Failed to gracefully handle a CSR with capitalized names")
 
 	parsedCert, err := x509.ParseCertificate(cert.DER)
@@ -754,12 +736,12 @@ func TestWrongSignature(t *testing.T) {
 		ctx.keyPolicy)
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	// x509.ParseCertificateRequest() does not check for invalid signatures...
 	csr, _ := x509.ParseCertificateRequest(WrongSignatureCSR)
 
-	_, err = ca.IssueCertificate(*csr, ctx.reg.ID)
+	_, err = ca.IssueCertificate(*csr, 1001)
 	if err == nil {
 		t.Fatalf("Issued a certificate based on a CSR with an invalid signature.")
 	}
@@ -777,7 +759,7 @@ func TestProfileSelection(t *testing.T) {
 		ctx.keyPolicy)
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	testCases := []struct {
 		CSR              []byte
@@ -792,7 +774,7 @@ func TestProfileSelection(t *testing.T) {
 		test.AssertNotError(t, err, "Cannot parse CSR")
 
 		// Sign CSR
-		issuedCert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+		issuedCert, err := ca.IssueCertificate(*csr, 1001)
 		test.AssertNotError(t, err, "Failed to sign certificate")
 
 		// Verify cert contents
@@ -827,7 +809,7 @@ func TestExtensions(t *testing.T) {
 		ctx.keyPolicy)
 	ca.Publisher = &mocks.Publisher{}
 	ca.PA = ctx.pa
-	ca.SA = ctx.sa
+	ca.SA = &mockSA{}
 
 	mustStapleCSR, err := x509.ParseCertificateRequest(MustStapleCSR)
 	test.AssertNotError(t, err, "Error parsing MustStapleCSR")
@@ -842,7 +824,7 @@ func TestExtensions(t *testing.T) {
 	test.AssertNotError(t, err, "Error parsing UnsupportedExtensionCSR")
 
 	sign := func(csr *x509.CertificateRequest) *x509.Certificate {
-		coreCert, err := ca.IssueCertificate(*csr, ctx.reg.ID)
+		coreCert, err := ca.IssueCertificate(*csr, 1001)
 		test.AssertNotError(t, err, "Failed to issue")
 		cert, err := x509.ParseCertificate(coreCert.DER)
 		test.AssertNotError(t, err, "Error parsing certificate produced by CA")
@@ -867,7 +849,7 @@ func TestExtensions(t *testing.T) {
 	test.AssertEquals(t, ctx.stats.Counters[metricCSRExtensionTLSFeature], int64(3))
 
 	// ... but if it doesn't ask for stapling, there should be an error
-	_, err = ca.IssueCertificate(*tlsFeatureUnknownCSR, ctx.reg.ID)
+	_, err = ca.IssueCertificate(*tlsFeatureUnknownCSR, 1001)
 	test.AssertError(t, err, "Allowed a CSR with an empty TLS feature extension")
 	if _, ok := err.(core.MalformedRequestError); !ok {
 		t.Errorf("Wrong error type when rejecting a CSR with empty TLS feature extension")

cmd/boulder-sa/main.go

@@ -26,7 +26,7 @@ func main() {
 		dbMap, err := sa.NewDbMap(dbURL)
 		cmd.FailOnError(err, "Couldn't connect to SA database")
 
-		sai, err := sa.NewSQLStorageAuthority(dbMap, clock.Default())
+		sai, err := sa.NewSQLStorageAuthority(dbMap, clock.Default(), auditlogger)
 		cmd.FailOnError(err, "Failed to create SA impl")
 
 		go cmd.ProfileCmd("SA", stats)

cmd/cert-checker/main_test.go

@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/jmhodges/clock"
+	"github.com/letsencrypt/boulder/mocks"
 
 	"github.com/letsencrypt/boulder/core"
 	"github.com/letsencrypt/boulder/sa"
@@ -177,7 +178,7 @@ func TestGetAndProcessCerts(t *testing.T) {
 	fc := clock.NewFake()
 
 	checker := newChecker(saDbMap, paDbMap, fc, false, nil, expectedValidityPeriod)
-	sa, err := sa.NewSQLStorageAuthority(saDbMap, fc)
+	sa, err := sa.NewSQLStorageAuthority(saDbMap, fc, mocks.UseMockLog())
 	test.AssertNotError(t, err, "Couldn't create SA to insert certificates")
 	saCleanUp := test.ResetSATestDatabase(t)
 	paCleanUp := test.ResetPolicyTestDatabase(t)

cmd/expiration-mailer/main_test.go

@@ -708,7 +708,7 @@ func setup(t *testing.T, nagTimes []time.Duration) *testCtx {
 		t.Fatalf("Couldn't connect the database: %s", err)
 	}
 	fc := newFakeClock(t)
-	ssa, err := sa.NewSQLStorageAuthority(dbMap, fc)
+	ssa, err := sa.NewSQLStorageAuthority(dbMap, fc, log)
 	if err != nil {
 		t.Fatalf("unable to create SQLStorageAuthority: %s", err)
 	}

cmd/nameset-backfill/main_test.go

@@ -29,7 +29,7 @@ func TestBackfill(t *testing.T) {
 	}
 	fc := clock.NewFake()
 	fc.Add(1 * time.Hour)
-	sa, err := sa.NewSQLStorageAuthority(dbMap, fc)
+	sa, err := sa.NewSQLStorageAuthority(dbMap, fc, blog.GetAuditLogger())
 	if err != nil {
 		t.Fatalf("Failed to create SA: %s", err)
 	}

cmd/ocsp-updater/main_test.go

@@ -61,7 +61,7 @@ func setup(t *testing.T) (*OCSPUpdater, core.StorageAuthority, *gorp.DbMap, cloc
 	fc := clock.NewFake()
 	fc.Add(1 * time.Hour)
 
-	sa, err := sa.NewSQLStorageAuthority(dbMap, fc)
+	sa, err := sa.NewSQLStorageAuthority(dbMap, fc, log)
 	test.AssertNotError(t, err, "Failed to create SA")
 
 	cleanUp := test.ResetSATestDatabase(t)

cmd/orphan-finder/main.go

@@ -26,12 +26,17 @@ type config struct {
 	Syslog cmd.SyslogConfig
 }
 
+type certificateStorage interface {
+	AddCertificate([]byte, int64) (string, error)
+	GetCertificate(string) (core.Certificate, error)
+}
+
 var (
 	b64derOrphan = regexp.MustCompile(`b64der=\[([a-zA-Z0-9+/]+)\]`)
 	regOrphan    = regexp.MustCompile(`regID=\[(\d+)\]`)
 )
 
-func checkDER(sai core.StorageAuthority, der []byte) error {
+func checkDER(sai certificateStorage, der []byte) error {
 	cert, err := x509.ParseCertificate(der)
 	if err != nil {
 		return fmt.Errorf("Failed to parse DER: %s", err)
@@ -46,7 +51,7 @@ func checkDER(sai core.StorageAuthority, der []byte) error {
 	return fmt.Errorf("Existing certificate lookup failed: %s", err)
 }
 
-func parseLogLine(sa core.StorageAuthority, logger *blog.AuditLogger, line string) (found bool, added bool) {
+func parseLogLine(sa certificateStorage, logger blog.SyslogWriter, line string) (found bool, added bool) {
 	if !strings.Contains(line, "b64der=") {
 		return false, false
 	}
@@ -84,7 +89,7 @@ func parseLogLine(sa core.StorageAuthority, logger *blog.AuditLogger, line strin
 	return true, true
 }
 
-func setup(c *cli.Context) (statsd.Statter, *blog.AuditLogger, *rpc.StorageAuthorityClient) {
+func setup(c *cli.Context) (statsd.Statter, blog.SyslogWriter, *rpc.StorageAuthorityClient) {
 	configJSON, err := ioutil.ReadFile(c.GlobalString("config"))
 	cmd.FailOnError(err, "Failed to read config file")
 	var conf config

cmd/orphan-finder/main_test.go

@@ -1,51 +1,52 @@
 package main
 
 import (
-	"fmt"
 	"testing"
 	"time"
 
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/jmhodges/clock"
+	"github.com/letsencrypt/boulder/core"
 
-	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/mocks"
-	"github.com/letsencrypt/boulder/sa"
-	"github.com/letsencrypt/boulder/sa/satest"
 	"github.com/letsencrypt/boulder/test"
-	"github.com/letsencrypt/boulder/test/vars"
 )
 
 var log = mocks.UseMockLog()
 
-func TestParseLine(t *testing.T) {
-	dbMap, err := sa.NewDbMap(vars.DBConnSA)
-	if err != nil {
-		t.Fatalf("Failed to create dbMap: %s", err)
+type mockSA struct {
+	certificate core.Certificate
+}
+
+func (m *mockSA) AddCertificate(der []byte, _ int64) (string, error) {
+	m.certificate.DER = der
+	return "", nil
+}
+
+func (m *mockSA) GetCertificate(string) (core.Certificate, error) {
+	if m.certificate.DER != nil {
+		return m.certificate, nil
 	}
+	return core.Certificate{}, core.NotFoundError("no cert stored")
+}
+
+func TestParseLine(t *testing.T) {
 	fc := clock.NewFake()
 	fc.Set(time.Date(2015, 3, 4, 5, 0, 0, 0, time.UTC))
-	sa, err := sa.NewSQLStorageAuthority(dbMap, fc)
-	if err != nil {
-		t.Fatalf("Failed to create SA: %s", err)
-	}
-	defer test.ResetSATestDatabase(t)()
-	logger := blog.GetAuditLogger()
+	sa := &mockSA{}
 
-	found, added := parseLogLine(sa, logger, "")
+	found, added := parseLogLine(sa, log, "")
 	test.AssertEquals(t, found, false)
 	test.AssertEquals(t, added, false)
 
-	found, added = parseLogLine(sa, logger, "0000-00-00T00:00:00+00:00 hostname boulder-ca[pid]: [AUDIT] Failed RPC to store at SA, orphaning certificate: b64der=[] err=[AMQP-RPC timeout], regID=[1337]")
+	found, added = parseLogLine(sa, log, "0000-00-00T00:00:00+00:00 hostname boulder-ca[pid]: [AUDIT] Failed RPC to store at SA, orphaning certificate: b64der=[] err=[AMQP-RPC timeout], regID=[1337]")
 	test.AssertEquals(t, found, true)
 	test.AssertEquals(t, added, false)
 
-	found, added = parseLogLine(sa, logger, "0000-00-00T00:00:00+00:00 hostname boulder-ca[pid]: [AUDIT] Failed RPC to store at SA, orphaning certificate: b64der=[deadbeef] err=[AMQP-RPC timeout], regID=[]")
+	found, added = parseLogLine(sa, log, "0000-00-00T00:00:00+00:00 hostname boulder-ca[pid]: [AUDIT] Failed RPC to store at SA, orphaning certificate: b64der=[deadbeef] err=[AMQP-RPC timeout], regID=[]")
 	test.AssertEquals(t, found, true)
 	test.AssertEquals(t, added, false)
 
-	reg := satest.CreateWorkingRegistration(t, sa)
-
-	found, added = parseLogLine(sa, logger, fmt.Sprintf("0000-00-00T00:00:00+00:00 hostname boulder-ca[pid]: [AUDIT] Failed RPC to store at SA, orphaning certificate: b64der=[MIIEWzCCA0OgAwIBAgITAP+gFgYw1hiy61wFEIJLFCdIVjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRoYXBweSBoYWNrZXIgZmFrZSBDQTAeFw0xNTEwMDMwNTIxMDBaFw0xNjAxMDEwNTIxMDBaMBgxFjAUBgNVBAMTDWV4YW1wbGUuY28uYm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeo/HSH63lWW42pqdwlalHWOS3JGa3REraT3xM9v3psdRwuTtlwf3YlpF/JIzK5JtXyA3CHGSwEGmUMhMNBZ0tg5I0booXnHyUeDVUnGSnpWgMUY+vCly+pI5oT8pjBHdcj6kjnDTx1cstBjsJi9HBcYPHUh78iEZBsvC0FAKsh8cHaEjUNHzvWd1anBdK0lRn25M8le9IxXi6di9SeyFmahmPteH+LYKZtNzrF5HpatB14+ywV8d212T62PCCnUPDLd+YWjo2+t5pZs7IlGhyGh7EerOOrI2kUUBg3tUdKDp4e3xplxvaAfSfdrqkGx+bQ0iqQnng+lVkXWYWRB8NAgMBAAGjggGVMIIBkTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDadDBAEUrnrP/566FLp6DmjrlrbMB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGoGCCsGAQUFBwEBBF4wXDAmBggrBgEFBQcwAYYaaHR0cDovL2xvY2FsaG9zdDo0MDAyL29jc3AwMgYIKwYBBQUHMAKGJmh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC9hY21lL2lzc3Vlci1jZXJ0MBgGA1UdEQQRMA+CDWV4YW1wbGUuY28uYm4wJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL2V4YW1wbGUuY29tL2NybDBjBgNVHSAEXDBaMAoGBmeBDAECATAAMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IBAQC7tLmUlxyvouVuIljbRtiL+zYdi/zXVSHAMXTkceqp8/8ucZBZu1fMBkB5SW2FUFd8EnuqhKGOeS3dNr9Pe4dLbUDR0UKIwV045Na+Jet4BbHDdWs3NXAutFhdGIa8ivLBQIbTzlBuVRhJE8g6qqjf5hYL0DXkLNptl2l+0+4xJMm/liCp/mYCGRwbdGUzwdSjACO76QLLSqZhkBF37ZJOuDbJTMBi3QzkOcTs6e4d/gSZpCy7yy6nJDxZ9N9P3XBYIpus+aZAYy29d2shYzE3st8cQfB2Wmb0SHd67sftTAzeudiiNW/4E4IKKH4R1S794apUO07y7pkqep1cz32k] err=[AMQP-RPC timeout], regID=[%d]", reg.ID))
+	found, added = parseLogLine(sa, log, "0000-00-00T00:00:00+00:00 hostname boulder-ca[pid]: [AUDIT] Failed RPC to store at SA, orphaning certificate: b64der=[MIIEWzCCA0OgAwIBAgITAP+gFgYw1hiy61wFEIJLFCdIVjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRoYXBweSBoYWNrZXIgZmFrZSBDQTAeFw0xNTEwMDMwNTIxMDBaFw0xNjAxMDEwNTIxMDBaMBgxFjAUBgNVBAMTDWV4YW1wbGUuY28uYm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeo/HSH63lWW42pqdwlalHWOS3JGa3REraT3xM9v3psdRwuTtlwf3YlpF/JIzK5JtXyA3CHGSwEGmUMhMNBZ0tg5I0booXnHyUeDVUnGSnpWgMUY+vCly+pI5oT8pjBHdcj6kjnDTx1cstBjsJi9HBcYPHUh78iEZBsvC0FAKsh8cHaEjUNHzvWd1anBdK0lRn25M8le9IxXi6di9SeyFmahmPteH+LYKZtNzrF5HpatB14+ywV8d212T62PCCnUPDLd+YWjo2+t5pZs7IlGhyGh7EerOOrI2kUUBg3tUdKDp4e3xplxvaAfSfdrqkGx+bQ0iqQnng+lVkXWYWRB8NAgMBAAGjggGVMIIBkTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDadDBAEUrnrP/566FLp6DmjrlrbMB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGoGCCsGAQUFBwEBBF4wXDAmBggrBgEFBQcwAYYaaHR0cDovL2xvY2FsaG9zdDo0MDAyL29jc3AwMgYIKwYBBQUHMAKGJmh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC9hY21lL2lzc3Vlci1jZXJ0MBgGA1UdEQQRMA+CDWV4YW1wbGUuY28uYm4wJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL2V4YW1wbGUuY29tL2NybDBjBgNVHSAEXDBaMAoGBmeBDAECATAAMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IBAQC7tLmUlxyvouVuIljbRtiL+zYdi/zXVSHAMXTkceqp8/8ucZBZu1fMBkB5SW2FUFd8EnuqhKGOeS3dNr9Pe4dLbUDR0UKIwV045Na+Jet4BbHDdWs3NXAutFhdGIa8ivLBQIbTzlBuVRhJE8g6qqjf5hYL0DXkLNptl2l+0+4xJMm/liCp/mYCGRwbdGUzwdSjACO76QLLSqZhkBF37ZJOuDbJTMBi3QzkOcTs6e4d/gSZpCy7yy6nJDxZ9N9P3XBYIpus+aZAYy29d2shYzE3st8cQfB2Wmb0SHd67sftTAzeudiiNW/4E4IKKH4R1S794apUO07y7pkqep1cz32k] err=[AMQP-RPC timeout], regID=[1001]")
 	test.AssertEquals(t, found, true)
 	test.AssertEquals(t, added, true)
 }

ra/registration-authority_test.go

@@ -173,7 +173,7 @@ func initAuthorities(t *testing.T) (*DummyValidationAuthority, *sa.SQLStorageAut
 	if err != nil {
 		t.Fatalf("Failed to create dbMap: %s", err)
 	}
-	ssa, err := sa.NewSQLStorageAuthority(dbMap, fc)
+	ssa, err := sa.NewSQLStorageAuthority(dbMap, fc, log)
 	if err != nil {
 		t.Fatalf("Failed to create SA: %s", err)
 	}

sa/storage-authority.go

@@ -32,7 +32,7 @@ const getChallengesQuery = "SELECT * FROM challenges WHERE authorizationID = :au
 type SQLStorageAuthority struct {
 	dbMap *gorp.DbMap
 	clk   clock.Clock
-	log   *blog.AuditLogger
+	log   blog.SyslogWriter
 }
 
 func digest256(data []byte) []byte {
@@ -54,9 +54,7 @@ type authzModel struct {
 
 // NewSQLStorageAuthority provides persistence using a SQL backend for
 // Boulder. It will modify the given gorp.DbMap by adding relevant tables.
-func NewSQLStorageAuthority(dbMap *gorp.DbMap, clk clock.Clock) (*SQLStorageAuthority, error) {
-	logger := blog.GetAuditLogger()
-
+func NewSQLStorageAuthority(dbMap *gorp.DbMap, clk clock.Clock, logger blog.SyslogWriter) (*SQLStorageAuthority, error) {
 	logger.Notice("Storage Authority Starting")
 	SetSQLDebug(dbMap, logger)
 

sa/storage-authority_test.go

@@ -46,7 +46,7 @@ func initSA(t *testing.T) (*SQLStorageAuthority, clock.FakeClock, func()) {
 	fc := clock.NewFake()
 	fc.Set(time.Date(2015, 3, 4, 5, 0, 0, 0, time.UTC))
 
-	sa, err := NewSQLStorageAuthority(dbMap, fc)
+	sa, err := NewSQLStorageAuthority(dbMap, fc, log)
 	if err != nil {
 		t.Fatalf("Failed to create SA: %s", err)
 	}

test/test-tools.go

@@ -17,6 +17,11 @@ import (
 	"testing"
 )
 
+func fatalf(t *testing.T, format string, args ...interface{}) {
+	fmt.Printf("\t"+format+"\n", args...)
+	t.FailNow()
+}
+
 // Return short format caller info for printing errors, so errors don't all
 // appear to come from test-tools.go.
 func caller() string {
@@ -29,42 +34,42 @@ func caller() string {
 // Assert a boolean
 func Assert(t *testing.T, result bool, message string) {
 	if !result {
-		t.Fatalf("%s %s", caller(), message)
+		fatalf(t, "%s %s", caller(), message)
 	}
 }
 
 // AssertNotNil checks an object to be non-nil
 func AssertNotNil(t *testing.T, obj interface{}, message string) {
 	if obj == nil {
-		t.Fatalf("%s %s", caller(), message)
+		fatalf(t, "%s %s", caller(), message)
 	}
 }
 
 // AssertNotError checks that err is nil
 func AssertNotError(t *testing.T, err error, message string) {
 	if err != nil {
-		t.Fatalf("%s %s: %s", caller(), message, err)
+		fatalf(t, "%s %s: %s", caller(), message, err)
 	}
 }
 
 // AssertError checks that err is non-nil
 func AssertError(t *testing.T, err error, message string) {
 	if err == nil {
-		t.Fatalf("%s %s: expected error but received none", caller(), message)
+		fatalf(t, "%s %s: expected error but received none", caller(), message)
 	}
 }
 
 // AssertEquals uses the equality operator (==) to measure one and two
 func AssertEquals(t *testing.T, one interface{}, two interface{}) {
 	if one != two {
-		t.Fatalf("%s [%v] != [%v]", caller(), one, two)
+		fatalf(t, "%s [%v] != [%v]", caller(), one, two)
 	}
 }
 
 // AssertDeepEquals uses the reflect.DeepEqual method to measure one and two
 func AssertDeepEquals(t *testing.T, one interface{}, two interface{}) {
 	if !reflect.DeepEqual(one, two) {
-		t.Fatalf("%s [%+v] !(deep)= [%+v]", caller(), one, two)
+		fatalf(t, "%s [%+v] !(deep)= [%+v]", caller(), one, two)
 	}
 }
 
@@ -77,7 +82,7 @@ func AssertMarshaledEquals(t *testing.T, one interface{}, two interface{}) {
 	AssertNotError(t, err, "Could not marshal 2nd argument")
 
 	if !bytes.Equal(oneJSON, twoJSON) {
-		t.Fatalf("%s [%s] !(json)= [%s]", caller(), oneJSON, twoJSON)
+		fatalf(t, "%s [%s] !(json)= [%s]", caller(), oneJSON, twoJSON)
 	}
 }
 
@@ -85,14 +90,14 @@ func AssertMarshaledEquals(t *testing.T, one interface{}, two interface{}) {
 // are different
 func AssertNotEquals(t *testing.T, one interface{}, two interface{}) {
 	if one == two {
-		t.Fatalf("%s [%v] == [%v]", caller(), one, two)
+		fatalf(t, "%s [%v] == [%v]", caller(), one, two)
 	}
 }
 
 // AssertByteEquals uses bytes.Equal to measure one and two for equality.
 func AssertByteEquals(t *testing.T, one []byte, two []byte) {
 	if !bytes.Equal(one, two) {
-		t.Fatalf("%s Byte [%s] != [%s]",
+		fatalf(t, "%s Byte [%s] != [%s]",
 			caller(),
 			base64.StdEncoding.EncodeToString(one),
 			base64.StdEncoding.EncodeToString(two))
@@ -102,7 +107,7 @@ func AssertByteEquals(t *testing.T, one []byte, two []byte) {
 // AssertIntEquals uses the equality operator to measure one and two.
 func AssertIntEquals(t *testing.T, one int, two int) {
 	if one != two {
-		t.Fatalf("%s Int [%d] != [%d]", caller(), one, two)
+		fatalf(t, "%s Int [%d] != [%d]", caller(), one, two)
 	}
 }
 
@@ -110,21 +115,21 @@ func AssertIntEquals(t *testing.T, one int, two int) {
 // one and two are equal
 func AssertBigIntEquals(t *testing.T, one *big.Int, two *big.Int) {
 	if one.Cmp(two) != 0 {
-		t.Fatalf("%s Int [%d] != [%d]", caller(), one, two)
+		fatalf(t, "%s Int [%d] != [%d]", caller(), one, two)
 	}
 }
 
 // AssertContains determines whether needle can be found in haystack
 func AssertContains(t *testing.T, haystack string, needle string) {
 	if !strings.Contains(haystack, needle) {
-		t.Fatalf("%s String [%s] does not contain [%s]", caller(), haystack, needle)
+		fatalf(t, "%s String [%s] does not contain [%s]", caller(), haystack, needle)
 	}
 }
 
 // AssertNotContains determines if needle is not found in haystack
 func AssertNotContains(t *testing.T, haystack string, needle string) {
 	if strings.Contains(haystack, needle) {
-		t.Fatalf("%s String [%s] contains [%s]", caller(), haystack, needle)
+		fatalf(t, "%s String [%s] contains [%s]", caller(), haystack, needle)
 	}
 }
 
@@ -137,6 +142,6 @@ func AssertSeverity(t *testing.T, data string, severity int) {
 // AssertBetween determines if a is between b and c
 func AssertBetween(t *testing.T, a, b, c int64) {
 	if a < b || a > c {
-		t.Fatalf("%d is not between %d and %d", a, b, c)
+		fatalf(t, "%d is not between %d and %d", a, b, c)
 	}
 }