Remove remaining old format authorization code from SA/protos (#4495)

2019-10-23 06:08:38 -07:00 · 2019-10-23 06:08:38 -07:00 · 3ae1ae1493
parent 672bdcfdcb
commit 3ae1ae1493
11 changed files with 374 additions and 3236 deletions
--- a/core/interfaces.go
+++ b/core/interfaces.go
@ -114,25 +114,18 @@ type PolicyAuthority interface {
 type StorageGetter interface {
 	GetRegistration(ctx context.Context, regID int64) (Registration, error)
 	GetRegistrationByKey(ctx context.Context, jwk *jose.JSONWebKey) (Registration, error)
 	GetAuthorization(ctx context.Context, authzID string) (Authorization, error)
 	GetValidAuthorizations(ctx context.Context, regID int64, domains []string, now time.Time) (map[string]*Authorization, error)
 	GetPendingAuthorization(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*Authorization, error)
 	GetCertificate(ctx context.Context, serial string) (Certificate, error)
 	GetPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
 	GetCertificateStatus(ctx context.Context, serial string) (CertificateStatus, error)
 	CountCertificatesByNames(ctx context.Context, domains []string, earliest, latest time.Time) (countByDomain []*sapb.CountByNames_MapElement, err error)
 	CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest, latest time.Time) (int, error)
 	CountRegistrationsByIPRange(ctx context.Context, ip net.IP, earliest, latest time.Time) (int, error)
 	CountPendingAuthorizations(ctx context.Context, regID int64) (int, error)
 	CountOrders(ctx context.Context, acctID int64, earliest, latest time.Time) (int, error)
 	CountFQDNSets(ctx context.Context, window time.Duration, domains []string) (count int64, err error)
 	FQDNSetExists(ctx context.Context, domains []string) (exists bool, err error)
 	PreviousCertificateExists(ctx context.Context, req *sapb.PreviousCertificateExistsRequest) (exists *sapb.Exists, err error)
 	GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
 	GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
 	GetValidOrderAuthorizations(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (map[string]*Authorization, error)
 	CountInvalidAuthorizations(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (count *sapb.Count, err error)
 	GetAuthorizations(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
 	// New authz2 methods
 	GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
 	GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
@ -147,17 +140,13 @@ type StorageGetter interface {
 type StorageAdder interface {
 	NewRegistration(ctx context.Context, reg Registration) (created Registration, err error)
 	UpdateRegistration(ctx context.Context, reg Registration) error
 	NewPendingAuthorization(ctx context.Context, authz Authorization) (Authorization, error)
 	FinalizeAuthorization(ctx context.Context, authz Authorization) error
 	AddCertificate(ctx context.Context, der []byte, regID int64, ocsp []byte, issued *time.Time) (digest string, err error)
 	AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*corepb.Empty, error)
 	AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*corepb.Empty, error)
 	DeactivateRegistration(ctx context.Context, id int64) error
 	DeactivateAuthorization(ctx context.Context, id string) error
 	NewOrder(ctx context.Context, order *corepb.Order) (*corepb.Order, error)
 	SetOrderProcessing(ctx context.Context, order *corepb.Order) error
 	FinalizeOrder(ctx context.Context, order *corepb.Order) error
 	AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error)
 	SetOrderError(ctx context.Context, order *corepb.Order) error
 	RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) error
 	// New authz2 methods
--- a/core/proto/core.pb.go
+++ b/core/proto/core.pb.go
@ -441,8 +441,6 @@ type Authorization struct {
 	Status               *string      `protobuf:"bytes,4,opt,name=status" json:"status,omitempty"`
 	Expires              *int64       `protobuf:"varint,5,opt,name=expires" json:"expires,omitempty"`
 	Challenges           []*Challenge `protobuf:"bytes,6,rep,name=challenges" json:"challenges,omitempty"`
 	Combinations         []byte       `protobuf:"bytes,7,opt,name=combinations" json:"combinations,omitempty"`
 	V2                   *bool        `protobuf:"varint,8,opt,name=v2" json:"v2,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
 	XXX_unrecognized     []byte       `json:"-"`
 	XXX_sizecache        int32        `json:"-"`
@ -515,35 +513,16 @@ func (m *Authorization) GetChallenges() []*Challenge {
 	return nil
 }
 func (m *Authorization) GetCombinations() []byte {
 	if m != nil {
 		return m.Combinations
 	}
 	return nil
 }
 func (m *Authorization) GetV2() bool {
 	if m != nil && m.V2 != nil {
 		return *m.V2
 	}
 	return false
 }
 type Order struct {
 	Id                   *int64          `protobuf:"varint,1,opt,name=id" json:"id,omitempty"`
 	RegistrationID       *int64          `protobuf:"varint,2,opt,name=registrationID" json:"registrationID,omitempty"`
 	Expires              *int64          `protobuf:"varint,3,opt,name=expires" json:"expires,omitempty"`
 	Error                *ProblemDetails `protobuf:"bytes,4,opt,name=error" json:"error,omitempty"`
 	CertificateSerial    *string         `protobuf:"bytes,5,opt,name=certificateSerial" json:"certificateSerial,omitempty"`
 	// contains only v1 authorization IDs, should be
 	// deprecated once fully switched to v2 authorizations
 	// in favor of v2Authorizations.
 	Authorizations  []string `protobuf:"bytes,6,rep,name=authorizations" json:"authorizations,omitempty"`
 	Status               *string         `protobuf:"bytes,7,opt,name=status" json:"status,omitempty"`
 	Names                []string        `protobuf:"bytes,8,rep,name=names" json:"names,omitempty"`
 	BeganProcessing      *bool           `protobuf:"varint,9,opt,name=beganProcessing" json:"beganProcessing,omitempty"`
 	Created              *int64          `protobuf:"varint,10,opt,name=created" json:"created,omitempty"`
 	// contains only v2 authorization IDs.
 	V2Authorizations     []int64         `protobuf:"varint,11,rep,name=v2Authorizations" json:"v2Authorizations,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
 	XXX_unrecognized     []byte          `json:"-"`
@ -610,13 +589,6 @@ func (m *Order) GetCertificateSerial() string {
 	return ""
 }
 func (m *Order) GetAuthorizations() []string {
 	if m != nil {
 		return m.Authorizations
 	}
 	return nil
 }
 func (m *Order) GetStatus() string {
 	if m != nil && m.Status != nil {
 		return *m.Status
@ -697,52 +669,51 @@ func init() {
 func init() { proto.RegisterFile("core/proto/core.proto", fileDescriptor_80ea9561f1d738ba) }
 var fileDescriptor_80ea9561f1d738ba = []byte{
-	// 748 bytes of a gzipped FileDescriptorProto
+	// 730 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xc1, 0x6e, 0xdb, 0x38,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0x41, 0x6e, 0xdb, 0x3a,
-	0x10, 0x85, 0x2c, 0x2b, 0xb6, 0xc6, 0xde, 0xc4, 0x21, 0xb2, 0x81, 0xb0, 0x58, 0x04, 0x82, 0x0e,
+	0x10, 0x85, 0x4c, 0x29, 0x92, 0xc6, 0xfe, 0x89, 0x43, 0xe4, 0x07, 0x44, 0x51, 0x04, 0x82, 0x16,
-	0x0b, 0x21, 0x58, 0x24, 0x80, 0xff, 0x20, 0x4d, 0x7a, 0xc8, 0xa9, 0x06, 0x93, 0xf6, 0xd0, 0x9b,
+	0x85, 0x10, 0x14, 0x09, 0x90, 0x1b, 0xa4, 0x49, 0x17, 0xc9, 0xa6, 0x06, 0x93, 0x76, 0xd1, 0x9d,
-	0x22, 0x4d, 0x6d, 0x36, 0xb2, 0x68, 0x90, 0xb4, 0x51, 0xf7, 0x1f, 0xfa, 0x21, 0xfd, 0xb1, 0x1e,
+	0x22, 0x4d, 0x6d, 0x36, 0xb2, 0x64, 0x90, 0x74, 0x50, 0xf7, 0x0e, 0x3d, 0x48, 0x2f, 0xd4, 0xde,
-	0x7b, 0xef, 0xa5, 0x28, 0x38, 0x94, 0x6d, 0xc9, 0x4e, 0xd1, 0xdb, 0xcc, 0x23, 0x65, 0xce, 0xbc,
+	0xa0, 0xcb, 0x9e, 0xa1, 0x20, 0x29, 0xdb, 0xb2, 0x9d, 0xa2, 0xbb, 0x99, 0xc7, 0xb1, 0xf8, 0x38,
-	0xf7, 0x66, 0x0c, 0x7f, 0xe7, 0x52, 0xe1, 0xf5, 0x42, 0x49, 0x23, 0xaf, 0x6d, 0x78, 0x45, 0x21,
+	0xef, 0xcd, 0x18, 0xfe, 0x2f, 0x1a, 0x89, 0xe7, 0x33, 0xd9, 0xe8, 0xe6, 0xdc, 0x84, 0x67, 0x36,
-	0xeb, 0xda, 0x38, 0xf9, 0xd2, 0x81, 0xf0, 0x76, 0x96, 0x95, 0x25, 0x56, 0x53, 0x64, 0xc7, 0xd0,
+	0xa4, 0xbe, 0x89, 0xd3, 0x6f, 0x3d, 0x88, 0xaf, 0x26, 0x79, 0x55, 0x61, 0x3d, 0x46, 0xba, 0x0f,
-	0x11, 0x45, 0xe4, 0xc5, 0x5e, 0xea, 0xf3, 0x8e, 0x28, 0x18, 0x83, 0xae, 0x59, 0x2f, 0x30, 0xea,
+	0x3d, 0x51, 0x32, 0x2f, 0xf1, 0x32, 0xc2, 0x7b, 0xa2, 0xa4, 0x14, 0x7c, 0xbd, 0x98, 0x21, 0xeb,
-	0xc4, 0x5e, 0x1a, 0x72, 0x8a, 0xd9, 0x39, 0x1c, 0x69, 0x93, 0x99, 0xa5, 0x8e, 0x8e, 0x08, 0xad,
+	0x25, 0x5e, 0x16, 0x73, 0x1b, 0xd3, 0x63, 0xd8, 0x53, 0x3a, 0xd7, 0x73, 0xc5, 0xf6, 0x2c, 0xda,
-	0x33, 0x36, 0x02, 0x7f, 0xa9, 0x44, 0x14, 0x12, 0x68, 0x43, 0x76, 0x06, 0x81, 0x91, 0xcf, 0x58,
+	0x66, 0x74, 0x08, 0x64, 0x2e, 0x05, 0x8b, 0x2d, 0x68, 0x42, 0x7a, 0x04, 0x81, 0x6e, 0x1e, 0xb1,
-	0x45, 0x3e, 0x61, 0x2e, 0x61, 0x97, 0x30, 0x7a, 0xc6, 0xf5, 0xcd, 0xd2, 0xcc, 0xa4, 0x12, 0x9f,
+	0x66, 0xc4, 0x62, 0x2e, 0xa1, 0xa7, 0x30, 0x7c, 0xc4, 0xc5, 0xe5, 0x5c, 0x4f, 0x1a, 0x29, 0xbe,
-	0x33, 0x23, 0x64, 0x15, 0x05, 0x74, 0xe1, 0x00, 0x67, 0x77, 0x70, 0xba, 0xca, 0x4a, 0x51, 0x50,
+	0xe6, 0x5a, 0x34, 0x35, 0x0b, 0x6c, 0xc1, 0x0e, 0x4e, 0xaf, 0xe1, 0xf0, 0x29, 0xaf, 0x44, 0x69,
-	0xa6, 0x30, 0x97, 0xaa, 0xd0, 0x11, 0xc4, 0x7e, 0x3a, 0x18, 0x9f, 0x5f, 0x51, 0x2f, 0xef, 0xb6,
+	0x33, 0x89, 0x45, 0x23, 0x4b, 0xc5, 0x20, 0x21, 0x59, 0xff, 0xe2, 0xf8, 0xcc, 0xbe, 0xe5, 0xc3,
-	0xc7, 0x9c, 0x8e, 0xf9, 0xe1, 0x07, 0xec, 0x12, 0x02, 0x54, 0x4a, 0xaa, 0xa8, 0x17, 0x7b, 0xe9,
+	0xea, 0x98, 0xdb, 0x63, 0xbe, 0xfb, 0x03, 0x7a, 0x0a, 0x01, 0x4a, 0xd9, 0x48, 0x16, 0x26, 0x5e,
-	0x60, 0x7c, 0xe6, 0xbe, 0x9c, 0x28, 0xf9, 0x54, 0xe2, 0xfc, 0x0e, 0x4d, 0x26, 0x4a, 0xcd, 0xdd,
+	0xd6, 0xbf, 0x38, 0x72, 0xbf, 0x1c, 0xc9, 0xe6, 0xa1, 0xc2, 0xe9, 0x35, 0xea, 0x5c, 0x54, 0x8a,
-	0x95, 0xe4, 0xbb, 0x07, 0xa3, 0xfd, 0xdf, 0x64, 0xff, 0x40, 0x7f, 0x26, 0xb5, 0xa9, 0xb2, 0x39,
+	0xbb, 0x92, 0xf4, 0xb7, 0x07, 0xc3, 0xed, 0x6f, 0xd2, 0x17, 0x10, 0x4d, 0x1a, 0xa5, 0xeb, 0x7c,
-	0x12, 0x39, 0x21, 0xdf, 0xe6, 0x96, 0xa2, 0x85, 0x54, 0x66, 0x43, 0x91, 0x8d, 0xd9, 0xff, 0x70,
+	0x8a, 0xb6, 0x39, 0x31, 0x5f, 0xe5, 0xa6, 0x45, 0xb3, 0x46, 0xea, 0x65, 0x8b, 0x4c, 0x4c, 0x5f,
-	0x9a, 0x15, 0x85, 0x42, 0xad, 0x51, 0x73, 0xd4, 0xb2, 0x5c, 0x61, 0x11, 0xf9, 0xb1, 0x9f, 0x0e,
+	0xc3, 0x61, 0x5e, 0x96, 0x12, 0x95, 0x42, 0xc5, 0x51, 0x35, 0xd5, 0x13, 0x96, 0x8c, 0x24, 0x24,
-	0xf9, 0xe1, 0x01, 0x8b, 0x61, 0x50, 0x83, 0x6f, 0x35, 0x16, 0x51, 0x37, 0xf6, 0xd2, 0x21, 0x6f,
+	0x1b, 0xf0, 0xdd, 0x03, 0x9a, 0x40, 0xbf, 0x05, 0xdf, 0x2b, 0x2c, 0x99, 0x9f, 0x78, 0xd9, 0x80,
-	0x42, 0x74, 0xc3, 0xf1, 0x62, 0x04, 0xea, 0x28, 0x88, 0xfd, 0x34, 0xe4, 0x4d, 0xc8, 0x91, 0x5f,
+	0x77, 0x21, 0x5b, 0xe1, 0xfa, 0xa2, 0x05, 0x2a, 0x16, 0x24, 0x24, 0x8b, 0x79, 0x17, 0x72, 0xcd,
-	0xd6, 0x8a, 0xd8, 0x90, 0xfd, 0x07, 0xc7, 0xdb, 0xa7, 0x1e, 0x95, 0xc0, 0x22, 0xea, 0x51, 0x01,
+	0xaf, 0x5a, 0x45, 0x4c, 0x48, 0x5f, 0xc1, 0xfe, 0xea, 0xaa, 0x7b, 0x29, 0xb0, 0x64, 0xa1, 0x25,
-	0x7b, 0x68, 0xf2, 0x11, 0x8e, 0xdb, 0x4c, 0xd8, 0xd7, 0x16, 0x0e, 0x79, 0xb4, 0xda, 0xbb, 0x86,
+	0xb0, 0x85, 0xa6, 0x9f, 0x61, 0x7f, 0xb3, 0x13, 0xe6, 0xb6, 0x99, 0x43, 0xee, 0x8d, 0xf6, 0xee,
-	0x9b, 0x90, 0xb5, 0x40, 0x41, 0x97, 0xeb, 0xae, 0xeb, 0x8c, 0x5d, 0x00, 0xcc, 0x8c, 0x59, 0x3c,
+	0xc1, 0x5d, 0xc8, 0x58, 0xa0, 0xb4, 0xc5, 0xed, 0xab, 0xdb, 0x8c, 0x9e, 0x00, 0x4c, 0xb4, 0x9e,
-	0x38, 0x7b, 0x58, 0xd5, 0x03, 0xde, 0x40, 0x92, 0xaf, 0x1e, 0x0c, 0x6e, 0x51, 0x19, 0xf1, 0x41,
+	0xdd, 0x39, 0x7b, 0x18, 0xd5, 0x03, 0xde, 0x41, 0xd2, 0xef, 0x1e, 0xf4, 0xaf, 0x50, 0x6a, 0xf1,
-	0xe4, 0x99, 0x41, 0x5b, 0xa3, 0xc2, 0xa9, 0xd0, 0x46, 0x11, 0xdb, 0xf7, 0x77, 0xb5, 0xf5, 0xf6,
+	0x49, 0x14, 0xb9, 0x46, 0xc3, 0x51, 0xe2, 0x58, 0x28, 0x2d, 0x6d, 0xb7, 0x6f, 0xae, 0x5b, 0xeb,
-	0x50, 0xb2, 0x1c, 0x2a, 0x91, 0x6d, 0xdf, 0x73, 0x19, 0xd5, 0x21, 0xa6, 0xa8, 0x4d, 0xed, 0xb0,
+	0x6d, 0xa1, 0xd6, 0x72, 0x28, 0x45, 0xbe, 0xba, 0xcf, 0x65, 0x96, 0x87, 0x18, 0xa3, 0xd2, 0xad,
-	0x3a, 0xb3, 0x6c, 0x14, 0xa8, 0x6a, 0x26, 0x6d, 0x68, 0x6f, 0x0a, 0xad, 0x97, 0x58, 0x90, 0xd5,
+	0xc3, 0xda, 0xcc, 0x74, 0xa3, 0x44, 0xd9, 0x76, 0xd2, 0x84, 0xa6, 0x52, 0x28, 0x35, 0xc7, 0xd2,
-	0x7c, 0x5e, 0x67, 0x2c, 0x82, 0x1e, 0x7e, 0x5a, 0x08, 0x85, 0xce, 0xcd, 0x3e, 0xdf, 0xa4, 0xc9,
+	0x5a, 0x8d, 0xf0, 0x36, 0xa3, 0x0c, 0x42, 0xfc, 0x32, 0x13, 0x12, 0x9d, 0x9b, 0x09, 0x5f, 0xa6,
-	0x37, 0x0f, 0x86, 0xbc, 0x51, 0xc6, 0xc1, 0x6c, 0x8c, 0xc0, 0x7f, 0xc6, 0x35, 0x55, 0x34, 0xe4,
+	0xe9, 0x2f, 0x0f, 0x06, 0xbc, 0x43, 0x63, 0x67, 0x36, 0x86, 0x40, 0x1e, 0x71, 0x61, 0x19, 0x0d,
-	0x36, 0xb4, 0x3f, 0x96, 0xcb, 0xca, 0x64, 0xb9, 0x21, 0xb1, 0x43, 0xbe, 0x49, 0x59, 0x0a, 0x27,
+	0xb8, 0x09, 0xcd, 0xc7, 0x8a, 0xa6, 0xd6, 0x79, 0xa1, 0xad, 0xd8, 0x31, 0x5f, 0xa6, 0x34, 0x83,
-	0x75, 0xa8, 0x27, 0x0a, 0x35, 0x56, 0x86, 0x8a, 0xeb, 0xf3, 0x7d, 0x98, 0xfd, 0x0b, 0x61, 0x36,
+	0x83, 0x36, 0x54, 0x23, 0x89, 0x0a, 0x6b, 0x6d, 0xc9, 0x45, 0x7c, 0x1b, 0xa6, 0x2f, 0x21, 0xce,
-	0x55, 0x88, 0x73, 0x7b, 0xc7, 0x8d, 0xc5, 0x0e, 0xb0, 0xa7, 0xa2, 0x12, 0x46, 0x64, 0xe5, 0xfd,
+	0xc7, 0x12, 0x71, 0x6a, 0x6a, 0xdc, 0x58, 0xac, 0x01, 0x73, 0x2a, 0x6a, 0xa1, 0x45, 0x5e, 0xdd,
-	0x84, 0x0a, 0x1e, 0xf2, 0x1d, 0x60, 0x4f, 0x73, 0x85, 0x99, 0xc1, 0xe2, 0xc6, 0x90, 0xd7, 0x7d,
+	0x8c, 0x2c, 0xe1, 0x01, 0x5f, 0x03, 0xe6, 0xb4, 0x90, 0x98, 0x6b, 0x2c, 0x2f, 0xb5, 0xf5, 0x3a,
-	0xbe, 0x03, 0x1a, 0x73, 0xdb, 0x6f, 0xce, 0x6d, 0xf2, 0xd3, 0x83, 0xbf, 0xda, 0x53, 0xb7, 0xeb,
+	0xe1, 0x6b, 0xa0, 0x33, 0xb7, 0x51, 0x77, 0x6e, 0xd3, 0x1f, 0x1e, 0xfc, 0xb7, 0x39, 0x75, 0xeb,
-	0x34, 0xa4, 0x4e, 0x2f, 0x00, 0x44, 0x81, 0x95, 0x95, 0x0d, 0x55, 0x2d, 0x41, 0x03, 0x79, 0x41,
+	0x97, 0xc6, 0xf6, 0xa5, 0x27, 0x00, 0xa2, 0xc4, 0xda, 0xc8, 0x86, 0xb2, 0x95, 0xa0, 0x83, 0x3c,
-	0x46, 0xff, 0xb7, 0x32, 0xba, 0x0a, 0xba, 0xad, 0xcd, 0xd1, 0x10, 0x21, 0x68, 0x89, 0xc0, 0xae,
+	0x23, 0x23, 0xf9, 0xab, 0x8c, 0x8e, 0x81, 0xbf, 0xb1, 0x39, 0x3a, 0x22, 0x04, 0x1b, 0x22, 0xd0,
-	0x01, 0xf2, 0xcd, 0x72, 0xb2, 0x0a, 0xd9, 0xc1, 0x3f, 0x71, 0xe3, 0xbb, 0x5d, 0x5a, 0xbc, 0x71,
+	0x73, 0x80, 0x62, 0xb9, 0x9c, 0x8c, 0x42, 0x66, 0xf0, 0x0f, 0xdc, 0xf8, 0xae, 0x96, 0x16, 0xef,
-	0x85, 0x25, 0x30, 0xcc, 0xe5, 0xfc, 0x49, 0x54, 0xf4, 0xa6, 0x26, 0x16, 0x86, 0xbc, 0x85, 0xd9,
+	0x94, 0xdc, 0xfa, 0x51, 0x38, 0x8c, 0x6e, 0xfd, 0x28, 0x1a, 0xc6, 0xe9, 0xcf, 0x1e, 0x04, 0xef,
-	0xf6, 0x56, 0x63, 0x22, 0xa1, 0xcf, 0x3b, 0xab, 0x71, 0xf2, 0xa3, 0x03, 0xc1, 0x1b, 0x65, 0x5d,
+	0xa4, 0x51, 0x7f, 0x5b, 0xba, 0x5d, 0xc2, 0xbd, 0x67, 0x09, 0x77, 0x88, 0x91, 0x4d, 0x62, 0xab,
-	0xb2, 0x2f, 0xf1, 0x61, 0x63, 0x9d, 0x17, 0x1b, 0x6b, 0x34, 0xe0, 0xb7, 0x1b, 0xd8, 0xae, 0x9e,
+	0x95, 0xe2, 0xff, 0x73, 0xa5, 0x98, 0x6d, 0x50, 0xac, 0x4d, 0x7f, 0xe7, 0x8c, 0xec, 0xa4, 0xdd,
-	0xee, 0x1f, 0x57, 0x8f, 0xdd, 0x1a, 0xf9, 0x6e, 0x38, 0x1e, 0x9c, 0xe1, 0x9d, 0x05, 0x0e, 0x0f,
+	0x3d, 0xe8, 0x34, 0x29, 0xdc, 0x68, 0xd2, 0x11, 0x04, 0x66, 0xdf, 0x18, 0xf5, 0x8c, 0xb5, 0x5c,
-	0x68, 0xbe, 0x9b, 0xaa, 0x39, 0x7a, 0x42, 0xbe, 0x87, 0x36, 0x48, 0xef, 0xb5, 0x48, 0x3f, 0x83,
+	0x62, 0x8c, 0xf5, 0x80, 0xe3, 0xbc, 0x1e, 0xc9, 0xa6, 0x40, 0xa5, 0x44, 0x3d, 0xb6, 0x0b, 0x38,
-	0xc0, 0xee, 0x2f, 0xeb, 0x06, 0xfb, 0x99, 0x4b, 0xac, 0x51, 0x9f, 0x70, 0x9a, 0x55, 0x13, 0x25,
+	0xe2, 0xdb, 0xb0, 0x35, 0xa7, 0xf3, 0x02, 0x03, 0xf7, 0x96, 0x36, 0x35, 0x0b, 0xf9, 0xe9, 0x62,
-	0x73, 0xd4, 0x5a, 0x54, 0x53, 0x5a, 0xe8, 0x7d, 0xbe, 0x0f, 0x93, 0xd9, 0x9d, 0xb7, 0x22, 0x70,
+	0xc3, 0x01, 0x8a, 0xf5, 0x13, 0x92, 0x11, 0xbe, 0x83, 0xdf, 0xfa, 0xd1, 0xde, 0x30, 0x4c, 0x43,
-	0x3d, 0xd7, 0xa9, 0x5d, 0xf0, 0xab, 0xf1, 0x4d, 0xbb, 0xb6, 0x41, 0xec, 0xa7, 0x3e, 0x3f, 0xc0,
+	0x08, 0xde, 0x4e, 0x67, 0x7a, 0xf1, 0x26, 0xfc, 0x18, 0xd8, 0x3f, 0x93, 0x3f, 0x01, 0x00, 0x00,
-	0x93, 0x1e, 0x04, 0xaf, 0xe7, 0x0b, 0xb3, 0x7e, 0xd5, 0x7b, 0x1f, 0xd0, 0xdf, 0xd2, 0xaf, 0x00,
+	0xff, 0xff, 0x9d, 0x5e, 0xf8, 0x60, 0x64, 0x06, 0x00, 0x00,
 	0x00, 0x00, 0xff, 0xff, 0x0a, 0x30, 0x02, 0xc8, 0xae, 0x06, 0x00, 0x00,
 }
--- a/core/proto/core.proto
+++ b/core/proto/core.proto
@ -61,8 +61,8 @@ message Authorization {
        optional string status = 4;
        optional int64 expires = 5; // Unix timestamp (nanoseconds)
        repeated core.Challenge challenges = 6;
-        optional bytes combinations = 7; // deprecated
+        reserved 7; // previously combinations
-        optional bool v2 = 8;
+        reserved 8; // previously v2
 }
 message Order {
@ -71,15 +71,11 @@ message Order {
        optional int64 expires = 3;
        optional ProblemDetails error = 4;
        optional string certificateSerial = 5;
-        // contains only v1 authorization IDs, should be
+        reserved 6; // previously authorizations, deprecated in favor of v2Authorizations
        // deprecated once fully switched to v2 authorizations
        // in favor of v2Authorizations.
        repeated string authorizations = 6;
        optional string status = 7;
        repeated string names = 8;
        optional bool beganProcessing = 9;
        optional int64 created = 10;
        // contains only v2 authorization IDs.
        repeated int64 v2Authorizations = 11;
 }
--- a/grpc/pb-marshalling.go
+++ b/grpc/pb-marshalling.go
@ -357,9 +357,7 @@ func AuthzToPB(authz core.Authorization) (*corepb.Authorization, error) {
 	if authz.Expires != nil {
 		expires = authz.Expires.UTC().UnixNano()
 	}
 	v2 := true
 	return &corepb.Authorization{
 		V2:             &v2,
 		Id:             &authz.ID,
 		Identifier:     &authz.Identifier.Value,
 		RegistrationID: &authz.RegistrationID,
--- a/grpc/sa-wrappers.go
+++ b/grpc/sa-wrappers.go
@ -59,49 +59,6 @@ func (sac StorageAuthorityClientWrapper) GetRegistrationByKey(ctx context.Contex
 	return pbToRegistration(response)
 }
 func (sac StorageAuthorityClientWrapper) GetAuthorization(ctx context.Context, authID string) (core.Authorization, error) {
 	response, err := sac.inner.GetAuthorization(ctx, &sapb.AuthorizationID{Id: &authID})
 	if err != nil {
 		return core.Authorization{}, err
 	}
 	if response == nil || !authorizationValid(response) {
 		return core.Authorization{}, errIncompleteResponse
 	}
 	return PBToAuthz(response)
 }
 func (sac StorageAuthorityClientWrapper) GetValidAuthorizations(ctx context.Context, regID int64, domains []string, now time.Time) (map[string]*core.Authorization, error) {
 	nowUnix := now.UnixNano()
 	response, err := sac.inner.GetValidAuthorizations(ctx, &sapb.GetValidAuthorizationsRequest{
 		RegistrationID: &regID,
 		Domains:        domains,
 		Now:            &nowUnix,
 	})
 	if err != nil {
 		return nil, err
 	}
 	if response == nil {
 		return nil, errIncompleteResponse
 	}
 	auths := make(map[string]*core.Authorization, len(response.Valid))
 	for _, element := range response.Valid {
 		if element == nil || element.Domain == nil || !authorizationValid(element.Authz) {
 			return nil, errIncompleteResponse
 		}
 		authz, err := PBToAuthz(element.Authz)
 		if err != nil {
 			return nil, err
 		}
 		auths[*element.Domain] = &authz
 	}
 	return auths, nil
 }
 func (sac StorageAuthorityClientWrapper) GetCertificate(ctx context.Context, serial string) (core.Certificate, error) {
 	response, err := sac.inner.GetCertificate(ctx, &sapb.Serial{Serial: &serial})
 	if err != nil {
@ -211,19 +168,6 @@ func (sac StorageAuthorityClientWrapper) CountRegistrationsByIPRange(ctx context
 	return int(*response.Count), nil
 }
 func (sac StorageAuthorityClientWrapper) CountPendingAuthorizations(ctx context.Context, regID int64) (int, error) {
 	response, err := sac.inner.CountPendingAuthorizations(ctx, &sapb.RegistrationID{Id: &regID})
 	if err != nil {
 		return 0, err
 	}
 	if response == nil || response.Count == nil {
 		return 0, errIncompleteResponse
 	}
 	return int(*response.Count), nil
 }
 func (sac StorageAuthorityClientWrapper) CountOrders(ctx context.Context, acctID int64, earliest, latest time.Time) (int, error) {
 	earliestNano := earliest.UnixNano()
 	latestNano := latest.UnixNano()
@ -246,22 +190,6 @@ func (sac StorageAuthorityClientWrapper) CountOrders(ctx context.Context, acctID
 	return int(*response.Count), nil
 }
 func (sac StorageAuthorityClientWrapper) CountInvalidAuthorizations(ctx context.Context, request *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error) {
 	return sac.inner.CountInvalidAuthorizations(ctx, request)
 }
 func (sac StorageAuthorityClientWrapper) GetPendingAuthorization(ctx context.Context, request *sapb.GetPendingAuthorizationRequest) (*core.Authorization, error) {
 	authzPB, err := sac.inner.GetPendingAuthorization(ctx, request)
 	if err != nil {
 		return nil, err
 	}
 	authz, err := PBToAuthz(authzPB)
 	if err != nil {
 		return nil, err
 	}
 	return &authz, nil
 }
 func (sac StorageAuthorityClientWrapper) CountFQDNSets(ctx context.Context, window time.Duration, domains []string) (int64, error) {
 	windowNanos := window.Nanoseconds()
@ -367,38 +295,6 @@ func (sac StorageAuthorityClientWrapper) UpdateRegistration(ctx context.Context,
 	return nil
 }
 func (sac StorageAuthorityClientWrapper) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (core.Authorization, error) {
 	authPB, err := AuthzToPB(authz)
 	if err != nil {
 		return core.Authorization{}, err
 	}
 	response, err := sac.inner.NewPendingAuthorization(ctx, authPB)
 	if err != nil {
 		return core.Authorization{}, err
 	}
 	if response == nil || !authorizationValid(response) {
 		return core.Authorization{}, errIncompleteResponse
 	}
 	return PBToAuthz(response)
 }
 func (sac StorageAuthorityClientWrapper) FinalizeAuthorization(ctx context.Context, authz core.Authorization) error {
 	authPB, err := AuthzToPB(authz)
 	if err != nil {
 		return err
 	}
 	_, err = sac.inner.FinalizeAuthorization(ctx, authPB)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func (sac StorageAuthorityClientWrapper) AddCertificate(
 	ctx context.Context,
 	der []byte,
@ -435,15 +331,6 @@ func (sac StorageAuthorityClientWrapper) DeactivateRegistration(ctx context.Cont
 	return nil
 }
 func (sac StorageAuthorityClientWrapper) DeactivateAuthorization(ctx context.Context, id string) error {
 	_, err := sac.inner.DeactivateAuthorization(ctx, &sapb.AuthorizationID{Id: &id})
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func (sas StorageAuthorityClientWrapper) NewOrder(ctx context.Context, request *corepb.Order) (*corepb.Order, error) {
 	resp, err := sas.inner.NewOrder(ctx, request)
 	if err != nil {
@ -499,65 +386,6 @@ func (sas StorageAuthorityClientWrapper) GetOrderForNames(
 	return resp, nil
 }
 func (sas StorageAuthorityClientWrapper) GetValidOrderAuthorizations(
 	ctx context.Context,
 	request *sapb.GetValidOrderAuthorizationsRequest) (map[string]*core.Authorization, error) {
 	resp, err := sas.inner.GetValidOrderAuthorizations(ctx, request)
 	if err != nil {
 		return nil, err
 	}
 	if resp == nil {
 		return nil, errIncompleteResponse
 	}
 	// If there were no authorizations, return nil
 	if resp.Authz == nil {
 		return nil, nil
 	}
 	// Otherwise check the authorizations are valid and convert them from protobuf
 	// form before returning a map of results to the caller
 	auths := make(map[string]*core.Authorization, len(resp.Authz))
 	for _, element := range resp.Authz {
 		if element == nil || element.Domain == nil || !authorizationValid(element.Authz) {
 			return nil, errIncompleteResponse
 		}
 		authz, err := PBToAuthz(element.Authz)
 		if err != nil {
 			return nil, err
 		}
 		auths[*element.Domain] = &authz
 	}
 	return auths, nil
 }
 func (sas StorageAuthorityClientWrapper) GetAuthorizations(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error) {
 	resp, err := sas.inner.GetAuthorizations(ctx, req)
 	if err != nil {
 		return nil, err
 	}
 	if resp == nil {
 		return nil, errIncompleteResponse
 	}
 	for _, element := range resp.Authz {
 		if element == nil || element.Domain == nil || !authorizationValid(element.Authz) {
 			return nil, errIncompleteResponse
 		}
 	}
 	return resp, nil
 }
 func (sas StorageAuthorityClientWrapper) AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error) {
 	resp, err := sas.inner.AddPendingAuthorizations(ctx, req)
 	if err != nil {
 		return nil, err
 	}
 	if resp == nil || resp.Ids == nil {
 		return nil, errIncompleteResponse
 	}
 	return resp, nil
 }
 func (sas StorageAuthorityClientWrapper) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error) {
 	resp, err := sas.inner.GetAuthorization2(ctx, req)
 	if err != nil {
@ -704,43 +532,6 @@ func (sas StorageAuthorityServerWrapper) GetRegistrationByKey(ctx context.Contex
 	return registrationToPB(reg)
 }
 func (sas StorageAuthorityServerWrapper) GetAuthorization(ctx context.Context, request *sapb.AuthorizationID) (*corepb.Authorization, error) {
 	if request == nil || request.Id == nil {
 		return nil, errIncompleteRequest
 	}
 	authz, err := sas.inner.GetAuthorization(ctx, *request.Id)
 	if err != nil {
 		return nil, err
 	}
 	return AuthzToPB(authz)
 }
 func (sas StorageAuthorityServerWrapper) GetValidAuthorizations(ctx context.Context, request *sapb.GetValidAuthorizationsRequest) (*sapb.ValidAuthorizations, error) {
 	if request == nil || request.RegistrationID == nil || request.Domains == nil || request.Now == nil {
 		return nil, errIncompleteRequest
 	}
 	valid, err := sas.inner.GetValidAuthorizations(ctx, *request.RegistrationID, request.Domains, time.Unix(0, *request.Now))
 	if err != nil {
 		return nil, err
 	}
 	resp := &sapb.ValidAuthorizations{}
 	for k, v := range valid {
 		authzPB, err := AuthzToPB(*v)
 		if err != nil {
 			return nil, err
 		}
 		// Make a copy of k because it will be reassigned with each loop.
 		kCopy := k
 		resp.Valid = append(resp.Valid, &sapb.ValidAuthorizations_MapElement{Domain: &kCopy, Authz: authzPB})
 	}
 	return resp, nil
 }
 func (sas StorageAuthorityServerWrapper) GetCertificate(ctx context.Context, request *sapb.Serial) (*corepb.Certificate, error) {
 	if request == nil || request.Serial == nil {
 		return nil, errIncompleteRequest
@ -840,20 +631,6 @@ func (sas StorageAuthorityServerWrapper) CountRegistrationsByIPRange(ctx context
 	return &sapb.Count{Count: &castedCount}, nil
 }
 func (sas StorageAuthorityServerWrapper) CountPendingAuthorizations(ctx context.Context, request *sapb.RegistrationID) (*sapb.Count, error) {
 	if request == nil || request.Id == nil {
 		return nil, errIncompleteRequest
 	}
 	count, err := sas.inner.CountPendingAuthorizations(ctx, *request.Id)
 	if err != nil {
 		return nil, err
 	}
 	castedCount := int64(count)
 	return &sapb.Count{Count: &castedCount}, nil
 }
 func (sas StorageAuthorityServerWrapper) CountOrders(ctx context.Context, request *sapb.CountOrdersRequest) (*sapb.Count, error) {
 	if request == nil || request.AccountID == nil || request.Range == nil || request.Range.Earliest == nil || request.Range.Latest == nil {
 		return nil, errIncompleteRequest
@ -872,22 +649,6 @@ func (sas StorageAuthorityServerWrapper) CountOrders(ctx context.Context, reques
 	return &sapb.Count{Count: &castedCount}, nil
 }
 func (sas StorageAuthorityServerWrapper) CountInvalidAuthorizations(ctx context.Context, request *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error) {
 	return sas.inner.CountInvalidAuthorizations(ctx, request)
 }
 func (sas StorageAuthorityServerWrapper) GetPendingAuthorization(ctx context.Context, request *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error) {
 	authz, err := sas.inner.GetPendingAuthorization(ctx, request)
 	if err != nil {
 		return nil, err
 	}
 	authzPB, err := AuthzToPB(*authz)
 	if err != nil {
 		return nil, err
 	}
 	return authzPB, err
 }
 func (sas StorageAuthorityServerWrapper) CountFQDNSets(ctx context.Context, request *sapb.CountFQDNSetsRequest) (*sapb.Count, error) {
 	if request == nil || request.Window == nil || request.Domains == nil {
 		return nil, errIncompleteRequest
@ -963,42 +724,6 @@ func (sas StorageAuthorityServerWrapper) UpdateRegistration(ctx context.Context,
 	return &corepb.Empty{}, nil
 }
 func (sas StorageAuthorityServerWrapper) NewPendingAuthorization(ctx context.Context, request *corepb.Authorization) (*corepb.Authorization, error) {
 	if request == nil || !authorizationValid(request) {
 		return nil, errIncompleteRequest
 	}
 	authz, err := PBToAuthz(request)
 	if err != nil {
 		return nil, err
 	}
 	newAuthz, err := sas.inner.NewPendingAuthorization(ctx, authz)
 	if err != nil {
 		return nil, err
 	}
 	return AuthzToPB(newAuthz)
 }
 func (sas StorageAuthorityServerWrapper) FinalizeAuthorization(ctx context.Context, request *corepb.Authorization) (*corepb.Empty, error) {
 	if request == nil || !authorizationValid(request) {
 		return nil, errIncompleteRequest
 	}
 	authz, err := PBToAuthz(request)
 	if err != nil {
 		return nil, err
 	}
 	err = sas.inner.FinalizeAuthorization(ctx, authz)
 	if err != nil {
 		return nil, err
 	}
 	return &corepb.Empty{}, nil
 }
 func (sas StorageAuthorityServerWrapper) AddCertificate(ctx context.Context, request *sapb.AddCertificateRequest) (*sapb.AddCertificateResponse, error) {
 	if request == nil || request.Der == nil || request.RegID == nil || request.Issued == nil {
 		return nil, errIncompleteRequest
@ -1026,19 +751,6 @@ func (sas StorageAuthorityServerWrapper) DeactivateRegistration(ctx context.Cont
 	return &corepb.Empty{}, nil
 }
 func (sas StorageAuthorityServerWrapper) DeactivateAuthorization(ctx context.Context, request *sapb.AuthorizationID) (*corepb.Empty, error) {
 	if request == nil || request.Id == nil {
 		return nil, errIncompleteRequest
 	}
 	err := sas.inner.DeactivateAuthorization(ctx, *request.Id)
 	if err != nil {
 		return nil, err
 	}
 	return &corepb.Empty{}, nil
 }
 func (sas StorageAuthorityServerWrapper) NewOrder(ctx context.Context, request *corepb.Order) (*corepb.Order, error) {
 	if request == nil || !newOrderValid(request) {
 		return nil, errIncompleteRequest
@ -1100,48 +812,6 @@ func (sas StorageAuthorityServerWrapper) GetOrderForNames(
 	return sas.inner.GetOrderForNames(ctx, request)
 }
 func (sas StorageAuthorityServerWrapper) GetValidOrderAuthorizations(
 	ctx context.Context,
 	request *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error) {
 	if request == nil || request.Id == nil || request.AcctID == nil {
 		return nil, errIncompleteRequest
 	}
 	authzs, err := sas.inner.GetValidOrderAuthorizations(ctx, request)
 	if err != nil {
 		return nil, err
 	}
 	resp := &sapb.Authorizations{}
 	for k, v := range authzs {
 		authzPB, err := AuthzToPB(*v)
 		if err != nil {
 			return nil, err
 		}
 		// Make a copy of k because it will be reassigned with each loop.
 		kCopy := k
 		resp.Authz = append(resp.Authz, &sapb.Authorizations_MapElement{Domain: &kCopy, Authz: authzPB})
 	}
 	return resp, nil
 }
 func (sas StorageAuthorityServerWrapper) GetAuthorizations(ctx context.Context, request *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error) {
 	if request == nil || request.RegistrationID == nil || request.Domains == nil || request.Now == nil || request.RequireV2Authzs == nil {
 		return nil, errIncompleteRequest
 	}
 	return sas.inner.GetAuthorizations(ctx, request)
 }
 func (sas StorageAuthorityServerWrapper) AddPendingAuthorizations(ctx context.Context, request *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error) {
 	if request == nil || request.Authz == nil {
 		return nil, errIncompleteRequest
 	}
 	return sas.inner.AddPendingAuthorizations(ctx, request)
 }
 func (sas StorageAuthorityServerWrapper) GetAuthorization2(ctx context.Context, request *sapb.AuthorizationID2) (*corepb.Authorization, error) {
 	if request == nil || request.Id == nil {
 		return nil, errIncompleteRequest
--- a/ra/ra.go
+++ b/ra/ra.go
@ -2001,9 +2001,7 @@ func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.New
 func (ra *RegistrationAuthorityImpl) createPendingAuthz(ctx context.Context, reg int64, identifier identifier.ACMEIdentifier) (*corepb.Authorization, error) {
 	expires := ra.clk.Now().Add(ra.pendingAuthorizationLifetime).Truncate(time.Second).UnixNano()
 	status := string(core.StatusPending)
 	v2 := true
 	authz := &corepb.Authorization{
 		V2:             &v2,
 		Identifier:     &identifier.Value,
 		RegistrationID: &reg,
 		Status:         &status,
--- a/ra/ra_test.go
+++ b/ra/ra_test.go
@ -77,8 +77,6 @@ func createPendingAuthorization(t *testing.T, sa core.StorageAuthority, domain s
 	}
 	authzPB, err := bgrpc.AuthzToPB(authz)
 	test.AssertNotError(t, err, "AuthzToPB failed")
 	v2 := true
 	authzPB.V2 = &v2
 	ids, err := sa.NewAuthorizations2(context.Background(), &sapb.AddPendingAuthorizationsRequest{
 		Authz: []*corepb.Authorization{authzPB},
 	})
@ -2268,8 +2266,7 @@ func TestNewOrderReuseInvalidAuthz(t *testing.T) {
 	test.AssertNotError(t, err, "FinalizeAuthorization2 failed")
 	// The order associated with the authz should now be invalid
-	useV2 := true
+	updatedOrder, err := ra.SA.GetOrder(ctx, &sapb.OrderRequest{Id: order.Id})
 	updatedOrder, err := ra.SA.GetOrder(ctx, &sapb.OrderRequest{Id: order.Id, UseV2Authorizations: &useV2})
 	test.AssertNotError(t, err, "Error getting order to check status")
 	test.AssertEquals(t, *updatedOrder.Status, "invalid")
@ -2999,10 +2996,9 @@ func TestFinalizeOrder(t *testing.T) {
 				// Otherwise we expect an issuance and no error
 				test.AssertNotError(t, result, fmt.Sprintf("FinalizeOrder result was %#v, expected nil", result))
 				// Check that the order now has a serial for the issued certificate
 				useV2 := true
 				updatedOrder, err := sa.GetOrder(
 					context.Background(),
-					&sapb.OrderRequest{Id: tc.OrderReq.Order.Id, UseV2Authorizations: &useV2})
+					&sapb.OrderRequest{Id: tc.OrderReq.Order.Id})
 				test.AssertNotError(t, err, "Error getting order to check serial")
 				test.AssertNotEquals(t, *updatedOrder.CertificateSerial, "")
 				test.AssertEquals(t, *updatedOrder.Status, "valid")
--- a/sa/proto/sa.pb.go
+++ b/sa/proto/sa.pb.go
@ -1838,122 +1838,115 @@ func init() {
 func init() { proto.RegisterFile("sa/proto/sa.proto", fileDescriptor_099fb35e782a48a6) }
 var fileDescriptor_099fb35e782a48a6 = []byte{
-	// 1835 bytes of a gzipped FileDescriptorProto
+	// 1717 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x59, 0x5f, 0x73, 0xdb, 0xc6,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xdd, 0x6e, 0xdb, 0xc8,
-	0x11, 0xe7, 0x1f, 0x53, 0x26, 0x57, 0xb2, 0xfe, 0x9c, 0x25, 0x1a, 0x81, 0x65, 0x9b, 0xbe, 0x3a,
+	0x15, 0xd6, 0x8f, 0x65, 0x4b, 0xc7, 0x7f, 0xd2, 0xc4, 0x56, 0xb9, 0x8a, 0x9d, 0xc8, 0xb3, 0xd9,
-	0x1e, 0x65, 0x3a, 0xa3, 0xb8, 0x68, 0x26, 0xe9, 0x8c, 0x1a, 0xa7, 0x72, 0x24, 0xcb, 0x4a, 0x1d,
+	0xc0, 0x8b, 0x02, 0x5e, 0x97, 0x5d, 0xec, 0x16, 0x70, 0x9b, 0xc4, 0x8e, 0x1c, 0xc7, 0x69, 0x62,
-	0x99, 0x01, 0x63, 0xa5, 0xd3, 0xf6, 0x05, 0x21, 0x2e, 0x32, 0x6a, 0x0a, 0x60, 0xee, 0x8e, 0x52,
+	0x2b, 0x54, 0xe3, 0x16, 0x45, 0x6f, 0x18, 0x71, 0xa2, 0xb0, 0x91, 0x49, 0x65, 0x66, 0x64, 0x47,
-	0xa4, 0xe7, 0xce, 0xb4, 0x9f, 0xa0, 0xd3, 0xc7, 0x7e, 0x86, 0x3e, 0xf6, 0x4b, 0xf4, 0x2b, 0x75,
+	0xbe, 0x2e, 0xd0, 0x3e, 0x41, 0xd1, 0xcb, 0x3e, 0x47, 0x5f, 0xa2, 0xcf, 0xd2, 0x37, 0x28, 0xe6,
-	0x6e, 0xef, 0x00, 0x02, 0xe0, 0x81, 0xf2, 0x9f, 0x4e, 0xde, 0xb0, 0x7b, 0xbb, 0x7b, 0x7b, 0x77,
+	0x70, 0x48, 0x91, 0x14, 0x29, 0xd7, 0x68, 0xd1, 0xbb, 0x39, 0x67, 0xce, 0xdf, 0xcc, 0x9c, 0x9f,
-	0xfb, 0xe7, 0xb7, 0x24, 0xac, 0x89, 0xe0, 0xe3, 0x31, 0x4f, 0x64, 0xf2, 0xb1, 0x08, 0xb6, 0xf1,
+	0x8f, 0x84, 0x86, 0xb0, 0xbf, 0x1b, 0x71, 0x5f, 0xfa, 0xdf, 0x09, 0x7b, 0x0f, 0x17, 0xa4, 0x24,
-	0x83, 0x34, 0x44, 0xe0, 0x6e, 0x0c, 0x13, 0xce, 0xcc, 0x82, 0xfa, 0xd4, 0x4b, 0xb4, 0x07, 0xcb,
+	0xec, 0xd6, 0x66, 0xdf, 0xe7, 0x4c, 0x6f, 0xa8, 0x65, 0xb0, 0x45, 0xdb, 0xb0, 0x66, 0xb1, 0x81,
-	0x3e, 0x3b, 0x89, 0x84, 0xe4, 0x81, 0x8c, 0x92, 0xf8, 0x70, 0x8f, 0x2c, 0x43, 0x23, 0x0a, 0x9d,
+	0x2b, 0x24, 0xb7, 0xa5, 0xeb, 0x7b, 0xa7, 0x1d, 0xb2, 0x06, 0x25, 0xd7, 0x31, 0x8a, 0xed, 0xe2,
-	0x7a, 0xaf, 0xbe, 0xd5, 0xf4, 0x1b, 0x51, 0x48, 0xef, 0x02, 0x7c, 0x35, 0x78, 0x71, 0xf4, 0x1d,
+	0x6e, 0xd9, 0x2a, 0xb9, 0x0e, 0x7d, 0x00, 0xf0, 0xaa, 0x77, 0x7e, 0xf6, 0x5b, 0xf6, 0xfe, 0xd7,
-	0xfb, 0xfe, 0xf7, 0xec, 0x82, 0xac, 0x42, 0xf3, 0x2f, 0xe7, 0xaf, 0x71, 0x79, 0xc9, 0x57, 0x9f,
+	0x6c, 0x42, 0xea, 0x50, 0xfe, 0xe3, 0xf5, 0x27, 0xdc, 0x5e, 0xb1, 0xd4, 0x92, 0xee, 0xc0, 0xfa,
-	0xf4, 0x3e, 0xac, 0xec, 0x4e, 0xe4, 0xab, 0x84, 0x47, 0x97, 0xb3, 0x26, 0x3a, 0x68, 0xe2, 0x3f,
+	0xe1, 0x58, 0x7e, 0xf4, 0xb9, 0x7b, 0x33, 0x6b, 0xa2, 0x86, 0x26, 0xfe, 0x51, 0x84, 0x07, 0x27,
-	0x75, 0xb8, 0x7b, 0xc0, 0x64, 0x9f, 0xc5, 0x61, 0x14, 0x9f, 0x14, 0xa4, 0x7d, 0xf6, 0xe3, 0x84,
+	0x4c, 0x76, 0x99, 0xe7, 0xb8, 0xde, 0x20, 0x21, 0x6d, 0xb1, 0xcf, 0x63, 0x26, 0x24, 0x79, 0x0c,
-	0x09, 0x49, 0x1e, 0xc2, 0x32, 0x2f, 0xf8, 0x61, 0x3c, 0x28, 0x71, 0x95, 0x5c, 0x14, 0xb2, 0x58,
+	0x6b, 0x3c, 0x11, 0x87, 0x8e, 0x20, 0xc5, 0x55, 0x72, 0xae, 0xc3, 0x3c, 0xe9, 0x7e, 0x70, 0x19,
-	0x46, 0x3f, 0x44, 0x8c, 0x7f, 0x7b, 0x31, 0x66, 0x4e, 0x03, 0xb7, 0x29, 0x71, 0xc9, 0x16, 0xac,
+	0xff, 0xcd, 0x64, 0xc4, 0x8c, 0x12, 0xba, 0x49, 0x71, 0xc9, 0x2e, 0xac, 0x4f, 0x39, 0x17, 0xf6,
-	0x4c, 0x39, 0xc7, 0xc1, 0x68, 0xc2, 0x9c, 0x26, 0x0a, 0x96, 0xd9, 0xe4, 0x2e, 0xc0, 0x59, 0x30,
+	0x70, 0xcc, 0x8c, 0x32, 0x0a, 0xa6, 0xd9, 0xe4, 0x01, 0xc0, 0x95, 0x3d, 0x74, 0x9d, 0x77, 0x9e,
-	0x8a, 0xc2, 0x97, 0xb1, 0x8c, 0x46, 0xce, 0x35, 0xdc, 0x35, 0xc7, 0xa1, 0x02, 0xee, 0x1c, 0x30,
+	0x74, 0x87, 0xc6, 0x02, 0x7a, 0x8d, 0x71, 0xa8, 0x80, 0xed, 0x13, 0x26, 0x2f, 0x14, 0x23, 0x11,
-	0x79, 0xac, 0x18, 0x05, 0xcf, 0xc5, 0xdb, 0xba, 0xee, 0xc0, 0xf5, 0x30, 0x39, 0x0d, 0xa2, 0x58,
+	0xb9, 0xb8, 0x6b, 0xe8, 0x06, 0x2c, 0x39, 0xfe, 0xa5, 0xed, 0x7a, 0xc2, 0x28, 0xb5, 0xcb, 0xbb,
-	0x38, 0x8d, 0x5e, 0x73, 0xab, 0xe3, 0xa7, 0xa4, 0xba, 0xd4, 0x38, 0x39, 0x47, 0x07, 0x9b, 0xbe,
+	0x35, 0x2b, 0x24, 0xd5, 0xa5, 0x7a, 0xfe, 0x35, 0x06, 0x58, 0xb6, 0xd4, 0x92, 0xfe, 0xbd, 0x08,
-	0xfa, 0xa4, 0xff, 0xaa, 0xc3, 0x4d, 0xcb, 0x96, 0xe4, 0x37, 0xd0, 0x42, 0xd7, 0x9c, 0x7a, 0xaf,
+	0xf7, 0x32, 0x5c, 0x92, 0x5f, 0x40, 0x05, 0x43, 0x33, 0x8a, 0xed, 0xf2, 0xee, 0xb2, 0x49, 0xf7,
-	0xb9, 0xb5, 0xe8, 0xd1, 0x6d, 0x11, 0x6c, 0x5b, 0xe4, 0xb6, 0xbf, 0x0e, 0xc6, 0xfb, 0x23, 0x76,
+	0x84, 0xbd, 0x97, 0x21, 0xb7, 0xf7, 0xc6, 0x1e, 0x1d, 0x0f, 0xd9, 0x25, 0xf3, 0xa4, 0x15, 0x28,
-	0xca, 0x62, 0xe9, 0x6b, 0x05, 0xf7, 0x05, 0xc0, 0x94, 0x49, 0xba, 0xb0, 0xa0, 0x37, 0x37, 0xaf,
+	0xb4, 0xce, 0x01, 0xa6, 0x4c, 0xd2, 0x84, 0xc5, 0xc0, 0xb9, 0x7e, 0x25, 0x4d, 0x91, 0x6f, 0xa1,
-	0x64, 0x28, 0xf2, 0x11, 0xb4, 0x82, 0x89, 0x7c, 0x75, 0x89, 0xb7, 0xba, 0xe8, 0xdd, 0xdc, 0xc6,
+	0x62, 0x8f, 0xe5, 0xc7, 0x1b, 0xbc, 0xd5, 0x65, 0xf3, 0xde, 0x1e, 0xa6, 0x4a, 0xf2, 0xc5, 0x02,
-	0x50, 0x29, 0xbe, 0x98, 0x96, 0xa0, 0xff, 0x6d, 0xc0, 0xda, 0x97, 0x8c, 0xab, 0xab, 0x1c, 0x06,
+	0x09, 0xfa, 0xcf, 0x12, 0x34, 0x9e, 0x33, 0xae, 0xae, 0xb2, 0x6f, 0x4b, 0xd6, 0x93, 0xb6, 0x1c,
-	0x92, 0x0d, 0x64, 0x20, 0x27, 0x42, 0x19, 0x16, 0x8c, 0x47, 0xc1, 0x28, 0x35, 0xac, 0x29, 0xe4,
+	0x0b, 0x65, 0x58, 0x30, 0xee, 0xda, 0xc3, 0xd0, 0x70, 0x40, 0x21, 0x1f, 0x25, 0xf4, 0x33, 0x68,
-	0xa3, 0x84, 0x79, 0x06, 0x43, 0xa9, 0x77, 0x4a, 0x86, 0x62, 0xfc, 0x3c, 0x10, 0xf2, 0xe5, 0x38,
+	0x4a, 0xbd, 0x93, 0xdf, 0x17, 0xa3, 0xd7, 0xb6, 0x90, 0xef, 0x46, 0x8e, 0x2d, 0x99, 0xa3, 0x9f,
-	0x0c, 0x24, 0x0b, 0xcd, 0x13, 0x94, 0xd9, 0xa4, 0x07, 0x8b, 0x9c, 0x9d, 0x25, 0xaf, 0x59, 0xb8,
+	0x20, 0xcd, 0x26, 0x6d, 0x58, 0xe6, 0xec, 0xca, 0xff, 0xc4, 0x9c, 0x8e, 0x2d, 0x99, 0x51, 0x41,
-	0x17, 0x48, 0xe6, 0xb4, 0x50, 0x2a, 0xcf, 0x22, 0x0f, 0xe0, 0x86, 0x21, 0x7d, 0x16, 0x88, 0x24,
+	0xa9, 0x38, 0x8b, 0x3c, 0x82, 0x55, 0x4d, 0x5a, 0xcc, 0x16, 0xbe, 0x67, 0x2c, 0xa2, 0x4c, 0x92,
-	0x76, 0x16, 0x50, 0xa6, 0xc8, 0x24, 0x9f, 0xc0, 0xc6, 0x28, 0x10, 0x72, 0xff, 0xa7, 0x71, 0xa4,
+	0x49, 0xbe, 0x87, 0xcd, 0xa1, 0x2d, 0xe4, 0xf1, 0x97, 0x91, 0x1b, 0x3c, 0xcd, 0x99, 0x3d, 0xe8,
-	0x9f, 0xe6, 0x28, 0x38, 0x19, 0xb0, 0x58, 0x3a, 0xd7, 0x51, 0xda, 0xbe, 0x48, 0x28, 0x2c, 0x29,
+	0x31, 0x4f, 0x1a, 0x4b, 0x28, 0x9d, 0xbd, 0x49, 0x28, 0xac, 0xa8, 0x80, 0x2c, 0x26, 0x46, 0xbe,
-	0x87, 0x7c, 0x26, 0xc6, 0x49, 0x2c, 0x98, 0xd3, 0xc6, 0x04, 0x28, 0xf0, 0x88, 0x0b, 0xed, 0x38,
+	0x27, 0x98, 0x51, 0xc5, 0x02, 0x48, 0xf0, 0x48, 0x0b, 0xaa, 0x9e, 0x2f, 0x0f, 0x3f, 0x48, 0xc6,
-	0x91, 0xbb, 0x3f, 0x48, 0xc6, 0x9d, 0x0e, 0x1a, 0xcb, 0x68, 0xb2, 0x09, 0x9d, 0x48, 0xa0, 0x59,
+	0x8d, 0x1a, 0x1a, 0x8b, 0x68, 0xb2, 0x05, 0x35, 0x57, 0xa0, 0x59, 0xe6, 0x18, 0xd0, 0x2e, 0xee,
-	0x16, 0x3a, 0xd0, 0xab, 0x6f, 0xb5, 0xfd, 0x29, 0xe3, 0xab, 0x6b, 0xed, 0xc6, 0x6a, 0x93, 0xf6,
+	0x56, 0xad, 0x29, 0xe3, 0xd5, 0x42, 0xb5, 0x54, 0x2f, 0xd3, 0x36, 0x2c, 0xf6, 0xa6, 0xb7, 0x95,
-	0x60, 0x61, 0x30, 0xbd, 0x2d, 0xcb, 0x2d, 0xd2, 0x1d, 0x68, 0xf9, 0x41, 0x7c, 0x82, 0x5b, 0xb1,
+	0x71, 0x8b, 0xf4, 0x00, 0x2a, 0x96, 0xed, 0x0d, 0xd0, 0x15, 0xb3, 0xf9, 0xd0, 0x65, 0x42, 0xea,
-	0x80, 0x8f, 0x22, 0x26, 0xa4, 0x89, 0xb6, 0x8c, 0x56, 0xca, 0xa3, 0x40, 0xaa, 0x95, 0x06, 0xae,
+	0x6c, 0x8b, 0x68, 0xa5, 0x3c, 0xb4, 0xa5, 0xda, 0x29, 0xe1, 0x8e, 0xa6, 0xe8, 0x36, 0x54, 0x9e,
-	0x18, 0x8a, 0xde, 0x81, 0xd6, 0x97, 0xc9, 0x24, 0x96, 0x64, 0x1d, 0x5a, 0x43, 0xf5, 0x61, 0x34,
+	0xfb, 0x63, 0x4f, 0x92, 0x0d, 0xa8, 0xf4, 0xd5, 0x42, 0x6b, 0x06, 0x04, 0xfd, 0x1d, 0x3c, 0xc4,
-	0x35, 0x41, 0xff, 0x00, 0xf7, 0x70, 0x39, 0xf7, 0xa6, 0xe2, 0xc9, 0xc5, 0x51, 0x70, 0xca, 0xb2,
+	0xed, 0xd8, 0x9b, 0x8a, 0xa3, 0xc9, 0x99, 0x7d, 0xc9, 0xa2, 0x4c, 0x7f, 0x08, 0x15, 0xae, 0xdc,
-	0x48, 0xbf, 0x07, 0x2d, 0xae, 0xb6, 0x47, 0xc5, 0x45, 0xaf, 0xa3, 0xa2, 0x0f, 0xfd, 0xf1, 0x35,
+	0xa3, 0xe2, 0xb2, 0x59, 0x53, 0xd9, 0x87, 0xf1, 0x58, 0x01, 0x5f, 0x59, 0xf6, 0x94, 0x82, 0x4e,
-	0x5f, 0x59, 0x8e, 0x95, 0x82, 0x09, 0x70, 0x4d, 0xd0, 0xbf, 0xd5, 0x61, 0x09, 0x4d, 0x1b, 0x73,
+	0xf0, 0x80, 0xa0, 0x7f, 0x2e, 0xc2, 0x0a, 0x9a, 0xd6, 0xe6, 0xc8, 0x53, 0x58, 0xe9, 0xc7, 0x68,
-	0xe4, 0x0b, 0x58, 0x1a, 0xe6, 0x68, 0x13, 0xcc, 0xb7, 0x95, 0xb9, 0xbc, 0x5c, 0x3e, 0x8a, 0x0b,
+	0x9d, 0xcc, 0xf7, 0x95, 0xb9, 0xb8, 0x5c, 0x3c, 0x8b, 0x13, 0x0a, 0xad, 0x1f, 0x12, 0xc9, 0x4c,
-	0x0a, 0xee, 0xa7, 0x85, 0x60, 0x26, 0x70, 0x4d, 0x6d, 0x64, 0xee, 0x0a, 0xbf, 0xa7, 0x67, 0x6c,
+	0x60, 0x41, 0x39, 0xd2, 0x77, 0x85, 0xeb, 0xe9, 0x19, 0x4b, 0xf1, 0x33, 0x76, 0x61, 0x1b, 0x1d,
-	0xe4, 0xcf, 0xd8, 0x87, 0x3b, 0xb8, 0x41, 0xbe, 0xe4, 0x89, 0x27, 0x17, 0x87, 0xfd, 0xf4, 0x84,
+	0xc4, 0x5b, 0x9e, 0x38, 0x9a, 0x9c, 0x76, 0xc3, 0x13, 0xaa, 0xce, 0x35, 0xd2, 0xdd, 0xad, 0xe4,
-	0xaa, 0x72, 0x8d, 0x4d, 0x75, 0x6b, 0x44, 0xe3, 0xe9, 0x89, 0x1b, 0xf6, 0x13, 0xd3, 0xbf, 0xd7,
+	0x8e, 0xa6, 0x27, 0x2e, 0x65, 0x9f, 0x98, 0xfe, 0xa5, 0x08, 0x3b, 0x68, 0xf2, 0xd4, 0xbb, 0xfa,
-	0xe1, 0x3e, 0x9a, 0x3c, 0x8c, 0xcf, 0xde, 0xbf, 0x44, 0xb8, 0xd0, 0x7e, 0x95, 0x08, 0x89, 0xa7,
+	0xef, 0x5b, 0x44, 0x0b, 0xaa, 0x1f, 0x7d, 0x21, 0xf1, 0x34, 0x41, 0x5f, 0x8b, 0xe8, 0x69, 0x28,
-	0xd1, 0x75, 0x2d, 0xa3, 0xa7, 0xae, 0x34, 0x2b, 0x5c, 0x19, 0x00, 0x41, 0x4f, 0x5e, 0xf0, 0x90,
+	0xe5, 0x9c, 0x50, 0x7a, 0x40, 0x30, 0x92, 0x73, 0xee, 0x30, 0x1e, 0xb9, 0xde, 0x82, 0x9a, 0xdd,
-	0xf1, 0x6c, 0xeb, 0x4d, 0xe8, 0x04, 0x43, 0x3c, 0x7d, 0xb6, 0xeb, 0x94, 0x71, 0xf5, 0xf9, 0x9e,
+	0xc7, 0xd3, 0x47, 0x5e, 0xa7, 0x8c, 0xdb, 0xcf, 0xf7, 0x12, 0x36, 0xd0, 0xe8, 0x8b, 0xb7, 0x9d,
-	0xc1, 0x3a, 0x1a, 0x7d, 0xfa, 0xcd, 0xde, 0xd1, 0x80, 0xc9, 0xcc, 0x6c, 0x17, 0x16, 0xce, 0xa3,
+	0xb3, 0x1e, 0x93, 0x91, 0xd9, 0x26, 0x2c, 0x5e, 0xbb, 0x9e, 0xe3, 0x5f, 0x6b, 0x9b, 0x9a, 0xca,
-	0x38, 0x4c, 0xce, 0x8d, 0x4d, 0x43, 0x55, 0x17, 0x39, 0xfa, 0x08, 0xd6, 0x8d, 0x91, 0xfd, 0x9f,
+	0x6f, 0x72, 0x74, 0x1f, 0x36, 0xb4, 0x91, 0xe3, 0x2f, 0xae, 0x98, 0x5a, 0x8a, 0x69, 0x14, 0x93,
-	0x22, 0x31, 0xb5, 0x94, 0xd3, 0xa8, 0x17, 0x35, 0xfa, 0xd0, 0xeb, 0x73, 0x76, 0x16, 0x25, 0x13,
+	0x1a, 0x5d, 0x68, 0x77, 0x39, 0xbb, 0x72, 0xfd, 0xb1, 0x88, 0x25, 0x65, 0x52, 0x3b, 0xaf, 0x91,
-	0x91, 0x0b, 0xca, 0xa2, 0x76, 0x55, 0x21, 0x5b, 0x87, 0x16, 0x67, 0x27, 0x87, 0x7b, 0xe9, 0xfb,
+	0x6d, 0x40, 0x85, 0xb3, 0xc1, 0x69, 0x27, 0x7c, 0x7f, 0x24, 0x54, 0x85, 0x05, 0xea, 0x4a, 0x8f,
-	0x23, 0xa1, 0x32, 0x4c, 0xab, 0x2b, 0x3d, 0x86, 0x5f, 0xa8, 0xd7, 0xf6, 0x0d, 0x45, 0x25, 0xac,
+	0xe1, 0x0a, 0xf5, 0xaa, 0x96, 0xa6, 0xa8, 0x84, 0xfa, 0xa1, 0xe3, 0x04, 0x65, 0x18, 0xfa, 0x88,
-	0xee, 0x86, 0xa1, 0x4e, 0xc3, 0x74, 0x8f, 0xcc, 0x56, 0x3d, 0x67, 0x2b, 0x97, 0xa3, 0x8d, 0x42,
+	0x6c, 0x15, 0x63, 0xb6, 0x62, 0x35, 0x5a, 0x4a, 0x74, 0x3a, 0x03, 0x96, 0xfa, 0x9c, 0x61, 0x27,
-	0xa5, 0x73, 0xe0, 0xfa, 0x90, 0x33, 0xac, 0x64, 0xba, 0xa0, 0xa7, 0xa4, 0x5a, 0x61, 0x98, 0xf0,
+	0x0b, 0x1a, 0x7a, 0x48, 0xaa, 0x1d, 0x86, 0x05, 0x2f, 0x74, 0x8f, 0x0b, 0x49, 0xfa, 0x09, 0x36,
-	0xc2, 0xd4, 0xb8, 0x94, 0xa4, 0xaf, 0x61, 0x63, 0x37, 0x0c, 0x73, 0x87, 0x4c, 0xb7, 0x5e, 0x85,
+	0x0f, 0x1d, 0x27, 0x76, 0xc8, 0xd0, 0x75, 0x1d, 0xca, 0x0e, 0xe3, 0xe1, 0xb8, 0x75, 0x18, 0xcf,
-	0x66, 0xc8, 0x78, 0xda, 0x6e, 0x43, 0xc6, 0xed, 0x07, 0x53, 0x29, 0xa0, 0x4a, 0x11, 0xee, 0xb8,
+	0x3e, 0x98, 0x2a, 0x01, 0xd5, 0x8a, 0xd0, 0xe3, 0x8a, 0x85, 0x6b, 0x15, 0xa0, 0x2b, 0xc4, 0x38,
-	0xe4, 0xe3, 0xb7, 0x72, 0x30, 0x12, 0x62, 0x92, 0x55, 0x54, 0x43, 0xd1, 0x47, 0xd0, 0x2d, 0x6f,
+	0xea, 0xa8, 0x9a, 0xa2, 0xfb, 0xd0, 0x4c, 0x3b, 0xd3, 0x0d, 0x4c, 0x5d, 0xa6, 0x3b, 0x08, 0x7b,
-	0x66, 0x0a, 0x98, 0xba, 0xcc, 0xe8, 0x24, 0xad, 0x29, 0xea, 0x32, 0x91, 0xa2, 0x7d, 0x58, 0xc2,
+	0x8a, 0xba, 0x4c, 0xa4, 0x68, 0x17, 0x56, 0x30, 0xa9, 0xe2, 0x55, 0x12, 0x83, 0x08, 0x64, 0x1f,
-	0xa0, 0xca, 0x67, 0x49, 0x0e, 0x22, 0x90, 0x47, 0x70, 0x73, 0x22, 0xd8, 0xb1, 0x57, 0x0c, 0x7e,
+	0xee, 0x8d, 0x05, 0xbb, 0x30, 0x93, 0xc9, 0x8f, 0x11, 0x56, 0xad, 0xac, 0x2d, 0xfa, 0x1a, 0x68,
-	0xf4, 0xb0, 0xed, 0xdb, 0x96, 0xe8, 0x73, 0xa0, 0x69, 0x53, 0x45, 0xcb, 0xf6, 0xb4, 0x29, 0xef,
+	0x38, 0x54, 0xd1, 0x72, 0x76, 0xd9, 0xa4, 0xfd, 0x34, 0x61, 0xd1, 0xee, 0xf7, 0x65, 0x74, 0x78,
-	0xd3, 0x85, 0x85, 0x60, 0x38, 0x94, 0xd9, 0xe1, 0x0d, 0x45, 0x2f, 0xe0, 0xd6, 0x01, 0xd3, 0x71,
+	0x4d, 0xd1, 0x09, 0xfc, 0xe4, 0x84, 0x05, 0x79, 0xff, 0xc2, 0xe7, 0x89, 0x96, 0x35, 0x55, 0x29,
-	0xff, 0x34, 0xe1, 0x85, 0x92, 0x35, 0x55, 0xa9, 0xe7, 0x55, 0xec, 0x95, 0xaa, 0xea, 0x20, 0xcd,
+	0xc6, 0x55, 0xb2, 0x3b, 0x55, 0xde, 0x41, 0xca, 0xf9, 0x07, 0xf9, 0x5b, 0x11, 0x8c, 0x13, 0x26,
-	0xea, 0x83, 0xfc, 0xb3, 0x0e, 0xce, 0x01, 0x93, 0x3f, 0x1b, 0x32, 0x50, 0x0d, 0x93, 0xb3, 0x1f,
+	0xff, 0x6f, 0xc8, 0x40, 0x0d, 0x4c, 0xce, 0x3e, 0x8f, 0x5d, 0xae, 0x63, 0xb9, 0x09, 0x92, 0xa9,
-	0x27, 0x11, 0x37, 0xbe, 0x5c, 0xea, 0x60, 0x6a, 0xfb, 0x65, 0x36, 0xfd, 0x47, 0x1d, 0x96, 0x4b,
+	0x6a, 0xa5, 0xd9, 0xf4, 0xaf, 0x45, 0x58, 0x4b, 0xc1, 0x87, 0x9f, 0x87, 0xe3, 0x3d, 0xe8, 0xb8,
-	0xf0, 0xe1, 0xd7, 0x69, 0x7b, 0xd7, 0x15, 0xf7, 0x8e, 0x4a, 0xf7, 0x39, 0xc8, 0x01, 0x65, 0xff,
+	0xdb, 0xaa, 0xdc, 0xe7, 0x20, 0x07, 0x94, 0xfd, 0xdf, 0x23, 0x87, 0xd7, 0xf0, 0xf0, 0xd0, 0x71,
-	0xff, 0xc8, 0xe1, 0x39, 0xdc, 0xdb, 0x0d, 0x43, 0x1b, 0x1a, 0xcc, 0x6e, 0xee, 0xa3, 0xa2, 0xa3,
+	0xb2, 0xd0, 0x60, 0x74, 0x73, 0xdf, 0x26, 0x03, 0x9d, 0x67, 0xed, 0x11, 0xd4, 0x53, 0xf8, 0x13,
-	0xf3, 0xac, 0x3d, 0x80, 0xd5, 0x12, 0xfe, 0xc4, 0x6b, 0x8b, 0xc2, 0xb4, 0x9e, 0xa8, 0x4f, 0x4a,
+	0xaf, 0xcd, 0x75, 0xc2, 0x7e, 0xa2, 0x96, 0x94, 0xce, 0x48, 0x99, 0x33, 0x48, 0xf7, 0x1b, 0x68,
-	0x67, 0xa4, 0xbc, 0x19, 0xa4, 0xfb, 0x21, 0xac, 0x15, 0x64, 0xbc, 0x92, 0xa9, 0xa6, 0x36, 0x75,
+	0x24, 0x64, 0xcc, 0x94, 0xa9, 0x72, 0x60, 0xea, 0x06, 0x0c, 0x0b, 0x11, 0x45, 0x46, 0xbd, 0xce,
-	0x09, 0x8e, 0x8f, 0x88, 0xc2, 0x92, 0xaf, 0x73, 0xe0, 0x0f, 0xd7, 0x98, 0xc4, 0x44, 0xae, 0xa6,
+	0x81, 0x3f, 0x3c, 0xc0, 0x24, 0x3a, 0x73, 0x03, 0x4a, 0xd5, 0xad, 0x42, 0x37, 0xfa, 0x81, 0x71,
-	0x54, 0xde, 0x2a, 0x74, 0x63, 0x1e, 0x18, 0xbf, 0x55, 0x13, 0xe0, 0x29, 0xcc, 0xb8, 0x86, 0xf9,
+	0xad, 0x86, 0x00, 0x0f, 0x61, 0xc6, 0x02, 0xd6, 0x73, 0x44, 0xd3, 0x3f, 0x95, 0x60, 0xeb, 0x85,
-	0x9c, 0xd1, 0xf4, 0xaf, 0x0d, 0xd8, 0x7c, 0x1a, 0xc5, 0xc1, 0x28, 0xba, 0x64, 0x56, 0x1c, 0x6d,
+	0xeb, 0xd9, 0x43, 0xf7, 0x86, 0x65, 0xe2, 0xe8, 0x8c, 0x92, 0xd1, 0xb8, 0xab, 0x94, 0xc0, 0x5d,
-	0x49, 0x19, 0x83, 0xbb, 0x1a, 0x05, 0xdc, 0x95, 0xab, 0x45, 0xcd, 0x42, 0x2d, 0xc2, 0x86, 0x21,
+	0xb1, 0x5e, 0x54, 0x4e, 0xf4, 0x22, 0x1c, 0x18, 0x52, 0xb2, 0xcb, 0x51, 0x88, 0xc5, 0x6a, 0xd6,
-	0x25, 0x3b, 0x1d, 0xa7, 0x58, 0xac, 0xe3, 0x4f, 0x19, 0x64, 0x0f, 0xd6, 0xb0, 0xcf, 0x99, 0x4d,
+	0x94, 0x41, 0x3a, 0xd0, 0xc0, 0x39, 0xa7, 0x9d, 0xf6, 0x7d, 0xee, 0x08, 0xa3, 0x82, 0x8f, 0xd4,
-	0x87, 0x09, 0x0f, 0x85, 0xd3, 0xc2, 0x47, 0xea, 0xea, 0x47, 0x3a, 0x2e, 0x2d, 0xfb, 0xb3, 0x0a,
+	0x0c, 0x1e, 0xe9, 0x22, 0xb5, 0x6d, 0xcd, 0x2a, 0x90, 0x27, 0xb0, 0x3e, 0x65, 0x1e, 0x73, 0xee,
-	0xe4, 0x31, 0xac, 0x4c, 0x99, 0xfb, 0x9c, 0x27, 0x1c, 0xb1, 0xda, 0xa2, 0xb7, 0xae, 0x6d, 0xf4,
+	0x73, 0xc4, 0x6a, 0xcb, 0xe6, 0x46, 0x60, 0xa3, 0xcb, 0xfd, 0xf7, 0x43, 0x76, 0xd9, 0x61, 0xd2,
-	0x79, 0xf2, 0xfd, 0x88, 0x9d, 0xee, 0x31, 0x19, 0x44, 0x23, 0xe1, 0x97, 0x85, 0xbd, 0x7f, 0x3b,
+	0x76, 0x87, 0xc2, 0x4a, 0x0b, 0x9b, 0xff, 0x6a, 0x40, 0xbd, 0x27, 0x7d, 0x6e, 0x0f, 0xc2, 0x5b,
-	0xb0, 0x3a, 0x90, 0x09, 0x0f, 0x4e, 0xd2, 0x5b, 0x90, 0x17, 0x64, 0x07, 0x56, 0x0e, 0x58, 0xa1,
+	0x90, 0x13, 0x72, 0x00, 0xeb, 0x27, 0x2c, 0x31, 0xda, 0x09, 0xc1, 0x79, 0x96, 0x28, 0xb6, 0x16,
-	0xb5, 0x13, 0x82, 0xfd, 0xac, 0x90, 0x6c, 0x2e, 0xd1, 0x5b, 0xe4, 0xb9, 0xb4, 0x46, 0x7e, 0x0b,
+	0x09, 0x5c, 0xc4, 0xb9, 0xb4, 0x40, 0x7e, 0x09, 0x1b, 0x29, 0xe5, 0xa3, 0x89, 0xfa, 0xde, 0x59,
-	0xeb, 0x25, 0xe5, 0x27, 0x17, 0x6a, 0xde, 0x59, 0x56, 0x16, 0xa6, 0xf3, 0x4f, 0x85, 0xf6, 0x63,
+	0x53, 0x16, 0xa6, 0xdf, 0x3f, 0x39, 0xda, 0x3f, 0x83, 0xb5, 0x13, 0x16, 0x47, 0x4e, 0x04, 0x94,
-	0x58, 0x2d, 0x17, 0x01, 0x72, 0x73, 0x26, 0xb9, 0x0e, 0xf7, 0x5c, 0x5b, 0x20, 0xd3, 0x1a, 0xf9,
+	0x5e, 0x30, 0x46, 0x5a, 0x8d, 0x40, 0x27, 0xb6, 0x4d, 0x0b, 0xe4, 0x7b, 0x68, 0xa8, 0x4f, 0x22,
-	0x16, 0x0b, 0x98, 0x2d, 0x23, 0x08, 0x42, 0xfc, 0xf9, 0xc3, 0x53, 0x95, 0xd5, 0x63, 0xe8, 0xda,
+	0xce, 0xfa, 0x77, 0xd1, 0x3a, 0xc0, 0x30, 0x67, 0x61, 0x77, 0x5c, 0x71, 0x13, 0x71, 0x54, 0x5a,
-	0x27, 0x17, 0x72, 0xdf, 0x18, 0xad, 0x9e, 0x6a, 0xdc, 0x5b, 0x15, 0xa3, 0x05, 0xad, 0x91, 0x5f,
+	0x84, 0x16, 0x48, 0x0f, 0x8c, 0x3c, 0x84, 0x47, 0xbe, 0x8e, 0xc0, 0x57, 0x3e, 0xfe, 0x6b, 0xd5,
-	0xc1, 0xf2, 0x01, 0xcb, 0xe3, 0x44, 0x02, 0x4a, 0x58, 0x37, 0x4d, 0x77, 0x4d, 0x3b, 0x93, 0x5b,
+	0xd3, 0x08, 0x8d, 0x16, 0xc8, 0x4b, 0x68, 0x66, 0x43, 0x2a, 0xb2, 0x13, 0x49, 0xe7, 0xc1, 0xad,
-	0xa6, 0x35, 0xf2, 0x09, 0xac, 0xa9, 0x33, 0x70, 0x36, 0x7c, 0x1b, 0xad, 0x1d, 0x7c, 0x94, 0xd9,
+	0x56, 0x2d, 0x12, 0xa1, 0x05, 0xf2, 0x06, 0xee, 0xe7, 0x48, 0x23, 0xb6, 0xbc, 0xab, 0x39, 0x13,
-	0x21, 0x23, 0xaf, 0xb8, 0x81, 0xa8, 0xb1, 0x2c, 0x42, 0x6b, 0x64, 0x00, 0x4e, 0x15, 0x9e, 0x25,
+	0x96, 0x63, 0x70, 0x88, 0x34, 0xa3, 0xbd, 0x04, 0x3e, 0x4a, 0xea, 0xfc, 0x00, 0xab, 0x09, 0xb4,
-	0xbf, 0xc8, 0xa0, 0x66, 0x35, 0xda, 0x75, 0x57, 0xcb, 0x78, 0x94, 0xd6, 0xc8, 0x33, 0xe8, 0xda,
+	0x43, 0x8c, 0x68, 0x37, 0x05, 0x80, 0x92, 0x7a, 0x3f, 0xc2, 0x6a, 0x02, 0xdb, 0x04, 0x7a, 0x59,
-	0x01, 0xa4, 0xbe, 0xd2, 0xb9, 0xe0, 0xd2, 0xed, 0x64, 0x22, 0xb4, 0x46, 0xbe, 0x86, 0xdb, 0x15,
+	0x70, 0xa7, 0x85, 0x2f, 0x15, 0xb0, 0x68, 0x81, 0x9c, 0xc3, 0x57, 0xb9, 0x10, 0x87, 0x3c, 0x52,
-	0xd2, 0x88, 0xa4, 0xdf, 0xd6, 0xdc, 0xe7, 0xe0, 0xe2, 0xa7, 0xb5, 0xaa, 0x5a, 0xf3, 0xa0, 0xa0,
+	0xa2, 0xb7, 0x21, 0xa0, 0x94, 0xc1, 0x67, 0x98, 0x56, 0xc9, 0x36, 0x46, 0x36, 0x66, 0xfa, 0xfc,
-	0xee, 0xc1, 0x62, 0x0e, 0x3b, 0x92, 0x6e, 0xb6, 0x56, 0x00, 0x93, 0x45, 0x9d, 0xbe, 0xd9, 0xd2,
+	0x69, 0xc7, 0x6c, 0x65, 0x35, 0x55, 0x7c, 0x50, 0x32, 0x33, 0xd0, 0x4c, 0xb2, 0xa5, 0x4c, 0xe4,
-	0x8a, 0x7c, 0xc9, 0x87, 0x99, 0xe8, 0x3c, 0x64, 0x5c, 0xb4, 0xf8, 0x29, 0xdc, 0x28, 0x80, 0x4d,
+	0x0d, 0xba, 0x16, 0x99, 0x1d, 0x24, 0xb4, 0x40, 0xde, 0xe1, 0x68, 0xcc, 0xea, 0xf3, 0x26, 0xa1,
-	0xe2, 0x64, 0xab, 0x25, 0xfc, 0x59, 0xd4, 0xfb, 0x0c, 0x6e, 0x14, 0xa0, 0xa5, 0xd6, 0xb3, 0xa1,
+	0xda, 0xde, 0x9c, 0x7f, 0x02, 0x79, 0x01, 0x3e, 0xd1, 0x79, 0x92, 0x39, 0x40, 0xcc, 0xcc, 0x9a,
-	0x4d, 0x17, 0x43, 0x47, 0xb3, 0x68, 0x8d, 0xbc, 0x80, 0x0f, 0x2a, 0x11, 0x26, 0x79, 0xa0, 0x44,
+	0x4f, 0x3c, 0xd6, 0x1f, 0x60, 0x6b, 0x0e, 0xf6, 0x30, 0xc9, 0x63, 0x1d, 0xda, 0x2d, 0xe8, 0x24,
-	0xaf, 0x02, 0xa0, 0x25, 0x83, 0xbf, 0xc3, 0x38, 0x2f, 0x76, 0x11, 0xb2, 0x6e, 0xa9, 0x04, 0x5e,
+	0xe7, 0xd0, 0x6f, 0x75, 0x74, 0x99, 0xdf, 0x03, 0x26, 0xf9, 0x26, 0x8a, 0x64, 0xde, 0x07, 0x43,
-	0x55, 0xd2, 0x3e, 0x03, 0x32, 0x83, 0x27, 0x3c, 0xb2, 0x69, 0x12, 0xd6, 0x7e, 0x89, 0x64, 0xb6,
+	0x32, 0x60, 0x0b, 0xe1, 0xcd, 0x45, 0x96, 0xb9, 0x9d, 0x78, 0xac, 0x77, 0x09, 0xf3, 0x00, 0xd6,
-	0x8f, 0xd3, 0x1a, 0x79, 0x89, 0xc8, 0xc4, 0x16, 0x10, 0xde, 0xfb, 0x54, 0x95, 0xc7, 0x26, 0x70,
+	0xcf, 0xd8, 0x75, 0xaa, 0x59, 0xce, 0xb4, 0xb6, 0x9c, 0x76, 0xf7, 0x23, 0x90, 0xe0, 0xab, 0xfc,
-	0xad, 0x91, 0xe6, 0x5d, 0x1d, 0x6a, 0x7f, 0x86, 0xcd, 0x39, 0xd0, 0xcf, 0x23, 0x0f, 0xf3, 0xb5,
+	0x56, 0xfd, 0xe5, 0x80, 0x77, 0x7c, 0x39, 0x92, 0x13, 0x5a, 0x20, 0xa7, 0xb0, 0x96, 0x84, 0x9e,
-	0xa9, 0x1a, 0x1c, 0x56, 0x1c, 0xfa, 0x1b, 0xe3, 0x9d, 0x35, 0xe8, 0xbc, 0x77, 0x8a, 0x4a, 0x1f,
+	0xe4, 0x2b, 0x8c, 0x2e, 0x0b, 0xfb, 0xb6, 0x5a, 0x59, 0x5b, 0x7a, 0x0e, 0x16, 0xc8, 0xaf, 0xa0,
-	0x8b, 0xf3, 0xb1, 0xcd, 0xdc, 0x1b, 0xd4, 0x51, 0xbb, 0x9b, 0x3b, 0xb0, 0x72, 0xc4, 0xce, 0x4b,
+	0xa1, 0x40, 0x44, 0xb2, 0x7f, 0xce, 0xb1, 0x96, 0x8a, 0x64, 0x1f, 0x6a, 0x11, 0xce, 0xd7, 0xf5,
-	0xbd, 0x6a, 0xa6, 0xb3, 0x54, 0x74, 0x9b, 0xcf, 0x80, 0xe8, 0x1f, 0x45, 0xae, 0xd4, 0x5f, 0xd4,
+	0x91, 0x82, 0xfd, 0x69, 0x8d, 0x03, 0x68, 0x76, 0x98, 0xdd, 0x97, 0xee, 0xd5, 0xec, 0xc1, 0x67,
-	0xbc, 0xfd, 0xd3, 0xb1, 0xbc, 0xa0, 0x35, 0xb2, 0x0f, 0xb7, 0x8e, 0xd8, 0xb9, 0xb5, 0xcd, 0xd8,
+	0x33, 0x2e, 0xa5, 0xfc, 0x18, 0xaa, 0x67, 0xec, 0x1a, 0x93, 0x89, 0xe8, 0x2d, 0x24, 0x5a, 0x71,
-	0x1e, 0xbb, 0x2a, 0x02, 0x76, 0x60, 0xc3, 0x8a, 0x41, 0xec, 0x46, 0x4a, 0x3e, 0x1c, 0xc2, 0x72,
+	0x02, 0xc3, 0x22, 0x3d, 0x8d, 0x64, 0xbb, 0xdc, 0xef, 0x33, 0x21, 0x5c, 0x6f, 0x90, 0xa9, 0x11,
-	0x71, 0xfa, 0x20, 0x1f, 0xe0, 0x0d, 0xd9, 0xc6, 0x1f, 0xd7, 0xb5, 0x2d, 0x19, 0x28, 0xa4, 0x6a,
+	0x5a, 0xfe, 0x29, 0xac, 0x86, 0x1a, 0x38, 0x1b, 0x6f, 0x13, 0x0e, 0xd1, 0x43, 0x7e, 0x2c, 0x53,
-	0xde, 0x9a, 0xc2, 0x91, 0xc5, 0xa6, 0x32, 0xc7, 0x5a, 0xc9, 0x93, 0x47, 0xd0, 0xc9, 0x46, 0x3d,
+	0xe1, 0x6a, 0x88, 0xaa, 0x09, 0x76, 0xfe, 0xf8, 0x37, 0x40, 0x3a, 0xf0, 0x27, 0x50, 0x4f, 0x43,
-	0x93, 0xa3, 0xa5, 0xc9, 0xaf, 0xac, 0xb1, 0x03, 0xdd, 0x3d, 0x16, 0x0c, 0x65, 0x74, 0x36, 0x7b,
+	0x70, 0x72, 0x5f, 0x27, 0x67, 0x16, 0x30, 0x4f, 0xeb, 0x3f, 0x83, 0xc6, 0x0c, 0xa8, 0x0a, 0x9a,
-	0xf9, 0xb3, 0x51, 0x5f, 0x52, 0xfe, 0x1c, 0x6e, 0x4d, 0x95, 0xdf, 0x00, 0x2a, 0x94, 0xd4, 0x1f,
+	0x4e, 0x1e, 0xd6, 0x4a, 0x87, 0x6b, 0x01, 0x39, 0x63, 0xd7, 0xe9, 0x02, 0xf9, 0x5a, 0x3f, 0xed,
-	0x42, 0xfb, 0x88, 0x9d, 0x63, 0x3e, 0x10, 0xb3, 0x84, 0x84, 0x9b, 0x27, 0xf0, 0x54, 0x64, 0x60,
+	0x3c, 0xb4, 0x19, 0x4c, 0xcc, 0x19, 0xe8, 0x87, 0xf9, 0xda, 0xcc, 0x44, 0x5b, 0x26, 0x69, 0x63,
-	0x66, 0xa1, 0x3e, 0x4f, 0x86, 0x4c, 0x88, 0x28, 0x3e, 0xb1, 0x6a, 0xa4, 0x96, 0x7f, 0x09, 0x37,
+	0x83, 0x9f, 0x83, 0xc4, 0xd2, 0xe1, 0x3d, 0x05, 0x63, 0x9a, 0x3e, 0xff, 0x51, 0x7f, 0x4e, 0x1a,
-	0x52, 0x0d, 0x44, 0x57, 0x57, 0x09, 0xa7, 0x6f, 0x5f, 0xed, 0xcb, 0x54, 0xb8, 0x9d, 0xce, 0x65,
+	0x38, 0x5a, 0xfa, 0x7d, 0x05, 0x7f, 0xd9, 0xfe, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x7e, 0xd6, 0x49,
-	0x04, 0xbb, 0x69, 0x7e, 0x8a, 0x2c, 0x3b, 0xfe, 0x27, 0xb8, 0x3d, 0x27, 0xeb, 0xdf, 0xb3, 0x2c,
+	0xb0, 0xe1, 0x15, 0x00, 0x00,
 	0x68, 0x80, 0x56, 0x98, 0x10, 0xc9, 0x6d, 0x63, 0xd1, 0x36, 0x37, 0x96, 0x9d, 0x3b, 0x98, 0xad,
 	0xeb, 0xe2, 0x9d, 0x8a, 0xf2, 0x77, 0xe0, 0x54, 0xcd, 0x3e, 0x1a, 0x95, 0x5c, 0x31, 0x19, 0xb9,
 	0xb6, 0x66, 0x62, 0x3a, 0xcf, 0xcc, 0x54, 0xa2, 0x3d, 0xac, 0x1a, 0x56, 0xca, 0xaf, 0xe5, 0x03,
 	0x39, 0x62, 0xe7, 0xe5, 0x12, 0xf7, 0x46, 0x4e, 0x6d, 0xcc, 0x38, 0xe5, 0x69, 0xaf, 0x0e, 0xa1,
 	0x6b, 0x2d, 0x15, 0x1e, 0xe9, 0x61, 0x8b, 0x9e, 0x33, 0xca, 0x94, 0xdd, 0xfb, 0x02, 0x9c, 0x8a,
 	0xfc, 0xa9, 0xea, 0xb0, 0x45, 0x03, 0x4f, 0xae, 0xff, 0xb1, 0x85, 0xff, 0x79, 0xfc, 0x2f, 0x00,
 	0x00, 0xff, 0xff, 0x50, 0xdd, 0x35, 0xd0, 0x22, 0x19, 0x00, 0x00,
 }
 // Reference imports to suppress errors if they are not otherwise used.
@ -1971,20 +1964,15 @@ type StorageAuthorityClient interface {
 	// Getters
 	GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto1.Registration, error)
 	GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto1.Registration, error)
 	GetAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Authorization, error)
 	GetPendingAuthorization(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto1.Authorization, error)
 	GetValidAuthorizations(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*ValidAuthorizations, error)
 	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto1.Certificate, error)
 	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto1.Certificate, error)
 	GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*CertificateStatus, error)
 	CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
 	CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
 	CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
 	CountPendingAuthorizations(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
 	CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
 	// Return a count of authorizations with status "invalid" that belong to
 	// a given registration ID and expire in the given time range.
 	CountInvalidAuthorizations(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
 	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
 	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
 	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
@ -1998,22 +1986,16 @@ type StorageAuthorityClient interface {
 	// Adders
 	NewRegistration(ctx context.Context, in *proto1.Registration, opts ...grpc.CallOption) (*proto1.Registration, error)
 	UpdateRegistration(ctx context.Context, in *proto1.Registration, opts ...grpc.CallOption) (*proto1.Empty, error)
 	NewPendingAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Authorization, error)
 	FinalizeAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Empty, error)
 	AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error)
 	AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
 	AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
 	DeactivateRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto1.Empty, error)
 	DeactivateAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Empty, error)
 	NewOrder(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Order, error)
 	SetOrderProcessing(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Empty, error)
 	SetOrderError(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Empty, error)
 	FinalizeOrder(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Empty, error)
 	GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto1.Order, error)
 	GetValidOrderAuthorizations(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
 	GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto1.Order, error)
 	GetAuthorizations(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
 	AddPendingAuthorizations(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*AuthorizationIDs, error)
 	RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
 	NewAuthorizations2(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*Authorization2IDs, error)
 	FinalizeAuthorization2(ctx context.Context, in *FinalizeAuthorizationRequest, opts ...grpc.CallOption) (*proto1.Empty, error)
@ -2046,33 +2028,6 @@ func (c *storageAuthorityClient) GetRegistrationByKey(ctx context.Context, in *J
 	return out, nil
 }
 func (c *storageAuthorityClient) GetAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Authorization, error) {
 	out := new(proto1.Authorization)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorization", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) GetPendingAuthorization(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto1.Authorization, error) {
 	out := new(proto1.Authorization)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetPendingAuthorization", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) GetValidAuthorizations(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*ValidAuthorizations, error) {
 	out := new(ValidAuthorizations)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidAuthorizations", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto1.Certificate, error) {
 	out := new(proto1.Certificate)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetCertificate", in, out, opts...)
@ -2127,15 +2082,6 @@ func (c *storageAuthorityClient) CountRegistrationsByIPRange(ctx context.Context
 	return out, nil
 }
 func (c *storageAuthorityClient) CountPendingAuthorizations(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) {
 	out := new(Count)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountPendingAuthorizations", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) {
 	out := new(Count)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountOrders", in, out, opts...)
@ -2145,15 +2091,6 @@ func (c *storageAuthorityClient) CountOrders(ctx context.Context, in *CountOrder
 	return out, nil
 }
 func (c *storageAuthorityClient) CountInvalidAuthorizations(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) {
 	out := new(Count)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountInvalidAuthorizations", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error) {
 	out := new(Count)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountFQDNSets", in, out, opts...)
@ -2262,24 +2199,6 @@ func (c *storageAuthorityClient) UpdateRegistration(ctx context.Context, in *pro
 	return out, nil
 }
 func (c *storageAuthorityClient) NewPendingAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Authorization, error) {
 	out := new(proto1.Authorization)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewPendingAuthorization", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) FinalizeAuthorization(ctx context.Context, in *proto1.Authorization, opts ...grpc.CallOption) (*proto1.Empty, error) {
 	out := new(proto1.Empty)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FinalizeAuthorization", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error) {
 	out := new(AddCertificateResponse)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddCertificate", in, out, opts...)
@ -2316,15 +2235,6 @@ func (c *storageAuthorityClient) DeactivateRegistration(ctx context.Context, in
 	return out, nil
 }
 func (c *storageAuthorityClient) DeactivateAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*proto1.Empty, error) {
 	out := new(proto1.Empty)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/DeactivateAuthorization", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) NewOrder(ctx context.Context, in *proto1.Order, opts ...grpc.CallOption) (*proto1.Order, error) {
 	out := new(proto1.Order)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewOrder", in, out, opts...)
@ -2370,15 +2280,6 @@ func (c *storageAuthorityClient) GetOrder(ctx context.Context, in *OrderRequest,
 	return out, nil
 }
 func (c *storageAuthorityClient) GetValidOrderAuthorizations(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
 	out := new(Authorizations)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidOrderAuthorizations", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto1.Order, error) {
 	out := new(proto1.Order)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetOrderForNames", in, out, opts...)
@ -2388,24 +2289,6 @@ func (c *storageAuthorityClient) GetOrderForNames(ctx context.Context, in *GetOr
 	return out, nil
 }
 func (c *storageAuthorityClient) GetAuthorizations(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
 	out := new(Authorizations)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorizations", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) AddPendingAuthorizations(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*AuthorizationIDs, error) {
 	out := new(AuthorizationIDs)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddPendingAuthorizations", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *storageAuthorityClient) RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*proto1.Empty, error) {
 	out := new(proto1.Empty)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/RevokeCertificate", in, out, opts...)
@ -2447,20 +2330,15 @@ type StorageAuthorityServer interface {
 	// Getters
 	GetRegistration(context.Context, *RegistrationID) (*proto1.Registration, error)
 	GetRegistrationByKey(context.Context, *JSONWebKey) (*proto1.Registration, error)
 	GetAuthorization(context.Context, *AuthorizationID) (*proto1.Authorization, error)
 	GetPendingAuthorization(context.Context, *GetPendingAuthorizationRequest) (*proto1.Authorization, error)
 	GetValidAuthorizations(context.Context, *GetValidAuthorizationsRequest) (*ValidAuthorizations, error)
 	GetCertificate(context.Context, *Serial) (*proto1.Certificate, error)
 	GetPrecertificate(context.Context, *Serial) (*proto1.Certificate, error)
 	GetCertificateStatus(context.Context, *Serial) (*CertificateStatus, error)
 	CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error)
 	CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
 	CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
 	CountPendingAuthorizations(context.Context, *RegistrationID) (*Count, error)
 	CountOrders(context.Context, *CountOrdersRequest) (*Count, error)
 	// Return a count of authorizations with status "invalid" that belong to
 	// a given registration ID and expire in the given time range.
 	CountInvalidAuthorizations(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error)
 	CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error)
 	FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error)
 	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
@ -2474,22 +2352,16 @@ type StorageAuthorityServer interface {
 	// Adders
 	NewRegistration(context.Context, *proto1.Registration) (*proto1.Registration, error)
 	UpdateRegistration(context.Context, *proto1.Registration) (*proto1.Empty, error)
 	NewPendingAuthorization(context.Context, *proto1.Authorization) (*proto1.Authorization, error)
 	FinalizeAuthorization(context.Context, *proto1.Authorization) (*proto1.Empty, error)
 	AddCertificate(context.Context, *AddCertificateRequest) (*AddCertificateResponse, error)
 	AddPrecertificate(context.Context, *AddCertificateRequest) (*proto1.Empty, error)
 	AddSerial(context.Context, *AddSerialRequest) (*proto1.Empty, error)
 	DeactivateRegistration(context.Context, *RegistrationID) (*proto1.Empty, error)
 	DeactivateAuthorization(context.Context, *AuthorizationID) (*proto1.Empty, error)
 	NewOrder(context.Context, *proto1.Order) (*proto1.Order, error)
 	SetOrderProcessing(context.Context, *proto1.Order) (*proto1.Empty, error)
 	SetOrderError(context.Context, *proto1.Order) (*proto1.Empty, error)
 	FinalizeOrder(context.Context, *proto1.Order) (*proto1.Empty, error)
 	GetOrder(context.Context, *OrderRequest) (*proto1.Order, error)
 	GetValidOrderAuthorizations(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
 	GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto1.Order, error)
 	GetAuthorizations(context.Context, *GetAuthorizationsRequest) (*Authorizations, error)
 	AddPendingAuthorizations(context.Context, *AddPendingAuthorizationsRequest) (*AuthorizationIDs, error)
 	RevokeCertificate(context.Context, *RevokeCertificateRequest) (*proto1.Empty, error)
 	NewAuthorizations2(context.Context, *AddPendingAuthorizationsRequest) (*Authorization2IDs, error)
 	FinalizeAuthorization2(context.Context, *FinalizeAuthorizationRequest) (*proto1.Empty, error)
@ -2506,15 +2378,6 @@ func (*UnimplementedStorageAuthorityServer) GetRegistration(ctx context.Context,
 func (*UnimplementedStorageAuthorityServer) GetRegistrationByKey(ctx context.Context, req *JSONWebKey) (*proto1.Registration, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetRegistrationByKey not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) GetAuthorization(ctx context.Context, req *AuthorizationID) (*proto1.Authorization, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorization not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) GetPendingAuthorization(ctx context.Context, req *GetPendingAuthorizationRequest) (*proto1.Authorization, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetPendingAuthorization not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) GetValidAuthorizations(ctx context.Context, req *GetValidAuthorizationsRequest) (*ValidAuthorizations, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetValidAuthorizations not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) GetCertificate(ctx context.Context, req *Serial) (*proto1.Certificate, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetCertificate not implemented")
 }
@ -2533,15 +2396,9 @@ func (*UnimplementedStorageAuthorityServer) CountRegistrationsByIP(ctx context.C
 func (*UnimplementedStorageAuthorityServer) CountRegistrationsByIPRange(ctx context.Context, req *CountRegistrationsByIPRequest) (*Count, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIPRange not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) CountPendingAuthorizations(ctx context.Context, req *RegistrationID) (*Count, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) CountOrders(ctx context.Context, req *CountOrdersRequest) (*Count, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) CountInvalidAuthorizations(ctx context.Context, req *CountInvalidAuthorizationsRequest) (*Count, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) CountFQDNSets(ctx context.Context, req *CountFQDNSetsRequest) (*Count, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method CountFQDNSets not implemented")
 }
@ -2578,12 +2435,6 @@ func (*UnimplementedStorageAuthorityServer) NewRegistration(ctx context.Context,
 func (*UnimplementedStorageAuthorityServer) UpdateRegistration(ctx context.Context, req *proto1.Registration) (*proto1.Empty, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistration not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) NewPendingAuthorization(ctx context.Context, req *proto1.Authorization) (*proto1.Authorization, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method NewPendingAuthorization not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) FinalizeAuthorization(ctx context.Context, req *proto1.Authorization) (*proto1.Empty, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method FinalizeAuthorization not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) AddCertificate(ctx context.Context, req *AddCertificateRequest) (*AddCertificateResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method AddCertificate not implemented")
 }
@ -2596,9 +2447,6 @@ func (*UnimplementedStorageAuthorityServer) AddSerial(ctx context.Context, req *
 func (*UnimplementedStorageAuthorityServer) DeactivateRegistration(ctx context.Context, req *RegistrationID) (*proto1.Empty, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method DeactivateRegistration not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) DeactivateAuthorization(ctx context.Context, req *AuthorizationID) (*proto1.Empty, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method DeactivateAuthorization not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) NewOrder(ctx context.Context, req *proto1.Order) (*proto1.Order, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method NewOrder not implemented")
 }
@ -2614,18 +2462,9 @@ func (*UnimplementedStorageAuthorityServer) FinalizeOrder(ctx context.Context, r
 func (*UnimplementedStorageAuthorityServer) GetOrder(ctx context.Context, req *OrderRequest) (*proto1.Order, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetOrder not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) GetValidOrderAuthorizations(ctx context.Context, req *GetValidOrderAuthorizationsRequest) (*Authorizations, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetValidOrderAuthorizations not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) GetOrderForNames(ctx context.Context, req *GetOrderForNamesRequest) (*proto1.Order, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetOrderForNames not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) GetAuthorizations(ctx context.Context, req *GetAuthorizationsRequest) (*Authorizations, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorizations not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) AddPendingAuthorizations(ctx context.Context, req *AddPendingAuthorizationsRequest) (*AuthorizationIDs, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method AddPendingAuthorizations not implemented")
 }
 func (*UnimplementedStorageAuthorityServer) RevokeCertificate(ctx context.Context, req *RevokeCertificateRequest) (*proto1.Empty, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method RevokeCertificate not implemented")
 }
@ -2679,60 +2518,6 @@ func _StorageAuthority_GetRegistrationByKey_Handler(srv interface{}, ctx context
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_GetAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(AuthorizationID)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).GetAuthorization(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/GetAuthorization",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).GetAuthorization(ctx, req.(*AuthorizationID))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_GetPendingAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GetPendingAuthorizationRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).GetPendingAuthorization(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/GetPendingAuthorization",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).GetPendingAuthorization(ctx, req.(*GetPendingAuthorizationRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_GetValidAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GetValidAuthorizationsRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).GetValidAuthorizations(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/GetValidAuthorizations",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).GetValidAuthorizations(ctx, req.(*GetValidAuthorizationsRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_GetCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(Serial)
 	if err := dec(in); err != nil {
@ -2841,24 +2626,6 @@ func _StorageAuthority_CountRegistrationsByIPRange_Handler(srv interface{}, ctx
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_CountPendingAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(RegistrationID)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).CountPendingAuthorizations(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/CountPendingAuthorizations",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).CountPendingAuthorizations(ctx, req.(*RegistrationID))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(CountOrdersRequest)
 	if err := dec(in); err != nil {
@ -2877,24 +2644,6 @@ func _StorageAuthority_CountOrders_Handler(srv interface{}, ctx context.Context,
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_CountInvalidAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(CountInvalidAuthorizationsRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).CountInvalidAuthorizations(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/CountInvalidAuthorizations",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).CountInvalidAuthorizations(ctx, req.(*CountInvalidAuthorizationsRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_CountFQDNSets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(CountFQDNSetsRequest)
 	if err := dec(in); err != nil {
@ -3111,42 +2860,6 @@ func _StorageAuthority_UpdateRegistration_Handler(srv interface{}, ctx context.C
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_NewPendingAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(proto1.Authorization)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).NewPendingAuthorization(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/NewPendingAuthorization",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).NewPendingAuthorization(ctx, req.(*proto1.Authorization))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_FinalizeAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(proto1.Authorization)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).FinalizeAuthorization(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/FinalizeAuthorization",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).FinalizeAuthorization(ctx, req.(*proto1.Authorization))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_AddCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(AddCertificateRequest)
 	if err := dec(in); err != nil {
@ -3219,24 +2932,6 @@ func _StorageAuthority_DeactivateRegistration_Handler(srv interface{}, ctx conte
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_DeactivateAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(AuthorizationID)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).DeactivateAuthorization(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/DeactivateAuthorization",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).DeactivateAuthorization(ctx, req.(*AuthorizationID))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_NewOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(proto1.Order)
 	if err := dec(in); err != nil {
@ -3327,24 +3022,6 @@ func _StorageAuthority_GetOrder_Handler(srv interface{}, ctx context.Context, de
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_GetValidOrderAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GetValidOrderAuthorizationsRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).GetValidOrderAuthorizations(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/GetValidOrderAuthorizations",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).GetValidOrderAuthorizations(ctx, req.(*GetValidOrderAuthorizationsRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_GetOrderForNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GetOrderForNamesRequest)
 	if err := dec(in); err != nil {
@ -3363,42 +3040,6 @@ func _StorageAuthority_GetOrderForNames_Handler(srv interface{}, ctx context.Con
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_GetAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GetAuthorizationsRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).GetAuthorizations(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/GetAuthorizations",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).GetAuthorizations(ctx, req.(*GetAuthorizationsRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_AddPendingAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(AddPendingAuthorizationsRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(StorageAuthorityServer).AddPendingAuthorizations(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: "/sa.StorageAuthority/AddPendingAuthorizations",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StorageAuthorityServer).AddPendingAuthorizations(ctx, req.(*AddPendingAuthorizationsRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _StorageAuthority_RevokeCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(RevokeCertificateRequest)
 	if err := dec(in); err != nil {
@ -3483,18 +3124,6 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
 			MethodName: "GetRegistrationByKey",
 			Handler:    _StorageAuthority_GetRegistrationByKey_Handler,
 		},
 		{
 			MethodName: "GetAuthorization",
 			Handler:    _StorageAuthority_GetAuthorization_Handler,
 		},
 		{
 			MethodName: "GetPendingAuthorization",
 			Handler:    _StorageAuthority_GetPendingAuthorization_Handler,
 		},
 		{
 			MethodName: "GetValidAuthorizations",
 			Handler:    _StorageAuthority_GetValidAuthorizations_Handler,
 		},
 		{
 			MethodName: "GetCertificate",
 			Handler:    _StorageAuthority_GetCertificate_Handler,
@ -3519,18 +3148,10 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
 			MethodName: "CountRegistrationsByIPRange",
 			Handler:    _StorageAuthority_CountRegistrationsByIPRange_Handler,
 		},
 		{
 			MethodName: "CountPendingAuthorizations",
 			Handler:    _StorageAuthority_CountPendingAuthorizations_Handler,
 		},
 		{
 			MethodName: "CountOrders",
 			Handler:    _StorageAuthority_CountOrders_Handler,
 		},
 		{
 			MethodName: "CountInvalidAuthorizations",
 			Handler:    _StorageAuthority_CountInvalidAuthorizations_Handler,
 		},
 		{
 			MethodName: "CountFQDNSets",
 			Handler:    _StorageAuthority_CountFQDNSets_Handler,
@ -3579,14 +3200,6 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
 			MethodName: "UpdateRegistration",
 			Handler:    _StorageAuthority_UpdateRegistration_Handler,
 		},
 		{
 			MethodName: "NewPendingAuthorization",
 			Handler:    _StorageAuthority_NewPendingAuthorization_Handler,
 		},
 		{
 			MethodName: "FinalizeAuthorization",
 			Handler:    _StorageAuthority_FinalizeAuthorization_Handler,
 		},
 		{
 			MethodName: "AddCertificate",
 			Handler:    _StorageAuthority_AddCertificate_Handler,
@ -3603,10 +3216,6 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
 			MethodName: "DeactivateRegistration",
 			Handler:    _StorageAuthority_DeactivateRegistration_Handler,
 		},
 		{
 			MethodName: "DeactivateAuthorization",
 			Handler:    _StorageAuthority_DeactivateAuthorization_Handler,
 		},
 		{
 			MethodName: "NewOrder",
 			Handler:    _StorageAuthority_NewOrder_Handler,
@ -3627,22 +3236,10 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
 			MethodName: "GetOrder",
 			Handler:    _StorageAuthority_GetOrder_Handler,
 		},
 		{
 			MethodName: "GetValidOrderAuthorizations",
 			Handler:    _StorageAuthority_GetValidOrderAuthorizations_Handler,
 		},
 		{
 			MethodName: "GetOrderForNames",
 			Handler:    _StorageAuthority_GetOrderForNames_Handler,
 		},
 		{
 			MethodName: "GetAuthorizations",
 			Handler:    _StorageAuthority_GetAuthorizations_Handler,
 		},
 		{
 			MethodName: "AddPendingAuthorizations",
 			Handler:    _StorageAuthority_AddPendingAuthorizations_Handler,
 		},
 		{
 			MethodName: "RevokeCertificate",
 			Handler:    _StorageAuthority_RevokeCertificate_Handler,
--- a/sa/proto/sa.proto
+++ b/sa/proto/sa.proto
@ -9,20 +9,15 @@ service StorageAuthority {
        // Getters
        rpc GetRegistration(RegistrationID) returns (core.Registration) {}
        rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {}
        rpc GetAuthorization(AuthorizationID) returns (core.Authorization) {}
        rpc GetPendingAuthorization(GetPendingAuthorizationRequest) returns (core.Authorization) {}
        rpc GetValidAuthorizations(GetValidAuthorizationsRequest) returns (ValidAuthorizations) {}
        rpc GetCertificate(Serial) returns (core.Certificate) {}
        rpc GetPrecertificate(Serial) returns (core.Certificate) {}
        rpc GetCertificateStatus(Serial) returns (CertificateStatus) {}
        rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
        rpc CountRegistrationsByIP(CountRegistrationsByIPRequest) returns (Count) {}
        rpc CountRegistrationsByIPRange(CountRegistrationsByIPRequest) returns (Count) {}
        rpc CountPendingAuthorizations(RegistrationID) returns (Count) {}
        rpc CountOrders(CountOrdersRequest) returns (Count) {}
        // Return a count of authorizations with status "invalid" that belong to
        // a given registration ID and expire in the given time range.
        rpc CountInvalidAuthorizations(CountInvalidAuthorizationsRequest) returns (Count) {}
        rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
        rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {}
        rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
@ -36,22 +31,16 @@ service StorageAuthority {
        // Adders
        rpc NewRegistration(core.Registration) returns (core.Registration) {}
        rpc UpdateRegistration(core.Registration) returns (core.Empty) {}
        rpc NewPendingAuthorization(core.Authorization) returns (core.Authorization) {}
        rpc FinalizeAuthorization(core.Authorization) returns (core.Empty) {}
        rpc AddCertificate(AddCertificateRequest) returns (AddCertificateResponse) {}
        rpc AddPrecertificate(AddCertificateRequest) returns (core.Empty) {}
        rpc AddSerial(AddSerialRequest) returns (core.Empty) {}
        rpc DeactivateRegistration(RegistrationID) returns (core.Empty) {}
        rpc DeactivateAuthorization(AuthorizationID) returns (core.Empty) {}
        rpc NewOrder(core.Order) returns (core.Order) {}
        rpc SetOrderProcessing(core.Order) returns (core.Empty) {}
        rpc SetOrderError(core.Order) returns (core.Empty) {}
        rpc FinalizeOrder(core.Order) returns (core.Empty) {}
        rpc GetOrder(OrderRequest) returns (core.Order) {}
        rpc GetValidOrderAuthorizations(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
        rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {}
        rpc GetAuthorizations(GetAuthorizationsRequest) returns (Authorizations) {}
        rpc AddPendingAuthorizations(AddPendingAuthorizationsRequest) returns (AuthorizationIDs) {}
        rpc RevokeCertificate(RevokeCertificateRequest) returns (core.Empty) {}
        rpc NewAuthorizations2(AddPendingAuthorizationsRequest) returns (Authorization2IDs) {}
        rpc FinalizeAuthorization2(FinalizeAuthorizationRequest) returns (core.Empty) {}
--- a/sa/sa.go
+++ b/sa/sa.go
@ -30,7 +30,6 @@ import (
 )
 type certCountFunc func(db dbSelector, domain string, earliest, latest time.Time) (int, error)
 type getChallengesFunc func(db dbSelector, authID string) ([]core.Challenge, error)
 // SQLStorageAuthority defines a Storage Authority
 type SQLStorageAuthority struct {
@ -46,7 +45,6 @@ type SQLStorageAuthority struct {
 	// We use function types here so we can mock out this internal function in
 	// unittests.
 	countCertificatesByName certCountFunc
 	getChallenges           getChallengesFunc
 }
 func digest256(data []byte) []byte {
@ -107,7 +105,6 @@ func NewSQLStorageAuthority(
 	}
 	ssa.countCertificatesByName = ssa.countCertificates
 	ssa.getChallenges = ssa.getChallengesImpl
 	return ssa, nil
 }
@ -134,59 +131,6 @@ func existingRegistration(tx *gorp.Transaction, id int64) bool {
 	return count > 0
 }
 // updateChallenge writes the valid or invalid challenge in a list of challenges
 // to the database. It deletes from the database any of those challenges that
 // weren't used (i.e. aren't "valid" or "invalid"), so long as the
 // DeleteUnusedChallenges flag is set.
 func updateChallenges(db dbSelectExecer, authID string, challenges []core.Challenge) error {
 	var challs []challModel
 	_, err := db.Select(
 		&challs,
 		getChallengesQuery,
 		map[string]interface{}{"authID": authID},
 	)
 	if err != nil {
 		return err
 	}
 	if len(challs) != len(challenges) {
 		return fmt.Errorf("Invalid number of challenges provided")
 	}
 	for i, authChall := range challenges {
 		if challs[i].AuthorizationID != authID {
 			return fmt.Errorf("challenge authorization ID %q didn't match associated authorization ID %q", challs[i].AuthorizationID, authID)
 		}
 		chall, err := challengeToModel(&authChall, authID)
 		if err != nil {
 			return err
 		}
 		chall.ID = challs[i].ID
 		if authChall.Status == core.StatusInvalid || authChall.Status == core.StatusValid {
 			_, err = db.Exec(
 				`UPDATE challenges SET
 				status = ?,
 				error = ?,
 				validationRecord = ?
 			WHERE status = ? AND id = ?`,
 				string(chall.Status),
 				chall.Error,
 				chall.ValidationRecord,
 				string(core.StatusPending),
 				chall.ID)
 			if err != nil {
 				return err
 			}
 		} else if features.Enabled(features.DeleteUnusedChallenges) {
 			_, err = db.Exec(
 				`DELETE FROM challenges WHERE id = ?`,
 				chall.ID)
 			if err != nil {
 				return err
 			}
 		}
 	}
 	return nil
 }
 // GetRegistration obtains a Registration by ID
 func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, id int64) (core.Registration, error) {
 	const query = "WHERE id = ?"
@ -221,62 +165,6 @@ func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, key *j
 	return modelToRegistration(model)
 }
 // GetAuthorization obtains an Authorization by ID
 func (ssa *SQLStorageAuthority) GetAuthorization(ctx context.Context, id string) (core.Authorization, error) {
 	authz, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
 		pa, err := selectPendingAuthz(txWithCtx, "WHERE id = ?", id)
 		if err != nil && err != sql.ErrNoRows {
 			return nil, err
 		}
 		var authz core.Authorization
 		if err == sql.ErrNoRows {
 			var fa authzModel
 			err := txWithCtx.SelectOne(&fa, fmt.Sprintf("SELECT %s FROM authz WHERE id = ?", authzFields), id)
 			if err != nil && err != sql.ErrNoRows {
 				return nil, err
 			} else if err == sql.ErrNoRows {
 				// If there was no result in either the pending authz table or the authz
 				// table then return a `berrors.NotFound` instance
 				return nil, berrors.NotFoundError("no authorization found with id %q", id)
 			}
 			authz = fa.Authorization
 		} else {
 			authz = pa.Authorization
 		}
 		authz.Challenges, err = ssa.getChallenges(txWithCtx, authz.ID)
 		if err != nil {
 			return nil, err
 		}
 		return authz, nil
 	})
 	if overallError != nil {
 		return core.Authorization{}, overallError
 	}
 	if authz, ok := authz.(core.Authorization); ok {
 		return authz, nil
 	}
 	return core.Authorization{}, fmt.Errorf("shouldn't happen: casting error in GetAuthorization")
 }
 // GetValidAuthorizations returns the latest authorization object for all
 // domain names from the parameters that the account has authorizations for.
 func (ssa *SQLStorageAuthority) GetValidAuthorizations(
 	ctx context.Context,
 	registrationID int64,
 	names []string,
 	now time.Time) (map[string]*core.Authorization, error) {
 	return ssa.getAuthorizations(
 		ctx,
 		authorizationTable,
 		string(core.StatusValid),
 		registrationID,
 		names,
 		now,
 		false)
 }
 // incrementIP returns a copy of `ip` incremented at a bit index `index`,
 // or in other words the first IP of the next highest subnet given a mask of
 // length `index`.
@ -552,163 +440,6 @@ func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, reg core
 	return nil
 }
 // NewPendingAuthorization retrieves a pending authorization for
 // authz.Identifier if one exists, or creates a new one otherwise.
 func (ssa *SQLStorageAuthority) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (core.Authorization, error) {
 	output, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
 		// Create a random ID and check that it doesn't exist already
 		authz.ID = core.NewToken()
 		for existingPending(txWithCtx, authz.ID) ||
 			existingFinal(txWithCtx, authz.ID) {
 			authz.ID = core.NewToken()
 		}
 		// Insert a stub row in pending
 		pendingAuthz := pendingauthzModel{Authorization: authz}
 		err := txWithCtx.Insert(&pendingAuthz)
 		if err != nil {
 			return nil, err
 		}
 		for i, c := range authz.Challenges {
 			challModel, err := challengeToModel(&c, pendingAuthz.ID)
 			if err != nil {
 				return nil, err
 			}
 			// Magic happens here: Gorp will modify challModel, setting challModel.ID
 			// to the auto-increment primary key. This is important because we want
 			// the challenge objects inside the Authorization we return to know their
 			// IDs, so they can have proper URLs.
 			// See https://godoc.org/github.com/coopernurse/gorp#DbMap.Insert
 			err = txWithCtx.Insert(challModel)
 			if err != nil {
 				return nil, err
 			}
 			challenge, err := modelToChallenge(challModel)
 			if err != nil {
 				return nil, err
 			}
 			authz.Challenges[i] = challenge
 		}
 		pendingAuthz.Authorization.Challenges = authz.Challenges
 		return pendingAuthz.Authorization, nil
 	})
 	if overallError != nil {
 		return core.Authorization{}, overallError
 	}
 	if output, ok := output.(core.Authorization); ok {
 		return output, nil
 	}
 	return core.Authorization{}, fmt.Errorf("shouldn't happen: casting error in NewPendingAuthorization")
 }
 // GetPendingAuthorization returns the most recent Pending authorization
 // with the given identifier, if available.
 func (ssa *SQLStorageAuthority) GetPendingAuthorization(
 	ctx context.Context,
 	req *sapb.GetPendingAuthorizationRequest,
 ) (*core.Authorization, error) {
 	identifierJSON, err := json.Marshal(identifier.ACMEIdentifier{
 		Type:  identifier.IdentifierType(*req.IdentifierType),
 		Value: *req.IdentifierValue,
 	})
 	if err != nil {
 		return nil, err
 	}
 	// Note: This will use the index on `registrationId`, `expires`, which should
 	// keep the amount of scanning to a minimum. That index does not include the
 	// identifier, so accounts with huge numbers of pending authzs may result in
 	// slow queries here.
 	pa, err := selectPendingAuthz(ssa.dbMap.WithContext(ctx),
 		`WHERE registrationID = :regID
 			 AND identifier = :identifierJSON
 			 AND status = :status
 			 AND expires > :validUntil
 		 ORDER BY expires ASC
 		 LIMIT 1`,
 		map[string]interface{}{
 			"regID":          *req.RegistrationID,
 			"identifierJSON": identifierJSON,
 			"status":         string(core.StatusPending),
 			"validUntil":     time.Unix(0, *req.ValidUntil),
 		})
 	if err == sql.ErrNoRows {
 		return nil, berrors.NotFoundError("pending authz not found")
 	} else if err == nil {
 		// We found an authz, but we still need to fetch its challenges. To
 		// simplify things, just call GetAuthorization, which takes care of that.
 		authz, err := ssa.GetAuthorization(ctx, pa.ID)
 		return &authz, err
 	} else {
 		// Any error other than ErrNoRows; return the error
 		return nil, err
 	}
 }
 // FinalizeAuthorization converts a Pending Authorization to a final one. If the
 // Authorization is not found a berrors.NotFound result is returned. If the
 // Authorization is status pending a berrors.InternalServer error is returned.
 func (ssa *SQLStorageAuthority) FinalizeAuthorization(ctx context.Context, authz core.Authorization) error {
 	_, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
 		// Check that a pending authz exists
 		if !existingPending(txWithCtx, authz.ID) {
 			return nil, berrors.NotFoundError("authorization with ID %q not found", authz.ID)
 		}
 		if statusIsPending(authz.Status) {
 			return nil, berrors.InternalServerError("authorization to finalize is pending (ID %q)", authz.ID)
 		}
 		auth := &authzModel{authz}
 		pa, err := selectPendingAuthz(txWithCtx, "WHERE id = ?", authz.ID)
 		if err == sql.ErrNoRows {
 			return nil, berrors.NotFoundError("authorization with ID %q not found", authz.ID)
 		}
 		if err != nil {
 			return nil, err
 		}
 		err = txWithCtx.Insert(auth)
 		if err != nil {
 			return nil, err
 		}
 		_, err = txWithCtx.Delete(pa)
 		if err != nil {
 			return nil, err
 		}
 		err = updateChallenges(txWithCtx, authz.ID, authz.Challenges)
 		if err != nil {
 			return nil, err
 		}
 		return nil, nil
 	})
 	return overallError
 }
 func (ssa *SQLStorageAuthority) getAuthorizationIDsByDomain2(ctx context.Context, domain string) ([]int64, error) {
 	var ids []int64
 	_, err := ssa.dbMap.Select(
 		&ids,
 		`SELECT id FROM authz2 WHERE identifierValue = :ident AND status IN (:pending,:valid) AND expires > :expires LIMIT :limit`,
 		map[string]interface{}{
 			"ident":   domain,
 			"pending": statusUint(core.StatusPending),
 			"valid":   statusUint(core.StatusValid),
 			"expires": ssa.clk.Now(),
 			"limit":   getAuthorizationIDsMax,
 		},
 	)
 	if err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 // AddCertificate stores an issued certificate and returns the digest as
 // a string, or an error if any occurred.
 func (ssa *SQLStorageAuthority) AddCertificate(
@ -813,22 +544,6 @@ func (ssa *SQLStorageAuthority) AddCertificate(
 	return digest, nil
 }
 // CountPendingAuthorizations returns the number of pending, unexpired
 // authorizations for the given registration.
 func (ssa *SQLStorageAuthority) CountPendingAuthorizations(ctx context.Context, regID int64) (count int, err error) {
 	err = ssa.dbMap.WithContext(ctx).SelectOne(&count,
 		`SELECT count(1) FROM pendingAuthorizations
 		WHERE registrationID = :regID AND
 		expires > :now AND
 		status = :pending`,
 		map[string]interface{}{
 			"regID":   regID,
 			"now":     ssa.clk.Now(),
 			"pending": string(core.StatusPending),
 		})
 	return
 }
 func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, acctID int64, earliest, latest time.Time) (int, error) {
 	var count int
 	err := ssa.dbMap.WithContext(ctx).SelectOne(&count,
@ -847,43 +562,6 @@ func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, acctID int64, e
 	return count, nil
 }
 // CountInvalidAuthorizations counts invalid authorizations for a user expiring
 // in a given time range.
 // authorizations for the give registration.
 func (ssa *SQLStorageAuthority) CountInvalidAuthorizations(
 	ctx context.Context,
 	req *sapb.CountInvalidAuthorizationsRequest,
 ) (count *sapb.Count, err error) {
 	identifier := identifier.ACMEIdentifier{
 		Type:  identifier.DNS,
 		Value: *req.Hostname,
 	}
 	idJSON, err := json.Marshal(identifier)
 	if err != nil {
 		return nil, err
 	}
 	count = &sapb.Count{
 		Count: new(int64),
 	}
 	err = ssa.dbMap.WithContext(ctx).SelectOne(count.Count,
 		`SELECT COUNT(1) FROM authz
 		WHERE registrationID = :regID AND
 		identifier = :identifier AND
 		expires > :earliest AND
 		expires <= :latest AND
 		status = :invalid`,
 		map[string]interface{}{
 			"regID":      *req.RegistrationID,
 			"identifier": idJSON,
 			"earliest":   time.Unix(0, *req.Range.Earliest),
 			"latest":     time.Unix(0, *req.Range.Latest),
 			"invalid":    string(core.StatusInvalid),
 		})
 	return
 }
 func hashNames(names []string) []byte {
 	names = core.UniqueLowerNames(names)
 	hash := sha256.Sum256([]byte(strings.Join(names, ",")))
@ -1192,51 +870,6 @@ func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, id i
 	return err
 }
 // DeactivateAuthorization deactivates a currently valid or pending authorization
 func (ssa *SQLStorageAuthority) DeactivateAuthorization(ctx context.Context, id string) error {
 	_, overallError := withTransaction(ctx, ssa.dbMap, func(txWithCtx transaction) (interface{}, error) {
 		if existingPending(txWithCtx, id) {
 			authzObj, err := txWithCtx.Get(&pendingauthzModel{}, id)
 			if err != nil {
 				return nil, err
 			}
 			if authzObj == nil {
 				// InternalServerError because existingPending already told us it existed
 				return nil, berrors.InternalServerError("failure retrieving pending authorization")
 			}
 			authz := authzObj.(*pendingauthzModel)
 			if authz.Status != core.StatusPending {
 				return nil, berrors.WrongAuthorizationStateError("authorization not pending")
 			}
 			authz.Status = core.StatusDeactivated
 			err = txWithCtx.Insert(&authzModel{authz.Authorization})
 			if err != nil {
 				return nil, err
 			}
 			result, err := txWithCtx.Delete(authzObj)
 			if err != nil {
 				return nil, err
 			}
 			if result != 1 {
 				return nil, berrors.InternalServerError("wrong number of rows deleted: expected 1, got %d", result)
 			}
 		} else {
 			_, err := txWithCtx.Exec(
 				`UPDATE authz SET status = ? WHERE id = ? and status = ?`,
 				string(core.StatusDeactivated),
 				id,
 				string(core.StatusValid),
 			)
 			if err != nil {
 				return nil, err
 			}
 		}
 		return nil, nil
 	})
 	return overallError
 }
 // DeactivateAuthorization2 deactivates a currently valid or pending authorization.
 // This method is intended to deprecate DeactivateAuthorization.
 func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Empty, error) {
@ -1268,15 +901,6 @@ func (ssa *SQLStorageAuthority) NewOrder(ctx context.Context, req *corepb.Order)
 			return nil, err
 		}
 		for _, id := range req.Authorizations {
 			otoa := &orderToAuthzModel{
 				OrderID: order.ID,
 				AuthzID: id,
 			}
 			if err := txWithCtx.Insert(otoa); err != nil {
 				return nil, err
 			}
 		}
 		for _, id := range req.V2Authorizations {
 			otoa := &orderToAuthz2Model{
 				OrderID: order.ID,
@ -1422,23 +1046,14 @@ func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *corepb.O
 // authzForOrder retrieves the authorization IDs for an order. It returns these
 // IDs in two slices: one for v1 style authorizations, and another for
 // v2 style authorizations.
-func (ssa *SQLStorageAuthority) authzForOrder(ctx context.Context, orderID int64) ([]string, []int64, error) {
+func (ssa *SQLStorageAuthority) authzForOrder(ctx context.Context, orderID int64) ([]int64, error) {
 	var v1IDs []string
 	var v2IDs []int64
 	_, err := ssa.dbMap.WithContext(ctx).Select(
 		&v2IDs,
 		"SELECT authzID FROM orderToAuthz2 WHERE orderID = ?",
 		orderID,
 	)
-	if err != nil {
+	return v2IDs, err
 		return nil, nil, err
 	}
 	_, err = ssa.dbMap.WithContext(ctx).Select(
 		&v1IDs, "SELECT authzID FROM orderToAuthz WHERE orderID = ?", orderID)
 	if err != nil {
 		return nil, nil, err
 	}
 	return v1IDs, v2IDs, nil
 }
 // namesForOrder finds all of the requested names associated with an order. The
@ -1470,14 +1085,11 @@ func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderReq
 	if err != nil {
 		return nil, err
 	}
-	v1AuthzIDs, v2AuthzIDs, err := ssa.authzForOrder(ctx, *order.Id)
+	v2AuthzIDs, err := ssa.authzForOrder(ctx, *order.Id)
 	if err != nil {
 		return nil, err
 	}
-	if features.Enabled(features.DisableAuthz2Orders) && len(v2AuthzIDs) > 0 {
+	order.V2Authorizations = v2AuthzIDs
 		return nil, berrors.NotFoundError("no order found for ID %d", *req.Id)
 	}
 	order.Authorizations, order.V2Authorizations = v1AuthzIDs, v2AuthzIDs
 	names, err := ssa.namesForOrder(ctx, *order.Id)
 	if err != nil {
@ -1542,20 +1154,20 @@ func (ssa *SQLStorageAuthority) statusForOrder(ctx context.Context, order *corep
 	}
 	// Get the full Authorization objects for the order
-	authzValidityInfo, err := ssa.getAllOrderAuthorizationStatuses(ctx, *order.Id, *order.RegistrationID, order.V2Authorizations)
+	authzValidityInfo, err := ssa.getAuthorizationStatuses(ctx, order.V2Authorizations)
 	// If there was an error getting the authorizations, return it immediately
 	if err != nil {
 		return "", err
 	}
-	// If getAllOrderAuthorizationStatuses returned a different number of authorization
+	// If getAuthorizationStatuses returned a different number of authorization
-	// objects than the order's slices of v1 and v2 authorization IDs something has gone
+	// objects than the order's slice of authorization IDs something has gone
 	// wrong worth raising an internal error about.
-	if len(authzValidityInfo) != len(order.Authorizations)+len(order.V2Authorizations) {
+	if len(authzValidityInfo) != len(order.V2Authorizations) {
 		return "", berrors.InternalServerError(
-			"getAllOrderAuthorizationStatuses returned the wrong number of authorization statuses "+
+			"getAuthorizationStatuses returned the wrong number of authorization statuses "+
 				"(%d vs expected %d) for order %d",
-			len(authzValidityInfo), len(order.Authorizations), *order.Id)
+			len(authzValidityInfo), len(order.V2Authorizations), *order.Id)
 	}
 	// Keep a count of the authorizations seen
@ -1673,89 +1285,6 @@ func (ssa *SQLStorageAuthority) getAuthorizationStatuses(ctx context.Context, id
 	return allAuthzValidity, nil
 }
 func (ssa *SQLStorageAuthority) getAllOrderAuthorizationStatuses(
 	ctx context.Context,
 	orderID, acctID int64,
 	v2AuthzIDs []int64) ([]authzValidity, error) {
 	var allAuthzValidity []authzValidity
 	if len(v2AuthzIDs) > 0 {
 		validityInfo, err := ssa.getAuthorizationStatuses(ctx, v2AuthzIDs)
 		if err != nil {
 			return nil, err
 		}
 		allAuthzValidity = append(allAuthzValidity, validityInfo...)
 	}
 	for _, table := range authorizationTables {
 		var validityInfo []authzValidity
 		_, err := ssa.dbMap.WithContext(ctx).Select(
 			&validityInfo,
 			fmt.Sprintf(`SELECT status, expires from %s AS authz
 		INNER JOIN orderToAuthz
 		ON authz.ID = orderToAuthz.authzID
 		WHERE authz.registrationID = ? AND
 		orderToAuthz.orderID = ?`, table),
 			acctID,
 			orderID,
 		)
 		if err != nil {
 			return nil, err
 		}
 		allAuthzValidity = append(allAuthzValidity, validityInfo...)
 	}
 	return allAuthzValidity, nil
 }
 // GetValidOrderAuthorizations is used to find the valid, unexpired authorizations
 // associated with a specific order and account ID.
 func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations(
 	ctx context.Context,
 	req *sapb.GetValidOrderAuthorizationsRequest) (map[string]*core.Authorization, error) {
 	now := ssa.clk.Now()
 	// Select the full authorization data for all *valid, unexpired*
 	// authorizations that are owned by the correct account ID and associated with
 	// the given order ID
 	var auths []*core.Authorization
 	_, err := ssa.dbMap.WithContext(ctx).Select(
 		&auths,
 		fmt.Sprintf(`SELECT %s FROM %s AS authz
 	LEFT JOIN orderToAuthz
 	ON authz.ID = orderToAuthz.authzID
 	WHERE authz.registrationID = ? AND
 	authz.expires > ? AND
 	authz.status = ? AND
 	orderToAuthz.orderID = ?`, authzFields, authorizationTable),
 		*req.AcctID,
 		now,
 		string(core.StatusValid),
 		*req.Id)
 	if err != nil {
 		return nil, err
 	}
 	// Collapse & dedupe the returned authorizations into a mapping from name to
 	// authorization
 	byName := make(map[string]*core.Authorization)
 	for _, auth := range auths {
 		// We only expect to get back DNS identifiers
 		if auth.Identifier.Type != identifier.DNS {
 			return nil, fmt.Errorf("unknown identifier type: %q on authz id %q", auth.Identifier.Type, auth.ID)
 		}
 		existing, present := byName[auth.Identifier.Value]
 		if !present || auth.Expires.After(*existing.Expires) {
 			// Retrieve challenges for the authz
 			auth.Challenges, err = ssa.getChallenges(ssa.dbMap.WithContext(ctx), auth.ID)
 			if err != nil {
 				return nil, err
 			}
 			byName[auth.Identifier.Value] = auth
 		}
 	}
 	return byName, nil
 }
 // GetOrderForNames tries to find a **pending** or **ready** order with the
 // exact set of names requested, associated with the given accountID. Only
 // unexpired orders are considered. If no order meeting these requirements is
@ -1827,97 +1356,6 @@ func (ssa *SQLStorageAuthority) GetOrderForNames(
 	return order, nil
 }
 func (ssa *SQLStorageAuthority) getAuthorizations(
 	ctx context.Context,
 	table string,
 	status string,
 	registrationID int64,
 	names []string,
 	now time.Time,
 	requireV2Authzs bool) (map[string]*core.Authorization, error) {
 	if len(names) == 0 {
 		return nil, berrors.InternalServerError("no names received")
 	}
 	params := make([]interface{}, len(names))
 	qmarks := make([]string, len(names))
 	for i, name := range names {
 		id := identifier.ACMEIdentifier{Type: identifier.DNS, Value: name}
 		idJSON, err := json.Marshal(id)
 		if err != nil {
 			return nil, err
 		}
 		params[i] = string(idJSON)
 		qmarks[i] = "?"
 	}
 	// If requested, filter out V1 authorizations by doing a JOIN on the
 	// orderToAuthz table, ensuring that all authorization IDs returned correspond
 	// to a V2 order.
 	queryPrefix := fmt.Sprintf(`SELECT %s FROM %s`, authzFields, table)
 	if requireV2Authzs {
 		queryPrefix = queryPrefix + `
 		JOIN orderToAuthz
 			ON ID = authzID`
 	}
 	var auths []*core.Authorization
 	_, err := ssa.dbMap.WithContext(ctx).Select(
 		&auths,
 		fmt.Sprintf(`%s
 		WHERE registrationID = ? AND
 		expires > ? AND
 		status = ? AND
 		identifier IN (%s)`,
 			queryPrefix, strings.Join(qmarks, ",")),
 		append([]interface{}{registrationID, now, status}, params...)...)
 	if err != nil {
 		return nil, err
 	}
 	byName := make(map[string]*core.Authorization)
 	for _, auth := range auths {
 		// No real life authorizations should have a nil expires. If we find them,
 		// don't consider them valid.
 		if auth.Expires == nil {
 			continue
 		}
 		if auth.Identifier.Type != identifier.DNS {
 			return nil, fmt.Errorf("unknown identifier type: %q on authz id %q", auth.Identifier.Type, auth.ID)
 		}
 		existing, present := byName[auth.Identifier.Value]
 		if !present || auth.Expires.After(*existing.Expires) {
 			byName[auth.Identifier.Value] = auth
 		}
 	}
 	for _, auth := range byName {
 		// Retrieve challenges for the authz
 		if auth.Challenges, err = ssa.getChallenges(ssa.dbMap.WithContext(ctx), auth.ID); err != nil {
 			return nil, err
 		}
 	}
 	return byName, nil
 }
 func (ssa *SQLStorageAuthority) getPendingAuthorizations(
 	ctx context.Context,
 	registrationID int64,
 	names []string,
 	now time.Time,
 	requireV2Authzs bool) (map[string]*core.Authorization, error) {
 	return ssa.getAuthorizations(
 		ctx,
 		pendingAuthorizationTable,
 		string(core.StatusPending),
 		registrationID,
 		names,
 		now,
 		requireV2Authzs)
 }
 func AuthzMapToPB(m map[string]*core.Authorization) (*sapb.Authorizations, error) {
 	resp := &sapb.Authorizations{}
 	for k, v := range m {
@ -1932,99 +1370,6 @@ func AuthzMapToPB(m map[string]*core.Authorization) (*sapb.Authorizations, error
 	return resp, nil
 }
 // GetAuthorizations returns a map of valid or pending authorizations for as many names as possible
 func (ssa *SQLStorageAuthority) GetAuthorizations(
 	ctx context.Context,
 	req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error) {
 	authzMap, err := ssa.getAuthorizations(
 		ctx,
 		authorizationTable,
 		string(core.StatusValid),
 		*req.RegistrationID,
 		req.Domains,
 		time.Unix(0, *req.Now),
 		*req.RequireV2Authzs,
 	)
 	if err != nil {
 		return nil, err
 	}
 	if len(authzMap) == len(req.Domains) {
 		return AuthzMapToPB(authzMap)
 	}
 	// remove names we already have authz for
 	remainingNames := []string{}
 	for _, name := range req.Domains {
 		if _, present := authzMap[name]; !present {
 			remainingNames = append(remainingNames, name)
 		}
 	}
 	pendingAuthz, err := ssa.getPendingAuthorizations(
 		ctx,
 		*req.RegistrationID,
 		remainingNames,
 		time.Unix(0, *req.Now),
 		*req.RequireV2Authzs)
 	if err != nil {
 		return nil, err
 	}
 	// merge pending into valid
 	for name, a := range pendingAuthz {
 		authzMap[name] = a
 	}
 	// Wildcard domain issuance requires that the authorizations returned by this
 	// RPC also include populated challenges such that the caller can know if the
 	// challenges meet the wildcard issuance policy (e.g. only 1 DNS-01
 	// challenge).
 	// Fetch each of the authorizations' associated challenges
 	for _, authz := range authzMap {
 		authz.Challenges, err = ssa.getChallenges(ssa.dbMap.WithContext(ctx), authz.ID)
 		if err != nil {
 			return nil, err
 		}
 	}
 	return AuthzMapToPB(authzMap)
 }
 // AddPendingAuthorizations creates a batch of pending authorizations and returns their IDs
 func (ssa *SQLStorageAuthority) AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error) {
 	ids := []string{}
 	for _, authPB := range req.Authz {
 		authz, err := bgrpc.PBToAuthz(authPB)
 		if err != nil {
 			return nil, err
 		}
 		result, err := ssa.NewPendingAuthorization(ctx, authz)
 		if err != nil {
 			return nil, err
 		}
 		ids = append(ids, result.ID)
 	}
 	return &sapb.AuthorizationIDs{Ids: ids}, nil
 }
 func (ssa *SQLStorageAuthority) getChallengesImpl(db dbSelector, authID string) ([]core.Challenge, error) {
 	var challObjs []challModel
 	_, err := db.Select(
 		&challObjs,
 		getChallengesQuery,
 		map[string]interface{}{"authID": authID},
 	)
 	if err != nil {
 		return nil, err
 	}
 	var challs []core.Challenge
 	for _, c := range challObjs {
 		chall, err := modelToChallenge(&c)
 		if err != nil {
 			return nil, err
 		}
 		challs = append(challs, chall)
 	}
 	return challs, nil
 }
 // NewAuthorizations2 adds a set of new style authorizations to the database and returns
 // either the IDs of the authorizations or an error. It will only process corepb.Authorization
 // objects if the V2 field is set. This method is intended to deprecate AddPendingAuthorizations
@ -2126,37 +1471,7 @@ func (ssa *SQLStorageAuthority) GetAuthorizations2(ctx context.Context, req *sap
 		}
 	}
-	authzsPB, err := authz2ModelMapToPB(authzModelMap)
+	return authz2ModelMapToPB(authzModelMap)
 	if err != nil {
 		return nil, err
 	}
 	// If we still need more authorizations look for them in the old
 	// style authorization tables.
 	if len(authzModelMap) != len(req.Domains) {
 		// Get the authorizations for names we don't already have
 		var remaining []string
 		for _, name := range req.Domains {
 			if _, present := authzModelMap[name]; !present {
 				remaining = append(remaining, name)
 			}
 		}
 		reqV2 := true
 		authz, err := ssa.GetAuthorizations(ctx, &sapb.GetAuthorizationsRequest{
 			RegistrationID:  req.RegistrationID,
 			Domains:         remaining,
 			Now:             req.Now,
 			RequireV2Authzs: &reqV2,
 		})
 		if err != nil {
 			return nil, err
 		}
 		for _, authzPB := range authz.Authz {
 			authzsPB.Authz = append(authzsPB.Authz, authzPB)
 		}
 	}
 	return authzsPB, nil
 }
 // FinalizeAuthorization2 moves a pending authorization to either the valid or invalid status. If
@ -2290,12 +1605,7 @@ func (ssa *SQLStorageAuthority) GetPendingAuthorization2(ctx context.Context, re
 	)
 	if err != nil {
 		if err == sql.ErrNoRows {
-			// there may be an old style pending authorization so look for that
+			return nil, berrors.NotFoundError("pending authz not found")
 			authz, err := ssa.GetPendingAuthorization(ctx, req)
 			if err != nil {
 				return nil, err
 			}
 			return bgrpc.AuthzToPB(*authz)
 		}
 		return nil, err
 	}
@ -2320,13 +1630,6 @@ func (ssa *SQLStorageAuthority) CountPendingAuthorizations2(ctx context.Context,
 	if err != nil {
 		return nil, err
 	}
 	// also count old style authorizations and add those to the count of
 	// new authorizations
 	oldCount, err := ssa.CountPendingAuthorizations(ctx, *req.Id)
 	if err != nil {
 		return nil, err
 	}
 	count += int64(oldCount)
 	return &sapb.Count{Count: &count}, nil
 }
@ -2367,29 +1670,7 @@ func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations2(ctx context.Context
 		}
 	}
-	authzsPB, err := authz2ModelMapToPB(byName)
+	return authz2ModelMapToPB(byName)
 	if err != nil {
 		return nil, err
 	}
 	// also get any older style authorizations, as far as I can tell
 	// there is no easy way to tell if this is needed or not as
 	// an order may be all one style, all the other, or a mix
 	oldAuthzMap, err := ssa.GetValidOrderAuthorizations(ctx, req)
 	if err != nil {
 		return nil, err
 	}
 	if len(oldAuthzMap) > 0 {
 		oldAuthzsPB, err := AuthzMapToPB(oldAuthzMap)
 		if err != nil {
 			return nil, err
 		}
 		for _, authzPB := range oldAuthzsPB.Authz {
 			authzsPB.Authz = append(authzsPB.Authz, authzPB)
 		}
 	}
 	return authzsPB, nil
 }
 // CountInvalidAuthorizations2 counts invalid authorizations for a user expiring
@ -2418,13 +1699,6 @@ func (ssa *SQLStorageAuthority) CountInvalidAuthorizations2(ctx context.Context,
 	if err != nil {
 		return nil, err
 	}
 	// Also count old authorizations and add those to the new style
 	// count
 	oldCount, err := ssa.CountInvalidAuthorizations(ctx, req)
 	if err != nil {
 		return nil, err
 	}
 	count += *oldCount.Count
 	return &sapb.Count{Count: &count}, nil
 }
@ -2476,41 +1750,5 @@ func (ssa *SQLStorageAuthority) GetValidAuthorizations2(ctx context.Context, req
 		}
 		authzMap[am.IdentifierValue] = am
 	}
-	authzsPB, err := authz2ModelMapToPB(authzMap)
+	return authz2ModelMapToPB(authzMap)
 	if err != nil {
 		return nil, err
 	}
 	if len(authzsPB.Authz) != len(req.Domains) {
 		// We may still have valid old style authorizations
 		// we want for names in the list, so we have to look
 		// for them.
 		var remaining []string
 		for _, name := range req.Domains {
 			if _, present := authzMap[name]; !present {
 				remaining = append(remaining, name)
 			}
 		}
 		now := time.Unix(0, *req.Now)
 		oldAuthzs, err := ssa.GetValidAuthorizations(
 			ctx,
 			*req.RegistrationID,
 			remaining,
 			now,
 		)
 		if err != nil {
 			return nil, err
 		}
 		if len(oldAuthzs) > 0 {
 			oldAuthzsPB, err := AuthzMapToPB(oldAuthzs)
 			if err != nil {
 				return nil, err
 			}
 			for _, authzPB := range oldAuthzsPB.Authz {
 				authzsPB.Authz = append(authzsPB.Authz, authzPB)
 			}
 		}
 	}
 	return authzsPB, nil
 }
--- a/sa/sa_test.go
+++ b/sa/sa_test.go