From 3bec0076cd0c06d2463ad726fc68d39fa25e3e36 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 24 Sep 2015 10:11:20 -0700 Subject: [PATCH] Use file URLs for static responders. --- cmd/ocsp-responder/main.go | 19 ++++++++++++++----- cmd/shell.go | 12 ++++-------- test/boulder-config.json | 4 +--- test/issuer-ocsp-responder.json | 4 +--- 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go index 901ea09e0..58390b65a 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go @@ -11,6 +11,7 @@ import ( "encoding/hex" "fmt" "net/http" + "net/url" "time" "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cactus/go-statsd-client/statsd" @@ -134,14 +135,22 @@ func main() { config := c.OCSPResponder var source cfocsp.Source - if config.Source.DBConnect != "" { + url, err := url.Parse(config.Source) + cmd.FailOnError(err, fmt.Sprintf("Source was not a URL: %s", config.Source)) + + if url.Scheme == "mysql+tcp" { auditlogger.Info(fmt.Sprintf("Loading OCSP Database for CA Cert: %s", c.Common.IssuerCert)) - source, err = makeDBSource(config.Source.DBConnect, c.Common.IssuerCert, c.SQL.SQLDebug) + source, err = makeDBSource(config.Source, c.Common.IssuerCert, c.SQL.SQLDebug) cmd.FailOnError(err, "Couldn't load OCSP DB") - } else { - filename := config.Source.Filename + } else if url.Scheme == "file" { + filename := url.Path + // Go interprets cwd-relative file urls (file:test/foo.txt) as having the + // relative part of the path in the 'Opaque' field. + if filename == "" { + filename = url.Opaque + } source, err = cfocsp.NewSourceFromFile(filename) - cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", filename)) + cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path)) } stopTimeout, err := time.ParseDuration(c.OCSPResponder.ShutdownStopTimeout) diff --git a/cmd/shell.go b/cmd/shell.go index 5dc6e6637..9e1b0b423 100644 --- a/cmd/shell.go +++ b/cmd/shell.go @@ -152,14 +152,10 @@ type Config struct { } OCSPResponder struct { - // Exactly one of DBConnect or Filename should be filled. - // DBConnect is used when responding for end-entity certs, - // and Filename is used when responding from a static file for intermediates - // and roots. - Source struct { - DBConnect string - Filename string - } + // Source indicates the source of pre-signed OCSP responses to be used. It + // can be a DBConnect string or a file URL. The file URL style is used + // when responding from a static file for intermediates and roots. + Source string Path string ListenAddress string diff --git a/test/boulder-config.json b/test/boulder-config.json index 104ba7b42..1a4da2ed0 100644 --- a/test/boulder-config.json +++ b/test/boulder-config.json @@ -145,9 +145,7 @@ }, "ocspResponder": { - "source": { - "dbConnect": "mysql+tcp://boulder@localhost:3306/boulder_sa_integration" - }, + "source": "mysql+tcp://boulder@localhost:3306/boulder_sa_integration", "path": "/", "listenAddress": "localhost:4002", "shutdownStopTimeout": "10s", diff --git a/test/issuer-ocsp-responder.json b/test/issuer-ocsp-responder.json index 1a6ed3583..551521c39 100644 --- a/test/issuer-ocsp-responder.json +++ b/test/issuer-ocsp-responder.json @@ -1,8 +1,6 @@ { "ocspResponder": { - "source": { - "filename": "test/issuer-ocsp-responses.txt" - }, + "source": "file:test/issuer-ocsp-responses.txt", "path": "/", "listenAddress": "localhost:4003", "shutdownStopTimeout": "10s",