diff --git a/va/va.go b/va/va.go index aa8aace14..0572a06ba 100644 --- a/va/va.go +++ b/va/va.go @@ -23,9 +23,6 @@ import ( "time" "github.com/jmhodges/clock" - "github.com/prometheus/client_golang/prometheus" - "golang.org/x/net/context" - "github.com/letsencrypt/boulder/bdns" "github.com/letsencrypt/boulder/canceled" "github.com/letsencrypt/boulder/cmd" @@ -35,6 +32,8 @@ import ( blog "github.com/letsencrypt/boulder/log" "github.com/letsencrypt/boulder/metrics" "github.com/letsencrypt/boulder/probs" + "github.com/prometheus/client_golang/prometheus" + "golang.org/x/net/context" ) const ( @@ -80,6 +79,7 @@ type vaMetrics struct { validationTime *prometheus.HistogramVec remoteValidationTime *prometheus.HistogramVec remoteValidationFailures prometheus.Counter + tlsALPNOIDCounter *prometheus.CounterVec } func initMetrics(stats metrics.Scope) *vaMetrics { @@ -105,11 +105,20 @@ func initMetrics(stats metrics.Scope) *vaMetrics { Help: "Number of validations failed due to remote VAs returning failure", }) stats.MustRegister(remoteValidationFailures) + tlsALPNOIDCounter := prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "tls_alpn_oid_usage", + Help: "Number of TLS ALPN validations using either of the two OIDs", + }, + []string{"oid"}, + ) + stats.MustRegister(tlsALPNOIDCounter) return &vaMetrics{ validationTime: validationTime, remoteValidationTime: remoteValidationTime, remoteValidationFailures: remoteValidationFailures, + tlsALPNOIDCounter: tlsALPNOIDCounter, } } @@ -752,6 +761,11 @@ func (va *ValidationAuthorityImpl) validateTLSALPN01(ctx context.Context, identi h := sha256.Sum256([]byte(challenge.ProvidedKeyAuthorization)) for _, ext := range leafCert.Extensions { if IdPeAcmeIdentifier.Equal(ext.Id) || IdPeAcmeIdentifierV1Obsolete.Equal(ext.Id) { + if IdPeAcmeIdentifier.Equal(ext.Id) { + va.metrics.tlsALPNOIDCounter.WithLabelValues(IdPeAcmeIdentifier.String()).Inc() + } else { + va.metrics.tlsALPNOIDCounter.WithLabelValues(IdPeAcmeIdentifierV1Obsolete.String()).Inc() + } if !ext.Critical { errText := fmt.Sprintf("Incorrect validation certificate for %s challenge. "+ "acmeValidationV1 extension not critical.", core.ChallengeTypeTLSALPN01) diff --git a/va/va_test.go b/va/va_test.go index 32bc29216..7653e6604 100644 --- a/va/va_test.go +++ b/va/va_test.go @@ -30,10 +30,6 @@ import ( "github.com/golang/mock/gomock" "github.com/jmhodges/clock" - "github.com/prometheus/client_golang/prometheus" - "golang.org/x/net/context" - "gopkg.in/square/go-jose.v2" - "github.com/letsencrypt/boulder/bdns" "github.com/letsencrypt/boulder/cmd" "github.com/letsencrypt/boulder/core" @@ -43,6 +39,9 @@ import ( "github.com/letsencrypt/boulder/probs" "github.com/letsencrypt/boulder/test" vaPB "github.com/letsencrypt/boulder/va/proto" + "github.com/prometheus/client_golang/prometheus" + "golang.org/x/net/context" + "gopkg.in/square/go-jose.v2" ) func bigIntFromB64(b64 string) *big.Int { @@ -987,10 +986,10 @@ func TestValidateTLSALPN01(t *testing.T) { va, _ := setup(hs, 0) _, prob := va.validateChallenge(ctx, dnsi("localhost"), chall) - if prob != nil { t.Errorf("Validation failed: %v", prob) } + test.AssertEquals(t, test.CountCounterVec("oid", IdPeAcmeIdentifier.String(), va.metrics.tlsALPNOIDCounter), 1) hs.Close() chall = createChallenge(core.ChallengeTypeTLSALPN01) @@ -999,10 +998,10 @@ func TestValidateTLSALPN01(t *testing.T) { va, _ = setup(hs, 0) _, prob = va.validateChallenge(ctx, dnsi("localhost"), chall) - if prob != nil { t.Errorf("Validation failed: %v", prob) } + test.AssertEquals(t, test.CountCounterVec("oid", IdPeAcmeIdentifierV1Obsolete.String(), va.metrics.tlsALPNOIDCounter), 1) } func TestValidateTLSALPN01BadChallenge(t *testing.T) {