diff --git a/ra/ra.go b/ra/ra.go index fbc99d9f4..e286cdde2 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -14,10 +14,6 @@ import ( "time" "github.com/jmhodges/clock" - "github.com/prometheus/client_golang/prometheus" - "github.com/weppos/publicsuffix-go/publicsuffix" - "golang.org/x/net/context" - caPB "github.com/letsencrypt/boulder/ca/proto" "github.com/letsencrypt/boulder/core" corepb "github.com/letsencrypt/boulder/core/proto" @@ -37,6 +33,9 @@ import ( sapb "github.com/letsencrypt/boulder/sa/proto" vaPB "github.com/letsencrypt/boulder/va/proto" "github.com/letsencrypt/boulder/web" + "github.com/prometheus/client_golang/prometheus" + "github.com/weppos/publicsuffix-go/publicsuffix" + "golang.org/x/net/context" grpc "google.golang.org/grpc" ) @@ -1455,6 +1454,10 @@ func (ra *RegistrationAuthorityImpl) UpdateAuthorization( return authz, nil } + if authz.Status != core.StatusPending { + return core.Authorization{}, berrors.WrongAuthorizationStateError("authorization must be pending") + } + // Look up the account key for this authorization reg, err := ra.SA.GetRegistration(ctx, authz.RegistrationID) if err != nil { @@ -1491,15 +1494,9 @@ func (ra *RegistrationAuthorityImpl) UpdateAuthorization( return core.Authorization{}, berrors.MalformedError(cErr.Error()) } - // Store the updated version - if err = ra.SA.UpdatePendingAuthorization(ctx, authz); err != nil { - ra.log.Warningf("Error calling ra.SA.UpdatePendingAuthorization: %s", err) - return core.Authorization{}, err - } ra.stats.Inc("NewPendingAuthorizations", 1) // Dispatch to the VA for service - vaCtx := context.Background() go func(authz core.Authorization) { // We will mutate challenges later in this goroutine to change status and diff --git a/ra/ra_test.go b/ra/ra_test.go index 20df217fa..6a355b26c 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -23,6 +23,11 @@ import ( "testing" "time" + "github.com/golang/protobuf/proto" + ctasn1 "github.com/google/certificate-transparency-go/asn1" + ctx509 "github.com/google/certificate-transparency-go/x509" + ctpkix "github.com/google/certificate-transparency-go/x509/pkix" + "github.com/jmhodges/clock" capb "github.com/letsencrypt/boulder/ca/proto" "github.com/letsencrypt/boulder/cmd" "github.com/letsencrypt/boulder/core" @@ -45,12 +50,6 @@ import ( "github.com/letsencrypt/boulder/test" "github.com/letsencrypt/boulder/test/vars" vaPB "github.com/letsencrypt/boulder/va/proto" - - "github.com/golang/protobuf/proto" - ctasn1 "github.com/google/certificate-transparency-go/asn1" - ctx509 "github.com/google/certificate-transparency-go/x509" - ctpkix "github.com/google/certificate-transparency-go/x509/pkix" - "github.com/jmhodges/clock" "github.com/prometheus/client_golang/prometheus" "github.com/weppos/publicsuffix-go/publicsuffix" "golang.org/x/net/context" @@ -927,7 +926,7 @@ func TestUpdateAuthorizationAlreadyValid(t *testing.T) { // A subsequent call to update the authorization should return the expected error _, err = ra.UpdateAuthorization(ctx, finalAuthz, ResponseIndex, response) test.Assert(t, berrors.Is(err, berrors.WrongAuthorizationState), - "FinalizeAuthorization of valid authz didn't return a berrors.WrongAuthorizationState") + "UpdateAuthorization of valid authz (with reuseValidAuthz disabled) didn't return a berrors.WrongAuthorizationState") } func TestUpdateAuthorizationNewRPC(t *testing.T) { diff --git a/test/integration-test.py b/test/integration-test.py index 1564d3bea..48b49b237 100644 --- a/test/integration-test.py +++ b/test/integration-test.py @@ -550,7 +550,6 @@ def test_stats(): expect_stat(8000, "\ngo_goroutines ") expect_stat(8000, '\ngrpc_client_handling_seconds_count{grpc_method="NewRegistration",grpc_service="ra.RegistrationAuthority",grpc_type="unary"} ') expect_stat(8002, '\ngrpc_server_handling_seconds_sum{grpc_method="UpdateAuthorization",grpc_service="ra.RegistrationAuthority",grpc_type="unary"} ') - expect_stat(8002, '\ngrpc_client_handling_seconds_count{grpc_method="UpdatePendingAuthorization",grpc_service="sa.StorageAuthority",grpc_type="unary"} ') expect_stat(8001, "\ngo_goroutines ") def test_sct_embedding(): diff --git a/wfe2/wfe.go b/wfe2/wfe.go index a7bd63bea..541f9665d 100644 --- a/wfe2/wfe.go +++ b/wfe2/wfe.go @@ -16,10 +16,6 @@ import ( "time" "github.com/jmhodges/clock" - "github.com/prometheus/client_golang/prometheus" - "golang.org/x/net/context" - jose "gopkg.in/square/go-jose.v2" - "github.com/letsencrypt/boulder/core" corepb "github.com/letsencrypt/boulder/core/proto" berrors "github.com/letsencrypt/boulder/errors" @@ -34,6 +30,9 @@ import ( "github.com/letsencrypt/boulder/revocation" sapb "github.com/letsencrypt/boulder/sa/proto" "github.com/letsencrypt/boulder/web" + "github.com/prometheus/client_golang/prometheus" + "golang.org/x/net/context" + jose "gopkg.in/square/go-jose.v2" ) // Paths are the ACME-spec identified URL path-segments for various methods. @@ -994,9 +993,9 @@ func (wfe *WebFrontEndImpl) postChallenge( return } - // Ask the RA to update this authorization. Send an empty `core.Challenge{}` - // as the challenge update because we do not care about the KeyAuthorization - // (if any) sent in the challengeUpdate. + // Send the authorization to the RA for validation (the name of this RPC is somewhat + // misleading, the RA sends the authorization to the VA for validation. Once the validation + // is complete the VA returns back to the RA to finalize the authorization) updatedAuthorization, err := wfe.RA.UpdateAuthorization(ctx, authz, challengeIndex, core.Challenge{}) if err != nil { wfe.sendError(response, logEvent, web.ProblemDetailsForError(err, "Unable to update challenge"), err)