SA: Remove unused PreviousCertificateExists method (#7439)

This method has had no callers since the removal of ACMEv1.

mocks/mocks.go

@@ -346,10 +346,6 @@ func (sa *StorageAuthorityReadOnly) FQDNSetExists(_ context.Context, _ *sapb.FQD
 	return &sapb.Exists{Exists: false}, nil
 }
 
-func (sa *StorageAuthorityReadOnly) PreviousCertificateExists(_ context.Context, _ *sapb.PreviousCertificateExistsRequest, _ ...grpc.CallOption) (*sapb.Exists, error) {
-	return &sapb.Exists{Exists: false}, nil
-}
-
 // CountCertificatesByNames is a mock
 func (sa *StorageAuthorityReadOnly) CountCertificatesByNames(_ context.Context, _ *sapb.CountCertificatesByNamesRequest, _ ...grpc.CallOption) (*sapb.CountByNames, error) {
 	return &sapb.CountByNames{}, nil

ra/mock_test.go

@@ -4,15 +4,16 @@ import (
 	"context"
 	"time"
 
-	"github.com/letsencrypt/boulder/core"
-	corepb "github.com/letsencrypt/boulder/core/proto"
-	"github.com/letsencrypt/boulder/mocks"
-	sapb "github.com/letsencrypt/boulder/sa/proto"
 	grpc "google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
 	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/letsencrypt/boulder/core"
+	corepb "github.com/letsencrypt/boulder/core/proto"
+	"github.com/letsencrypt/boulder/mocks"
+	sapb "github.com/letsencrypt/boulder/sa/proto"
 )
 
 type mockInvalidAuthorizationsAuthority struct {
@@ -29,12 +30,6 @@ func (sa *mockInvalidAuthorizationsAuthority) CountOrders(_ context.Context, _ *
 	return &sapb.Count{}, nil
 }
 
-func (sa *mockInvalidAuthorizationsAuthority) PreviousCertificateExists(_ context.Context, _ *sapb.PreviousCertificateExistsRequest, _ ...grpc.CallOption) (*sapb.Exists, error) {
-	return &sapb.Exists{
-		Exists: false,
-	}, nil
-}
-
 func (sa *mockInvalidAuthorizationsAuthority) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest, _ ...grpc.CallOption) (*sapb.Count, error) {
 	if req.Hostname == sa.domainWithFailures {
 		return &sapb.Count{Count: 1}, nil

sa/proto/sa.proto

@@ -39,7 +39,6 @@ service StorageAuthorityReadOnly {
   rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
   rpc IncidentsForSerial(Serial) returns (Incidents) {}
   rpc KeyBlocked(SPKIHash) returns (Exists) {}
-  rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
   rpc ReplacementOrderExists(Serial) returns (Exists) {}
   rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {}
 }
@@ -76,7 +75,6 @@ service StorageAuthority {
   rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
   rpc IncidentsForSerial(Serial) returns (Incidents) {}
   rpc KeyBlocked(SPKIHash) returns (Exists) {}
-  rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
   rpc ReplacementOrderExists(Serial) returns (Exists) {}
   rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {}
   // Adders
@@ -208,11 +206,6 @@ message FQDNSetExistsRequest {
   repeated string domains = 1;
 }
 
-message PreviousCertificateExistsRequest {
-  string domain = 1;
-  int64 regID = 2;
-}
-
 message Exists {
   bool exists = 1;
 }

sa/proto/sa_grpc.pb.go

@@ -54,7 +54,6 @@ type StorageAuthorityReadOnlyClient interface {
 	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
 	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
 	KeyBlocked(ctx context.Context, in *SPKIHash, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
 	ReplacementOrderExists(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Exists, error)
 	SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_SerialsForIncidentClient, error)
 }
@@ -397,15 +396,6 @@ func (c *storageAuthorityReadOnlyClient) KeyBlocked(ctx context.Context, in *SPK
 	return out, nil
 }
 
-func (c *storageAuthorityReadOnlyClient) PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/PreviousCertificateExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
 func (c *storageAuthorityReadOnlyClient) ReplacementOrderExists(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Exists, error) {
 	out := new(Exists)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/ReplacementOrderExists", in, out, opts...)
@@ -480,7 +470,6 @@ type StorageAuthorityReadOnlyServer interface {
 	GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
 	IncidentsForSerial(context.Context, *Serial) (*Incidents, error)
 	KeyBlocked(context.Context, *SPKIHash) (*Exists, error)
-	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
 	ReplacementOrderExists(context.Context, *Serial) (*Exists, error)
 	SerialsForIncident(*SerialsForIncidentRequest, StorageAuthorityReadOnly_SerialsForIncidentServer) error
 	mustEmbedUnimplementedStorageAuthorityReadOnlyServer()
@@ -577,9 +566,6 @@ func (UnimplementedStorageAuthorityReadOnlyServer) IncidentsForSerial(context.Co
 func (UnimplementedStorageAuthorityReadOnlyServer) KeyBlocked(context.Context, *SPKIHash) (*Exists, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method KeyBlocked not implemented")
 }
-func (UnimplementedStorageAuthorityReadOnlyServer) PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method PreviousCertificateExists not implemented")
-}
 func (UnimplementedStorageAuthorityReadOnlyServer) ReplacementOrderExists(context.Context, *Serial) (*Exists, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ReplacementOrderExists not implemented")
 }
@@ -1131,24 +1117,6 @@ func _StorageAuthorityReadOnly_KeyBlocked_Handler(srv interface{}, ctx context.C
 	return interceptor(ctx, in, info, handler)
 }
 
-func _StorageAuthorityReadOnly_PreviousCertificateExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(PreviousCertificateExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).PreviousCertificateExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/PreviousCertificateExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).PreviousCertificateExists(ctx, req.(*PreviousCertificateExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
 func _StorageAuthorityReadOnly_ReplacementOrderExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(Serial)
 	if err := dec(in); err != nil {
@@ -1299,10 +1267,6 @@ var StorageAuthorityReadOnly_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "KeyBlocked",
 			Handler:    _StorageAuthorityReadOnly_KeyBlocked_Handler,
 		},
-		{
-			MethodName: "PreviousCertificateExists",
-			Handler:    _StorageAuthorityReadOnly_PreviousCertificateExists_Handler,
-		},
 		{
 			MethodName: "ReplacementOrderExists",
 			Handler:    _StorageAuthorityReadOnly_ReplacementOrderExists_Handler,
@@ -1367,7 +1331,6 @@ type StorageAuthorityClient interface {
 	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
 	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
 	KeyBlocked(ctx context.Context, in *SPKIHash, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
 	ReplacementOrderExists(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Exists, error)
 	SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthority_SerialsForIncidentClient, error)
 	// Adders
@@ -1729,15 +1692,6 @@ func (c *storageAuthorityClient) KeyBlocked(ctx context.Context, in *SPKIHash, o
 	return out, nil
 }
 
-func (c *storageAuthorityClient) PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/PreviousCertificateExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
 func (c *storageAuthorityClient) ReplacementOrderExists(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Exists, error) {
 	out := new(Exists)
 	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/ReplacementOrderExists", in, out, opts...)
@@ -1975,7 +1929,6 @@ type StorageAuthorityServer interface {
 	GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
 	IncidentsForSerial(context.Context, *Serial) (*Incidents, error)
 	KeyBlocked(context.Context, *SPKIHash) (*Exists, error)
-	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
 	ReplacementOrderExists(context.Context, *Serial) (*Exists, error)
 	SerialsForIncident(*SerialsForIncidentRequest, StorageAuthority_SerialsForIncidentServer) error
 	// Adders
@@ -2091,9 +2044,6 @@ func (UnimplementedStorageAuthorityServer) IncidentsForSerial(context.Context, *
 func (UnimplementedStorageAuthorityServer) KeyBlocked(context.Context, *SPKIHash) (*Exists, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method KeyBlocked not implemented")
 }
-func (UnimplementedStorageAuthorityServer) PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method PreviousCertificateExists not implemented")
-}
 func (UnimplementedStorageAuthorityServer) ReplacementOrderExists(context.Context, *Serial) (*Exists, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ReplacementOrderExists not implemented")
 }
@@ -2698,24 +2648,6 @@ func _StorageAuthority_KeyBlocked_Handler(srv interface{}, ctx context.Context,
 	return interceptor(ctx, in, info, handler)
 }
 
-func _StorageAuthority_PreviousCertificateExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(PreviousCertificateExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).PreviousCertificateExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/PreviousCertificateExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).PreviousCertificateExists(ctx, req.(*PreviousCertificateExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
 func _StorageAuthority_ReplacementOrderExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(Serial)
 	if err := dec(in); err != nil {
@@ -3190,10 +3122,6 @@ var StorageAuthority_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "KeyBlocked",
 			Handler:    _StorageAuthority_KeyBlocked_Handler,
 		},
-		{
-			MethodName: "PreviousCertificateExists",
-			Handler:    _StorageAuthority_PreviousCertificateExists_Handler,
-		},
 		{
 			MethodName: "ReplacementOrderExists",
 			Handler:    _StorageAuthority_ReplacementOrderExists_Handler,

sa/sa_test.go

@@ -1165,55 +1165,6 @@ func TestAddIssuedNames(t *testing.T) {
 	}
 }
 
-func TestPreviousCertificateExists(t *testing.T) {
-	sa, clk, cleanUp := initSA(t)
-	defer cleanUp()
-
-	reg := createWorkingRegistration(t, sa)
-
-	_, testCert := test.ThrowAwayCert(t, clk)
-
-	issued := sa.clk.Now()
-	_, err := sa.AddPrecertificate(ctx, &sapb.AddCertificateRequest{
-		Der:          testCert.Raw,
-		Issued:       timestamppb.New(issued),
-		RegID:        reg.Id,
-		IssuerNameID: 1,
-	})
-	test.AssertNotError(t, err, "Failed to add precertificate")
-	_, err = sa.AddCertificate(ctx, &sapb.AddCertificateRequest{
-		Der:    testCert.Raw,
-		RegID:  reg.Id,
-		Issued: timestamppb.New(issued),
-	})
-	test.AssertNotError(t, err, "calling AddCertificate")
-
-	cases := []struct {
-		name     string
-		domain   string
-		regID    int64
-		expected bool
-	}{
-		{"matches", testCert.DNSNames[0], reg.Id, true},
-		{"wrongDomain", "example.org", reg.Id, false},
-		{"wrongAccount", testCert.DNSNames[0], 3333, false},
-	}
-
-	for _, testCase := range cases {
-		t.Run(testCase.name, func(t *testing.T) {
-			exists, err := sa.PreviousCertificateExists(context.Background(),
-				&sapb.PreviousCertificateExistsRequest{
-					Domain: testCase.domain,
-					RegID:  testCase.regID,
-				})
-			test.AssertNotError(t, err, "calling PreviousCertificateExists")
-			if exists.Exists != testCase.expected {
-				t.Errorf("wanted %v got %v", testCase.expected, exists.Exists)
-			}
-		})
-	}
-}
-
 func TestDeactivateAuthorization2(t *testing.T) {
 	sa, fc, cleanUp := initSA(t)
 	defer cleanUp()

sa/saro.go

@@ -628,69 +628,6 @@ func (ssa *SQLStorageAuthorityRO) checkFQDNSetExists(ctx context.Context, select
 	return exists, err
 }
 
-// PreviousCertificateExists returns true iff there was at least one certificate
-// issued with the provided domain name, and the most recent such certificate
-// was issued by the provided registration ID. This method is currently only
-// used to determine if a certificate has previously been issued for a given
-// domain name in order to determine if validations should be allowed during
-// the v1 API shutoff.
-// TODO(#5816): Consider removing this method, as it has no callers.
-func (ssa *SQLStorageAuthorityRO) PreviousCertificateExists(ctx context.Context, req *sapb.PreviousCertificateExistsRequest) (*sapb.Exists, error) {
-	if req.Domain == "" || req.RegID == 0 {
-		return nil, errIncompleteRequest
-	}
-
-	exists := &sapb.Exists{Exists: true}
-	notExists := &sapb.Exists{Exists: false}
-
-	// Find the most recently issued certificate containing this domain name.
-	var serial string
-	err := ssa.dbReadOnlyMap.SelectOne(
-		ctx,
-		&serial,
-		`SELECT serial FROM issuedNames
-		WHERE reversedName = ?
-		ORDER BY notBefore DESC
-		LIMIT 1`,
-		ReverseName(req.Domain),
-	)
-	if err != nil {
-		if db.IsNoRows(err) {
-			return notExists, nil
-		}
-		return nil, err
-	}
-
-	// Check whether that certificate was issued to the specified account.
-	var count int
-	err = ssa.dbReadOnlyMap.SelectOne(
-		ctx,
-		&count,
-		`SELECT COUNT(*) FROM certificates
-		WHERE serial = ?
-		AND registrationID = ?`,
-		serial,
-		req.RegID,
-	)
-	if err != nil {
-		// If no rows found, that means the certificate we found in issuedNames wasn't
-		// issued by the registration ID we are checking right now, but is not an
-		// error.
-		if db.IsNoRows(err) {
-			return notExists, nil
-		}
-		return nil, err
-	}
-	if count > 0 {
-		return exists, nil
-	}
-	return notExists, nil
-}
-
-func (ssa *SQLStorageAuthority) PreviousCertificateExists(ctx context.Context, req *sapb.PreviousCertificateExistsRequest) (*sapb.Exists, error) {
-	return ssa.SQLStorageAuthorityRO.PreviousCertificateExists(ctx, req)
-}
-
 // GetOrder is used to retrieve an already existing order object
 func (ssa *SQLStorageAuthorityRO) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error) {
 	if req == nil || req.Id == 0 {