From 6a2344e1bff04d6322255aa4894415322c0ed74a Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Fri, 17 Jul 2015 17:44:03 -0700 Subject: [PATCH] Add config vars and wire them into cmd/boulder and cmd/boulder-wfe --- cmd/boulder-wfe/main.go | 9 +++++++++ cmd/boulder/main.go | 9 +++++++++ cmd/shell.go | 5 +++++ test/boulder-config.json | 4 ++++ test/boulder-pkcs11-example-config.json | 4 ++++ test/boulder-test-config.json | 4 ++++ wfe/web-front-end.go | 10 +++++----- wfe/web-front-end_test.go | 7 ++++--- 8 files changed, 44 insertions(+), 8 deletions(-) diff --git a/cmd/boulder-wfe/main.go b/cmd/boulder-wfe/main.go index 793ec80b9..c14b07e9c 100644 --- a/cmd/boulder-wfe/main.go +++ b/cmd/boulder-wfe/main.go @@ -97,6 +97,15 @@ func main() { wfe.Stats = stats wfe.SubscriberAgreementURL = c.SubscriberAgreementURL + wfe.CertCacheDuration, err = time.ParseDuration(c.WFE.CertCacheDuration) + cmd.FailOnError(err, "Couldn't parse certificate caching duration") + wfe.CertNoCacheExpirationWindow, err = time.ParseDuration(c.WFE.CertNoCacheExpirationWindow) + cmd.FailOnError(err, "Couldn't parse certificate expiration no-cache window") + wfe.IndexCacheDuration, err = time.ParseDuration(c.WFE.IndexCacheDuration) + cmd.FailOnError(err, "Couldn't parse index caching duration") + wfe.IssuerCacheDuration, err = time.ParseDuration(c.WFE.IssuerCacheDuration) + cmd.FailOnError(err, "Couldn't parse issuer caching duration") + wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert) cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert)) diff --git a/cmd/boulder/main.go b/cmd/boulder/main.go index 73c82d890..f53ba6a00 100644 --- a/cmd/boulder/main.go +++ b/cmd/boulder/main.go @@ -82,6 +82,15 @@ func main() { cmd.FailOnError(err, "Unable to create SA") sa.SetSQLDebug(c.SQL.SQLDebug) + wfei.CertCacheDuration, err = time.ParseDuration(c.WFE.CertCacheDuration) + cmd.FailOnError(err, "Couldn't parse certificate caching duration") + wfei.CertNoCacheExpirationWindow, err = time.ParseDuration(c.WFE.CertNoCacheExpirationWindow) + cmd.FailOnError(err, "Couldn't parse certificate expiration no-cache window") + wfei.IndexCacheDuration, err = time.ParseDuration(c.WFE.IndexCacheDuration) + cmd.FailOnError(err, "Couldn't parse index caching duration") + wfei.IssuerCacheDuration, err = time.ParseDuration(c.WFE.IssuerCacheDuration) + cmd.FailOnError(err, "Couldn't parse issuer caching duration") + ra := ra.NewRegistrationAuthorityImpl() va := va.NewValidationAuthorityImpl(c.CA.TestMode) diff --git a/cmd/shell.go b/cmd/shell.go index 4fddee6f2..62165e7d8 100644 --- a/cmd/shell.go +++ b/cmd/shell.go @@ -73,6 +73,11 @@ type Config struct { BaseURL string ListenAddress string + CertCacheDuration string + CertNoCacheExpirationWindow string + IndexCacheDuration string + IssuerCacheDuration string + // DebugAddr is the address to run the /debug handlers on. DebugAddr string } diff --git a/test/boulder-config.json b/test/boulder-config.json index 608875725..c27235aad 100644 --- a/test/boulder-config.json +++ b/test/boulder-config.json @@ -37,6 +37,10 @@ "wfe": { "listenAddress": "127.0.0.1:4000", + "certCacheDuration": "6h", + "certNoCacheExpirationWindow": "96h", + "indexCacheDuration": "24h", + "issuerCacheDuration": "48h", "debugAddr": "localhost:8000" }, diff --git a/test/boulder-pkcs11-example-config.json b/test/boulder-pkcs11-example-config.json index 788659492..7ff3185c0 100644 --- a/test/boulder-pkcs11-example-config.json +++ b/test/boulder-pkcs11-example-config.json @@ -32,6 +32,10 @@ "wfe": { "listenAddress": "127.0.0.1:4000", + "certCacheDuration": "6h", + "certNoCacheExpirationWindow": "96h", + "indexCacheDuration": "24h", + "issuerCacheDuration": "48h", "debugAddr": "localhost:8000" }, diff --git a/test/boulder-test-config.json b/test/boulder-test-config.json index 8ddf250d7..ea780d809 100644 --- a/test/boulder-test-config.json +++ b/test/boulder-test-config.json @@ -32,6 +32,10 @@ "wfe": { "listenAddress": "127.0.0.1:4300", + "certCacheDuration": "6h", + "certNoCacheExpirationWindow": "96h", + "indexCacheDuration": "24h", + "issuerCacheDuration": "48h", "debugAddr": "localhost:8000" }, diff --git a/wfe/web-front-end.go b/wfe/web-front-end.go index 7784be73e..51aa9d817 100644 --- a/wfe/web-front-end.go +++ b/wfe/web-front-end.go @@ -68,10 +68,10 @@ type WebFrontEndImpl struct { nonceService core.NonceService // Cache settings - CertCacheDuration time.Duration - CertCacheExpirationWindow time.Duration - IssuerCacheDuration time.Duration - IndexCacheDuration time.Duration + CertCacheDuration time.Duration + CertNoCacheExpirationWindow time.Duration + IndexCacheDuration time.Duration + IssuerCacheDuration time.Duration } func statusCodeFromError(err interface{}) int { @@ -1015,7 +1015,7 @@ func (wfe *WebFrontEndImpl) Certificate(response http.ResponseWriter, request *h } // Set cache-control header if certificate NotAfter is > time.Now().Add(-WFE.CertCacheExpirationWindow) - if time.Now().Add(-wfe.CertCacheExpirationWindow).After(cert.Expires) { + if time.Now().Add(-wfe.CertNoCacheExpirationWindow).After(cert.Expires) { response.Header().Add("Cache-Control", fmt.Sprintf("public, max-age=%.f", wfe.CertCacheDuration.Seconds())) } else { response.Header().Add("Cache-Control", "public, max-age=0, no-cache") diff --git a/wfe/web-front-end_test.go b/wfe/web-front-end_test.go index 188b3de66..30d809ba4 100644 --- a/wfe/web-front-end_test.go +++ b/wfe/web-front-end_test.go @@ -1053,13 +1053,14 @@ func TestIssuer(t *testing.T) { func TestGetCertificate(t *testing.T) { wfe := setupWFE(t) wfe.CertCacheDuration = time.Second * 10 - wfe.CertCacheExpirationWindow = time.Hour * 24 * 7 + wfe.CertNoCacheExpirationWindow = time.Hour * 24 * 7 wfe.SA = &MockSA{} - responseWriter := httptest.NewRecorder() - certPemBytes, _ := ioutil.ReadFile("test/178.crt") certBlock, _ := pem.Decode(certPemBytes) + + responseWriter := httptest.NewRecorder() + path, _ := url.Parse("/acme/cert/00000000000000b2") wfe.Certificate(responseWriter, &http.Request{ Method: "GET",