diff --git a/ra/ra.go b/ra/ra.go index 60fdd4349..106c5e169 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -112,19 +112,18 @@ type RegistrationAuthorityImpl struct { ctpolicy *ctpolicy.CTPolicy - ctpolicyResults *prometheus.HistogramVec - revocationReasonCounter *prometheus.CounterVec - namesPerCert *prometheus.HistogramVec - rlCheckLatency *prometheus.HistogramVec - rlOverrideUsageGauge *prometheus.GaugeVec - newRegCounter prometheus.Counter - recheckCAACounter prometheus.Counter - newCertCounter *prometheus.CounterVec - recheckCAAUsedAuthzLifetime prometheus.Counter - authzAges *prometheus.HistogramVec - orderAges *prometheus.HistogramVec - inflightFinalizes prometheus.Gauge - certCSRMismatch prometheus.Counter + ctpolicyResults *prometheus.HistogramVec + revocationReasonCounter *prometheus.CounterVec + namesPerCert *prometheus.HistogramVec + rlCheckLatency *prometheus.HistogramVec + rlOverrideUsageGauge *prometheus.GaugeVec + newRegCounter prometheus.Counter + recheckCAACounter prometheus.Counter + newCertCounter *prometheus.CounterVec + authzAges *prometheus.HistogramVec + orderAges *prometheus.HistogramVec + inflightFinalizes prometheus.Gauge + certCSRMismatch prometheus.Counter } var _ rapb.RegistrationAuthorityServer = (*RegistrationAuthorityImpl)(nil) @@ -196,12 +195,6 @@ func NewRegistrationAuthorityImpl( }) stats.MustRegister(recheckCAACounter) - recheckCAAUsedAuthzLifetime := prometheus.NewCounter(prometheus.CounterOpts{ - Name: "recheck_caa_used_authz_lifetime", - Help: "A counter times the old codepath was used for CAA recheck time", - }) - stats.MustRegister(recheckCAAUsedAuthzLifetime) - newCertCounter := prometheus.NewCounterVec(prometheus.CounterOpts{ Name: "new_certificates", Help: "A counter of new certificates including the certificate profile name and hexadecimal certificate profile hash", @@ -281,7 +274,6 @@ func NewRegistrationAuthorityImpl( recheckCAACounter: recheckCAACounter, newCertCounter: newCertCounter, revocationReasonCounter: revocationReasonCounter, - recheckCAAUsedAuthzLifetime: recheckCAAUsedAuthzLifetime, authzAges: authzAges, orderAges: orderAges, inflightFinalizes: inflightFinalizes, @@ -863,13 +855,6 @@ func (ra *RegistrationAuthorityImpl) checkAuthorizationsCAA( // Set the recheck time to 7 hours ago. caaRecheckAfter := now.Add(caaRecheckDuration) - // Set a CAA recheck time based on the assumption of a 30 day authz - // lifetime. This has been deprecated in favor of a new check based - // off the Validated time stored in the database, but we want to check - // both for a time and increment a stat if this code path is hit for - // compliance safety. - caaRecheckTime := now.Add(ra.authorizationLifetime).Add(caaRecheckDuration) - for _, name := range names { authz := authzs[name] if authz == nil { @@ -883,13 +868,6 @@ func (ra *RegistrationAuthorityImpl) checkAuthorizationsCAA( } else if staleCAA { // Ensure that CAA is rechecked for this name recheckAuthzs = append(recheckAuthzs, authz) - } else if authz.Expires.Before(caaRecheckTime) { - // Ensure that CAA is rechecked for this name - recheckAuthzs = append(recheckAuthzs, authz) - // This codepath should not be used, but is here as a safety - // net until the new codepath is proven. Increment metric if - // it is used. - ra.recheckCAAUsedAuthzLifetime.Add(1) } } diff --git a/ra/ra_test.go b/ra/ra_test.go index d056bb676..3bf241c2b 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -1896,10 +1896,6 @@ func TestRecheckCAADates(t *testing.T) { err = ra.checkAuthorizationsCAA(context.Background(), Registration.Id, []string{"novalidationtime.com"}, authzs, fc.Now()) test.AssertEquals(t, err.Error(), "authorization's challenge has no validated timestamp for: id noval") - // Test to make sure the authorization lifetime codepath was not used - // to determine if CAA needed recheck. - test.AssertMetricWithLabelsEquals(t, ra.recheckCAAUsedAuthzLifetime, prometheus.Labels{}, 0) - // We expect that "recent.com" is not checked because its mock authorization // isn't expired if _, present := recorder.names["recent.com"]; present {