diff --git a/ra/ra.go b/ra/ra.go index 6c6b0ebd5..30b29c68b 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -1144,11 +1144,13 @@ func mergeUpdate(r *core.Registration, input core.Registration) bool { changed = true } - if features.Enabled(features.AllowKeyRollover) && input.Key != nil { - sameKey, _ := core.PublicKeysEqual(r.Key.Key, input.Key.Key) - if !sameKey { - r.Key = input.Key - changed = true + if input.Key != nil { + if r.Key != nil { + sameKey, _ := core.PublicKeysEqual(r.Key.Key, input.Key.Key) + if !sameKey { + r.Key = input.Key + changed = true + } } } diff --git a/ra/ra_test.go b/ra/ra_test.go index 32db2b709..ff50e44d8 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -412,15 +412,6 @@ func TestNewRegistrationNoFieldOverwrite(t *testing.T) { test.Assert(t, result.ID != 23, "ID shouldn't be set by user") // TODO: Enable this test case once we validate terms agreement. //test.Assert(t, result.Agreement != "I agreed", "Agreement shouldn't be set with invalid URL") - - id := result.ID - result2, err := ra.UpdateRegistration(ctx, result, core.Registration{ - ID: 33, - Key: &ShortKey, - }) - test.AssertNotError(t, err, "Could not update registration") - test.Assert(t, result2.ID != 33, fmt.Sprintf("ID shouldn't be overwritten. expected %d, got %d", id, result2.ID)) - test.Assert(t, !core.KeyDigestEquals(result2.Key, ShortKey), "Key shouldn't be overwritten") } func TestNewRegistrationBadKey(t *testing.T) { @@ -1400,15 +1391,8 @@ func TestRegistrationKeyUpdate(t *testing.T) { test.AssertNotError(t, err, "rsa.GenerateKey() for oldKey failed") rA, rB := core.Registration{Key: &jose.JSONWebKey{Key: oldKey}}, core.Registration{} + changed := mergeUpdate(&rA, rB) - if changed { - t.Fatal("mergeUpdate changed the key with features.AllowKeyRollover disabled and empty update") - } - - _ = features.Set(map[string]bool{"AllowKeyRollover": true}) - defer features.Reset() - - changed = mergeUpdate(&rA, rB) if changed { t.Fatal("mergeUpdate changed the key with empty update") } diff --git a/wfe/wfe.go b/wfe/wfe.go index 30d9e735a..5372f47f8 100644 --- a/wfe/wfe.go +++ b/wfe/wfe.go @@ -325,9 +325,8 @@ func (wfe *WebFrontEndImpl) Handler() http.Handler { wfe.HandleFunc(m, termsPath, wfe.Terms, "GET") wfe.HandleFunc(m, issuerPath, wfe.Issuer, "GET") wfe.HandleFunc(m, buildIDPath, wfe.BuildID, "GET") - if features.Enabled(features.AllowKeyRollover) { - wfe.HandleFunc(m, rolloverPath, wfe.KeyRollover, "POST") - } + wfe.HandleFunc(m, rolloverPath, wfe.KeyRollover, "POST") + // We don't use our special HandleFunc for "/" because it matches everything, // meaning we can wind up returning 405 when we mean to return 404. See // https://github.com/letsencrypt/boulder/issues/717 @@ -397,7 +396,7 @@ func (wfe *WebFrontEndImpl) Directory(ctx context.Context, logEvent *requestEven // encounter a directory containing elements they don't expect so we gate // adding new directory fields for clients matching this UA. clientDirChangeIntolerant := strings.HasPrefix(request.UserAgent(), "LetsEncryptPythonClient") - if features.Enabled(features.AllowKeyRollover) && !clientDirChangeIntolerant { + if !clientDirChangeIntolerant { directoryEndpoints["key-change"] = rolloverPath } if features.Enabled(features.RandomDirectoryEntry) && !clientDirChangeIntolerant { diff --git a/wfe/wfe_test.go b/wfe/wfe_test.go index 02c548103..1f90f1c35 100644 --- a/wfe/wfe_test.go +++ b/wfe/wfe_test.go @@ -20,6 +20,8 @@ import ( "testing" "time" + jose "gopkg.in/square/go-jose.v2" + "github.com/jmhodges/clock" "github.com/letsencrypt/boulder/core" corepb "github.com/letsencrypt/boulder/core/proto" @@ -38,7 +40,6 @@ import ( vaPB "github.com/letsencrypt/boulder/va/proto" "golang.org/x/net/context" "google.golang.org/grpc" - "gopkg.in/square/go-jose.v2" ) const ( @@ -678,8 +679,6 @@ func TestDirectory(t *testing.T) { // This tests to ensure the `Host` in the following `http.Request` is not // used.by setting `BaseURL` using `localhost`, sending `127.0.0.1` in the Host, // and expecting `localhost` in the JSON result. - _ = features.Set(map[string]bool{"AllowKeyRollover": true}) - defer features.Reset() wfe, _ := setupWFE(t) wfe.BaseURL = "http://localhost:4300" mux := wfe.Handler() @@ -798,8 +797,6 @@ func (cr noopCAA) IsCAAValid( } func TestRelativeDirectory(t *testing.T) { - _ = features.Set(map[string]bool{"AllowKeyRollover": true}) - defer features.Reset() wfe, _ := setupWFE(t) mux := wfe.Handler() @@ -1676,8 +1673,6 @@ func contains(s []string, e string) bool { } func TestRegistration(t *testing.T) { - _ = features.Set(map[string]bool{"AllowKeyRollover": true}) - defer features.Reset() wfe, _ := setupWFE(t) mux := wfe.Handler() responseWriter := httptest.NewRecorder()