Remove AllowKeyRollover flag (#3037)
This commit is contained in:
Kleber Correia
Daniel McCarney
parent
18f15b2b3d
commit
710c814720
12
ra/ra.go
12
ra/ra.go
|
|
@ -1144,11 +1144,13 @@ func mergeUpdate(r *core.Registration, input core.Registration) bool {
|
|||
changed = true
|
||||
}
|
||||
|
||||
if features.Enabled(features.AllowKeyRollover) && input.Key != nil {
|
||||
sameKey, _ := core.PublicKeysEqual(r.Key.Key, input.Key.Key)
|
||||
if !sameKey {
|
||||
r.Key = input.Key
|
||||
changed = true
|
||||
if input.Key != nil {
|
||||
if r.Key != nil {
|
||||
sameKey, _ := core.PublicKeysEqual(r.Key.Key, input.Key.Key)
|
||||
if !sameKey {
|
||||
r.Key = input.Key
|
||||
changed = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -412,15 +412,6 @@ func TestNewRegistrationNoFieldOverwrite(t *testing.T) {
|
|||
test.Assert(t, result.ID != 23, "ID shouldn't be set by user")
|
||||
// TODO: Enable this test case once we validate terms agreement.
|
||||
//test.Assert(t, result.Agreement != "I agreed", "Agreement shouldn't be set with invalid URL")
|
||||
|
||||
id := result.ID
|
||||
result2, err := ra.UpdateRegistration(ctx, result, core.Registration{
|
||||
ID: 33,
|
||||
Key: &ShortKey,
|
||||
})
|
||||
test.AssertNotError(t, err, "Could not update registration")
|
||||
test.Assert(t, result2.ID != 33, fmt.Sprintf("ID shouldn't be overwritten. expected %d, got %d", id, result2.ID))
|
||||
test.Assert(t, !core.KeyDigestEquals(result2.Key, ShortKey), "Key shouldn't be overwritten")
|
||||
}
|
||||
|
||||
func TestNewRegistrationBadKey(t *testing.T) {
|
||||
|
|
@ -1400,15 +1391,8 @@ func TestRegistrationKeyUpdate(t *testing.T) {
|
|||
test.AssertNotError(t, err, "rsa.GenerateKey() for oldKey failed")
|
||||
|
||||
rA, rB := core.Registration{Key: &jose.JSONWebKey{Key: oldKey}}, core.Registration{}
|
||||
|
||||
changed := mergeUpdate(&rA, rB)
|
||||
if changed {
|
||||
t.Fatal("mergeUpdate changed the key with features.AllowKeyRollover disabled and empty update")
|
||||
}
|
||||
|
||||
_ = features.Set(map[string]bool{"AllowKeyRollover": true})
|
||||
defer features.Reset()
|
||||
|
||||
changed = mergeUpdate(&rA, rB)
|
||||
if changed {
|
||||
t.Fatal("mergeUpdate changed the key with empty update")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -325,9 +325,8 @@ func (wfe *WebFrontEndImpl) Handler() http.Handler {
|
|||
wfe.HandleFunc(m, termsPath, wfe.Terms, "GET")
|
||||
wfe.HandleFunc(m, issuerPath, wfe.Issuer, "GET")
|
||||
wfe.HandleFunc(m, buildIDPath, wfe.BuildID, "GET")
|
||||
if features.Enabled(features.AllowKeyRollover) {
|
||||
wfe.HandleFunc(m, rolloverPath, wfe.KeyRollover, "POST")
|
||||
}
|
||||
wfe.HandleFunc(m, rolloverPath, wfe.KeyRollover, "POST")
|
||||
|
||||
// We don't use our special HandleFunc for "/" because it matches everything,
|
||||
// meaning we can wind up returning 405 when we mean to return 404. See
|
||||
// https://github.com/letsencrypt/boulder/issues/717
|
||||
|
|
@ -397,7 +396,7 @@ func (wfe *WebFrontEndImpl) Directory(ctx context.Context, logEvent *requestEven
|
|||
// encounter a directory containing elements they don't expect so we gate
|
||||
// adding new directory fields for clients matching this UA.
|
||||
clientDirChangeIntolerant := strings.HasPrefix(request.UserAgent(), "LetsEncryptPythonClient")
|
||||
if features.Enabled(features.AllowKeyRollover) && !clientDirChangeIntolerant {
|
||||
if !clientDirChangeIntolerant {
|
||||
directoryEndpoints["key-change"] = rolloverPath
|
||||
}
|
||||
if features.Enabled(features.RandomDirectoryEntry) && !clientDirChangeIntolerant {
|
||||
|
|
|
|||
|
|
@ -20,6 +20,8 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
jose "gopkg.in/square/go-jose.v2"
|
||||
|
||||
"github.com/jmhodges/clock"
|
||||
"github.com/letsencrypt/boulder/core"
|
||||
corepb "github.com/letsencrypt/boulder/core/proto"
|
||||
|
|
@ -38,7 +40,6 @@ import (
|
|||
vaPB "github.com/letsencrypt/boulder/va/proto"
|
||||
"golang.org/x/net/context"
|
||||
"google.golang.org/grpc"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -678,8 +679,6 @@ func TestDirectory(t *testing.T) {
|
|||
// This tests to ensure the `Host` in the following `http.Request` is not
|
||||
// used.by setting `BaseURL` using `localhost`, sending `127.0.0.1` in the Host,
|
||||
// and expecting `localhost` in the JSON result.
|
||||
_ = features.Set(map[string]bool{"AllowKeyRollover": true})
|
||||
defer features.Reset()
|
||||
wfe, _ := setupWFE(t)
|
||||
wfe.BaseURL = "http://localhost:4300"
|
||||
mux := wfe.Handler()
|
||||
|
|
@ -798,8 +797,6 @@ func (cr noopCAA) IsCAAValid(
|
|||
}
|
||||
|
||||
func TestRelativeDirectory(t *testing.T) {
|
||||
_ = features.Set(map[string]bool{"AllowKeyRollover": true})
|
||||
defer features.Reset()
|
||||
wfe, _ := setupWFE(t)
|
||||
mux := wfe.Handler()
|
||||
|
||||
|
|
@ -1676,8 +1673,6 @@ func contains(s []string, e string) bool {
|
|||
}
|
||||
|
||||
func TestRegistration(t *testing.T) {
|
||||
_ = features.Set(map[string]bool{"AllowKeyRollover": true})
|
||||
defer features.Reset()
|
||||
wfe, _ := setupWFE(t)
|
||||
mux := wfe.Handler()
|
||||
responseWriter := httptest.NewRecorder()
|
||||
|
|
|
|||
Loading…
Reference in New Issue