letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Standardize on 'shardIdx' to identify crl shards (#6263) 

Realized that "ShardID" is a bad name, because a real unique
identifier of a shard would include the issuer, crl number, and
shard number. Switching to "ShardIdx" makes it clearer that
shards within a full and complete CRL are identified by a
zero-indexed integer.
This commit is contained in:
Aaron Gable 2022-08-02 13:21:26 -07:00 committed by GitHub
parent 305f5b1bc0
commit 733bcec941
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 74 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ca/crl.go
View File

@ -81,7 +81,7 @@ func (ci *crlImpl) GenerateCRL(stream capb.CRLGenerator_GenerateCRLServer) error
return fmt.Errorf("got unrecognized IssuerNameID: %d", payload.Metadata.IssuerNameID)
}
shard = payload.Metadata.Shard
shard = payload.Metadata.ShardIdx
case *capb.GenerateCRLRequest_Entry:
rc, err := ci.entryToRevokedCertificate(payload.Entry)

88
ca/proto/ca.pb.go
View File

@ -424,7 +424,7 @@ type CRLMetadata struct {
IssuerNameID int64 `protobuf:"varint,1,opt,name=issuerNameID,proto3" json:"issuerNameID,omitempty"`
ThisUpdate int64 `protobuf:"varint,2,opt,name=thisUpdate,proto3" json:"thisUpdate,omitempty"` // Unix timestamp (nanoseconds), also used for CRLNumber.
Shard int64 `protobuf:"varint,3,opt,name=shard,proto3" json:"shard,omitempty"`
ShardIdx int64 `protobuf:"varint,3,opt,name=shardIdx,proto3" json:"shardIdx,omitempty"`
}
func (x *CRLMetadata) Reset() {
@ -473,9 +473,9 @@ func (x *CRLMetadata) GetThisUpdate() int64 {
return 0
}
func (x *CRLMetadata) GetShard() int64 {
func (x *CRLMetadata) GetShardIdx() int64 {
if x != nil {
return x.Shard
return x.ShardIdx
}
return 0
}
@ -573,52 +573,52 @@ var file_ca_proto_rawDesc = []byte{
0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x05, 0x65, 0x6e,
0x74, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65,
0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x48, 0x00, 0x52, 0x05, 0x65, 0x6e, 0x74,
0x72, 0x79, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x67, 0x0a,
0x72, 0x79, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0x6d, 0x0a,
0x0b, 0x43, 0x52, 0x4c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x22, 0x0a, 0x0c,
0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01,
0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44,
0x12, 0x1e, 0x0a, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x02,
0x20, 0x01, 0x28, 0x03, 0x52, 0x0a, 0x74, 0x68, 0x69, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x61, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52,
0x05, 0x73, 0x68, 0x61, 0x72, 0x64, 0x22, 0x2b, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a,
0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x63, 0x68,
0x75, 0x6e, 0x6b, 0x32, 0xd8, 0x02, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x55, 0x0a, 0x13,
0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x1f, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x22, 0x00, 0x12, 0x66, 0x0a, 0x21, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72,
0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73,
0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f,
0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47,
0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61,
0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65,
0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e,
0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x32, 0x4c,
0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12,
0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12,
0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53,
0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43,
0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x32, 0x54, 0x0a, 0x0c,
0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x44, 0x0a, 0x0b,
0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16, 0x2e, 0x63, 0x61,
0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x28, 0x01,
0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75,
0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x33,
0x12, 0x1a, 0x0a, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x18, 0x03, 0x20, 0x01,
0x28, 0x03, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x64, 0x49, 0x64, 0x78, 0x22, 0x2b, 0x0a, 0x13,
0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f,
0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01,
0x28, 0x0c, 0x52, 0x05, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x32, 0xd8, 0x02, 0x0a, 0x14, 0x43, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
0x74, 0x79, 0x12, 0x55, 0x0a, 0x13, 0x49, 0x73, 0x73, 0x75, 0x65, 0x50, 0x72, 0x65, 0x63, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x61, 0x2e, 0x49,
0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75,
0x65, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x66, 0x0a, 0x21, 0x49, 0x73, 0x73,
0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72,
0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c,
0x2e, 0x63, 0x61, 0x2e, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x65, 0x46, 0x6f, 0x72, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x63,
0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22,
0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53,
0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f,
0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e,
0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x44,
0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x12, 0x16, 0x2e,
0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72,
0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
0x28, 0x01, 0x30, 0x01, 0x32, 0x4c, 0x0a, 0x0d, 0x4f, 0x43, 0x53, 0x50, 0x47, 0x65, 0x6e, 0x65,
0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72,
0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10,
0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x22, 0x00, 0x32, 0x54, 0x0a, 0x0c, 0x43, 0x52, 0x4c, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
0x6f, 0x72, 0x12, 0x44, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52,
0x4c, 0x12, 0x16, 0x2e, 0x63, 0x61, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43,
0x52, 0x4c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x63, 0x61, 0x2e, 0x47,
0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x52, 0x4c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68,
0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79,
0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x61, 0x2f, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (

2
ca/proto/ca.proto
View File

@ -67,7 +67,7 @@ message GenerateCRLRequest {
message CRLMetadata {
int64 issuerNameID = 1;
int64 thisUpdate = 2; // Unix timestamp (nanoseconds), also used for CRLNumber.
int64 shard = 3;
int64 shardIdx = 3;
}
message GenerateCRLResponse {

56
crl/updater/updater.go
View File

@ -206,40 +206,40 @@ func (cu *crlUpdater) tickIssuer(ctx context.Context, atTime time.Time, issuerID
cu.log.Debugf("Ticking issuer %d at time %s", issuerID, atTime)
type shardResult struct {
shardID int
err error
shardIdx int
err error
}
shardWorker := func(in <-chan int, out chan<- shardResult) {
for id := range in {
for idx := range in {
select {
case <-ctx.Done():
return
default:
out <- shardResult{
shardID: id,
err: cu.tickShard(ctx, atTime, issuerID, id),
shardIdx: idx,
err: cu.tickShard(ctx, atTime, issuerID, idx),
}
}
}
}
shardIDs := make(chan int, cu.numShards)
shardIdxs := make(chan int, cu.numShards)
shardResults := make(chan shardResult, cu.numShards)
for i := 0; i < cu.maxParallelism; i++ {
go shardWorker(shardIDs, shardResults)
go shardWorker(shardIdxs, shardResults)
}
for shardID := 0; shardID < cu.numShards; shardID++ {
shardIDs <- shardID
shardIdxs <- shardID
}
close(shardIDs)
close(shardIdxs)
for i := 0; i < cu.numShards; i++ {
res := <-shardResults
if res.err != nil {
result = "failed"
return fmt.Errorf("updating shard %d: %w", res.shardID, res.err)
return fmt.Errorf("updating shard %d: %w", res.shardIdx, res.err)
}
}
@ -248,16 +248,16 @@ func (cu *crlUpdater) tickIssuer(ctx context.Context, atTime time.Time, issuerID
return nil
}
func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID issuance.IssuerNameID, shardID int) error {
func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID issuance.IssuerNameID, shardIdx int) error {
start := cu.clk.Now()
result := "success"
defer func() {
cu.tickHistogram.WithLabelValues(cu.issuers[issuerID].Subject.CommonName, result).Observe(cu.clk.Since(start).Seconds())
cu.generatedCounter.WithLabelValues(result).Inc()
}()
cu.log.Debugf("Ticking shard %d of issuer %d at time %s", shardID, issuerID, atTime)
cu.log.Debugf("Ticking shard %d of issuer %d at time %s", shardIdx, issuerID, atTime)
expiresAfter, expiresBefore := cu.getShardBoundaries(atTime, shardID)
expiresAfter, expiresBefore := cu.getShardBoundaries(atTime, shardIdx)
saStream, err := cu.sa.GetRevokedCerts(ctx, &sapb.GetRevokedCertsRequest{
IssuerNameID: int64(issuerID),
@ -267,13 +267,13 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
})
if err != nil {
result = "failed"
return fmt.Errorf("connecting to SA for shard %d: %w", shardID, err)
return fmt.Errorf("connecting to SA for shard %d: %w", shardIdx, err)
}
caStream, err := cu.ca.GenerateCRL(ctx)
if err != nil {
result = "failed"
return fmt.Errorf("connecting to CA for shard %d: %w", shardID, err)
return fmt.Errorf("connecting to CA for shard %d: %w", shardIdx, err)
}
err = caStream.Send(&capb.GenerateCRLRequest{
@ -281,13 +281,13 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
Metadata: &capb.CRLMetadata{
IssuerNameID: int64(issuerID),
ThisUpdate: atTime.UnixNano(),
Shard: int64(shardID),
ShardIdx: int64(shardIdx),
},
},
})
if err != nil {
result = "failed"
return fmt.Errorf("sending CA metadata for shard %d: %w", shardID, err)
return fmt.Errorf("sending CA metadata for shard %d: %w", shardIdx, err)
}
for {
@ -297,7 +297,7 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
break
}
result = "failed"
return fmt.Errorf("retrieving entry from SA for shard %d: %w", shardID, err)
return fmt.Errorf("retrieving entry from SA for shard %d: %w", shardIdx, err)
}
err = caStream.Send(&capb.GenerateCRLRequest{
@ -307,7 +307,7 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
})
if err != nil {
result = "failed"
return fmt.Errorf("sending entry to CA for shard %d: %w", shardID, err)
return fmt.Errorf("sending entry to CA for shard %d: %w", shardIdx, err)
}
}
@ -317,7 +317,7 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
err = caStream.CloseSend()
if err != nil {
result = "failed"
return fmt.Errorf("closing CA request stream for shard %d: %w", shardID, err)
return fmt.Errorf("closing CA request stream for shard %d: %w", shardIdx, err)
}
// TODO(#6162): Connect to the crl-storer, and stream the bytes there.
@ -330,7 +330,7 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
break
}
result = "failed"
return fmt.Errorf("receiving CRL bytes for shard %d: %w", shardID, err)
return fmt.Errorf("receiving CRL bytes for shard %d: %w", shardIdx, err)
}
crlBytes = append(crlBytes, out.Chunk...)
@ -340,7 +340,7 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
crlHash := crlHasher.Sum(nil)
cu.log.AuditInfof(
"Received CRL: issuerID=[%d] number=[%d] shard=[%d] size=[%d] hash=[%x]",
issuerID, atTime.UnixNano(), shardID, len(crlBytes), crlHash)
issuerID, atTime.UnixNano(), shardIdx, len(crlBytes), crlHash)
return nil
}
@ -390,9 +390,9 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerID
// there is a buffer of at least one whole chunk width between the actual
// furthest-future expiration (generally atTime+90d) and the right-hand edge of
// the window (atTime+lookforwardPeriod).
func (cu *crlUpdater) getShardBoundaries(atTime time.Time, shardID int) (time.Time, time.Time) {
// Ensure that the given shardID falls within the space of acceptable IDs.
shardID = shardID % cu.numShards
func (cu *crlUpdater) getShardBoundaries(atTime time.Time, shardIdx int) (time.Time, time.Time) {
// Ensure that the given shard index falls within the space of acceptable indices.
shardIdx = shardIdx % cu.numShards
// Compute the width of the full window.
windowWidth := cu.lookbackPeriod + cu.lookforwardPeriod
@ -406,10 +406,10 @@ func (cu *crlUpdater) getShardBoundaries(atTime time.Time, shardID int) (time.Ti
shardWidth := time.Duration(windowWidth.Nanoseconds() / int64(cu.numShards))
// Compute the amount of time between the left-hand edge of the most recent
// "0" chunk and the left-hand edge of the desired chunk.
shardOffset := time.Duration(int64(shardID) * shardWidth.Nanoseconds())
// Compute the left-hand edge of the most recent chunk with the given ID.
shardOffset := time.Duration(int64(shardIdx) * shardWidth.Nanoseconds())
// Compute the left-hand edge of the most recent chunk with the given index.
shardStart := zeroStart.Add(shardOffset)
// Compute the right-hand edge of the most recent chunk with the given ID.
// Compute the right-hand edge of the most recent chunk with the given index.
shardEnd := shardStart.Add(shardWidth)
// But the shard boundaries we just computed might be for a chunk that is

2
issuance/issuance.go
View File

@ -345,8 +345,6 @@ type IssuerID int64
// both CA and end-entity certs to link them together into a validation chain.
// It is computed as a truncated hash over the issuer Subject Name bytes, or
// over the end-entity's Issuer Name bytes, which are required to be equal.
// TODO(#5152): Rename this "IssuerID" when we've fully deprecated the old-style
// IssuerIDs and replaced them with NameIDs.
type IssuerNameID int64
// Certificate embeds an *x509.Certificate and represents the added semantics