diff --git a/ra/ra.go b/ra/ra.go index bff2d9b79..4bb482ca7 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -844,9 +844,9 @@ func (ra *RegistrationAuthorityImpl) recheckCAA(ctx context.Context, authzs []*c } resp, err := ra.caa.IsCAAValid(ctx, &vapb.IsCAAValidRequest{ - Domain: &name, - ValidationMethod: &method, - AccountURIID: &authz.RegistrationID, + Domain: name, + ValidationMethod: method, + AccountURIID: authz.RegistrationID, }) if err != nil { ra.log.AuditErrf("Rechecking CAA: %s", err) @@ -1613,11 +1613,11 @@ func (ra *RegistrationAuthorityImpl) PerformValidation( chall, _ := bgrpc.ChallengeToPB(authz.Challenges[challIndex]) req := vapb.PerformValidationRequest{ - Domain: &authz.Identifier.Value, + Domain: authz.Identifier.Value, Challenge: chall, Authz: &vapb.AuthzMeta{ - Id: &authz.ID, - RegID: &authz.RegistrationID, + Id: authz.ID, + RegID: authz.RegistrationID, }, } res, err := ra.VA.PerformValidation(vaCtx, &req) diff --git a/ra/ra_test.go b/ra/ra_test.go index bb1ffb2a5..edb6c552e 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -1850,7 +1850,7 @@ func (cr *caaRecorder) IsCAAValid( ) (*vapb.IsCAAValidResponse, error) { cr.Lock() defer cr.Unlock() - cr.names[*in.Domain] = true + cr.names[in.Domain] = true return &vapb.IsCAAValidResponse{}, nil } @@ -1969,7 +1969,7 @@ func (cf *caaFailer) IsCAAValid( opts ...grpc.CallOption, ) (*vapb.IsCAAValidResponse, error) { cvrpb := &vapb.IsCAAValidResponse{} - switch *in.Domain { + switch in.Domain { case "a.com": cvrpb.Problem = &corepb.ProblemDetails{ Detail: proto.String("CAA invalid for a.com"), diff --git a/va/caa.go b/va/caa.go index dd6134365..d9f7e679d 100644 --- a/va/caa.go +++ b/va/caa.go @@ -16,14 +16,14 @@ import ( ) type caaParams struct { - accountURIID *int64 - validationMethod *string + accountURIID int64 + validationMethod string } func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error) { acmeID := identifier.ACMEIdentifier{ Type: identifier.DNS, - Value: *req.Domain, + Value: req.Domain, } params := &caaParams{ accountURIID: req.AccountURIID, @@ -31,7 +31,7 @@ func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsC } if prob := va.checkCAA(ctx, acmeID, params); prob != nil { typ := string(prob.Type) - detail := fmt.Sprintf("While processing CAA for %s: %s", *req.Domain, prob.Detail) + detail := fmt.Sprintf("While processing CAA for %s: %s", req.Domain, prob.Detail) return &vapb.IsCAAValidResponse{ Problem: &corepb.ProblemDetails{ ProblemType: &typ, @@ -59,11 +59,11 @@ func (va *ValidationAuthorityImpl) checkCAA( } accountID, validationMethod := "unknown", "unknown" - if params.accountURIID != nil && *params.accountURIID != 0 { - accountID = fmt.Sprintf("%d", *params.accountURIID) + if params.accountURIID != 0 { + accountID = fmt.Sprintf("%d", params.accountURIID) } - if params.validationMethod != nil && *params.validationMethod != "" { - validationMethod = *params.validationMethod + if params.validationMethod != "" { + validationMethod = params.validationMethod } va.log.AuditInfof("Checked CAA records for %s, [Present: %t, Account ID: %s, Challenge: %s, Valid for issuance: %t] Records=%s", @@ -265,10 +265,10 @@ func (va *ValidationAuthorityImpl) validateCAASet(caaSet *CAASet, wildcard bool, // https://tools.ietf.org/html/draft-ietf-acme-caa-04 caaAccountURI, ok := caaParameters["accounturi"] if ok { - if params.accountURIID == nil { + if params.accountURIID == 0 { continue } - if !checkAccountURI(caaAccountURI, va.accountURIPrefixes, *params.accountURIID) { + if !checkAccountURI(caaAccountURI, va.accountURIPrefixes, params.accountURIID) { continue } } @@ -279,10 +279,10 @@ func (va *ValidationAuthorityImpl) validateCAASet(caaSet *CAASet, wildcard bool, // https://tools.ietf.org/html/draft-ietf-acme-caa-04 caaMethods, ok := caaParameters["validationmethods"] if ok { - if params.validationMethod == nil { + if params.validationMethod == "" { continue } - if !containsMethod(caaMethods, *params.validationMethod) { + if !containsMethod(caaMethods, params.validationMethod) { continue } } diff --git a/va/caa_test.go b/va/caa_test.go index c75f5b4af..993207e46 100644 --- a/va/caa_test.go +++ b/va/caa_test.go @@ -392,7 +392,7 @@ func TestCAAChecking(t *testing.T) { accountURIID := int64(123) method := "http-01" - params := &caaParams{accountURIID: &accountURIID, validationMethod: &method} + params := &caaParams{accountURIID: accountURIID, validationMethod: method} va, _ := setup(nil, 0, "", nil) if err := features.Set(map[string]bool{"CAAValidationMethods": true, "CAAAccountURI": true}); err != nil { @@ -533,10 +533,9 @@ func TestCAALogging(t *testing.T) { mockLog := va.log.(*blog.Mock) mockLog.Clear() - validationMethod := string(tc.ChallengeType) params := &caaParams{ - accountURIID: &tc.AccountURIID, - validationMethod: &validationMethod, + accountURIID: tc.AccountURIID, + validationMethod: string(tc.ChallengeType), } _ = va.checkCAA(ctx, identifier.ACMEIdentifier{Type: identifier.DNS, Value: tc.Domain}, params) @@ -561,7 +560,7 @@ func TestIsCAAValidErrMessage(t *testing.T) { // caaMockDNS. domain := "caa-timeout.com" resp, err := va.IsCAAValid(ctx, &vapb.IsCAAValidRequest{ - Domain: &domain, + Domain: domain, }) // The lookup itself should not return an error diff --git a/va/proto/va.pb.go b/va/proto/va.pb.go index 8e23b4ebb..a33473b97 100644 --- a/va/proto/va.pb.go +++ b/va/proto/va.pb.go @@ -36,9 +36,9 @@ type IsCAAValidRequest struct { unknownFields protoimpl.UnknownFields // NOTE: Domain may be a name with a wildcard prefix (e.g. `*.example.com`) - Domain *string `protobuf:"bytes,1,opt,name=domain" json:"domain,omitempty"` - ValidationMethod *string `protobuf:"bytes,2,opt,name=validationMethod" json:"validationMethod,omitempty"` - AccountURIID *int64 `protobuf:"varint,3,opt,name=accountURIID" json:"accountURIID,omitempty"` + Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` + ValidationMethod string `protobuf:"bytes,2,opt,name=validationMethod,proto3" json:"validationMethod,omitempty"` + AccountURIID int64 `protobuf:"varint,3,opt,name=accountURIID,proto3" json:"accountURIID,omitempty"` } func (x *IsCAAValidRequest) Reset() { @@ -74,22 +74,22 @@ func (*IsCAAValidRequest) Descriptor() ([]byte, []int) { } func (x *IsCAAValidRequest) GetDomain() string { - if x != nil && x.Domain != nil { - return *x.Domain + if x != nil { + return x.Domain } return "" } func (x *IsCAAValidRequest) GetValidationMethod() string { - if x != nil && x.ValidationMethod != nil { - return *x.ValidationMethod + if x != nil { + return x.ValidationMethod } return "" } func (x *IsCAAValidRequest) GetAccountURIID() int64 { - if x != nil && x.AccountURIID != nil { - return *x.AccountURIID + if x != nil { + return x.AccountURIID } return 0 } @@ -100,7 +100,7 @@ type IsCAAValidResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Problem *proto1.ProblemDetails `protobuf:"bytes,1,opt,name=problem" json:"problem,omitempty"` + Problem *proto1.ProblemDetails `protobuf:"bytes,1,opt,name=problem,proto3" json:"problem,omitempty"` } func (x *IsCAAValidResponse) Reset() { @@ -147,9 +147,9 @@ type PerformValidationRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Domain *string `protobuf:"bytes,1,opt,name=domain" json:"domain,omitempty"` - Challenge *proto1.Challenge `protobuf:"bytes,2,opt,name=challenge" json:"challenge,omitempty"` - Authz *AuthzMeta `protobuf:"bytes,3,opt,name=authz" json:"authz,omitempty"` + Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` + Challenge *proto1.Challenge `protobuf:"bytes,2,opt,name=challenge,proto3" json:"challenge,omitempty"` + Authz *AuthzMeta `protobuf:"bytes,3,opt,name=authz,proto3" json:"authz,omitempty"` } func (x *PerformValidationRequest) Reset() { @@ -185,8 +185,8 @@ func (*PerformValidationRequest) Descriptor() ([]byte, []int) { } func (x *PerformValidationRequest) GetDomain() string { - if x != nil && x.Domain != nil { - return *x.Domain + if x != nil { + return x.Domain } return "" } @@ -210,8 +210,8 @@ type AuthzMeta struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id *string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"` - RegID *int64 `protobuf:"varint,2,opt,name=regID" json:"regID,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + RegID int64 `protobuf:"varint,2,opt,name=regID,proto3" json:"regID,omitempty"` } func (x *AuthzMeta) Reset() { @@ -247,15 +247,15 @@ func (*AuthzMeta) Descriptor() ([]byte, []int) { } func (x *AuthzMeta) GetId() string { - if x != nil && x.Id != nil { - return *x.Id + if x != nil { + return x.Id } return "" } func (x *AuthzMeta) GetRegID() int64 { - if x != nil && x.RegID != nil { - return *x.RegID + if x != nil { + return x.RegID } return 0 } @@ -265,8 +265,8 @@ type ValidationResult struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Records []*proto1.ValidationRecord `protobuf:"bytes,1,rep,name=records" json:"records,omitempty"` - Problems *proto1.ProblemDetails `protobuf:"bytes,2,opt,name=problems" json:"problems,omitempty"` + Records []*proto1.ValidationRecord `protobuf:"bytes,1,rep,name=records,proto3" json:"records,omitempty"` + Problems *proto1.ProblemDetails `protobuf:"bytes,2,opt,name=problems,proto3" json:"problems,omitempty"` } func (x *ValidationResult) Reset() { @@ -364,7 +364,7 @@ var file_va_proto_va_proto_rawDesc = []byte{ 0x69, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x76, - 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/va/proto/va.proto b/va/proto/va.proto index 4db611a34..2fb60a079 100644 --- a/va/proto/va.proto +++ b/va/proto/va.proto @@ -1,4 +1,4 @@ -syntax = "proto2"; +syntax = "proto3"; package va; option go_package = "github.com/letsencrypt/boulder/va/proto"; @@ -15,28 +15,28 @@ service CAA { message IsCAAValidRequest { // NOTE: Domain may be a name with a wildcard prefix (e.g. `*.example.com`) - optional string domain = 1; - optional string validationMethod = 2; - optional int64 accountURIID = 3; + string domain = 1; + string validationMethod = 2; + int64 accountURIID = 3; } // If CAA is valid for the requested domain, the problem will be empty message IsCAAValidResponse { - optional core.ProblemDetails problem = 1; + core.ProblemDetails problem = 1; } message PerformValidationRequest { - optional string domain = 1; - optional core.Challenge challenge = 2; - optional AuthzMeta authz = 3; + string domain = 1; + core.Challenge challenge = 2; + AuthzMeta authz = 3; } message AuthzMeta { - optional string id = 1; - optional int64 regID = 2; + string id = 1; + int64 regID = 2; } message ValidationResult { repeated core.ValidationRecord records = 1; - optional core.ProblemDetails problems = 2; + core.ProblemDetails problems = 2; } diff --git a/va/va.go b/va/va.go index 1f0b7c3d1..25658bd23 100644 --- a/va/va.go +++ b/va/va.go @@ -330,10 +330,9 @@ func (va *ValidationAuthorityImpl) validate( // `baseIdentifier` ch := make(chan *probs.ProblemDetails, 1) go func() { - validationMethod := string(challenge.Type) params := &caaParams{ - accountURIID: ®id, - validationMethod: &validationMethod, + accountURIID: regid, + validationMethod: string(challenge.Type), } ch <- va.checkCAA(ctx, identifier, params) }() @@ -596,9 +595,9 @@ func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *v return nil, berrors.InternalServerError("Incomplete validation request") } logEvent := verificationRequestEvent{ - ID: *req.Authz.Id, - Requester: *req.Authz.RegID, - Hostname: *req.Domain, + ID: req.Authz.Id, + Requester: req.Authz.RegID, + Hostname: req.Domain, } vStart := va.clk.Now() @@ -613,7 +612,7 @@ func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *v return nil, probs.ServerInternal("Challenge failed to deserialize") } - records, prob := va.validate(ctx, identifier.DNSIdentifier(*req.Domain), *req.Authz.RegID, challenge) + records, prob := va.validate(ctx, identifier.DNSIdentifier(req.Domain), req.Authz.RegID, challenge) challenge.ValidationRecord = records localValidationLatency := time.Since(vStart) @@ -635,8 +634,8 @@ func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *v // routine to avoid blocking the primary VA. go func() { _ = va.processRemoteResults( - *req.Domain, - *req.Authz.RegID, + req.Domain, + req.Authz.RegID, string(challenge.Type), prob, remoteResults, @@ -648,8 +647,8 @@ func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *v challenge.Status = core.StatusValid } else if features.Enabled(features.EnforceMultiVA) { remoteProb := va.processRemoteResults( - *req.Domain, - *req.Authz.RegID, + req.Domain, + req.Authz.RegID, string(challenge.Type), prob, remoteResults, @@ -662,7 +661,7 @@ func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *v challenge.Error = remoteProb logEvent.Error = remoteProb.Error() va.log.Infof("Validation failed due to remote failures: identifier=%v err=%s", - *req.Domain, remoteProb) + req.Domain, remoteProb) va.metrics.remoteValidationFailures.Inc() } else { challenge.Status = core.StatusValid diff --git a/va/va_test.go b/va/va_test.go index 5957feb3b..aff2b085c 100644 --- a/va/va_test.go +++ b/va/va_test.go @@ -82,10 +82,8 @@ var accountURIPrefixes = []string{"http://boulder:4000/acme/reg/"} func createValidationRequest(domain string, challengeType core.AcmeChallenge) *vapb.PerformValidationRequest { ctype := string(challengeType) status := string(core.StatusPending) - authzID := "" - authzRegID := int64(0) return &vapb.PerformValidationRequest{ - Domain: &domain, + Domain: domain, Challenge: &corepb.Challenge{ Type: &ctype, Status: &status, @@ -94,8 +92,8 @@ func createValidationRequest(domain string, challengeType core.AcmeChallenge) *v KeyAuthorization: &expectedKeyAuthorization, }, Authz: &vapb.AuthzMeta{ - Id: &authzID, - RegID: &authzRegID, + Id: "", + RegID: 0, }, } }