Return pointer from NewNonceService.
This commit is contained in:
Jacob Hoffman-Andrews
parent
c6bb0ad45b
commit
8b2c50bc65
|
|
@ -28,10 +28,10 @@ type NonceService struct {
|
|||
}
|
||||
|
||||
// NewNonceService constructs a NonceService with defaults
|
||||
func NewNonceService() (NonceService, error) {
|
||||
func NewNonceService() (*NonceService, error) {
|
||||
key := make([]byte, 16)
|
||||
if _, err := rand.Read(key); err != nil {
|
||||
return NonceService{}, err
|
||||
return nil, err
|
||||
}
|
||||
|
||||
c, err := aes.NewCipher(key)
|
||||
|
|
@ -43,7 +43,7 @@ func NewNonceService() (NonceService, error) {
|
|||
panic("Failure in NewGCM: " + err.Error())
|
||||
}
|
||||
|
||||
return NonceService{
|
||||
return &NonceService{
|
||||
earliest: 0,
|
||||
latest: 0,
|
||||
used: make(map[int64]bool, MaxUsed),
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ type WebFrontEndImpl struct {
|
|||
SubscriberAgreementURL string
|
||||
|
||||
// Register of anti-replay nonces
|
||||
nonceService core.NonceService
|
||||
nonceService *core.NonceService
|
||||
|
||||
// Cache settings
|
||||
CertCacheDuration time.Duration
|
||||
|
|
|
|||
|
|
@ -584,7 +584,7 @@ func TestIssueCertificate(t *testing.T) {
|
|||
// POST, Properly JWS-signed, but payload is "foo", not base64-encoded JSON.
|
||||
responseWriter.Body.Reset()
|
||||
wfe.NewCertificate(newRequestEvent(), responseWriter,
|
||||
makePostRequest(signRequest(t, "foo", &wfe.nonceService)))
|
||||
makePostRequest(signRequest(t, "foo", wfe.nonceService)))
|
||||
test.AssertEquals(t,
|
||||
responseWriter.Body.String(),
|
||||
`{"type":"urn:acme:error:malformed","detail":"Unable to read/verify body :: Request payload did not parse as JSON"}`)
|
||||
|
|
@ -593,7 +593,7 @@ func TestIssueCertificate(t *testing.T) {
|
|||
responseWriter.Body.Reset()
|
||||
wfe.NewCertificate(newRequestEvent(), responseWriter,
|
||||
makePostRequest(
|
||||
signRequest(t, "{}", &wfe.nonceService)))
|
||||
signRequest(t, "{}", wfe.nonceService)))
|
||||
test.AssertEquals(t,
|
||||
responseWriter.Body.String(),
|
||||
`{"type":"urn:acme:error:malformed","detail":"Unable to read/verify body :: Request payload does not specify a resource"}`)
|
||||
|
|
@ -601,7 +601,7 @@ func TestIssueCertificate(t *testing.T) {
|
|||
// Valid, signed JWS body, payload is '{"resource":"new-cert"}'
|
||||
responseWriter.Body.Reset()
|
||||
wfe.NewCertificate(newRequestEvent(), responseWriter,
|
||||
makePostRequest(signRequest(t, `{"resource":"new-cert"}`, &wfe.nonceService)))
|
||||
makePostRequest(signRequest(t, `{"resource":"new-cert"}`, wfe.nonceService)))
|
||||
test.AssertEquals(t,
|
||||
responseWriter.Body.String(),
|
||||
`{"type":"urn:acme:error:malformed","detail":"Error unmarshaling certificate request"}`)
|
||||
|
|
@ -616,7 +616,7 @@ func TestIssueCertificate(t *testing.T) {
|
|||
makePostRequest(signRequest(t, `{
|
||||
"resource":"new-cert",
|
||||
"csr": "MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHZm9iLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKzHhqcMSTVjBu61vufGVmIYM4mMbWXgndHOUWnIqSKcNtFtPQ465tcZRT5ITIZWXGjsmgDrj31qvG3t5qLwyaF5hsTvFHK72nLMAQhdgM6481Qe9yaoaulWpkGr_9LVz4jQ9pGAaLVamXGpSxV-ipTOo79Sev4aZE8ksD9atEfWtcOD9w8_zj74vpWjTAHN49Q88chlChVqakn0zSfHPfS-jF8g0UTddBuF0Ti3sZChjxzbo6LwZ4182xX7XPnOLav3AGj0Su7j5XMl3OpenOrlWulWJeZIHq5itGW321j306XiGdbrdWH4K7JygICFds6oolwQRGBY6yinAtCgkTcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBxPiHOtKuBxtvecMNtLkTSuTyEkusQGnjoFDaKe5oqwGYQgy0YBii2-BbaPmqS4ZaDc-vDz_RLeKH5ZiH-NliYR1V_CRtpFLQi18g_2pLQnZLVO3ENs-SM37nU_nBGn9O93t2bkssoM3fZmtgp3R2W7I_wvx7Z8oWKa4boTeBAg_q9Gmi6QskZBddK7A4S_vOR0frU6QSPK_ksPhvovp9fwb6CVKrlJWf556UwRPWgbkW39hvTxK2KHhrUEg3oawNkWde2jZtnZ9e-9zpw8-_5O0X7-YN0ucbFTfQybce_ReuLlGepiHT5bvVavBZoIvqw1XOgSMvGgZFU8tAWMBlj"
|
||||
}`, &wfe.nonceService)))
|
||||
}`, wfe.nonceService)))
|
||||
test.AssertEquals(t,
|
||||
responseWriter.Body.String(),
|
||||
`{"type":"urn:acme:error:unauthorized","detail":"Error creating new cert :: Invalid signature on CSR"}`)
|
||||
|
|
@ -629,7 +629,7 @@ func TestIssueCertificate(t *testing.T) {
|
|||
makePostRequest(signRequest(t, `{
|
||||
"resource":"new-cert",
|
||||
"csr": "MIICWDCCAUACAQAwEzERMA8GA1UEAwwIbWVlcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaqzue57mgXEoGTZZoVkkCZraebWgXI8irX2BgQB1A3iZa9onxGPMcWQMxhSuUisbEJi4UkMcVST12HX01rUwhj41UuBxJvI1w4wvdstssTAaa9c9tsQ5-UED2bFRL1MsyBdbmCF_-pu3i-ZIYqWgiKbjVBe3nlAVbo77zizwp3Y4Tp1_TBOwTAuFkHePmkNT63uPm9My_hNzsSm1o-Q519Cf7ry-JQmOVgz_jIgFVGFYJ17EV3KUIpUuDShuyCFATBQspgJSN2DoXRUlQjXXkNTj23OxxdT_cVLcLJjytyG6e5izME2R2aCkDBWIc1a4_sRJ0R396auPXG6KhJ7o_AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEALu046p76aKgvoAEHFINkMTgKokPXf9mZ4IZx_BKz-qs1MPMxVtPIrQDVweBH6tYT7Hfj2naLry6SpZ3vUNP_FYeTFWgW1V03LiqacX-QQgbEYtn99Dt3ScGyzb7EH833ztb3vDJ_-ha_CJplIrg-kHBBrlLFWXhh-I9K1qLRTNpbhZ18ooFde4Sbhkw9o9fKivGhx9aYr7ZbjRsNtKit_DsG1nwEXz53TMJ2vB9IQY29coJv_n5NFLkvBfzbG5faRNiFcimPYBO2jFdaA2mWzfxltLtwMF_dBwzTXDpMo3TVT9zEdV8YpsWqr63igqGDZVpKenlkqvRTeGJVayVuMA"
|
||||
}`, &wfe.nonceService)))
|
||||
}`, wfe.nonceService)))
|
||||
test.AssertEquals(t,
|
||||
responseWriter.Body.String(),
|
||||
`{"type":"urn:acme:error:unauthorized","detail":"Error creating new cert :: Authorizations for these names not found or expired: meep.com"}`)
|
||||
|
|
@ -642,7 +642,7 @@ func TestIssueCertificate(t *testing.T) {
|
|||
makePostRequest(signRequest(t, `{
|
||||
"resource":"new-cert",
|
||||
"csr": "MIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSbm90LWFuLWV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqs7nue5oFxKBk2WaFZJAma2nm1oFyPIq19gYEAdQN4mWvaJ8RjzHFkDMYUrlIrGxCYuFJDHFUk9dh19Na1MIY-NVLgcSbyNcOML3bLbLEwGmvXPbbEOflBA9mxUS9TLMgXW5ghf_qbt4vmSGKloIim41QXt55QFW6O-84s8Kd2OE6df0wTsEwLhZB3j5pDU-t7j5vTMv4Tc7EptaPkOdfQn-68viUJjlYM_4yIBVRhWCdexFdylCKVLg0obsghQEwULKYCUjdg6F0VJUI115DU49tzscXU_3FS3CyY8rchunuYszBNkdmgpAwViHNWuP7ESdEd_emrj1xuioSe6PwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAE_T1nWU38XVYL28hNVSXU0rW5IBUKtbvr0qAkD4kda4HmQRTYkt-LNSuvxoZCC9lxijjgtJi-OJe_DCTdZZpYzewlVvcKToWSYHYQ6Wm1-fxxD_XzphvZOujpmBySchdiz7QSVWJmVZu34XD5RJbIcrmj_cjRt42J1hiTFjNMzQu9U6_HwIMmliDL-soFY2RTvvZf-dAFvOUQ-Wbxt97eM1PbbmxJNWRhbAmgEpe9PWDPTpqV5AK56VAa991cQ1P8ZVmPss5hvwGWhOtpnpTZVHN3toGNYFKqxWPboirqushQlfKiFqT9rpRgM3-mFjOHidGqsKEkTdmfSVlVEk3oo="
|
||||
}`, &wfe.nonceService)))
|
||||
}`, wfe.nonceService)))
|
||||
assertCsrLogged(t, mockLog)
|
||||
cert, err := core.LoadCert("test/not-an-example.com.crt")
|
||||
test.AssertNotError(t, err, "Could not load cert")
|
||||
|
|
@ -717,7 +717,7 @@ func TestChallenge(t *testing.T) {
|
|||
challengeURL := "/acme/challenge/valid/23"
|
||||
wfe.Challenge(newRequestEvent(), responseWriter,
|
||||
makePostRequestWithPath(challengeURL,
|
||||
signRequest(t, `{"resource":"challenge"}`, &wfe.nonceService)))
|
||||
signRequest(t, `{"resource":"challenge"}`, wfe.nonceService)))
|
||||
|
||||
test.AssertEquals(t, responseWriter.Code, 202)
|
||||
test.AssertEquals(
|
||||
|
|
@ -735,7 +735,7 @@ func TestChallenge(t *testing.T) {
|
|||
responseWriter = httptest.NewRecorder()
|
||||
wfe.Challenge(newRequestEvent(), responseWriter,
|
||||
makePostRequestWithPath(challengeURL,
|
||||
signRequest(t, `{"resource":"challenge"}`, &wfe.nonceService)))
|
||||
signRequest(t, `{"resource":"challenge"}`, wfe.nonceService)))
|
||||
test.AssertEquals(t, responseWriter.Code, http.StatusNotFound)
|
||||
test.AssertEquals(t, responseWriter.Body.String(),
|
||||
`{"type":"urn:acme:error:malformed","detail":"Expired authorization"}`)
|
||||
|
|
@ -1073,7 +1073,7 @@ func TestAuthorization(t *testing.T) {
|
|||
// POST, Properly JWS-signed, but payload is "foo", not base64-encoded JSON.
|
||||
responseWriter.Body.Reset()
|
||||
wfe.NewAuthorization(newRequestEvent(), responseWriter,
|
||||
makePostRequest(signRequest(t, "foo", &wfe.nonceService)))
|
||||
makePostRequest(signRequest(t, "foo", wfe.nonceService)))
|
||||
test.AssertEquals(t,
|
||||
responseWriter.Body.String(),
|
||||
`{"type":"urn:acme:error:malformed","detail":"Unable to read/verify body :: Request payload did not parse as JSON"}`)
|
||||
|
|
@ -1101,7 +1101,7 @@ func TestAuthorization(t *testing.T) {
|
|||
|
||||
responseWriter.Body.Reset()
|
||||
wfe.NewAuthorization(newRequestEvent(), responseWriter,
|
||||
makePostRequest(signRequest(t, `{"resource":"new-authz","identifier":{"type":"dns","value":"test.com"}}`, &wfe.nonceService)))
|
||||
makePostRequest(signRequest(t, `{"resource":"new-authz","identifier":{"type":"dns","value":"test.com"}}`, wfe.nonceService)))
|
||||
|
||||
test.AssertEquals(
|
||||
t, responseWriter.Header().Get("Location"),
|
||||
|
|
@ -1383,7 +1383,7 @@ func TestVerifyPOSTUsesStoredKey(t *testing.T) {
|
|||
wfe.SA = &mockSADifferentStoredKey{mocks.NewStorageAuthority(fc)}
|
||||
// signRequest signs with test1Key, but our special mock returns a
|
||||
// registration with test2Key
|
||||
_, _, _, err := wfe.verifyPOST(newRequestEvent(), makePostRequest(signRequest(t, `{"resource":"foo"}`, &wfe.nonceService)), true, "foo")
|
||||
_, _, _, err := wfe.verifyPOST(newRequestEvent(), makePostRequest(signRequest(t, `{"resource":"foo"}`, wfe.nonceService)), true, "foo")
|
||||
test.AssertError(t, err, "No error returned when provided key differed from stored key.")
|
||||
}
|
||||
|
||||
|
|
@ -1398,7 +1398,7 @@ func TestBadKeyCSR(t *testing.T) {
|
|||
makePostRequest(signRequest(t, `{
|
||||
"resource":"new-cert",
|
||||
"csr": "MIHLMHcCAQAwEjEQMA4GA1UEAwwHZm9vLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCZftp4x4owgjBnwOKfzihIPedT-BUmV2fuQPMqaUlc8yJUp13vcO5uxUlaBm8leM7Dj_sgTDP_JgykorlYo73AgMBAAGgADANBgkqhkiG9w0BAQsFAANBAEaQ2QBhweK-kp1ejQCedUhMit_wG-uTBtKnc3M82f6_fztLkhg1vWQ782nmhbEI5orXp6QtNHgJYnBpqA9Ut00"
|
||||
}`, &wfe.nonceService)))
|
||||
}`, wfe.nonceService)))
|
||||
|
||||
test.AssertEquals(t,
|
||||
responseWriter.Body.String(),
|
||||
|
|
|
|||
Loading…
Reference in New Issue