letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve recycling of pending authzs (#2896) 

The existing ReusePendingAuthz implementation had some bugs:

It would recycle deactivated authorizations, which then couldn't be fulfilled. (#2840)
Since it was implemented in the SA, it wouldn't get called until after the RA checks the Pending Authorizations rate limit. Which means it wouldn't fulfill its intended purpose of making accounts less likely to get stuck in a Pending Authorizations limited state. (#2831)
This factors out the reuse functionality, which used to be inside an "if" statement in the SA. Now the SA has an explicit GetPendingAuthorization RPC, which gets called from the RA before calling NewPendingAuthorization. This happens to obsolete #2807, by putting the recycling logic for both valid and pending authorizations in the RA.
This commit is contained in:
Jacob Hoffman-Andrews 2017-07-26 14:00:30 -07:00 committed by Roland Bracewell Shoemaker
parent 57252c3b07
commit 8bc1db742c
11 changed files with 334 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/interfaces.go
View File

@ -99,6 +99,7 @@ type StorageGetter interface {
GetRegistrationByKey(ctx context.Context, jwk *jose.JSONWebKey) (Registration, error)
GetAuthorization(ctx context.Context, authzID string) (Authorization, error)
GetValidAuthorizations(ctx context.Context, regID int64, domains []string, now time.Time) (map[string]*Authorization, error)
GetPendingAuthorization(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*Authorization, error)
GetCertificate(ctx context.Context, serial string) (Certificate, error)
GetCertificateStatus(ctx context.Context, serial string) (CertificateStatus, error)
CountCertificatesRange(ctx context.Context, earliest, latest time.Time) (int64, error)

24
grpc/sa-wrappers.go
View File

@ -264,6 +264,18 @@ func (sac StorageAuthorityClientWrapper) CountInvalidAuthorizations(ctx context.
return sac.inner.CountInvalidAuthorizations(ctx, request)
}
func (sac StorageAuthorityClientWrapper) GetPendingAuthorization(ctx context.Context, request *sapb.GetPendingAuthorizationRequest) (*core.Authorization, error) {
authzPB, err := sac.inner.GetPendingAuthorization(ctx, request)
if err != nil {
return nil, err
}
authz, err := pbToAuthz(authzPB)
if err != nil {
return nil, err
}
return &authz, nil
}
func (sac StorageAuthorityClientWrapper) GetSCTReceipt(ctx context.Context, serial, logID string) (core.SignedCertificateTimestamp, error) {
response, err := sac.inner.GetSCTReceipt(ctx, &sapb.GetSCTReceiptRequest{Serial: &serial, LogID: &logID})
if err != nil {
@ -672,6 +684,18 @@ func (sas StorageAuthorityServerWrapper) CountInvalidAuthorizations(ctx context.
return sas.inner.CountInvalidAuthorizations(ctx, request)
}
func (sas StorageAuthorityServerWrapper) GetPendingAuthorization(ctx context.Context, request *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error) {
authz, err := sas.inner.GetPendingAuthorization(ctx, request)
if err != nil {
return nil, err
}
authzPB, err := authzToPB(*authz)
if err != nil {
return nil, err
}
return authzPB, err
}
func (sas StorageAuthorityServerWrapper) GetSCTReceipt(ctx context.Context, request *sapb.GetSCTReceiptRequest) (*sapb.SignedCertificateTimestamp, error) {
if request == nil || request.Serial == nil || request.LogID == nil {
return nil, errIncompleteRequest

4
mocks/mocks.go
View File

@ -306,6 +306,10 @@ func (sa *StorageAuthority) FQDNSetExists(_ context.Context, names []string) (bo
return false, nil
}
func (sa *StorageAuthority) GetPendingAuthorization(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*core.Authorization, error) {
return nil, fmt.Errorf("GetPendingAuthorization not implemented")
}
// GetValidAuthorizations is a mock
func (sa *StorageAuthority) GetValidAuthorizations(_ context.Context, regID int64, names []string, now time.Time) (map[string]*core.Authorization, error) {
if regID == 1 {

22
ra/ra.go
View File

@ -521,8 +521,28 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, reque
}
}
}
if features.Enabled(features.ReusePendingAuthz) {
nowishNano := ra.clk.Now().Add(time.Hour).UnixNano()
identifierTypeString := string(identifier.Type)
pendingAuth, err := ra.SA.GetPendingAuthorization(ctx, &sapb.GetPendingAuthorizationRequest{
RegistrationID: &regID,
IdentifierType: &identifierTypeString,
IdentifierValue: &identifier.Value,
ValidUntil: &nowishNano,
})
if err != nil && !berrors.Is(err, berrors.NotFound) {
return authz, berrors.InternalServerError(
"unable to get pending authorization for regID: %d, identifier: %s: %s",
regID,
identifier.Value,
err)
} else if err == nil {
return *pendingAuth, nil
}
// Fall through to normal creation flow.
}
// Create validations. The WFE will update them with URIs before sending them out.
// Create challenges. The WFE will update them with URIs before sending them out.
challenges, combinations := ra.PA.ChallengesFor(identifier)
expires := ra.clk.Now().Add(ra.pendingAuthorizationLifetime)

39
ra/ra_test.go
View File

@ -583,7 +583,7 @@ func TestNewAuthorization(t *testing.T) {
test.AssertNotError(t, authz.Challenges[1].CheckConsistencyForClientOffer(), "CheckConsistencyForClientOffer for Challenge 1 returned an error")
}
func TestReuseAuthorization(t *testing.T) {
func TestReuseValidAuthorization(t *testing.T) {
_, sa, ra, _, cleanUp := initAuthorities(t)
defer cleanUp()
@ -644,6 +644,43 @@ func TestReuseAuthorization(t *testing.T) {
test.AssertEquals(t, secondAuthz.Status, core.StatusValid)
}
func TestReusePendingAuthorization(t *testing.T) {
_, sa, ra, _, cleanUp := initAuthorities(t)
defer cleanUp()
_ = features.Set(map[string]bool{"ReusePendingAuthz": true})
defer features.Reset()
// Create one pending authorization
firstAuthz, err := ra.NewAuthorization(ctx, AuthzInitial, Registration.ID)
test.AssertNotError(t, err, "Could not store test pending authorization")
// Create another one with the same identifier
secondAuthz, err := ra.NewAuthorization(ctx, core.Authorization{
Identifier: AuthzInitial.Identifier,
}, Registration.ID)
test.AssertNotError(t, err, "Could not store test pending authorization")
// The first authz should be reused as the second and thus have the same ID
test.AssertEquals(t, firstAuthz.ID, secondAuthz.ID)
test.AssertEquals(t, secondAuthz.Status, core.StatusPending)
otherReg, err := sa.NewRegistration(ctx, core.Registration{
Key: &AccountKeyB,
InitialIP: net.ParseIP("3.2.3.3"),
Status: core.StatusValid,
})
test.AssertNotError(t, err, "Creating otherReg")
// An authz created under another registration ID should not be reused.
thirdAuthz, err := ra.NewAuthorization(ctx, core.Authorization{
Identifier: AuthzInitial.Identifier,
}, otherReg.ID)
test.AssertNotError(t, err, "Could not store test pending authorization")
if thirdAuthz.ID == firstAuthz.ID {
t.Error("Authorization was reused for a different account.")
}
}
type mockSAWithBadGetValidAuthz struct {
mocks.StorageAuthority
}

293
sa/proto/sa.pb.go
View File

@ -12,6 +12,7 @@ It has these top-level messages:
RegistrationID
JSONWebKey
AuthorizationID
GetPendingAuthorizationRequest
GetValidAuthorizationsRequest
ValidAuthorizations
CertificateStatus
@ -107,6 +108,48 @@ func (m *AuthorizationID) GetId() string {
return ""
}
type GetPendingAuthorizationRequest struct {
RegistrationID *int64 `protobuf:"varint,1,opt,name=registrationID" json:"registrationID,omitempty"`
IdentifierType *string `protobuf:"bytes,2,opt,name=identifierType" json:"identifierType,omitempty"`
IdentifierValue *string `protobuf:"bytes,3,opt,name=identifierValue" json:"identifierValue,omitempty"`
// Result must be valid until at least this Unix timestamp (nanos)
ValidUntil *int64 `protobuf:"varint,4,opt,name=validUntil" json:"validUntil,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *GetPendingAuthorizationRequest) Reset() { *m = GetPendingAuthorizationRequest{} }
func (m *GetPendingAuthorizationRequest) String() string { return proto1.CompactTextString(m) }
func (*GetPendingAuthorizationRequest) ProtoMessage() {}
func (*GetPendingAuthorizationRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
func (m *GetPendingAuthorizationRequest) GetRegistrationID() int64 {
if m != nil && m.RegistrationID != nil {
return *m.RegistrationID
}
return 0
}
func (m *GetPendingAuthorizationRequest) GetIdentifierType() string {
if m != nil && m.IdentifierType != nil {
return *m.IdentifierType
}
return ""
}
func (m *GetPendingAuthorizationRequest) GetIdentifierValue() string {
if m != nil && m.IdentifierValue != nil {
return *m.IdentifierValue
}
return ""
}
func (m *GetPendingAuthorizationRequest) GetValidUntil() int64 {
if m != nil && m.ValidUntil != nil {
return *m.ValidUntil
}
return 0
}
type GetValidAuthorizationsRequest struct {
RegistrationID *int64 `protobuf:"varint,1,opt,name=registrationID" json:"registrationID,omitempty"`
Domains []string `protobuf:"bytes,2,rep,name=domains" json:"domains,omitempty"`
@ -117,7 +160,7 @@ type GetValidAuthorizationsRequest struct {
func (m *GetValidAuthorizationsRequest) Reset() { *m = GetValidAuthorizationsRequest{} }
func (m *GetValidAuthorizationsRequest) String() string { return proto1.CompactTextString(m) }
func (*GetValidAuthorizationsRequest) ProtoMessage() {}
func (*GetValidAuthorizationsRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
func (*GetValidAuthorizationsRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
func (m *GetValidAuthorizationsRequest) GetRegistrationID() int64 {
if m != nil && m.RegistrationID != nil {
@ -148,7 +191,7 @@ type ValidAuthorizations struct {
func (m *ValidAuthorizations) Reset() { *m = ValidAuthorizations{} }
func (m *ValidAuthorizations) String() string { return proto1.CompactTextString(m) }
func (*ValidAuthorizations) ProtoMessage() {}
func (*ValidAuthorizations) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
func (*ValidAuthorizations) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
func (m *ValidAuthorizations) GetValid() []*ValidAuthorizations_MapElement {
if m != nil {
@ -167,7 +210,7 @@ func (m *ValidAuthorizations_MapElement) Reset() { *m = ValidAuthorizati
func (m *ValidAuthorizations_MapElement) String() string { return proto1.CompactTextString(m) }
func (*ValidAuthorizations_MapElement) ProtoMessage() {}
func (*ValidAuthorizations_MapElement) Descriptor() ([]byte, []int) {
return fileDescriptor0, []int{4, 0}
return fileDescriptor0, []int{5, 0}
}
func (m *ValidAuthorizations_MapElement) GetDomain() string {
@ -201,7 +244,7 @@ type CertificateStatus struct {
func (m *CertificateStatus) Reset() { *m = CertificateStatus{} }
func (m *CertificateStatus) String() string { return proto1.CompactTextString(m) }
func (*CertificateStatus) ProtoMessage() {}
func (*CertificateStatus) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
func (*CertificateStatus) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
func (m *CertificateStatus) GetSerial() string {
if m != nil && m.Serial != nil {
@ -281,7 +324,7 @@ type Serial struct {
func (m *Serial) Reset() { *m = Serial{} }
func (m *Serial) String() string { return proto1.CompactTextString(m) }
func (*Serial) ProtoMessage() {}
func (*Serial) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
func (*Serial) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} }
func (m *Serial) GetSerial() string {
if m != nil && m.Serial != nil {
@ -299,7 +342,7 @@ type Range struct {
func (m *Range) Reset() { *m = Range{} }
func (m *Range) String() string { return proto1.CompactTextString(m) }
func (*Range) ProtoMessage() {}
func (*Range) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} }
func (*Range) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} }
func (m *Range) GetEarliest() int64 {
if m != nil && m.Earliest != nil {
@ -323,7 +366,7 @@ type Count struct {
func (m *Count) Reset() { *m = Count{} }
func (m *Count) String() string { return proto1.CompactTextString(m) }
func (*Count) ProtoMessage() {}
func (*Count) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} }
func (*Count) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{9} }
func (m *Count) GetCount() int64 {
if m != nil && m.Count != nil {
@ -338,10 +381,12 @@ type CountCertificatesByNamesRequest struct {
XXX_unrecognized []byte `json:"-"`
}
func (m *CountCertificatesByNamesRequest) Reset() { *m = CountCertificatesByNamesRequest{} }
func (m *CountCertificatesByNamesRequest) String() string { return proto1.CompactTextString(m) }
func (*CountCertificatesByNamesRequest) ProtoMessage() {}
func (*CountCertificatesByNamesRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{9} }
func (m *CountCertificatesByNamesRequest) Reset() { *m = CountCertificatesByNamesRequest{} }
func (m *CountCertificatesByNamesRequest) String() string { return proto1.CompactTextString(m) }
func (*CountCertificatesByNamesRequest) ProtoMessage() {}
func (*CountCertificatesByNamesRequest) Descriptor() ([]byte, []int) {
return fileDescriptor0, []int{10}
}
func (m *CountCertificatesByNamesRequest) GetRange() *Range {
if m != nil {
@ -365,7 +410,7 @@ type CountByNames struct {
func (m *CountByNames) Reset() { *m = CountByNames{} }
func (m *CountByNames) String() string { return proto1.CompactTextString(m) }
func (*CountByNames) ProtoMessage() {}
func (*CountByNames) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{10} }
func (*CountByNames) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{11} }
func (m *CountByNames) GetCountByNames() []*CountByNames_MapElement {
if m != nil {
@ -383,7 +428,7 @@ type CountByNames_MapElement struct {
func (m *CountByNames_MapElement) Reset() { *m = CountByNames_MapElement{} }
func (m *CountByNames_MapElement) String() string { return proto1.CompactTextString(m) }
func (*CountByNames_MapElement) ProtoMessage() {}
func (*CountByNames_MapElement) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{10, 0} }
func (*CountByNames_MapElement) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{11, 0} }
func (m *CountByNames_MapElement) GetName() string {
if m != nil && m.Name != nil {
@ -408,7 +453,7 @@ type CountRegistrationsByIPRequest struct {
func (m *CountRegistrationsByIPRequest) Reset() { *m = CountRegistrationsByIPRequest{} }
func (m *CountRegistrationsByIPRequest) String() string { return proto1.CompactTextString(m) }
func (*CountRegistrationsByIPRequest) ProtoMessage() {}
func (*CountRegistrationsByIPRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{11} }
func (*CountRegistrationsByIPRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{12} }
func (m *CountRegistrationsByIPRequest) GetIp() []byte {
if m != nil {
@ -436,7 +481,7 @@ func (m *CountInvalidAuthorizationsRequest) Reset() { *m = CountInvalidA
func (m *CountInvalidAuthorizationsRequest) String() string { return proto1.CompactTextString(m) }
func (*CountInvalidAuthorizationsRequest) ProtoMessage() {}
func (*CountInvalidAuthorizationsRequest) Descriptor() ([]byte, []int) {
return fileDescriptor0, []int{12}
return fileDescriptor0, []int{13}
}
func (m *CountInvalidAuthorizationsRequest) GetRegistrationID() int64 {
@ -469,7 +514,7 @@ type GetSCTReceiptRequest struct {
func (m *GetSCTReceiptRequest) Reset() { *m = GetSCTReceiptRequest{} }
func (m *GetSCTReceiptRequest) String() string { return proto1.CompactTextString(m) }
func (*GetSCTReceiptRequest) ProtoMessage() {}
func (*GetSCTReceiptRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{13} }
func (*GetSCTReceiptRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{14} }
func (m *GetSCTReceiptRequest) GetSerial() string {
if m != nil && m.Serial != nil {
@ -494,7 +539,7 @@ type CountFQDNSetsRequest struct {
func (m *CountFQDNSetsRequest) Reset() { *m = CountFQDNSetsRequest{} }
func (m *CountFQDNSetsRequest) String() string { return proto1.CompactTextString(m) }
func (*CountFQDNSetsRequest) ProtoMessage() {}
func (*CountFQDNSetsRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{14} }
func (*CountFQDNSetsRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{15} }
func (m *CountFQDNSetsRequest) GetWindow() int64 {
if m != nil && m.Window != nil {
@ -518,7 +563,7 @@ type FQDNSetExistsRequest struct {
func (m *FQDNSetExistsRequest) Reset() { *m = FQDNSetExistsRequest{} }
func (m *FQDNSetExistsRequest) String() string { return proto1.CompactTextString(m) }
func (*FQDNSetExistsRequest) ProtoMessage() {}
func (*FQDNSetExistsRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{15} }
func (*FQDNSetExistsRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{16} }
func (m *FQDNSetExistsRequest) GetDomains() []string {
if m != nil {
@ -535,7 +580,7 @@ type Exists struct {
func (m *Exists) Reset() { *m = Exists{} }
func (m *Exists) String() string { return proto1.CompactTextString(m) }
func (*Exists) ProtoMessage() {}
func (*Exists) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{16} }
func (*Exists) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{17} }
func (m *Exists) GetExists() bool {
if m != nil && m.Exists != nil {
@ -553,7 +598,7 @@ type MarkCertificateRevokedRequest struct {
func (m *MarkCertificateRevokedRequest) Reset() { *m = MarkCertificateRevokedRequest{} }
func (m *MarkCertificateRevokedRequest) String() string { return proto1.CompactTextString(m) }
func (*MarkCertificateRevokedRequest) ProtoMessage() {}
func (*MarkCertificateRevokedRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{17} }
func (*MarkCertificateRevokedRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{18} }
func (m *MarkCertificateRevokedRequest) GetSerial() string {
if m != nil && m.Serial != nil {
@ -581,7 +626,7 @@ type AddCertificateRequest struct {
func (m *AddCertificateRequest) Reset() { *m = AddCertificateRequest{} }
func (m *AddCertificateRequest) String() string { return proto1.CompactTextString(m) }
func (*AddCertificateRequest) ProtoMessage() {}
func (*AddCertificateRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{18} }
func (*AddCertificateRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{19} }
func (m *AddCertificateRequest) GetDer() []byte {
if m != nil {
@ -612,7 +657,7 @@ type AddCertificateResponse struct {
func (m *AddCertificateResponse) Reset() { *m = AddCertificateResponse{} }
func (m *AddCertificateResponse) String() string { return proto1.CompactTextString(m) }
func (*AddCertificateResponse) ProtoMessage() {}
func (*AddCertificateResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{19} }
func (*AddCertificateResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{20} }
func (m *AddCertificateResponse) GetDigest() string {
if m != nil && m.Digest != nil {
@ -635,7 +680,7 @@ type SignedCertificateTimestamp struct {
func (m *SignedCertificateTimestamp) Reset() { *m = SignedCertificateTimestamp{} }
func (m *SignedCertificateTimestamp) String() string { return proto1.CompactTextString(m) }
func (*SignedCertificateTimestamp) ProtoMessage() {}
func (*SignedCertificateTimestamp) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{20} }
func (*SignedCertificateTimestamp) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{21} }
func (m *SignedCertificateTimestamp) GetId() int64 {
if m != nil && m.Id != nil {
@ -695,7 +740,7 @@ func (m *RevokeAuthorizationsByDomainRequest) Reset() { *m = RevokeAutho
func (m *RevokeAuthorizationsByDomainRequest) String() string { return proto1.CompactTextString(m) }
func (*RevokeAuthorizationsByDomainRequest) ProtoMessage() {}
func (*RevokeAuthorizationsByDomainRequest) Descriptor() ([]byte, []int) {
return fileDescriptor0, []int{21}
return fileDescriptor0, []int{22}
}
func (m *RevokeAuthorizationsByDomainRequest) GetDomain() string {
@ -715,7 +760,7 @@ func (m *RevokeAuthorizationsByDomainResponse) Reset() { *m = RevokeAuth
func (m *RevokeAuthorizationsByDomainResponse) String() string { return proto1.CompactTextString(m) }
func (*RevokeAuthorizationsByDomainResponse) ProtoMessage() {}
func (*RevokeAuthorizationsByDomainResponse) Descriptor() ([]byte, []int) {
return fileDescriptor0, []int{22}
return fileDescriptor0, []int{23}
}
func (m *RevokeAuthorizationsByDomainResponse) GetFinalized() int64 {
@ -736,6 +781,7 @@ func init() {
proto1.RegisterType((*RegistrationID)(nil), "sa.RegistrationID")
proto1.RegisterType((*JSONWebKey)(nil), "sa.JSONWebKey")
proto1.RegisterType((*AuthorizationID)(nil), "sa.AuthorizationID")
proto1.RegisterType((*GetPendingAuthorizationRequest)(nil), "sa.GetPendingAuthorizationRequest")
proto1.RegisterType((*GetValidAuthorizationsRequest)(nil), "sa.GetValidAuthorizationsRequest")
proto1.RegisterType((*ValidAuthorizations)(nil), "sa.ValidAuthorizations")
proto1.RegisterType((*ValidAuthorizations_MapElement)(nil), "sa.ValidAuthorizations.MapElement")
@ -775,6 +821,7 @@ type StorageAuthorityClient interface {
GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*core.Registration, error)
GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*core.Registration, error)
GetAuthorization(ctx context.Context, in *AuthorizationID, opts ...grpc.CallOption) (*core.Authorization, error)
GetPendingAuthorization(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*core.Authorization, error)
GetValidAuthorizations(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*ValidAuthorizations, error)
GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*core.Certificate, error)
GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*CertificateStatus, error)
@ -839,6 +886,15 @@ func (c *storageAuthorityClient) GetAuthorization(ctx context.Context, in *Autho
return out, nil
}
func (c *storageAuthorityClient) GetPendingAuthorization(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*core.Authorization, error) {
out := new(core.Authorization)
err := grpc.Invoke(ctx, "/sa.StorageAuthority/GetPendingAuthorization", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *storageAuthorityClient) GetValidAuthorizations(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*ValidAuthorizations, error) {
out := new(ValidAuthorizations)
err := grpc.Invoke(ctx, "/sa.StorageAuthority/GetValidAuthorizations", in, out, c.cc, opts...)
@ -1062,6 +1118,7 @@ type StorageAuthorityServer interface {
GetRegistration(context.Context, *RegistrationID) (*core.Registration, error)
GetRegistrationByKey(context.Context, *JSONWebKey) (*core.Registration, error)
GetAuthorization(context.Context, *AuthorizationID) (*core.Authorization, error)
GetPendingAuthorization(context.Context, *GetPendingAuthorizationRequest) (*core.Authorization, error)
GetValidAuthorizations(context.Context, *GetValidAuthorizationsRequest) (*ValidAuthorizations, error)
GetCertificate(context.Context, *Serial) (*core.Certificate, error)
GetCertificateStatus(context.Context, *Serial) (*CertificateStatus, error)
@ -1149,6 +1206,24 @@ func _StorageAuthority_GetAuthorization_Handler(srv interface{}, ctx context.Con
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetPendingAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetPendingAuthorizationRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(StorageAuthorityServer).GetPendingAuthorization(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/sa.StorageAuthority/GetPendingAuthorization",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(StorageAuthorityServer).GetPendingAuthorization(ctx, req.(*GetPendingAuthorizationRequest))
}
return interceptor(ctx, in, info, handler)
}
func _StorageAuthority_GetValidAuthorizations_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetValidAuthorizationsRequest)
if err := dec(in); err != nil {
@ -1597,6 +1672,10 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
MethodName: "GetAuthorization",
Handler: _StorageAuthority_GetAuthorization_Handler,
},
{
MethodName: "GetPendingAuthorization",
Handler: _StorageAuthority_GetPendingAuthorization_Handler,
},
{
MethodName: "GetValidAuthorizations",
Handler: _StorageAuthority_GetValidAuthorizations_Handler,
@ -1701,84 +1780,88 @@ var _StorageAuthority_serviceDesc = grpc.ServiceDesc{
func init() { proto1.RegisterFile("sa/proto/sa.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 1260 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0xdd, 0x76, 0xd3, 0x46,
0x17, 0xf5, 0x0f, 0x4e, 0xe2, 0xe3, 0x9f, 0xc4, 0x93, 0xc4, 0x11, 0x82, 0x7c, 0x5f, 0x18, 0xda,
0x45, 0xb8, 0x09, 0x25, 0x6b, 0x51, 0x2e, 0x52, 0xba, 0x48, 0x88, 0x49, 0x13, 0x8a, 0x4b, 0x6d,
0xa0, 0x5d, 0xbd, 0x1b, 0xa4, 0x83, 0x99, 0x62, 0x4b, 0xaa, 0x66, 0x1c, 0xc7, 0x3c, 0x42, 0x9f,
0xa2, 0xcf, 0xd6, 0x07, 0xe8, 0x33, 0x74, 0xcd, 0x8c, 0x6c, 0x4b, 0xb2, 0xec, 0xc0, 0xea, 0x9d,
0x3c, 0x73, 0xf6, 0x9e, 0x33, 0x67, 0xce, 0xd9, 0x3b, 0x81, 0x86, 0x60, 0x0f, 0x82, 0xd0, 0x97,
0xfe, 0x03, 0xc1, 0x0e, 0xf4, 0x07, 0x29, 0x08, 0x66, 0x6f, 0x3b, 0x7e, 0x88, 0xd1, 0x86, 0xfa,
0x34, 0x5b, 0xf4, 0x36, 0xd4, 0x3b, 0xd8, 0xe3, 0x42, 0x86, 0x4c, 0x72, 0xdf, 0x3b, 0x3f, 0x25,
0x00, 0x05, 0xee, 0x5a, 0xf9, 0xbd, 0xfc, 0x7e, 0x91, 0xde, 0x04, 0xb8, 0xe8, 0xfe, 0xd4, 0xfe,
0x05, 0xdf, 0xbd, 0xc0, 0x31, 0xa9, 0x40, 0xf1, 0xf7, 0xd1, 0x47, 0xbd, 0x55, 0xa5, 0xbb, 0xb0,
0x7e, 0x3c, 0x94, 0x1f, 0xfc, 0x90, 0x7f, 0x9a, 0x47, 0x96, 0xe9, 0x1b, 0xd8, 0x3d, 0x43, 0xf9,
0x96, 0xf5, 0xb9, 0x9b, 0x08, 0x13, 0x1d, 0xfc, 0x63, 0x88, 0x42, 0x92, 0x26, 0xd4, 0xc3, 0xc4,
0xc1, 0xe6, 0x48, 0xb2, 0x0e, 0xab, 0xae, 0x3f, 0x60, 0xdc, 0x13, 0x56, 0x61, 0xaf, 0xb8, 0x5f,
0x56, 0xa7, 0x7a, 0xfe, 0xc8, 0x2a, 0xea, 0x84, 0xfe, 0xcc, 0xc3, 0x66, 0x06, 0x29, 0x79, 0x08,
0xa5, 0x4b, 0xb5, 0x6c, 0xe5, 0xf7, 0x8a, 0xfb, 0x95, 0x43, 0x7a, 0x20, 0xd8, 0x41, 0x46, 0xdc,
0xc1, 0x4b, 0x16, 0xb4, 0xfa, 0x38, 0x40, 0x4f, 0xda, 0x4f, 0x01, 0x66, 0xbf, 0x48, 0x1d, 0x56,
0xcc, 0xb1, 0x26, 0x7f, 0x42, 0xa1, 0xc4, 0x86, 0xf2, 0xc3, 0x27, 0xab, 0xb0, 0x97, 0xdf, 0xaf,
0x1c, 0x6e, 0x1e, 0xe8, 0x9a, 0x25, 0xd8, 0xe8, 0x3f, 0x79, 0x68, 0x3c, 0xc3, 0x50, 0xf2, 0xf7,
0xdc, 0x61, 0x12, 0xbb, 0x92, 0xc9, 0xa1, 0x50, 0x4c, 0x02, 0x43, 0xce, 0xfa, 0x11, 0x93, 0x0d,
0x44, 0x0c, 0xdf, 0x09, 0x27, 0xe4, 0xef, 0x30, 0x3c, 0x0e, 0x82, 0xd0, 0xbf, 0x44, 0x57, 0xd3,
0xae, 0xe9, 0x58, 0x8d, 0xd2, 0xd7, 0x2b, 0x93, 0x1d, 0x58, 0xf7, 0x1d, 0x11, 0xfc, 0xc8, 0x84,
0x7c, 0x13, 0xb8, 0x4c, 0xa2, 0x6b, 0xdd, 0xd0, 0x55, 0xd9, 0x84, 0x4a, 0x88, 0x97, 0xfe, 0x47,
0x74, 0x4f, 0x99, 0x44, 0xab, 0xa4, 0x17, 0xb7, 0xa1, 0x16, 0x2d, 0x76, 0x90, 0x09, 0xdf, 0xb3,
0x56, 0xf4, 0xf2, 0x2e, 0x6c, 0xf7, 0x99, 0x90, 0xad, 0xab, 0x80, 0x9b, 0xda, 0xb6, 0x59, 0xaf,
0x8b, 0x9e, 0xb4, 0x56, 0xf5, 0xf6, 0x16, 0x54, 0xd5, 0x19, 0x1d, 0x14, 0x81, 0xef, 0x09, 0xb4,
0xd6, 0xd4, 0x73, 0x92, 0x0d, 0x58, 0xf3, 0x7c, 0x79, 0xfc, 0x5e, 0x62, 0x68, 0x95, 0x75, 0x5c,
0x03, 0xca, 0x5c, 0x68, 0x12, 0x74, 0x2d, 0x50, 0xe9, 0x52, 0x0b, 0x56, 0xba, 0xfa, 0x6a, 0xe9,
0x4b, 0xd2, 0xfb, 0x50, 0xea, 0x30, 0xaf, 0x87, 0x8a, 0x07, 0x59, 0xd8, 0xe7, 0x28, 0x64, 0xf4,
0xa0, 0x75, 0x58, 0xe9, 0x33, 0xa9, 0x7e, 0x17, 0xf4, 0x13, 0x36, 0xa1, 0xf4, 0xcc, 0x1f, 0x7a,
0x92, 0xd4, 0xa0, 0xe4, 0xa8, 0x8f, 0xa8, 0xd7, 0x2e, 0xe0, 0xff, 0x7a, 0x3d, 0x56, 0x51, 0x71,
0x32, 0x6e, 0xb3, 0x01, 0x4e, 0x7b, 0xc6, 0x82, 0x52, 0xa8, 0x4e, 0xd1, 0x88, 0xca, 0x61, 0x59,
0xbd, 0xb2, 0x39, 0xb6, 0x06, 0x25, 0x4f, 0x45, 0x9a, 0x9e, 0xa1, 0x7d, 0xa8, 0x6a, 0xae, 0x08,
0x4f, 0x1e, 0x42, 0xd5, 0x89, 0xfd, 0x8e, 0xba, 0xe4, 0x96, 0xc2, 0xc7, 0xe3, 0xe2, 0xed, 0x71,
0x3f, 0xd1, 0x1e, 0x55, 0xb8, 0xa1, 0xf8, 0xa3, 0x27, 0x9d, 0x66, 0x6e, 0x6e, 0xd4, 0x82, 0x5d,
0xcd, 0x12, 0x1f, 0x24, 0x71, 0x32, 0x3e, 0x7f, 0x35, 0xc9, 0x5b, 0x0d, 0x46, 0x60, 0xe6, 0x66,
0x76, 0x87, 0x42, 0xea, 0x0e, 0xb4, 0x07, 0x77, 0x34, 0xcd, 0xb9, 0x77, 0xf9, 0xe5, 0x63, 0xb3,
0x01, 0x6b, 0x1f, 0x7c, 0x21, 0x75, 0x92, 0x05, 0x9d, 0xe4, 0xf4, 0xa0, 0x62, 0xfa, 0xa0, 0x47,
0xb0, 0x75, 0x86, 0xb2, 0xfb, 0xec, 0x75, 0x07, 0x1d, 0xe4, 0x81, 0x9c, 0x70, 0xa7, 0x3b, 0xb7,
0x06, 0xa5, 0xbe, 0xdf, 0x3b, 0x3f, 0x35, 0x84, 0xf4, 0x31, 0x6c, 0xe9, 0xfc, 0x9e, 0xff, 0x7c,
0xda, 0xee, 0xa2, 0x14, 0x31, 0xd8, 0x88, 0x7b, 0xae, 0x3f, 0x5a, 0x30, 0xc1, 0xf4, 0x1e, 0x6c,
0x45, 0x98, 0xd6, 0x15, 0x17, 0x33, 0x60, 0x2c, 0x30, 0xaf, 0x03, 0x2d, 0x58, 0x31, 0x11, 0x8a,
0x13, 0xf5, 0x97, 0xe6, 0x5c, 0xa3, 0x4f, 0x60, 0xf7, 0x25, 0x0b, 0x3f, 0xc6, 0x7a, 0xa3, 0x33,
0xe9, 0xfc, 0xec, 0xdc, 0xab, 0x70, 0xc3, 0xf1, 0x5d, 0x8c, 0x5e, 0xe8, 0x18, 0xb6, 0x8f, 0x5d,
0x37, 0x81, 0x36, 0xb0, 0x0a, 0x14, 0x5d, 0x0c, 0xa3, 0xa7, 0xa9, 0x41, 0x29, 0xc4, 0xc9, 0x7d,
0x8b, 0x8a, 0x42, 0x0d, 0x8a, 0xae, 0x5f, 0x95, 0xee, 0x43, 0x33, 0x4d, 0x61, 0x06, 0x48, 0x4b,
0x07, 0xef, 0x4d, 0x1a, 0xbe, 0x4c, 0xff, 0xca, 0x83, 0xdd, 0xe5, 0x3d, 0x0f, 0xe3, 0xd1, 0xaf,
0xf9, 0x00, 0x85, 0x64, 0x83, 0x20, 0xae, 0xaf, 0x84, 0x00, 0x08, 0x47, 0xbe, 0xc5, 0x50, 0x70,
0xdf, 0x8b, 0x8e, 0x9d, 0x56, 0xdd, 0x48, 0x42, 0x03, 0xca, 0x72, 0x82, 0x8d, 0xc4, 0x80, 0x00,
0xe0, 0x95, 0x44, 0x4f, 0x81, 0x84, 0xd6, 0x82, 0xaa, 0x0a, 0x13, 0xbc, 0xe7, 0x31, 0x39, 0x0c,
0x51, 0xeb, 0x40, 0x95, 0xdc, 0x84, 0x86, 0x13, 0x53, 0x27, 0x53, 0x9d, 0x55, 0x9d, 0xe2, 0x23,
0xb8, 0x6b, 0xea, 0x97, 0x6c, 0xb2, 0x93, 0xf1, 0xa9, 0x7e, 0x8f, 0x58, 0x51, 0xe3, 0xa2, 0x48,
0x2f, 0xe0, 0xab, 0xe5, 0xb0, 0xa8, 0x22, 0x0d, 0x28, 0xbf, 0xe7, 0x1e, 0xeb, 0xf3, 0x4f, 0xe8,
0xce, 0x9a, 0x22, 0x40, 0xcf, 0xe5, 0x5e, 0xcf, 0x5c, 0xf3, 0xf0, 0xef, 0x3a, 0x6c, 0x74, 0xa5,
0x1f, 0xb2, 0xde, 0x84, 0x4d, 0x8e, 0xc9, 0x11, 0xac, 0x9f, 0x61, 0x62, 0x8e, 0x08, 0xd1, 0x7d,
0x9b, 0x68, 0x79, 0x9b, 0x18, 0x35, 0x8e, 0xaf, 0xd2, 0x1c, 0xf9, 0x4e, 0xb7, 0x75, 0x7c, 0xf1,
0x64, 0xac, 0x6c, 0xab, 0xae, 0x18, 0x66, 0x36, 0xb6, 0x00, 0xfd, 0x3d, 0x6c, 0x9c, 0xa1, 0x4c,
0x5c, 0x8c, 0x6c, 0x2a, 0x64, 0xca, 0xe5, 0xec, 0x4c, 0x2b, 0xc8, 0x91, 0xb7, 0xd0, 0xcc, 0x36,
0x3c, 0x72, 0x47, 0xb1, 0x2c, 0x35, 0x43, 0x7b, 0x67, 0x81, 0x5f, 0xd1, 0x1c, 0x79, 0x08, 0xf5,
0x33, 0x8c, 0x8b, 0x22, 0x01, 0x15, 0x6c, 0x9e, 0xd3, 0x6e, 0x98, 0x64, 0x62, 0xdb, 0x34, 0x47,
0x8e, 0x74, 0x21, 0xe6, 0x9d, 0x29, 0x0e, 0xdc, 0xd6, 0xda, 0x97, 0x0e, 0xa1, 0x39, 0xf2, 0x0d,
0x34, 0xe7, 0x64, 0xd8, 0x68, 0xec, 0x4c, 0x41, 0xec, 0xf2, 0x54, 0x39, 0x69, 0x8e, 0x74, 0xc1,
0x5a, 0x24, 0xdc, 0xe4, 0xee, 0x34, 0x70, 0xb1, 0xac, 0xdb, 0x1b, 0x69, 0x1d, 0xa6, 0x39, 0xf2,
0x6b, 0xa4, 0xa9, 0x49, 0x58, 0xeb, 0x8a, 0x39, 0xf2, 0x3f, 0x32, 0xff, 0x10, 0x5d, 0x70, 0x4e,
0xad, 0xcd, 0x43, 0x2d, 0x55, 0xf2, 0xe4, 0xc5, 0x5f, 0xc2, 0xad, 0x05, 0xd1, 0xba, 0x5e, 0x5f,
0x4a, 0xf7, 0x04, 0x6c, 0xfd, 0xf9, 0xca, 0xcc, 0x49, 0xaa, 0x8b, 0xb2, 0xe6, 0x20, 0x01, 0x7f,
0x15, 0xc1, 0x33, 0xed, 0x83, 0x7c, 0x3d, 0x0d, 0x5d, 0x66, 0x2f, 0x49, 0xc6, 0x17, 0x50, 0x4b,
0xf8, 0x04, 0xb1, 0xa2, 0x4e, 0x9e, 0xb3, 0x0e, 0xfb, 0x7f, 0xba, 0xb5, 0x16, 0x8a, 0x1e, 0xcd,
0x91, 0x6f, 0xa1, 0x96, 0x70, 0x0f, 0x43, 0x96, 0x65, 0x28, 0xc9, 0x24, 0x1e, 0x43, 0x2d, 0x61,
0x1e, 0x06, 0x97, 0xe5, 0x27, 0xb6, 0xee, 0x6f, 0xb3, 0xa4, 0xa7, 0x60, 0xbd, 0x8d, 0xa3, 0x94,
0x96, 0xcc, 0x4d, 0xfe, 0x02, 0x35, 0x78, 0x0c, 0xc4, 0xfc, 0x01, 0x76, 0x2d, 0xbe, 0x62, 0xd6,
0x5a, 0x83, 0x40, 0x8e, 0x69, 0x8e, 0xb4, 0x60, 0xa7, 0x8d, 0xa3, 0xac, 0x27, 0x24, 0x59, 0xc2,
0xb1, 0x48, 0x4d, 0x9e, 0x82, 0x6d, 0xce, 0xff, 0x7c, 0xa6, 0x54, 0x22, 0x47, 0xb0, 0xfd, 0x3c,
0xd2, 0xe0, 0x2f, 0x07, 0x5f, 0x40, 0x33, 0xdb, 0x6e, 0x4d, 0x53, 0x2f, 0xb5, 0xe2, 0x34, 0xd7,
0x39, 0xd4, 0x93, 0xc6, 0x49, 0x6e, 0x6a, 0x59, 0xcd, 0xf2, 0x63, 0xdb, 0xce, 0xda, 0x32, 0xae,
0xa2, 0x35, 0xba, 0x76, 0xec, 0xba, 0xb1, 0x86, 0xbc, 0xa6, 0xed, 0xd2, 0xa9, 0x08, 0xb8, 0xbd,
0xcc, 0xbf, 0xc8, 0x3d, 0x33, 0x63, 0xd7, 0x1a, 0xa3, 0xbd, 0x7f, 0x7d, 0xe0, 0x34, 0xe9, 0x23,
0x68, 0x9e, 0x22, 0x73, 0x24, 0xbf, 0x9c, 0x6f, 0xa7, 0xf9, 0x91, 0x4e, 0x65, 0xfc, 0x04, 0x76,
0x66, 0xe0, 0xcf, 0x30, 0xa7, 0x24, 0xfc, 0x64, 0xf5, 0xb7, 0x92, 0xfe, 0x37, 0xef, 0xdf, 0x00,
0x00, 0x00, 0xff, 0xff, 0xd0, 0x37, 0xeb, 0x58, 0x15, 0x0e, 0x00, 0x00,
// 1314 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0xdf, 0x52, 0xdb, 0xc6,
0x17, 0xb6, 0x71, 0x0c, 0xf8, 0xf8, 0x1f, 0x5e, 0xc0, 0x28, 0x4a, 0xc8, 0x2f, 0xd9, 0xfc, 0x3a,
0x21, 0x37, 0xa4, 0x61, 0x26, 0xcd, 0x05, 0x4d, 0x27, 0x10, 0x1c, 0x0a, 0x69, 0x68, 0x6a, 0x13,
0xda, 0xe9, 0xdd, 0x46, 0x3a, 0x71, 0xb6, 0x31, 0x92, 0xaa, 0x5d, 0x03, 0xce, 0x4c, 0x5f, 0xa0,
0x4f, 0xd1, 0xc7, 0xe8, 0x53, 0xf5, 0x19, 0x3a, 0xbb, 0x2b, 0xdb, 0x92, 0x2c, 0x99, 0x64, 0x7a,
0x27, 0xef, 0x9e, 0xf3, 0xed, 0xd9, 0xb3, 0xdf, 0xf9, 0x3e, 0x80, 0x96, 0x60, 0x8f, 0x82, 0xd0,
0x97, 0xfe, 0x23, 0xc1, 0xb6, 0xf5, 0x07, 0x59, 0x10, 0xcc, 0x5e, 0x77, 0xfc, 0x10, 0xa3, 0x0d,
0xf5, 0x69, 0xb6, 0xe8, 0x6d, 0x68, 0x74, 0xb1, 0xcf, 0x85, 0x0c, 0x99, 0xe4, 0xbe, 0x77, 0x74,
0x40, 0x00, 0x16, 0xb8, 0x6b, 0x15, 0xef, 0x16, 0xb7, 0x4a, 0xf4, 0x26, 0xc0, 0x71, 0xef, 0xc7,
0x93, 0x9f, 0xf1, 0xdd, 0x2b, 0x1c, 0x91, 0x2a, 0x94, 0x7e, 0xbb, 0xfc, 0xa8, 0xb7, 0x6a, 0x74,
0x13, 0x9a, 0x7b, 0x43, 0xf9, 0xc1, 0x0f, 0xf9, 0xa7, 0xd9, 0xcc, 0x0a, 0xfd, 0x03, 0xee, 0x1c,
0xa2, 0x7c, 0x83, 0x9e, 0xcb, 0xbd, 0x7e, 0x22, 0xb0, 0x8b, 0xbf, 0x0f, 0x51, 0x48, 0xd2, 0x86,
0x46, 0x98, 0x38, 0xd9, 0x9c, 0xa9, 0xd6, 0xb9, 0x8b, 0x9e, 0xe4, 0xef, 0x39, 0x86, 0xa7, 0xa3,
0x00, 0xad, 0x05, 0x85, 0x48, 0x36, 0xa0, 0x39, 0x5d, 0x3f, 0x63, 0x83, 0x21, 0x5a, 0x25, 0xbd,
0x41, 0x00, 0x2e, 0xd8, 0x80, 0xbb, 0x6f, 0x3d, 0xc9, 0x07, 0xd6, 0x0d, 0x5d, 0xf8, 0x5b, 0xd8,
0x3c, 0x44, 0x79, 0xa6, 0x96, 0x13, 0x87, 0x8b, 0xeb, 0x4e, 0x6f, 0xc2, 0x92, 0xeb, 0x9f, 0x33,
0xee, 0x09, 0x6b, 0xe1, 0x6e, 0x69, 0xab, 0xa2, 0x2e, 0xed, 0xf9, 0x97, 0xfa, 0xa8, 0x12, 0xfd,
0xb3, 0x08, 0xab, 0x19, 0xa0, 0xe4, 0x31, 0x94, 0x75, 0x09, 0x56, 0xf1, 0x6e, 0x69, 0xab, 0xba,
0x43, 0xb7, 0x05, 0xdb, 0xce, 0x88, 0xdb, 0x7e, 0xcd, 0x82, 0xce, 0x00, 0xcf, 0xd1, 0x93, 0xf6,
0x73, 0x80, 0xe9, 0x2f, 0xd2, 0x80, 0x45, 0x73, 0xac, 0x69, 0x1f, 0xa1, 0x50, 0x66, 0x43, 0xf9,
0xe1, 0x93, 0xbe, 0x7b, 0x75, 0x67, 0x75, 0x5b, 0x3f, 0x59, 0x02, 0x8d, 0xfe, 0x53, 0x84, 0xd6,
0x0b, 0x0c, 0x55, 0x43, 0x1c, 0x26, 0xb1, 0x27, 0x99, 0x1c, 0x0a, 0x85, 0x24, 0x30, 0xe4, 0x6c,
0x10, 0x21, 0xd9, 0x40, 0xc4, 0xf0, 0x9d, 0x70, 0x42, 0xfe, 0x0e, 0xc3, 0xbd, 0x20, 0x08, 0xfd,
0x0b, 0x74, 0x35, 0xec, 0xb2, 0x8e, 0xd5, 0x59, 0x51, 0x27, 0x37, 0xa0, 0xe9, 0x3b, 0x22, 0xf8,
0x81, 0x09, 0xf9, 0x36, 0x70, 0x99, 0x44, 0xd7, 0xb4, 0x93, 0xac, 0x42, 0x35, 0xc4, 0x0b, 0xff,
0x23, 0xba, 0x07, 0x4c, 0xa2, 0x55, 0xd6, 0x8b, 0xeb, 0x50, 0x8f, 0x16, 0xbb, 0xc8, 0x84, 0xef,
0x59, 0x8b, 0x7a, 0x79, 0x13, 0xd6, 0x07, 0x4c, 0xc8, 0xce, 0x55, 0xc0, 0x4d, 0x6f, 0x4f, 0x58,
0xbf, 0x87, 0x9e, 0xb4, 0x96, 0xf4, 0xf6, 0x1a, 0xd4, 0xd4, 0x19, 0x5d, 0x14, 0x81, 0xef, 0x09,
0xb4, 0x96, 0x15, 0x9b, 0xc8, 0x0a, 0x2c, 0x7b, 0xbe, 0xdc, 0x7b, 0x2f, 0x31, 0xb4, 0x2a, 0x3a,
0xae, 0x05, 0x15, 0x2e, 0x34, 0x08, 0xba, 0x16, 0xa8, 0x72, 0xa9, 0x05, 0x8b, 0x3d, 0x7d, 0xb5,
0xf4, 0x25, 0xe9, 0x43, 0x28, 0x77, 0x99, 0xd7, 0x47, 0x85, 0x83, 0x2c, 0x1c, 0x70, 0x14, 0x32,
0x7a, 0xd0, 0x06, 0x2c, 0x0e, 0x98, 0x54, 0xbf, 0x17, 0xf4, 0x13, 0xb6, 0xa1, 0xfc, 0xc2, 0x1f,
0x7a, 0x92, 0xd4, 0xa1, 0xec, 0xa8, 0x8f, 0x88, 0xea, 0xc7, 0xf0, 0x3f, 0xbd, 0x1e, 0xeb, 0xa8,
0xd8, 0x1f, 0x9d, 0xb0, 0x73, 0x9c, 0x70, 0xc6, 0x82, 0x72, 0xa8, 0x4e, 0xd1, 0x19, 0xd5, 0x9d,
0x8a, 0x7a, 0x65, 0x73, 0x6c, 0x1d, 0xca, 0x9e, 0x8a, 0x34, 0x9c, 0xa1, 0x03, 0xa8, 0x69, 0xac,
0x28, 0x9f, 0x3c, 0x86, 0x9a, 0x13, 0xfb, 0x1d, 0xb1, 0xe4, 0x96, 0xca, 0x8f, 0xc7, 0xc5, 0xe9,
0xf1, 0x30, 0x41, 0x8f, 0x1a, 0xdc, 0x50, 0xf8, 0xd1, 0x93, 0x4e, 0x2a, 0x37, 0x37, 0xea, 0xc0,
0xa6, 0x46, 0x89, 0xcf, 0xb1, 0xd8, 0x1f, 0x1d, 0xbd, 0x19, 0xd7, 0xad, 0xe6, 0x32, 0x30, 0x63,
0x3b, 0xbd, 0xc3, 0x42, 0xea, 0x0e, 0xb4, 0x0f, 0xf7, 0x34, 0xcc, 0x91, 0x77, 0xf1, 0xe5, 0x63,
0xb3, 0x02, 0xcb, 0x1f, 0x7c, 0x21, 0x75, 0x91, 0x66, 0x5c, 0x27, 0x07, 0x95, 0xd2, 0x07, 0x3d,
0x81, 0xb5, 0x43, 0x94, 0xbd, 0x17, 0xa7, 0x5d, 0x74, 0x90, 0x07, 0x72, 0x8c, 0x9d, 0x66, 0x6e,
0x1d, 0xca, 0x03, 0xbf, 0x7f, 0x74, 0x60, 0x00, 0xe9, 0x53, 0x58, 0xd3, 0xf5, 0xbd, 0xfc, 0xe9,
0xe0, 0xa4, 0x87, 0x52, 0xc4, 0xd2, 0x2e, 0xb9, 0xe7, 0xfa, 0x97, 0x39, 0x13, 0x4c, 0x1f, 0xc0,
0x5a, 0x94, 0xd3, 0xb9, 0xe2, 0x62, 0x9a, 0x18, 0x0b, 0x2c, 0xea, 0x40, 0x0b, 0x16, 0x4d, 0x84,
0xc2, 0x44, 0xfd, 0xa5, 0x31, 0x97, 0xe9, 0x33, 0xd8, 0x7c, 0xcd, 0xc2, 0x8f, 0x31, 0x6e, 0x74,
0xc7, 0xcc, 0xcf, 0xae, 0xbd, 0x06, 0x37, 0x1c, 0xdf, 0xc5, 0xe8, 0x85, 0xf6, 0x60, 0x7d, 0xcf,
0x75, 0x13, 0xd9, 0x26, 0xad, 0x0a, 0x25, 0x17, 0xc3, 0xe8, 0x69, 0xea, 0x50, 0x0e, 0x71, 0x7c,
0xdf, 0x92, 0x82, 0x50, 0x83, 0xa2, 0xfb, 0x57, 0xa3, 0x5b, 0xd0, 0x4e, 0x43, 0x98, 0x01, 0xd2,
0xd2, 0xc1, 0xfb, 0x63, 0xc2, 0x57, 0xe8, 0x5f, 0x45, 0xb0, 0x7b, 0xbc, 0xef, 0x61, 0x3c, 0xfa,
0x94, 0x9f, 0xa3, 0x90, 0xec, 0x3c, 0x88, 0xcb, 0xbb, 0x52, 0x4e, 0xe1, 0xc8, 0x33, 0x0c, 0x05,
0xf7, 0xbd, 0xe8, 0xd8, 0x49, 0xd7, 0x8d, 0x24, 0xb4, 0xa0, 0x22, 0xc7, 0xb9, 0x91, 0x18, 0x10,
0x00, 0xbc, 0x92, 0xe8, 0xa9, 0x24, 0xa1, 0xb5, 0xa0, 0xa6, 0xc2, 0x04, 0xef, 0x7b, 0x4c, 0x0e,
0x43, 0xd4, 0x3a, 0x50, 0x23, 0x37, 0xa1, 0xe5, 0xc4, 0xd4, 0xc9, 0x74, 0x67, 0x49, 0x97, 0xf8,
0x04, 0xee, 0x9b, 0xfe, 0x25, 0x49, 0xb6, 0x3f, 0x3a, 0xd0, 0xef, 0x11, 0x6b, 0x6a, 0x5c, 0x14,
0xe9, 0x31, 0xfc, 0x7f, 0x7e, 0x5a, 0xd4, 0x91, 0x16, 0x54, 0xde, 0x73, 0x8f, 0x0d, 0xf8, 0x27,
0x74, 0xa7, 0xa4, 0x08, 0x8c, 0x17, 0x99, 0x6b, 0xee, 0xfc, 0xdd, 0x84, 0x95, 0x9e, 0xf4, 0x43,
0xd6, 0x1f, 0xa3, 0xc9, 0x11, 0xd9, 0x85, 0xe6, 0x21, 0x26, 0xe6, 0x88, 0x10, 0xcd, 0xdb, 0x04,
0xe5, 0x6d, 0x62, 0xd4, 0x38, 0xbe, 0x4a, 0x0b, 0xe4, 0x5b, 0x4d, 0xeb, 0xf8, 0xe2, 0xfe, 0x48,
0xb9, 0x66, 0x43, 0x21, 0x4c, 0x5d, 0x34, 0x27, 0xfb, 0x3b, 0x58, 0x39, 0x44, 0x99, 0xb8, 0x18,
0x59, 0x55, 0x99, 0x29, 0x93, 0xb5, 0x33, 0xad, 0xa0, 0x40, 0x4e, 0x61, 0x23, 0xc7, 0x6f, 0x89,
0x76, 0xa3, 0xf9, 0x66, 0x9c, 0x87, 0x7a, 0x06, 0xed, 0x6c, 0x1b, 0x25, 0xf7, 0x22, 0xd0, 0x7c,
0x8b, 0xb5, 0x37, 0x72, 0x5c, 0x90, 0x16, 0xc8, 0x63, 0x68, 0x1c, 0x62, 0x5c, 0x6a, 0x09, 0xa8,
0x60, 0x43, 0x12, 0xbb, 0x65, 0x8a, 0x89, 0x6d, 0xd3, 0x02, 0xd9, 0xd5, 0xed, 0x9d, 0xf5, 0xbb,
0x78, 0xe2, 0xba, 0x56, 0xd4, 0x74, 0x08, 0x2d, 0x90, 0xaf, 0xa1, 0x3d, 0x23, 0xee, 0x46, 0xb9,
0xa7, 0xba, 0x64, 0x57, 0x26, 0x7a, 0x4c, 0x0b, 0xa4, 0x07, 0x56, 0x9e, 0x1d, 0x90, 0xfb, 0x93,
0xc0, 0x7c, 0xb3, 0xb0, 0x57, 0xd2, 0xea, 0x4e, 0x0b, 0xe4, 0x97, 0x48, 0xa9, 0x93, 0x69, 0x9d,
0x2b, 0xe6, 0xc8, 0xff, 0x88, 0xfc, 0x7d, 0x74, 0xc1, 0x19, 0x0f, 0x30, 0x0f, 0x35, 0xd7, 0x1f,
0x92, 0x17, 0x7f, 0x0d, 0xb7, 0x72, 0xa2, 0x75, 0xbf, 0xbe, 0x14, 0xee, 0x19, 0xd8, 0xfa, 0x33,
0x8b, 0x7c, 0x22, 0x73, 0xba, 0x12, 0xe9, 0x6f, 0xa2, 0xf4, 0x4c, 0x53, 0x22, 0x5f, 0x4d, 0x42,
0xe7, 0x99, 0x56, 0x12, 0xf1, 0x15, 0xd4, 0x13, 0xee, 0x43, 0xac, 0x88, 0xc9, 0x33, 0x86, 0x64,
0xdf, 0xd1, 0xd4, 0xca, 0x95, 0x52, 0x5a, 0x20, 0xdf, 0x40, 0x3d, 0xe1, 0x49, 0x06, 0x2c, 0xcb,
0xa6, 0x92, 0x45, 0x3c, 0x85, 0x7a, 0xc2, 0x92, 0x4c, 0x5e, 0x96, 0x4b, 0xd9, 0x9a, 0xdf, 0x66,
0x49, 0x4f, 0x41, 0xf3, 0x04, 0x2f, 0x53, 0x0a, 0x35, 0xa3, 0x27, 0x39, 0x1a, 0xf3, 0x14, 0x88,
0xf9, 0xb3, 0xee, 0xda, 0xfc, 0xaa, 0x59, 0xeb, 0x9c, 0x07, 0x72, 0x44, 0x0b, 0xa4, 0x03, 0x1b,
0x27, 0x78, 0x99, 0x29, 0x2e, 0x59, 0xc2, 0x91, 0xa7, 0x26, 0xcf, 0xc1, 0x36, 0xe7, 0x7f, 0x3e,
0x52, 0xaa, 0x90, 0x5d, 0x58, 0x7f, 0x19, 0x29, 0xfb, 0x97, 0x27, 0x1f, 0x43, 0x3b, 0xdb, 0xc4,
0x0d, 0xa9, 0xe7, 0x1a, 0x7c, 0x1a, 0xeb, 0x08, 0x1a, 0x49, 0x3b, 0x26, 0x37, 0xb5, 0x58, 0x67,
0xb9, 0xbc, 0x6d, 0x67, 0x6d, 0x19, 0xaf, 0xd2, 0xca, 0x5f, 0xdf, 0x73, 0xdd, 0x18, 0x21, 0xaf,
0xa1, 0x5d, 0xba, 0x14, 0x01, 0xb7, 0xe7, 0xb9, 0x22, 0x79, 0x60, 0x66, 0xec, 0x5a, 0xbb, 0xb5,
0xb7, 0xae, 0x0f, 0x9c, 0x14, 0xbd, 0x0b, 0xed, 0x03, 0x64, 0x8e, 0xe4, 0x17, 0xb3, 0x74, 0x9a,
0x1d, 0xe9, 0x54, 0xc5, 0xcf, 0x60, 0x63, 0x9a, 0xfc, 0x19, 0x96, 0x97, 0x4c, 0xdf, 0x5f, 0xfa,
0xb5, 0xac, 0xff, 0x77, 0xfd, 0x37, 0x00, 0x00, 0xff, 0xff, 0x28, 0x5d, 0x11, 0x68, 0xea, 0x0e,
0x00, 0x00,
}

9
sa/proto/sa.proto
View File

@ -10,6 +10,7 @@ service StorageAuthority {
rpc GetRegistration(RegistrationID) returns (core.Registration) {}
rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {}
rpc GetAuthorization(AuthorizationID) returns (core.Authorization) {}
rpc GetPendingAuthorization(GetPendingAuthorizationRequest) returns (core.Authorization) {}
rpc GetValidAuthorizations(GetValidAuthorizationsRequest) returns (ValidAuthorizations) {}
rpc GetCertificate(Serial) returns (core.Certificate) {}
rpc GetCertificateStatus(Serial) returns (CertificateStatus) {}
@ -51,6 +52,14 @@ message AuthorizationID {
optional string id = 1;
}
message GetPendingAuthorizationRequest {
optional int64 registrationID = 1;
optional string identifierType = 2;
optional string identifierValue = 3;
// Result must be valid until at least this Unix timestamp (nanos)
optional int64 validUntil = 4;
}
message GetValidAuthorizationsRequest {
optional int64 registrationID = 1;
repeated string domains = 2;

67
sa/sa.go
View File

@ -676,27 +676,6 @@ func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, reg core
func (ssa *SQLStorageAuthority) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (core.Authorization, error) {
var output core.Authorization
// Check if we can recycle an existing, pending authz.
if features.Enabled(features.ReusePendingAuthz) {
idJSON, err := json.Marshal(authz.Identifier)
if err != nil {
return output, err
}
pa, err := selectPendingAuthz(ssa.dbMap, "WHERE identifier = ? AND expires > ? LIMIT 1", idJSON, ssa.clk.Now().Add(time.Hour))
if err == sql.ErrNoRows {
// No existing authz found, proceed to create one.
} else if err == nil {
// We found an authz, but we still need to fetch its challenges. To
// simplify things, just call GetAuthorization, which takes care of that.
ssa.scope.Inc("reused_authz", 1)
return ssa.GetAuthorization(ctx, pa.ID)
} else {
// Any error other than ErrNoRows; return the error
return output, err
}
}
tx, err := ssa.dbMap.Begin()
if err != nil {
return output, err
@ -746,6 +725,52 @@ func (ssa *SQLStorageAuthority) NewPendingAuthorization(ctx context.Context, aut
return output, err
}
// GetPendingAuthorization returns the most recent Pending authorization
// with the given identifier, if available.
func (ssa *SQLStorageAuthority) GetPendingAuthorization(
ctx context.Context,
req *sapb.GetPendingAuthorizationRequest,
) (*core.Authorization, error) {
identifierJSON, err := json.Marshal(core.AcmeIdentifier{
Type: core.IdentifierType(*req.IdentifierType),
Value: *req.IdentifierValue,
})
if err != nil {
return nil, err
}
// Note: This will use the index on `registrationId`, `expires`, which should
// keep the amount of scanning to a minimum. That index does not include the
// identifier, so accounts with huge numbers of pending authzs may result in
// slow queries here.
pa, err := selectPendingAuthz(ssa.dbMap,
`WHERE registrationID = :regID
AND identifier = :identifierJSON
AND status = :status
AND expires > :validUntil
ORDER BY expires ASC
LIMIT 1`,
map[string]interface{}{
"regID": *req.RegistrationID,
"identifierJSON": identifierJSON,
"status": string(core.StatusPending),
"validUntil": time.Unix(0, *req.ValidUntil),
})
if err == sql.ErrNoRows {
return nil, berrors.NotFoundError("pending authz not found")
} else if err == nil {
// We found an authz, but we still need to fetch its challenges. To
// simplify things, just call GetAuthorization, which takes care of that.
ssa.scope.Inc("reused_authz", 1)
authz, err := ssa.GetAuthorization(ctx, pa.ID)
return &authz, err
} else {
// Any error other than ErrNoRows; return the error
return nil, err
}
}
// UpdatePendingAuthorization updates a Pending Authorization
func (ssa *SQLStorageAuthority) UpdatePendingAuthorization(ctx context.Context, authz core.Authorization) error {
tx, err := ssa.dbMap.Begin()

14
sa/sa_test.go
View File

@ -260,20 +260,6 @@ func TestRecyclePendingEnabled(t *testing.T) {
pendingAuthzB, err := sa.NewPendingAuthorization(ctx, authz)
test.AssertNotError(t, err, "Couldn't create new pending authorization")
test.Assert(t, pendingAuthzB.ID != "", "ID shouldn't be blank")
_ = features.Set(map[string]bool{"ReusePendingAuthz": true})
authz.Challenges = nil
pendingAuthz2, err := sa.NewPendingAuthorization(ctx, authz)
test.AssertNotError(t, err, "Couldn't create new pending authorization")
test.Assert(
t,
pendingAuthzA.ID == pendingAuthz2.ID || pendingAuthzB.ID == pendingAuthz2.ID,
fmt.Sprintf("unexpected pending authz ID, wanted: %q or %q, got: %q", pendingAuthzA.ID, pendingAuthzB.ID, pendingAuthz2.ID),
)
test.Assert(t, len(pendingAuthz2.Challenges) > 0, "no challenges")
test.AssertEquals(t, pendingAuthz2.Challenges[0].Token, "abc")
}
func CreateDomainAuth(t *testing.T, domainName string, sa *SQLStorageAuthority) (authz core.Authorization) {

3
test/config-next/ra.json
View File

@ -44,7 +44,8 @@
"IDNASupport": true,
"AllowKeyRollover": true,
"AllowTLS02Challenges": true,
"CountCertificatesExact": true
"CountCertificatesExact": true,
"ReusePendingAuthz": true
}
},

3
test/config-next/sa.json
View File

@ -25,8 +25,7 @@
},
"features": {
"AllowAccountDeactivation": true,
"AllowRenewalFirstRL": true,
"ReusePendingAuthz": true
"AllowRenewalFirstRL": true
}
},