diff --git a/README.md b/README.md index bf2c92b66..68ebe4fc2 100644 --- a/README.md +++ b/README.md @@ -189,8 +189,4 @@ WebFE -> Client: revocation TODO ---- -* Ensure that distributed mode works with multiple processes -* Add message signing and verification to the AMQP message layer -* Add monitoring / syslog -* Factor out policy layer (e.g., selection of challenges) -* Add persistent storage +See [the issues list](https://github.com/letsencrypt/boulder/issues) diff --git a/core/objects.go b/core/objects.go index 5fee31e6a..6d2b42997 100644 --- a/core/objects.go +++ b/core/objects.go @@ -230,7 +230,7 @@ func (ch Challenge) IsSane(completed bool) bool { } // Merge a client-provide response to a challenge with the issued challenge -// TODO: Remove return type from this method +// Note: This method does not update the challenge on the left side of the '.' func (ch Challenge) MergeResponse(resp Challenge) Challenge { // Only override fields that are supposed to be client-provided if len(ch.Path) == 0 { diff --git a/ra/registration-authority.go b/ra/registration-authority.go index 4d36c7f79..64e71dc6c 100644 --- a/ra/registration-authority.go +++ b/ra/registration-authority.go @@ -162,7 +162,6 @@ func (ra *RegistrationAuthorityImpl) NewCertificate(req core.CertificateRequest, } // Verify the CSR - // TODO: Verify that other aspects of the CSR are appropriate csr := req.CSR if err = core.VerifyCSR(csr); err != nil { logEvent.Error = err.Error() diff --git a/ra/registration-authority_test.go b/ra/registration-authority_test.go index 5934dcafa..7eb4aed74 100644 --- a/ra/registration-authority_test.go +++ b/ra/registration-authority_test.go @@ -291,12 +291,11 @@ func TestNewAuthorization(t *testing.T) { test.Assert(t, authz.Identifier == AuthzRequest.Identifier, "Initial authz had wrong identifier") test.Assert(t, authz.Status == core.StatusPending, "Initial authz not pending") - // TODO Verify challenges + // TODO Verify that challenges are correct test.Assert(t, len(authz.Challenges) == 2, "Incorrect number of challenges returned") test.Assert(t, authz.Challenges[0].Type == core.ChallengeTypeSimpleHTTPS, "Challenge 0 not SimpleHTTPS") test.Assert(t, authz.Challenges[1].Type == core.ChallengeTypeDVSNI, "Challenge 1 not DVSNI") - // TODO Test failure cases t.Log("DONE TestNewAuthorization") } @@ -322,7 +321,6 @@ func TestUpdateAuthorization(t *testing.T) { simpleHttps := va.Argument.Challenges[0] test.Assert(t, simpleHttps.Path == Response.Path, "simpleHttps changed") - // TODO Test failure cases t.Log("DONE TestUpdateAuthorization") } @@ -345,7 +343,6 @@ func TestOnValidationUpdate(t *testing.T) { t.Log(" ~~> from VA: ", authzFromVA.Status) t.Log(" ~~> from DB: ", dbAuthz.Status) - // TODO Test failure cases t.Log("DONE TestOnValidationUpdate") } diff --git a/sa/storage-authority.go b/sa/storage-authority.go index b2f5780c3..2b07d7f45 100644 --- a/sa/storage-authority.go +++ b/sa/storage-authority.go @@ -282,8 +282,6 @@ func (ssa *SQLStorageAuthority) GetAuthorization(id string) (authz core.Authoriz // serial number and returns the first certificate whose full serial number is // lexically greater than that id. This allows clients to query on the known // sequential half of our serial numbers to enumerate all certificates. -// TODO: Implement error when there are multiple certificates with the same -// sequential half. func (ssa *SQLStorageAuthority) GetCertificateByShortSerial(shortSerial string) (cert []byte, err error) { if len(shortSerial) != 16 { err = errors.New("Invalid certificate short serial " + shortSerial) @@ -368,7 +366,6 @@ func (ssa *SQLStorageAuthority) MarkCertificateRevoked(serial string, ocspRespon return } - // TODO: Also update crls. ocspResp := &core.OcspResponse{Serial: serial, CreatedAt: time.Now(), Response: ocspResponse} err = tx.Insert(ocspResp) if err != nil { @@ -575,6 +572,7 @@ func (ssa *SQLStorageAuthority) AddCertificate(certDER []byte, regID int64) (dig return } + // TODO Verify that the serial number doesn't yet exist err = tx.Insert(cert) if err != nil { tx.Rollback() diff --git a/va/validation-authority.go b/va/validation-authority.go index e51d664ad..7f72364ce 100644 --- a/va/validation-authority.go +++ b/va/validation-authority.go @@ -76,8 +76,8 @@ func (va ValidationAuthorityImpl) validateSimpleHTTPS(identifier core.AcmeIdenti httpRequest.Host = hostName tr := &http.Transport{ // We are talking to a client that does not yet have a certificate, - // so we accept a temporary, invalid one. TODO: We may want to change this - // to just be over HTTP. + // so we accept a temporary, invalid one. + // XXX: We may want to change this to just be over HTTP. TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // We don't expect to make multiple requests to a client, so close // connection immediately. diff --git a/wfe/web-front-end.go b/wfe/web-front-end.go index e8caeac36..f886b6de5 100644 --- a/wfe/web-front-end.go +++ b/wfe/web-front-end.go @@ -185,8 +185,6 @@ func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool) ([] wfe.log.Debug(fmt.Sprintf("POST not signed: %v", parsedJws)) return nil, nil, reg, errors.New("POST not signed") } - // TODO: Look up key in registrations. - // https://github.com/letsencrypt/boulder/issues/187 key := parsedJws.Signatures[0].Header.JsonWebKey payload, err := parsedJws.Verify(key) if err != nil { @@ -203,7 +201,6 @@ func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool) ([] } } - // TODO Return JWS body return []byte(payload), key, reg, nil } @@ -493,8 +490,7 @@ func (wfe *WebFrontEndImpl) NewCertificate(response http.ResponseWriter, request serial := parsedCertificate.SerialNumber certURL := fmt.Sprintf("%s%016x", wfe.CertBase, serial.Rsh(serial, 64)) - // TODO The spec says a client should send an Accept: application/pkix-cert - // header; either explicitly insist or tolerate + // TODO Content negotiation response.Header().Add("Location", certURL) response.Header().Add("Link", link(wfe.BaseURL+IssuerPath, "up")) response.Header().Set("Content-Type", "application/pkix-cert") @@ -730,7 +726,7 @@ func (wfe *WebFrontEndImpl) Certificate(response http.ResponseWriter, request *h return } - // TODO: Content negotiation + // TODO Content negotiation response.Header().Set("Content-Type", "application/pkix-cert") response.Header().Add("Link", link(IssuerPath, "up")) response.WriteHeader(http.StatusOK)