Clean up TODOs

2015-05-31 22:26:15 -04:00 · 2015-05-31 22:26:15 -04:00 · 9917ca17f6
parent 810c6b5527
commit 9917ca17f6
7 changed files with 8 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -189,8 +189,4 @@ WebFE -> Client:  revocation
 TODO
 ----

-* Ensure that distributed mode works with multiple processes
-* Add message signing and verification to the AMQP message layer
-* Add monitoring / syslog
-* Factor out policy layer (e.g., selection of challenges)
-* Add persistent storage
+See [the issues list](https://github.com/letsencrypt/boulder/issues)
--- a/core/objects.go
+++ b/core/objects.go
@ -230,7 +230,7 @@ func (ch Challenge) IsSane(completed bool) bool {
 }

 // Merge a client-provide response to a challenge with the issued challenge
-// TODO: Remove return type from this method
+// Note: This method does not update the challenge on the left side of the '.'
 func (ch Challenge) MergeResponse(resp Challenge) Challenge {
 	// Only override fields that are supposed to be client-provided
 	if len(ch.Path) == 0 {
--- a/ra/registration-authority.go
+++ b/ra/registration-authority.go
@ -162,7 +162,6 @@ func (ra *RegistrationAuthorityImpl) NewCertificate(req core.CertificateRequest,
 	}

 	// Verify the CSR
-	// TODO: Verify that other aspects of the CSR are appropriate
 	csr := req.CSR
 	if err = core.VerifyCSR(csr); err != nil {
 		logEvent.Error = err.Error()
--- a/ra/registration-authority_test.go
+++ b/ra/registration-authority_test.go
@ -291,12 +291,11 @@ func TestNewAuthorization(t *testing.T) {
 	test.Assert(t, authz.Identifier == AuthzRequest.Identifier, "Initial authz had wrong identifier")
 	test.Assert(t, authz.Status == core.StatusPending, "Initial authz not pending")

-	// TODO Verify challenges
+	// TODO Verify that challenges are correct
 	test.Assert(t, len(authz.Challenges) == 2, "Incorrect number of challenges returned")
 	test.Assert(t, authz.Challenges[0].Type == core.ChallengeTypeSimpleHTTPS, "Challenge 0 not SimpleHTTPS")
 	test.Assert(t, authz.Challenges[1].Type == core.ChallengeTypeDVSNI, "Challenge 1 not DVSNI")

-	// TODO Test failure cases
 	t.Log("DONE TestNewAuthorization")
 }

@ -322,7 +321,6 @@ func TestUpdateAuthorization(t *testing.T) {
 	simpleHttps := va.Argument.Challenges[0]
 	test.Assert(t, simpleHttps.Path == Response.Path, "simpleHttps changed")

-	// TODO Test failure cases
 	t.Log("DONE TestUpdateAuthorization")
 }

@ -345,7 +343,6 @@ func TestOnValidationUpdate(t *testing.T) {
 	t.Log(" ~~> from VA: ", authzFromVA.Status)
 	t.Log(" ~~> from DB: ", dbAuthz.Status)

-	// TODO Test failure cases
 	t.Log("DONE TestOnValidationUpdate")
 }

--- a/sa/storage-authority.go
+++ b/sa/storage-authority.go
@ -282,8 +282,6 @@ func (ssa *SQLStorageAuthority) GetAuthorization(id string) (authz core.Authoriz
 // serial number and returns the first certificate whose full serial number is
 // lexically greater than that id. This allows clients to query on the known
 // sequential half of our serial numbers to enumerate all certificates.
-// TODO: Implement error when there are multiple certificates with the same
-// sequential half.
 func (ssa *SQLStorageAuthority) GetCertificateByShortSerial(shortSerial string) (cert []byte, err error) {
 	if len(shortSerial) != 16 {
 		err = errors.New("Invalid certificate short serial " + shortSerial)
@ -368,7 +366,6 @@ func (ssa *SQLStorageAuthority) MarkCertificateRevoked(serial string, ocspRespon
 		return
 	}

-	// TODO: Also update crls.
 	ocspResp := &core.OcspResponse{Serial: serial, CreatedAt: time.Now(), Response: ocspResponse}
 	err = tx.Insert(ocspResp)
 	if err != nil {
@ -575,6 +572,7 @@ func (ssa *SQLStorageAuthority) AddCertificate(certDER []byte, regID int64) (dig
 		return
 	}

+	// TODO Verify that the serial number doesn't yet exist
 	err = tx.Insert(cert)
 	if err != nil {
 		tx.Rollback()
--- a/va/validation-authority.go
+++ b/va/validation-authority.go
@ -76,8 +76,8 @@ func (va ValidationAuthorityImpl) validateSimpleHTTPS(identifier core.AcmeIdenti
 	httpRequest.Host = hostName
 	tr := &http.Transport{
 		// We are talking to a client that does not yet have a certificate,
-		// so we accept a temporary, invalid one. TODO: We may want to change this
-		// to just be over HTTP.
+		// so we accept a temporary, invalid one.
+		// XXX: We may want to change this to just be over HTTP.
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		// We don't expect to make multiple requests to a client, so close
 		// connection immediately.
--- a/wfe/web-front-end.go
+++ b/wfe/web-front-end.go
@ -185,8 +185,6 @@ func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool) ([]
 		wfe.log.Debug(fmt.Sprintf("POST not signed: %v", parsedJws))
 		return nil, nil, reg, errors.New("POST not signed")
 	}
-	// TODO: Look up key in registrations.
-	// https://github.com/letsencrypt/boulder/issues/187
 	key := parsedJws.Signatures[0].Header.JsonWebKey
 	payload, err := parsedJws.Verify(key)
 	if err != nil {
@ -203,7 +201,6 @@ func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool) ([]
 		}
 	}

-	// TODO Return JWS body
 	return []byte(payload), key, reg, nil
 }

@ -493,8 +490,7 @@ func (wfe *WebFrontEndImpl) NewCertificate(response http.ResponseWriter, request
 	serial := parsedCertificate.SerialNumber
 	certURL := fmt.Sprintf("%s%016x", wfe.CertBase, serial.Rsh(serial, 64))

-	// TODO The spec says a client should send an Accept: application/pkix-cert
-	// header; either explicitly insist or tolerate
+	// TODO Content negotiation
 	response.Header().Add("Location", certURL)
 	response.Header().Add("Link", link(wfe.BaseURL+IssuerPath, "up"))
 	response.Header().Set("Content-Type", "application/pkix-cert")
@ -730,7 +726,7 @@ func (wfe *WebFrontEndImpl) Certificate(response http.ResponseWriter, request *h
 			return
 		}

-		// TODO: Content negotiation
+		// TODO Content negotiation
 		response.Header().Set("Content-Type", "application/pkix-cert")
 		response.Header().Add("Link", link(IssuerPath, "up"))
 		response.WriteHeader(http.StatusOK)