Merge pull request #1622 from letsencrypt/log-ct-prob
Include the log URI when logging CT problems.
This commit is contained in:
Roland Bracewell Shoemaker
commit
a4f4326190
|
|
@ -23,6 +23,7 @@ import (
|
|||
|
||||
// Log contains the CT client and signature verifier for a particular CT log
|
||||
type Log struct {
|
||||
uri string
|
||||
client *ctClient.LogClient
|
||||
verifier *ct.SignatureVerifier
|
||||
}
|
||||
|
|
@ -48,7 +49,7 @@ func NewLog(uri, b64PK string) (*Log, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
return &Log{client, verifier}, nil
|
||||
return &Log{uri, client, verifier}, nil
|
||||
}
|
||||
|
||||
type ctSubmissionRequest struct {
|
||||
|
|
@ -99,7 +100,7 @@ func (pub *Impl) SubmitToCT(der []byte) error {
|
|||
sct, err := ctLog.client.AddChainWithContext(ctx, chain)
|
||||
if err != nil {
|
||||
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
|
||||
pub.log.AuditErr(fmt.Errorf("Failed to submit certificate to CT log: %s", err))
|
||||
pub.log.AuditErr(fmt.Errorf("Failed to submit certificate to CT log at %s: %s", ctLog.uri, err))
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import (
|
|||
"time"
|
||||
|
||||
ct "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/google/certificate-transparency/go"
|
||||
ctClient "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/google/certificate-transparency/go/client"
|
||||
"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/jmhodges/clock"
|
||||
|
||||
"github.com/letsencrypt/boulder/mocks"
|
||||
|
|
@ -272,13 +271,12 @@ func setup(t *testing.T) (*Impl, *x509.Certificate, *ecdsa.PrivateKey) {
|
|||
}
|
||||
|
||||
func addLog(t *testing.T, pub *Impl, port int, pubKey *ecdsa.PublicKey) {
|
||||
verifier, err := ct.NewSignatureVerifier(pubKey)
|
||||
test.AssertNotError(t, err, "Couldn't create signature verifier")
|
||||
|
||||
pub.ctLogs = append(pub.ctLogs, &Log{
|
||||
client: ctClient.New(fmt.Sprintf("http://localhost:%d", port)),
|
||||
verifier: verifier,
|
||||
})
|
||||
uri := fmt.Sprintf("http://localhost:%d", port)
|
||||
der, err := x509.MarshalPKIXPublicKey(pubKey)
|
||||
test.AssertNotError(t, err, "Failed to marshal key")
|
||||
newLog, err := NewLog(uri, base64.StdEncoding.EncodeToString(der))
|
||||
test.AssertNotError(t, err, "Couldn't create log")
|
||||
pub.ctLogs = append(pub.ctLogs, newLog)
|
||||
}
|
||||
|
||||
func TestBasicSuccessful(t *testing.T) {
|
||||
|
|
@ -330,6 +328,7 @@ func TestUnexpectedError(t *testing.T) {
|
|||
log.Clear()
|
||||
err = pub.SubmitToCT(leaf.Raw)
|
||||
test.AssertNotError(t, err, "Certificate submission failed")
|
||||
test.AssertEquals(t, len(log.GetAllMatching("Failed .*http://localhost:"+strconv.Itoa(port))), 1)
|
||||
}
|
||||
|
||||
func TestRetryAfter(t *testing.T) {
|
||||
|
|
@ -364,7 +363,7 @@ func TestRetryAfterContext(t *testing.T) {
|
|||
s := time.Now()
|
||||
pub.SubmitToCT(leaf.Raw)
|
||||
took := time.Since(s)
|
||||
test.Assert(t, len(log.GetAllMatching(".*Failed to submit certificate to CT log: context deadline exceeded.*")) == 1, "Submission didn't timeout")
|
||||
test.Assert(t, len(log.GetAllMatching(".*Failed to submit certificate to CT log at .*: context deadline exceeded.*")) == 1, "Submission didn't timeout")
|
||||
test.Assert(t, took >= time.Second, fmt.Sprintf("Submission took too long to timeout: %s", took))
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue