letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Uses `UniqueLowerNames` for domain/suffix rl funcs. (#2725) 

Both `ra.domainsForRateLimiting` and `ra.suffixesForRateLimiting` were
doing their own "unique"ing with a `map[string]struct{}` when they could
have used `core.UniqueLowerNames`. This commit updates them both to do
so and adjusts the unit tests to expect the new sorted order return.
This commit is contained in:
Daniel McCarney 2017-05-04 07:37:05 -04:00 committed by Roland Bracewell Shoemaker
parent 361e7d4caa
commit b9369a4814
2 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ra/ra.go
View File

@ -729,7 +729,6 @@ func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req cor
// for the purpose of rate limiting. It also de-duplicates the output // for the purpose of rate limiting. It also de-duplicates the output
// domains. Exact public suffix matches are not included. // domains. Exact public suffix matches are not included.
func domainsForRateLimiting(names []string) ([]string, error) { func domainsForRateLimiting(names []string) ([]string, error) {
domainsMap := make(map[string]struct{}, len(names))
var domains []string var domains []string
for _, name := range names { for _, name := range names {
domain, err := publicsuffix.Domain(name) domain, err := publicsuffix.Domain(name)
@ -740,18 +739,14 @@ func domainsForRateLimiting(names []string) ([]string, error) {
// We assume 2 and do not include it in the result. // We assume 2 and do not include it in the result.
continue continue
} }
if _, ok := domainsMap[domain]; !ok { domains = append(domains, domain)
domainsMap[domain] = struct{}{}
domains = append(domains, domain)
}
} }
return domains, nil return core.UniqueLowerNames(domains), nil
} }
// suffixesForRateLimiting returns the unique subset of input names that are // suffixesForRateLimiting returns the unique subset of input names that are
// exactly equal to a public suffix. // exactly equal to a public suffix.
func suffixesForRateLimiting(names []string) ([]string, error) { func suffixesForRateLimiting(names []string) ([]string, error) {
domainsMap := make(map[string]struct{}, len(names))
var suffixMatches []string var suffixMatches []string
for _, name := range names { for _, name := range names {
_, err := publicsuffix.Domain(name) _, err := publicsuffix.Domain(name)
@ -760,13 +755,10 @@ func suffixesForRateLimiting(names []string) ([]string, error) {
// (1) publicsuffix.Domain is giving garbage values // (1) publicsuffix.Domain is giving garbage values
// (2) the public suffix is the domain itself // (2) the public suffix is the domain itself
// We assume 2 and collect it into the result // We assume 2 and collect it into the result
if _, ok := domainsMap[name]; !ok { suffixMatches = append(suffixMatches, name)
domainsMap[name] = struct{}{}
suffixMatches = append(suffixMatches, name)
}
} }
} }
return suffixMatches, nil return core.UniqueLowerNames(suffixMatches), nil
} }
// certCountRPC abstracts the choice of the SA.CountCertificatesByExactNames or // certCountRPC abstracts the choice of the SA.CountCertificatesByExactNames or

16
ra/ra_test.go
View File

@ -986,14 +986,14 @@ func TestDomainsForRateLimiting(t *testing.T) {
domains, err = domainsForRateLimiting([]string{"www.example.com", "example.com", "www.example.co.uk"}) domains, err = domainsForRateLimiting([]string{"www.example.com", "example.com", "www.example.co.uk"})
test.AssertNotError(t, err, "failed on example.co.uk") test.AssertNotError(t, err, "failed on example.co.uk")
test.AssertEquals(t, len(domains), 2) test.AssertEquals(t, len(domains), 2)
test.AssertEquals(t, domains[0], "example.com") test.AssertEquals(t, domains[0], "example.co.uk")
test.AssertEquals(t, domains[1], "example.co.uk") test.AssertEquals(t, domains[1], "example.com")
domains, err = domainsForRateLimiting([]string{"www.example.com", "example.com", "www.example.co.uk", "co.uk"}) domains, err = domainsForRateLimiting([]string{"www.example.com", "example.com", "www.example.co.uk", "co.uk"})
test.AssertNotError(t, err, "should not fail on public suffix") test.AssertNotError(t, err, "should not fail on public suffix")
test.AssertEquals(t, len(domains), 2) test.AssertEquals(t, len(domains), 2)
test.AssertEquals(t, domains[0], "example.com") test.AssertEquals(t, domains[0], "example.co.uk")
test.AssertEquals(t, domains[1], "example.co.uk") test.AssertEquals(t, domains[1], "example.com")
domains, err = domainsForRateLimiting([]string{"foo.bar.baz.www.example.com", "baz.example.com"}) domains, err = domainsForRateLimiting([]string{"foo.bar.baz.www.example.com", "baz.example.com"})
test.AssertNotError(t, err, "failed on foo.bar.baz") test.AssertNotError(t, err, "failed on foo.bar.baz")
@ -1003,8 +1003,8 @@ func TestDomainsForRateLimiting(t *testing.T) {
domains, err = domainsForRateLimiting([]string{"github.io", "foo.github.io", "bar.github.io"}) domains, err = domainsForRateLimiting([]string{"github.io", "foo.github.io", "bar.github.io"})
test.AssertNotError(t, err, "failed on public suffix private domain") test.AssertNotError(t, err, "failed on public suffix private domain")
test.AssertEquals(t, len(domains), 2) test.AssertEquals(t, len(domains), 2)
test.AssertEquals(t, domains[0], "foo.github.io") test.AssertEquals(t, domains[0], "bar.github.io")
test.AssertEquals(t, domains[1], "bar.github.io") test.AssertEquals(t, domains[1], "foo.github.io")
} }
func TestSuffixesForRateLimiting(t *testing.T) { func TestSuffixesForRateLimiting(t *testing.T) {
@ -1029,8 +1029,8 @@ func TestSuffixesForRateLimiting(t *testing.T) {
suffixes, err = suffixesForRateLimiting([]string{"github.io", "foo.github.io", "www.example.com", "www.example.co.uk", "co.uk"}) suffixes, err = suffixesForRateLimiting([]string{"github.io", "foo.github.io", "www.example.com", "www.example.co.uk", "co.uk"})
test.AssertNotError(t, err, "failed on mix of public suffix private domain and public suffix") test.AssertNotError(t, err, "failed on mix of public suffix private domain and public suffix")
test.AssertEquals(t, len(suffixes), 2) test.AssertEquals(t, len(suffixes), 2)
test.AssertEquals(t, suffixes[0], "github.io") test.AssertEquals(t, suffixes[0], "co.uk")
test.AssertEquals(t, suffixes[1], "co.uk") test.AssertEquals(t, suffixes[1], "github.io")
} }
func TestRateLimitLiveReload(t *testing.T) { func TestRateLimitLiveReload(t *testing.T) {