diff --git a/core/va.go b/core/va.go index df1c4194a..5c7d2d11b 100644 --- a/core/va.go +++ b/core/va.go @@ -9,7 +9,6 @@ package core type ValidationAuthority interface { // [RegistrationAuthority] UpdateValidations(Authorization, int) error - CheckCAARecords(AcmeIdentifier) (bool, bool, error) IsSafeDomain(*IsSafeDomainRequest) (*IsSafeDomainResponse, error) } diff --git a/ra/registration-authority_test.go b/ra/registration-authority_test.go index 91719e57d..9b616f2fb 100644 --- a/ra/registration-authority_test.go +++ b/ra/registration-authority_test.go @@ -49,10 +49,6 @@ func (dva *DummyValidationAuthority) UpdateValidations(authz core.Authorization, return } -func (dva *DummyValidationAuthority) CheckCAARecords(identifier core.AcmeIdentifier) (present, valid bool, err error) { - return false, true, nil -} - func (dva *DummyValidationAuthority) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error) { if dva.IsSafeDomainErr != nil { return nil, dva.IsSafeDomainErr diff --git a/rpc/rpc-wrappers.go b/rpc/rpc-wrappers.go index 62f628315..27e6242d7 100644 --- a/rpc/rpc-wrappers.go +++ b/rpc/rpc-wrappers.go @@ -46,7 +46,6 @@ const ( MethodAdministrativelyRevokeCertificate = "AdministrativelyRevokeCertificate" // RA MethodOnValidationUpdate = "OnValidationUpdate" // RA MethodUpdateValidations = "UpdateValidations" // VA - MethodCheckCAARecords = "CheckCAARecords" // VA MethodIsSafeDomain = "IsSafeDomain" // VA MethodIssueCertificate = "IssueCertificate" // CA MethodGenerateOCSP = "GenerateOCSP" // CA @@ -533,32 +532,6 @@ func NewValidationAuthorityServer(rpc Server, impl core.ValidationAuthority) (er return }) - rpc.Handle(MethodCheckCAARecords, func(req []byte) (response []byte, err error) { - var caaReq caaRequest - if err = json.Unmarshal(req, &caaReq); err != nil { - // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 - improperMessage(MethodCheckCAARecords, err, req) - return - } - - present, valid, err := impl.CheckCAARecords(caaReq.Ident) - if err != nil { - return - } - - var caaResp caaResponse - caaResp.Present = present - caaResp.Valid = valid - caaResp.Err = err - response, err = json.Marshal(caaResp) - if err != nil { - // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 - errorCondition(MethodCheckCAARecords, err, caaReq) - return - } - return - }) - rpc.Handle(MethodIsSafeDomain, func(req []byte) ([]byte, error) { r := &core.IsSafeDomainRequest{} if err := json.Unmarshal(req, r); err != nil { @@ -606,31 +579,6 @@ func (vac ValidationAuthorityClient) UpdateValidations(authz core.Authorization, return nil } -// CheckCAARecords sends a request to check CAA records -func (vac ValidationAuthorityClient) CheckCAARecords(ident core.AcmeIdentifier) (present bool, valid bool, err error) { - var caaReq caaRequest - caaReq.Ident = ident - data, err := json.Marshal(caaReq) - if err != nil { - return - } - - jsonResp, err := vac.rpc.DispatchSync(MethodCheckCAARecords, data) - if err != nil { - return - } - - var caaResp caaResponse - - err = json.Unmarshal(jsonResp, &caaResp) - if err != nil { - return - } - present = caaResp.Present - valid = caaResp.Valid - return -} - // IsSafeDomain returns true if the domain given is determined to be safe by an // third-party safe browsing API. func (vac ValidationAuthorityClient) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error) { diff --git a/va/validation-authority.go b/va/validation-authority.go index 2207de530..6272cb815 100644 --- a/va/validation-authority.go +++ b/va/validation-authority.go @@ -624,13 +624,6 @@ func (va *ValidationAuthorityImpl) getCAASet(ctx context.Context, hostname strin return nil, nil } -// CheckCAARecords verifies that, if the indicated subscriber domain has any CAA -// records, they authorize the configured CA domain to issue a certificate -func (va *ValidationAuthorityImpl) CheckCAARecords(identifier core.AcmeIdentifier) (present, valid bool, err error) { - // TODO(#1292): add a proper deadline here - return va.checkCAARecords(context.TODO(), identifier) -} - func (va *ValidationAuthorityImpl) checkCAARecords(ctx context.Context, identifier core.AcmeIdentifier) (present, valid bool, err error) { hostname := strings.ToLower(identifier.Value) caaSet, err := va.getCAASet(ctx, hostname) diff --git a/va/validation-authority_test.go b/va/validation-authority_test.go index e763f28b1..9e106ae3b 100644 --- a/va/validation-authority_test.go +++ b/va/validation-authority_test.go @@ -688,11 +688,10 @@ func TestCAAChecking(t *testing.T) { va.DNSResolver = &bdns.MockDNSResolver{} va.IssuerDomain = "letsencrypt.org" for _, caaTest := range tests { - present, valid, err := va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: caaTest.Domain}) + present, valid, err := va.checkCAARecords(context.Background(), core.AcmeIdentifier{Type: "dns", Value: caaTest.Domain}) if err != nil { t.Errorf("CheckCAARecords error for %s: %s", caaTest.Domain, err) } - fmt.Println(caaTest.Domain, caaTest.Present == present, caaTest.Valid == valid) if present != caaTest.Present { t.Errorf("CheckCAARecords presence mismatch for %s: got %t expected %t", caaTest.Domain, present, caaTest.Present) } @@ -701,12 +700,12 @@ func TestCAAChecking(t *testing.T) { } } - present, valid, err := va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: "servfail.com"}) + present, valid, err := va.checkCAARecords(context.Background(), core.AcmeIdentifier{Type: "dns", Value: "servfail.com"}) test.AssertError(t, err, "servfail.com") test.Assert(t, !present, "Present should be false") test.Assert(t, !valid, "Valid should be false") - _, _, err = va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: "servfail.com"}) + _, _, err = va.checkCAARecords(context.Background(), core.AcmeIdentifier{Type: "dns", Value: "servfail.com"}) if err == nil { t.Errorf("Should have returned error on CAA lookup, but did not: %s", "servfail.com") }