letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove unused CheckCAA RPC 

Helpful for #1486 and was already in my local repo.
This commit is contained in:
Jeff Hodges 2016-02-08 13:49:21 -08:00
parent 8237a133c4
commit c36bc382dd
5 changed files with 3 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/va.go
View File

@ -9,7 +9,6 @@ package core
type ValidationAuthority interface { type ValidationAuthority interface {
// [RegistrationAuthority] // [RegistrationAuthority]
UpdateValidations(Authorization, int) error UpdateValidations(Authorization, int) error
CheckCAARecords(AcmeIdentifier) (bool, bool, error)
IsSafeDomain(*IsSafeDomainRequest) (*IsSafeDomainResponse, error) IsSafeDomain(*IsSafeDomainRequest) (*IsSafeDomainResponse, error)
} }

4
ra/registration-authority_test.go
View File

@ -49,10 +49,6 @@ func (dva *DummyValidationAuthority) UpdateValidations(authz core.Authorization,
return return
} }
func (dva *DummyValidationAuthority) CheckCAARecords(identifier core.AcmeIdentifier) (present, valid bool, err error) {
return false, true, nil
}
func (dva *DummyValidationAuthority) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error) { func (dva *DummyValidationAuthority) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error) {
if dva.IsSafeDomainErr != nil { if dva.IsSafeDomainErr != nil {
return nil, dva.IsSafeDomainErr return nil, dva.IsSafeDomainErr

52
rpc/rpc-wrappers.go
View File

@ -46,7 +46,6 @@ const (
MethodAdministrativelyRevokeCertificate = "AdministrativelyRevokeCertificate" // RA MethodAdministrativelyRevokeCertificate = "AdministrativelyRevokeCertificate" // RA
MethodOnValidationUpdate = "OnValidationUpdate" // RA MethodOnValidationUpdate = "OnValidationUpdate" // RA
MethodUpdateValidations = "UpdateValidations" // VA MethodUpdateValidations = "UpdateValidations" // VA
MethodCheckCAARecords = "CheckCAARecords" // VA
MethodIsSafeDomain = "IsSafeDomain" // VA MethodIsSafeDomain = "IsSafeDomain" // VA
MethodIssueCertificate = "IssueCertificate" // CA MethodIssueCertificate = "IssueCertificate" // CA
MethodGenerateOCSP = "GenerateOCSP" // CA MethodGenerateOCSP = "GenerateOCSP" // CA
@ -533,32 +532,6 @@ func NewValidationAuthorityServer(rpc Server, impl core.ValidationAuthority) (er
return return
}) })
rpc.Handle(MethodCheckCAARecords, func(req []byte) (response []byte, err error) {
var caaReq caaRequest
if err = json.Unmarshal(req, &caaReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodCheckCAARecords, err, req)
return
}
present, valid, err := impl.CheckCAARecords(caaReq.Ident)
if err != nil {
return
}
var caaResp caaResponse
caaResp.Present = present
caaResp.Valid = valid
caaResp.Err = err
response, err = json.Marshal(caaResp)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodCheckCAARecords, err, caaReq)
return
}
return
})
rpc.Handle(MethodIsSafeDomain, func(req []byte) ([]byte, error) { rpc.Handle(MethodIsSafeDomain, func(req []byte) ([]byte, error) {
r := &core.IsSafeDomainRequest{} r := &core.IsSafeDomainRequest{}
if err := json.Unmarshal(req, r); err != nil { if err := json.Unmarshal(req, r); err != nil {
@ -606,31 +579,6 @@ func (vac ValidationAuthorityClient) UpdateValidations(authz core.Authorization,
return nil return nil
} }
// CheckCAARecords sends a request to check CAA records
func (vac ValidationAuthorityClient) CheckCAARecords(ident core.AcmeIdentifier) (present bool, valid bool, err error) {
var caaReq caaRequest
caaReq.Ident = ident
data, err := json.Marshal(caaReq)
if err != nil {
return
}
jsonResp, err := vac.rpc.DispatchSync(MethodCheckCAARecords, data)
if err != nil {
return
}
var caaResp caaResponse
err = json.Unmarshal(jsonResp, &caaResp)
if err != nil {
return
}
present = caaResp.Present
valid = caaResp.Valid
return
}
// IsSafeDomain returns true if the domain given is determined to be safe by an // IsSafeDomain returns true if the domain given is determined to be safe by an
// third-party safe browsing API. // third-party safe browsing API.
func (vac ValidationAuthorityClient) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error) { func (vac ValidationAuthorityClient) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error) {

7
va/validation-authority.go
View File

@ -624,13 +624,6 @@ func (va *ValidationAuthorityImpl) getCAASet(ctx context.Context, hostname strin
return nil, nil return nil, nil
} }
// CheckCAARecords verifies that, if the indicated subscriber domain has any CAA
// records, they authorize the configured CA domain to issue a certificate
func (va *ValidationAuthorityImpl) CheckCAARecords(identifier core.AcmeIdentifier) (present, valid bool, err error) {
// TODO(#1292): add a proper deadline here
return va.checkCAARecords(context.TODO(), identifier)
}
func (va *ValidationAuthorityImpl) checkCAARecords(ctx context.Context, identifier core.AcmeIdentifier) (present, valid bool, err error) { func (va *ValidationAuthorityImpl) checkCAARecords(ctx context.Context, identifier core.AcmeIdentifier) (present, valid bool, err error) {
hostname := strings.ToLower(identifier.Value) hostname := strings.ToLower(identifier.Value)
caaSet, err := va.getCAASet(ctx, hostname) caaSet, err := va.getCAASet(ctx, hostname)

7
va/validation-authority_test.go
View File

@ -688,11 +688,10 @@ func TestCAAChecking(t *testing.T) {
va.DNSResolver = &bdns.MockDNSResolver{} va.DNSResolver = &bdns.MockDNSResolver{}
va.IssuerDomain = "letsencrypt.org" va.IssuerDomain = "letsencrypt.org"
for _, caaTest := range tests { for _, caaTest := range tests {
present, valid, err := va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: caaTest.Domain}) present, valid, err := va.checkCAARecords(context.Background(), core.AcmeIdentifier{Type: "dns", Value: caaTest.Domain})
if err != nil { if err != nil {
t.Errorf("CheckCAARecords error for %s: %s", caaTest.Domain, err) t.Errorf("CheckCAARecords error for %s: %s", caaTest.Domain, err)
} }
fmt.Println(caaTest.Domain, caaTest.Present == present, caaTest.Valid == valid)
if present != caaTest.Present { if present != caaTest.Present {
t.Errorf("CheckCAARecords presence mismatch for %s: got %t expected %t", caaTest.Domain, present, caaTest.Present) t.Errorf("CheckCAARecords presence mismatch for %s: got %t expected %t", caaTest.Domain, present, caaTest.Present)
} }
@ -701,12 +700,12 @@ func TestCAAChecking(t *testing.T) {
} }
} }
present, valid, err := va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: "servfail.com"}) present, valid, err := va.checkCAARecords(context.Background(), core.AcmeIdentifier{Type: "dns", Value: "servfail.com"})
test.AssertError(t, err, "servfail.com") test.AssertError(t, err, "servfail.com")
test.Assert(t, !present, "Present should be false") test.Assert(t, !present, "Present should be false")
test.Assert(t, !valid, "Valid should be false") test.Assert(t, !valid, "Valid should be false")
_, _, err = va.CheckCAARecords(core.AcmeIdentifier{Type: "dns", Value: "servfail.com"}) _, _, err = va.checkCAARecords(context.Background(), core.AcmeIdentifier{Type: "dns", Value: "servfail.com"})
if err == nil { if err == nil {
t.Errorf("Should have returned error on CAA lookup, but did not: %s", "servfail.com") t.Errorf("Should have returned error on CAA lookup, but did not: %s", "servfail.com")
} }