review fixes

2016-01-08 16:21:12 -08:00 · 2016-01-08 16:21:12 -08:00 · cbdf0444b6
parent c0a1d4494e
commit cbdf0444b6
6 changed files with 63 additions and 40 deletions
--- a/cmd/admin-revoker/main.go
+++ b/cmd/admin-revoker/main.go
@ -239,16 +239,20 @@ func main() {
 				if err != nil {
 					cmd.FailOnError(err, "Failed to retrieve authorizations")
 				}
+				fmt.Printf("Found %d authorizations\n", len(auths))
+				revoked := 0
 				for _, a := range auths {
 					if a.Status != core.StatusInvalid && a.Status != core.StatusRevoked {
-						err = sac.RevokeAuthorization(a)
+						err = sac.RevokeAuthorization(a.ID)
 						if err != nil {
-							stats.Inc("admin-revoker.auths.reovcation-failure", 1, 1.0)
+							stats.Inc("admin-revoker.auths.revocation-failure", 1, 1.0)
 							cmd.FailOnError(err, fmt.Sprintf("Failed to revoke authorization [%s] for domain %s", a.ID, a.Identifier.Value))
 						}
-						stats.Inc("admin-revoker.auths.reovcation-success", 1, 1.0)
+						stats.Inc("admin-revoker.auths.revocation-success", 1, 1.0)
+						revoked++
 					}
 				}
+				fmt.Printf("Revoked %d pending or valid authorizations\n", revoked)
 			},
 		},
 	}
--- a/core/interfaces.go
+++ b/core/interfaces.go
@ -121,7 +121,7 @@ type StorageAdder interface {
 	UpdateOCSP(serial string, ocspResponse []byte) error
 	AddCertificate([]byte, int64) (string, error)
 	AddSCTReceipt(SignedCertificateTimestamp) error
-	RevokeAuthorization(Authorization) error
+	RevokeAuthorization(string) error
 }

 // StorageAuthority interface represents a simple key/value
--- a/mocks/mocks.go
+++ b/mocks/mocks.go
@ -241,7 +241,7 @@ func (sa *StorageAuthority) GetAuthorizationsByDomain(ident core.AcmeIdentifier)
 }

 // RevokeAuthorization is a mock
-func (sa *StorageAuthority) RevokeAuthorization(auth core.Authorization) error {
+func (sa *StorageAuthority) RevokeAuthorization(id string) error {
 	return nil
 }

--- a/rpc/rpc-wrappers.go
+++ b/rpc/rpc-wrappers.go
@ -884,7 +884,7 @@ func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error {
 		ident := core.AcmeIdentifier{}
 		err = json.Unmarshal(req, &ident)
 		if err != nil {
-			return nil, err
+			return
 		}
 		authz, err := impl.GetAuthorizationsByDomain(ident)
 		if err != nil {
@ -1009,13 +1009,7 @@ func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error {
 	})

 	rpc.Handle(MethodRevokeAuthorization, func(req []byte) (response []byte, err error) {
-		var authz core.Authorization
-		if err = json.Unmarshal(req, &authz); err != nil {
-			// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
-			improperMessage(MethodFinalizeAuthorization, err, req)
-			return
-		}
-		err = impl.RevokeAuthorization(authz)
+		err = impl.RevokeAuthorization(string(req))
 		return
 	})

@ -1422,12 +1416,8 @@ func (cac StorageAuthorityClient) FinalizeAuthorization(authz core.Authorization
 }

 // RevokeAuthorization sends a request to revoke a pending or finalized authorization
-func (cac StorageAuthorityClient) RevokeAuthorization(authz core.Authorization) (err error) {
-	jsonAuthz, err := json.Marshal(authz)
-	if err != nil {
-		return
-	}
-	_, err = cac.rpc.DispatchSync(MethodRevokeAuthorization, jsonAuthz)
+func (cac StorageAuthorityClient) RevokeAuthorization(id string) (err error) {
+	_, err = cac.rpc.DispatchSync(MethodRevokeAuthorization, []byte(id))
 	return
 }

--- a/sa/storage-authority.go
+++ b/sa/storage-authority.go
@ -215,17 +215,25 @@ func (ssa *SQLStorageAuthority) GetAuthorization(id string) (authz core.Authoriz

 // GetAuthorizationsByDomain obtains all authorizations for a domain name
 func (ssa *SQLStorageAuthority) GetAuthorizationsByDomain(domain core.AcmeIdentifier) ([]core.Authorization, error) {
+	ident, err := json.Marshal(domain)
+	if err != nil {
+		return nil, err
+	}
 	tx, err := ssa.dbMap.Begin()
 	if err != nil {
 		return nil, err
 	}
 	auths := []core.Authorization{}
-	_, err = tx.Select(&auths, "SELECT * FROM authorizations WHERE identifier = :identifier", map[string]interface{}{"indentifier": domain})
+	authObjs := []authzModel{}
+	_, err = tx.Select(&authObjs, "SELECT * FROM authz WHERE identifier = :identifier", map[string]interface{}{"identifier": string(ident)})
 	if err != nil {
 		return nil, err
 	}
+	for _, a := range authObjs {
+		auths = append(auths, a.Authorization)
+	}
 	pendingAuths := []pendingauthzModel{}
-	_, err = tx.Select(&pendingAuths, "SELECT * FROM pending_authz WHERE identifier = :identifier", map[string]interface{}{"indentifier": domain})
+	_, err = tx.Select(&pendingAuths, "SELECT * FROM pendingAuthorizations WHERE identifier = :identifier", map[string]interface{}{"identifier": string(ident)})
 	if err != nil {
 		return nil, err
 	}
@ -696,37 +704,42 @@ func (ssa *SQLStorageAuthority) FinalizeAuthorization(authz core.Authorization)
 }

 // RevokeAuthorization invalidates a pending or finalized authorization
-func (ssa *SQLStorageAuthority) RevokeAuthorization(authz core.Authorization) (err error) {
+func (ssa *SQLStorageAuthority) RevokeAuthorization(id string) (err error) {
+	auth, err := ssa.GetAuthorization(id)
+	if err != nil {
+		return
+	}
 	tx, err := ssa.dbMap.Begin()
 	if err != nil {
-		return err
+		return
 	}
-	if statusIsPending(authz.Status) {
-		authObj, err := tx.Get(pendingauthzModel{}, authz.ID)
+
+	if statusIsPending(auth.Status) {
+		pendingObj, err := tx.Get(&pendingauthzModel{}, auth.ID)
 		if err != nil {
 			tx.Rollback()
 			return err
 		}
-		auth := authObj.(*pendingauthzModel)
-		auth.Status = core.StatusRevoked
-		_, err = tx.Update(auth)
+		pending := pendingObj.(*pendingauthzModel)
+		pending.Authorization.Status = core.StatusRevoked
+		_, err = tx.Update(pending)
 		if err != nil {
 			tx.Rollback()
 			return err
 		}
 	} else {
-		authz.Status = core.StatusRevoked
-		auth := &authzModel{authz}
-		_, err = tx.Update(auth)
+		auth.Status = core.StatusRevoked
+		_, err = tx.Update(&authzModel{auth})
 		if err != nil {
 			tx.Rollback()
-			return err
+			return
 		}
 	}
-	for i := range authz.Challenges {
-		authz.Challenges[i].Status = core.StatusRevoked
+
+	for i := range auth.Challenges {
+		auth.Challenges[i].Status = core.StatusRevoked
 	}
-	err = updateChallenges(authz.ID, authz.Challenges, tx)
+	err = updateChallenges(auth.ID, auth.Challenges, tx)
 	if err != nil {
 		tx.Rollback()
 		return err
--- a/sa/storage-authority_test.go
+++ b/sa/storage-authority_test.go
@ -653,9 +653,9 @@ func TestRevokeAuthorization(t *testing.T) {
 	err := sa.FinalizeAuthorization(PA2)
 	test.AssertNotError(t, err, "Failed to finalize authorization")

-	err = sa.RevokeAuthorization(PA1)
+	err = sa.RevokeAuthorization(PA1.ID)
 	test.AssertNotError(t, err, "Failed to revoke pending authorization")
-	err = sa.RevokeAuthorization(PA2)
+	err = sa.RevokeAuthorization(PA2.ID)
 	test.AssertNotError(t, err, "Failed to revoke finalized authorization")

 	PA, err := sa.GetAuthorization(PA1.ID)
@ -666,10 +666,26 @@ func TestRevokeAuthorization(t *testing.T) {
 	test.AssertEquals(t, PA.Status, core.StatusRevoked)
 	test.AssertEquals(t, FA.Status, core.StatusRevoked)

-	// for _, c := range PA.Challenges {
-	// 	test.AssertEquals(t, c.Status, core.StatusRevoked)
-	// }
+	for _, c := range PA.Challenges {
+		test.AssertEquals(t, c.Status, core.StatusRevoked)
+	}
 	for _, c := range FA.Challenges {
 		test.AssertEquals(t, c.Status, core.StatusRevoked)
 	}
 }
+
+func TestGetAuthorizationsByDomain(t *testing.T) {
+	sa, _, cleanUp := initSA(t)
+	defer cleanUp()
+
+	reg := satest.CreateWorkingRegistration(t, sa)
+	PA3 := CreateDomainAuthWithRegID(t, "b.com", sa, reg.ID)
+	_ = CreateDomainAuthWithRegID(t, "b.com", sa, reg.ID)
+	PA3.Status = core.StatusValid
+	err := sa.FinalizeAuthorization(PA3)
+	test.AssertNotError(t, err, "Failed to finalize authorization")
+
+	auths, err := sa.GetAuthorizationsByDomain(core.AcmeIdentifier{Value: "b.com", Type: core.IdentifierDNS})
+	test.AssertNotError(t, err, "Failed to get authorizations for b.com")
+	test.AssertEquals(t, len(auths), 2)
+}