Rework from PR #251:

2015-05-28 23:03:39 -07:00 · 2015-05-28 23:03:39 -07:00 · e14f59c559
parent 6a60b4e4b0
commit e14f59c559
5 changed files with 47 additions and 43 deletions
--- a/cmd/ocsp-updater/main.go
+++ b/cmd/ocsp-updater/main.go
@ -50,8 +50,14 @@ func processResponse(cac rpc.CertificateAuthorityClient, tx *gorp.Transaction, s
 		return err
 	}

-	cert := certObj.(*core.Certificate)
-	status := statusObj.(*core.CertificateStatus)
+	cert, ok := certObj.(*core.Certificate)
+	if !ok {
+		return fmt.Errorf("Cast failure")
+	}
+	status, ok := statusObj.(*core.CertificateStatus)
+	if !ok {
+		return fmt.Errorf("Cast failure")
+	}

 	_, err = x509.ParseCertificate(cert.DER)
 	if err != nil {
@ -93,8 +99,6 @@ func processResponse(cac rpc.CertificateAuthorityClient, tx *gorp.Transaction, s
 func findStaleResponses(cac rpc.CertificateAuthorityClient, dbMap *gorp.DbMap, oldestLastUpdatedTime time.Time, responseLimit int) error {
 	log := blog.GetAuditLogger()

-	// If there are fewer than this many days left before the currently-signed
-	// OCSP response expires, sign a new OCSP response.
 	var certificateStatus []core.CertificateStatus
 	_, err := dbMap.Select(&certificateStatus,
 		`SELECT cs.* FROM certificateStatus AS cs
@ -123,6 +127,7 @@ func findStaleResponses(cac rpc.CertificateAuthorityClient, dbMap *gorp.DbMap, o
 			if err := processResponse(cac, tx, status.Serial); err != nil {
 				log.Err(fmt.Sprintf("Could not process OCSP Response for %s: %s", status.Serial, err))
 				tx.Rollback()
+				return err
 			} else {
 				log.Info(fmt.Sprintf("OCSP %d: %s OK", i, status.Serial))
 				tx.Commit()
@ -165,10 +170,6 @@ func main() {
 		dbMap, err := sa.NewDbMap(c.OCSP.DBDriver, c.OCSP.DBName)
 		cmd.FailOnError(err, "Could not connect to database")

-		dbMap.AddTableWithName(core.OcspResponse{}, "ocspResponses").SetKeys(true, "ID")
-		dbMap.AddTableWithName(core.Certificate{}, "certificates").SetKeys(false, "Serial")
-		dbMap.AddTableWithName(core.CertificateStatus{}, "certificateStatus").SetKeys(false, "Serial").SetVersionCol("LockCol")
-
 		cac, closeChan := setupClients(c)

 		go func() {
--- a/rpc/amqp-rpc.go
+++ b/rpc/amqp-rpc.go
@ -201,7 +201,7 @@ type AmqpRPCCLient struct {
 func NewAmqpRPCCLient(clientQueuePrefix, serverQueue string, channel *amqp.Channel) (rpc *AmqpRPCCLient, err error) {
 	hostname, err := os.Hostname()
 	if err != nil {
-		return
+		return nil, err
 	}

 	clientQueue := fmt.Sprintf("%s.%s", clientQueuePrefix, hostname)
@ -218,7 +218,7 @@ func NewAmqpRPCCLient(clientQueuePrefix, serverQueue string, channel *amqp.Chann
 	// Subscribe to the response queue and dispatch
 	msgs, err := amqpSubscribe(rpc.channel, clientQueue, nil)
 	if err != nil {
-		return
+		return nil, err
 	}

 	go func() {
@ -238,7 +238,7 @@ func NewAmqpRPCCLient(clientQueuePrefix, serverQueue string, channel *amqp.Chann
 		}
 	}()

-	return
+	return rpc, err
 }

 func (rpc *AmqpRPCCLient) SetTimeout(ttl time.Duration) {
--- a/rpc/rpc-wrappers.go
+++ b/rpc/rpc-wrappers.go
@ -10,7 +10,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"time"

 	jose "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/square/go-jose"
 	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp"
@ -79,14 +78,6 @@ type certificateRequest struct {
 	RegID int64
 }

-// ocspSigningRequest is a transfer object representing an OCSP Signing Request
-type ocspSigningRequest struct {
-	CertDER   []byte
-	Status    string
-	Reason    int
-	RevokedAt time.Time
-}
-
 func improperMessage(method string, err error, obj interface{}) {
 	log := blog.GetAuditLogger()
 	log.Audit(fmt.Sprintf("Improper message. method: %s err: %s data: %+v", method, err, obj))
--- a/sa/database.go
+++ b/sa/database.go
@ -9,6 +9,8 @@ import (
 	"database/sql"
 	"fmt"
 	gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1"
+
+	"github.com/letsencrypt/boulder/core"
 	blog "github.com/letsencrypt/boulder/log"
 )

@ -20,6 +22,9 @@ var dialectMap map[string]interface{} = map[string]interface{}{

 // NewDbMap creates the root gorp mapping object. Create one of these for each
 // database schema you wish to map. Each DbMap contains a list of mapped tables.
+// It automatically maps the tables for the primary parts of Boulder around the
+// Storage Authority. This may require some further work when we use a disjoint
+// schema, like that for `certificate-authority-data.go`.
 func NewDbMap(driver string, name string) (*gorp.DbMap, error) {
 	logger := blog.GetAuditLogger()

@ -42,5 +47,29 @@ func NewDbMap(driver string, name string) (*gorp.DbMap, error) {
 	logger.Info(fmt.Sprintf("Connected to database %s %s", driver, name))

 	dbmap := &gorp.DbMap{Db: db, Dialect: dialect, TypeConverter: BoulderTypeConverter{}}
+
+	initTables(dbmap)
+
 	return dbmap, err
 }
+
+// initTables constructs the table map for the ORM. If you want to also create
+// the tables, call CreateTablesIfNotExists on the DbMap.
+func initTables(dbMap *gorp.DbMap) {
+	regTable := dbMap.AddTableWithName(core.Registration{}, "registrations").SetKeys(true, "ID")
+	regTable.SetVersionCol("LockCol")
+	regTable.ColMap("Key").SetMaxSize(1024).SetNotNull(true)
+
+	pendingAuthzTable := dbMap.AddTableWithName(pendingauthzModel{}, "pending_authz").SetKeys(false, "ID")
+	pendingAuthzTable.SetVersionCol("LockCol")
+	pendingAuthzTable.ColMap("Challenges").SetMaxSize(1536)
+
+	authzTable := dbMap.AddTableWithName(authzModel{}, "authz").SetKeys(false, "ID")
+	authzTable.ColMap("Challenges").SetMaxSize(1536)
+
+	dbMap.AddTableWithName(core.Certificate{}, "certificates").SetKeys(false, "Serial")
+	dbMap.AddTableWithName(core.CertificateStatus{}, "certificateStatus").SetKeys(false, "Serial").SetVersionCol("LockCol")
+	dbMap.AddTableWithName(core.OcspResponse{}, "ocspResponses").SetKeys(true, "ID")
+	dbMap.AddTableWithName(core.Crl{}, "crls").SetKeys(false, "Serial")
+	dbMap.AddTableWithName(core.DeniedCsr{}, "deniedCsrs").SetKeys(true, "ID")
+}
--- a/sa/storage-authority.go
+++ b/sa/storage-authority.go
@ -73,7 +73,6 @@ func NewSQLStorageAuthority(driver string, name string) (ssa *SQLStorageAuthorit
 		bucket: make(map[string]interface{}),
 	}

-	ssa.initTables()
 	return
 }

@ -87,27 +86,6 @@ func (ssa *SQLStorageAuthority) SetSQLDebug(state bool) {
 	}
 }

-// initTables constructs the table map for the ORM. If you want to also create
-// the tables, call CreateTablesIfNotExists.
-func (ssa *SQLStorageAuthority) initTables() {
-	regTable := ssa.dbMap.AddTableWithName(core.Registration{}, "registrations").SetKeys(true, "ID")
-	regTable.SetVersionCol("LockCol")
-	regTable.ColMap("Key").SetMaxSize(1024).SetNotNull(true)
-
-	pendingAuthzTable := ssa.dbMap.AddTableWithName(pendingauthzModel{}, "pending_authz").SetKeys(false, "ID")
-	pendingAuthzTable.SetVersionCol("LockCol")
-	pendingAuthzTable.ColMap("Challenges").SetMaxSize(1536)
-
-	authzTable := ssa.dbMap.AddTableWithName(authzModel{}, "authz").SetKeys(false, "ID")
-	authzTable.ColMap("Challenges").SetMaxSize(1536)
-
-	ssa.dbMap.AddTableWithName(core.Certificate{}, "certificates").SetKeys(false, "Serial")
-	ssa.dbMap.AddTableWithName(core.CertificateStatus{}, "certificateStatus").SetKeys(false, "Serial").SetVersionCol("LockCol")
-	ssa.dbMap.AddTableWithName(core.OcspResponse{}, "ocspResponses").SetKeys(true, "ID")
-	ssa.dbMap.AddTableWithName(core.Crl{}, "crls").SetKeys(false, "Serial")
-	ssa.dbMap.AddTableWithName(core.DeniedCsr{}, "deniedCsrs").SetKeys(true, "ID")
-}
-
 // CreateTablesIfNotExists instructs the ORM to create any missing tables.
 func (ssa *SQLStorageAuthority) CreateTablesIfNotExists() (err error) {
 	err = ssa.dbMap.CreateTablesIfNotExists()
@ -246,7 +224,12 @@ func (ssa *SQLStorageAuthority) GetRegistration(id int64) (reg core.Registration
 		err = fmt.Errorf("No registrations with ID %d", id)
 		return
 	}
-	reg = *regObj.(*core.Registration)
+	regPtr, ok := regObj.(*core.Registration)
+	if !ok {
+		err = fmt.Errorf("Invalid cast")
+	}
+
+	reg = *regPtr
 	return
 }