diff --git a/cmd/ocsp-updater/main.go b/cmd/ocsp-updater/main.go index bb41f4ff9..30a967edb 100644 --- a/cmd/ocsp-updater/main.go +++ b/cmd/ocsp-updater/main.go @@ -50,8 +50,14 @@ func processResponse(cac rpc.CertificateAuthorityClient, tx *gorp.Transaction, s return err } - cert := certObj.(*core.Certificate) - status := statusObj.(*core.CertificateStatus) + cert, ok := certObj.(*core.Certificate) + if !ok { + return fmt.Errorf("Cast failure") + } + status, ok := statusObj.(*core.CertificateStatus) + if !ok { + return fmt.Errorf("Cast failure") + } _, err = x509.ParseCertificate(cert.DER) if err != nil { @@ -93,8 +99,6 @@ func processResponse(cac rpc.CertificateAuthorityClient, tx *gorp.Transaction, s func findStaleResponses(cac rpc.CertificateAuthorityClient, dbMap *gorp.DbMap, oldestLastUpdatedTime time.Time, responseLimit int) error { log := blog.GetAuditLogger() - // If there are fewer than this many days left before the currently-signed - // OCSP response expires, sign a new OCSP response. var certificateStatus []core.CertificateStatus _, err := dbMap.Select(&certificateStatus, `SELECT cs.* FROM certificateStatus AS cs @@ -123,6 +127,7 @@ func findStaleResponses(cac rpc.CertificateAuthorityClient, dbMap *gorp.DbMap, o if err := processResponse(cac, tx, status.Serial); err != nil { log.Err(fmt.Sprintf("Could not process OCSP Response for %s: %s", status.Serial, err)) tx.Rollback() + return err } else { log.Info(fmt.Sprintf("OCSP %d: %s OK", i, status.Serial)) tx.Commit() @@ -165,10 +170,6 @@ func main() { dbMap, err := sa.NewDbMap(c.OCSP.DBDriver, c.OCSP.DBName) cmd.FailOnError(err, "Could not connect to database") - dbMap.AddTableWithName(core.OcspResponse{}, "ocspResponses").SetKeys(true, "ID") - dbMap.AddTableWithName(core.Certificate{}, "certificates").SetKeys(false, "Serial") - dbMap.AddTableWithName(core.CertificateStatus{}, "certificateStatus").SetKeys(false, "Serial").SetVersionCol("LockCol") - cac, closeChan := setupClients(c) go func() { diff --git a/rpc/amqp-rpc.go b/rpc/amqp-rpc.go index bbba671b2..828d3a2d9 100644 --- a/rpc/amqp-rpc.go +++ b/rpc/amqp-rpc.go @@ -201,7 +201,7 @@ type AmqpRPCCLient struct { func NewAmqpRPCCLient(clientQueuePrefix, serverQueue string, channel *amqp.Channel) (rpc *AmqpRPCCLient, err error) { hostname, err := os.Hostname() if err != nil { - return + return nil, err } clientQueue := fmt.Sprintf("%s.%s", clientQueuePrefix, hostname) @@ -218,7 +218,7 @@ func NewAmqpRPCCLient(clientQueuePrefix, serverQueue string, channel *amqp.Chann // Subscribe to the response queue and dispatch msgs, err := amqpSubscribe(rpc.channel, clientQueue, nil) if err != nil { - return + return nil, err } go func() { @@ -238,7 +238,7 @@ func NewAmqpRPCCLient(clientQueuePrefix, serverQueue string, channel *amqp.Chann } }() - return + return rpc, err } func (rpc *AmqpRPCCLient) SetTimeout(ttl time.Duration) { diff --git a/rpc/rpc-wrappers.go b/rpc/rpc-wrappers.go index 94ec6ff9c..ae37f3a17 100644 --- a/rpc/rpc-wrappers.go +++ b/rpc/rpc-wrappers.go @@ -10,7 +10,6 @@ import ( "encoding/json" "errors" "fmt" - "time" jose "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/square/go-jose" "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp" @@ -79,14 +78,6 @@ type certificateRequest struct { RegID int64 } -// ocspSigningRequest is a transfer object representing an OCSP Signing Request -type ocspSigningRequest struct { - CertDER []byte - Status string - Reason int - RevokedAt time.Time -} - func improperMessage(method string, err error, obj interface{}) { log := blog.GetAuditLogger() log.Audit(fmt.Sprintf("Improper message. method: %s err: %s data: %+v", method, err, obj)) diff --git a/sa/database.go b/sa/database.go index 11964ddf8..87ed1466e 100644 --- a/sa/database.go +++ b/sa/database.go @@ -9,6 +9,8 @@ import ( "database/sql" "fmt" gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1" + + "github.com/letsencrypt/boulder/core" blog "github.com/letsencrypt/boulder/log" ) @@ -20,6 +22,9 @@ var dialectMap map[string]interface{} = map[string]interface{}{ // NewDbMap creates the root gorp mapping object. Create one of these for each // database schema you wish to map. Each DbMap contains a list of mapped tables. +// It automatically maps the tables for the primary parts of Boulder around the +// Storage Authority. This may require some further work when we use a disjoint +// schema, like that for `certificate-authority-data.go`. func NewDbMap(driver string, name string) (*gorp.DbMap, error) { logger := blog.GetAuditLogger() @@ -42,5 +47,29 @@ func NewDbMap(driver string, name string) (*gorp.DbMap, error) { logger.Info(fmt.Sprintf("Connected to database %s %s", driver, name)) dbmap := &gorp.DbMap{Db: db, Dialect: dialect, TypeConverter: BoulderTypeConverter{}} + + initTables(dbmap) + return dbmap, err } + +// initTables constructs the table map for the ORM. If you want to also create +// the tables, call CreateTablesIfNotExists on the DbMap. +func initTables(dbMap *gorp.DbMap) { + regTable := dbMap.AddTableWithName(core.Registration{}, "registrations").SetKeys(true, "ID") + regTable.SetVersionCol("LockCol") + regTable.ColMap("Key").SetMaxSize(1024).SetNotNull(true) + + pendingAuthzTable := dbMap.AddTableWithName(pendingauthzModel{}, "pending_authz").SetKeys(false, "ID") + pendingAuthzTable.SetVersionCol("LockCol") + pendingAuthzTable.ColMap("Challenges").SetMaxSize(1536) + + authzTable := dbMap.AddTableWithName(authzModel{}, "authz").SetKeys(false, "ID") + authzTable.ColMap("Challenges").SetMaxSize(1536) + + dbMap.AddTableWithName(core.Certificate{}, "certificates").SetKeys(false, "Serial") + dbMap.AddTableWithName(core.CertificateStatus{}, "certificateStatus").SetKeys(false, "Serial").SetVersionCol("LockCol") + dbMap.AddTableWithName(core.OcspResponse{}, "ocspResponses").SetKeys(true, "ID") + dbMap.AddTableWithName(core.Crl{}, "crls").SetKeys(false, "Serial") + dbMap.AddTableWithName(core.DeniedCsr{}, "deniedCsrs").SetKeys(true, "ID") +} diff --git a/sa/storage-authority.go b/sa/storage-authority.go index f7d901e9d..0db24f959 100644 --- a/sa/storage-authority.go +++ b/sa/storage-authority.go @@ -73,7 +73,6 @@ func NewSQLStorageAuthority(driver string, name string) (ssa *SQLStorageAuthorit bucket: make(map[string]interface{}), } - ssa.initTables() return } @@ -87,27 +86,6 @@ func (ssa *SQLStorageAuthority) SetSQLDebug(state bool) { } } -// initTables constructs the table map for the ORM. If you want to also create -// the tables, call CreateTablesIfNotExists. -func (ssa *SQLStorageAuthority) initTables() { - regTable := ssa.dbMap.AddTableWithName(core.Registration{}, "registrations").SetKeys(true, "ID") - regTable.SetVersionCol("LockCol") - regTable.ColMap("Key").SetMaxSize(1024).SetNotNull(true) - - pendingAuthzTable := ssa.dbMap.AddTableWithName(pendingauthzModel{}, "pending_authz").SetKeys(false, "ID") - pendingAuthzTable.SetVersionCol("LockCol") - pendingAuthzTable.ColMap("Challenges").SetMaxSize(1536) - - authzTable := ssa.dbMap.AddTableWithName(authzModel{}, "authz").SetKeys(false, "ID") - authzTable.ColMap("Challenges").SetMaxSize(1536) - - ssa.dbMap.AddTableWithName(core.Certificate{}, "certificates").SetKeys(false, "Serial") - ssa.dbMap.AddTableWithName(core.CertificateStatus{}, "certificateStatus").SetKeys(false, "Serial").SetVersionCol("LockCol") - ssa.dbMap.AddTableWithName(core.OcspResponse{}, "ocspResponses").SetKeys(true, "ID") - ssa.dbMap.AddTableWithName(core.Crl{}, "crls").SetKeys(false, "Serial") - ssa.dbMap.AddTableWithName(core.DeniedCsr{}, "deniedCsrs").SetKeys(true, "ID") -} - // CreateTablesIfNotExists instructs the ORM to create any missing tables. func (ssa *SQLStorageAuthority) CreateTablesIfNotExists() (err error) { err = ssa.dbMap.CreateTablesIfNotExists() @@ -246,7 +224,12 @@ func (ssa *SQLStorageAuthority) GetRegistration(id int64) (reg core.Registration err = fmt.Errorf("No registrations with ID %d", id) return } - reg = *regObj.(*core.Registration) + regPtr, ok := regObj.(*core.Registration) + if !ok { + err = fmt.Errorf("Invalid cast") + } + + reg = *regPtr return }