Merge branch 'master' into mysql-uri

2015-07-27 17:40:15 -07:00 · 2015-07-27 17:40:15 -07:00 · faed5cc241
parent 9b715a6e9e c7549c2bcc
commit faed5cc241
4 changed files with 34 additions and 4 deletions
--- a/ca/certificate-authority.go
+++ b/ca/certificate-authority.go
@ -474,7 +474,7 @@ func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest
 		return cert, nil
 	}

-	ca.SA.UpdateOCSP(serial, ocspResponse)
+	err = ca.SA.UpdateOCSP(serial, ocspResponse)
 	if err != nil {
 		ca.log.Warning(fmt.Sprintf("Post-Issuance OCSP failed storing: %s", err))
 		return cert, nil
--- a/ca/certificate-authority_test.go
+++ b/ca/certificate-authority_test.go
@ -436,8 +436,9 @@ func TestRevoke(t *testing.T) {
 	test.AssertNotError(t, err, "Failed to get cert status")

 	test.AssertEquals(t, status.Status, core.OCSPStatusRevoked)
-	test.Assert(t, time.Now().Sub(status.OCSPLastUpdated) > time.Second,
-		fmt.Sprintf("OCSP LastUpdated was wrong: %v", status.OCSPLastUpdated))
+	secondAgo := time.Now().Add(-time.Second)
+	test.Assert(t, status.OCSPLastUpdated.After(secondAgo),
+		fmt.Sprintf("OCSP LastUpdated was more than a second old: %v", status.OCSPLastUpdated))
 }

 func TestIssueCertificate(t *testing.T) {
--- a/sa/storage-authority.go
+++ b/sa/storage-authority.go
@ -284,7 +284,7 @@ func (ssa *SQLStorageAuthority) UpdateOCSP(serial string, ocspResponse []byte) (

 	// Reset the update clock
 	status.OCSPLastUpdated = timeStamp
-	_, err = tx.Update(status)
+	_, err = tx.Update(&status)
 	if err != nil {
 		tx.Rollback()
 		return err
--- a/sa/storage-authority_test.go
+++ b/sa/storage-authority_test.go
@ -211,3 +211,32 @@ func TestDeniedCSR(t *testing.T) {
 	test.AssertNotError(t, err, "AlreadyDeniedCSR failed")
 	test.Assert(t, !exists, "Found non-existent CSR")
 }
+
+func TestUpdateOCSP(t *testing.T) {
+	sa := initSA(t)
+
+	// Add a cert to the DB to test with.
+	certDER, err := ioutil.ReadFile("www.eff.org.der")
+	test.AssertNotError(t, err, "Couldn't read example cert DER")
+	_, err = sa.AddCertificate(certDER, 1)
+	test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
+
+	serial := "00000000000000000000000000021bd4"
+	const ocspResponse = "this is a fake OCSP response"
+	err = sa.UpdateOCSP(serial, []byte(ocspResponse))
+	test.AssertNotError(t, err, "UpdateOCSP failed")
+
+	certificateStatusObj, err := sa.dbMap.Get(core.CertificateStatus{}, serial)
+	certificateStatus := certificateStatusObj.(*core.CertificateStatus)
+	test.AssertNotError(t, err, "Failed to fetch certificate status")
+	test.Assert(t,
+		certificateStatus.OCSPLastUpdated.After(time.Now().Add(-time.Second)),
+		"OCSP last updated too old.")
+
+	var fetchedOcspResponse core.OCSPResponse
+	err = sa.dbMap.SelectOne(&fetchedOcspResponse,
+		`SELECT * from ocspResponses where serial = ? order by createdAt DESC limit 1;`,
+		serial)
+	test.AssertNotError(t, err, "Failed to fetch OCSP response")
+	test.AssertEquals(t, ocspResponse, string(fetchedOcspResponse.Response))
+}