Change config to flags from strings
This commit is contained in:
Richard Barnes
parent
bdbb0aba4b
commit
fe047a1da8
|
|
@ -36,7 +36,7 @@ func main() {
|
|||
|
||||
paDbMap, err := sa.NewDbMap(c.PA.DBConnect)
|
||||
cmd.FailOnError(err, "Couldn't connect to policy database")
|
||||
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.ChallengeTypes)
|
||||
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.SupportedChallenges())
|
||||
cmd.FailOnError(err, "Couldn't create PA")
|
||||
|
||||
cai, err := ca.NewCertificateAuthorityImpl(c.CA, clock.Default(), stats, c.Common.IssuerCert)
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ func main() {
|
|||
|
||||
paDbMap, err := sa.NewDbMap(c.PA.DBConnect)
|
||||
cmd.FailOnError(err, "Couldn't connect to policy database")
|
||||
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.ChallengeTypes)
|
||||
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.SupportedChallenges())
|
||||
cmd.FailOnError(err, "Couldn't create PA")
|
||||
|
||||
rateLimitPolicies, err := cmd.LoadRateLimitPolicies(c.RA.RateLimitPoliciesFilename)
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ type certChecker struct {
|
|||
issuedReport report
|
||||
}
|
||||
|
||||
func newChecker(saDbMap *gorp.DbMap, paDbMap *gorp.DbMap, clk clock.Clock, enforceWhitelist bool, challengeTypes []string) certChecker {
|
||||
func newChecker(saDbMap *gorp.DbMap, paDbMap *gorp.DbMap, clk clock.Clock, enforceWhitelist bool, challengeTypes map[string]bool) certChecker {
|
||||
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, enforceWhitelist, challengeTypes)
|
||||
cmd.FailOnError(err, "Failed to create PA")
|
||||
c := certChecker{
|
||||
|
|
@ -250,7 +250,7 @@ func main() {
|
|||
paDbMap, err := sa.NewDbMap(c.PA.DBConnect)
|
||||
cmd.FailOnError(err, "Could not connect to policy database")
|
||||
|
||||
checker := newChecker(saDbMap, paDbMap, clock.Default(), c.PA.EnforcePolicyWhitelist, c.PA.ChallengeTypes)
|
||||
checker := newChecker(saDbMap, paDbMap, clock.Default(), c.PA.EnforcePolicyWhitelist, c.PA.SupportedChallenges())
|
||||
auditlogger.Info("# Getting certificates issued in the last 90 days")
|
||||
|
||||
// Since we grab certificates in batches we don't want this to block, when it
|
||||
|
|
|
|||
31
cmd/shell.go
31
cmd/shell.go
|
|
@ -260,7 +260,36 @@ type CAConfig struct {
|
|||
type PAConfig struct {
|
||||
DBConnect string
|
||||
EnforcePolicyWhitelist bool
|
||||
ChallengeTypes []string
|
||||
|
||||
EnableSimpleHTTP bool // TODO(#894) Remove this line
|
||||
EnableDVSNI bool // TODO(#894) Remove this line
|
||||
EnableHTTP01 bool
|
||||
EnableTLSSNI01 bool
|
||||
EnableDNS01 bool
|
||||
}
|
||||
|
||||
// SupportedChallenges returns the set of challenges supported by the
|
||||
// configuration, as a map[string]bool.
|
||||
func (pa PAConfig) SupportedChallenges() map[string]bool {
|
||||
challenges := map[string]bool{}
|
||||
|
||||
if pa.EnableSimpleHTTP {
|
||||
challenges[core.ChallengeTypeSimpleHTTP] = true
|
||||
}
|
||||
if pa.EnableDVSNI {
|
||||
challenges[core.ChallengeTypeDVSNI] = true
|
||||
}
|
||||
if pa.EnableHTTP01 {
|
||||
challenges[core.ChallengeTypeHTTP01] = true
|
||||
}
|
||||
if pa.EnableTLSSNI01 {
|
||||
challenges[core.ChallengeTypeTLSSNI01] = true
|
||||
}
|
||||
if pa.EnableDNS01 {
|
||||
challenges[core.ChallengeTypeDNS01] = true
|
||||
}
|
||||
|
||||
return challenges
|
||||
}
|
||||
|
||||
// KeyConfig should contain either a File path to a PEM-format private key,
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ type PolicyAuthorityImpl struct {
|
|||
}
|
||||
|
||||
// NewPolicyAuthorityImpl constructs a Policy Authority.
|
||||
func NewPolicyAuthorityImpl(dbMap *gorp.DbMap, enforceWhitelist bool, challengeTypes []string) (*PolicyAuthorityImpl, error) {
|
||||
func NewPolicyAuthorityImpl(dbMap *gorp.DbMap, enforceWhitelist bool, challengeTypes map[string]bool) (*PolicyAuthorityImpl, error) {
|
||||
logger := blog.GetAuditLogger()
|
||||
logger.Notice("Policy Authority Starting")
|
||||
|
||||
|
|
@ -38,15 +38,10 @@ func NewPolicyAuthorityImpl(dbMap *gorp.DbMap, enforceWhitelist bool, challengeT
|
|||
return nil, err
|
||||
}
|
||||
pa := PolicyAuthorityImpl{
|
||||
log: logger,
|
||||
DB: padb,
|
||||
EnforceWhitelist: enforceWhitelist,
|
||||
}
|
||||
|
||||
// Take note of which challenges to offer
|
||||
pa.supportedChallenges = map[string]bool{}
|
||||
for _, challengeType := range challengeTypes {
|
||||
pa.supportedChallenges[challengeType] = true
|
||||
log: logger,
|
||||
DB: padb,
|
||||
EnforceWhitelist: enforceWhitelist,
|
||||
supportedChallenges: challengeTypes,
|
||||
}
|
||||
|
||||
return &pa, nil
|
||||
|
|
|
|||
|
|
@ -21,7 +21,13 @@ import (
|
|||
|
||||
var log = mocks.UseMockLog()
|
||||
|
||||
var supportedChallenges = []string{core.ChallengeTypeHTTP01, core.ChallengeTypeTLSSNI01}
|
||||
var supportedChallenges = map[string]bool{
|
||||
core.ChallengeTypeSimpleHTTP: true,
|
||||
core.ChallengeTypeDVSNI: true,
|
||||
core.ChallengeTypeHTTP01: true,
|
||||
core.ChallengeTypeTLSSNI01: true,
|
||||
core.ChallengeTypeDNS01: true,
|
||||
}
|
||||
|
||||
func paImpl(t *testing.T) (*PolicyAuthorityImpl, func()) {
|
||||
dbMap, cleanUp := paDBMap(t)
|
||||
|
|
@ -212,7 +218,7 @@ func TestChallengesFor(t *testing.T) {
|
|||
test.Assert(t, len(challenges) == len(supportedChallenges), "Wrong number of challenges returned")
|
||||
test.Assert(t, len(combinations) == len(supportedChallenges), "Wrong number of combinations returned")
|
||||
for i, challenge := range challenges {
|
||||
test.AssertEquals(t, challenge.Type, supportedChallenges[i])
|
||||
test.Assert(t, supportedChallenges[challenge.Type], "Unsupported challenge returned")
|
||||
test.AssertEquals(t, len(combinations[i]), 1)
|
||||
test.AssertEquals(t, combinations[i][0], i)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,7 +51,10 @@ func (dva *DummyValidationAuthority) CheckCAARecords(identifier core.AcmeIdentif
|
|||
}
|
||||
|
||||
var (
|
||||
SupportedChallenges = []string{core.ChallengeTypeHTTP01, core.ChallengeTypeTLSSNI01}
|
||||
SupportedChallenges = map[string]bool{
|
||||
core.ChallengeTypeHTTP01: true,
|
||||
core.ChallengeTypeTLSSNI01: true,
|
||||
}
|
||||
|
||||
// These values we simulate from the client
|
||||
AccountKeyJSONA = []byte(`{
|
||||
|
|
@ -393,8 +396,8 @@ func TestNewAuthorization(t *testing.T) {
|
|||
|
||||
// TODO Verify that challenges are correct
|
||||
test.Assert(t, len(authz.Challenges) == len(SupportedChallenges), "Incorrect number of challenges returned")
|
||||
test.AssertEquals(t, authz.Challenges[0].Type, SupportedChallenges[0])
|
||||
test.AssertEquals(t, authz.Challenges[1].Type, SupportedChallenges[1])
|
||||
test.Assert(t, SupportedChallenges[authz.Challenges[0].Type], fmt.Sprintf("Unsupported challenge: %s", authz.Challenges[0].Type))
|
||||
test.Assert(t, SupportedChallenges[authz.Challenges[1].Type], fmt.Sprintf("Unsupported challenge: %s", authz.Challenges[1].Type))
|
||||
test.Assert(t, authz.Challenges[0].IsSane(false), "Challenge 0 is not sane")
|
||||
test.Assert(t, authz.Challenges[1].IsSane(false), "Challenge 1 is not sane")
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue