Commit Graph

138 Commits

Author SHA1 Message Date
Roland Shoemaker b19b1d953a Simplify query construction and make getCerts much more efficient 2016-03-30 15:01:55 -07:00
Roland Shoemaker adbd81c7db Rename query variable 2016-03-25 11:45:40 -07:00
Roland Shoemaker 29c40d8368 Rename cli arguments + flag for only printing bad results 2016-03-23 13:55:37 -07:00
Roland Shoemaker 7ec03bd969 CN length check + various ease-of-use tweaks 2016-03-21 17:57:53 -07:00
Jessica Frazelle 7955e268c7
go lint fixes
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-02-17 11:36:06 -08:00
Jeff Hodges c9010744b4 delete old challenge code
Specifically, delete the simpleHttp and dvsni.

Hooray!

Fixes #894
2015-12-10 15:41:40 -08:00
Jacob Hoffman-Andrews b71a850501 Fix DBConfig references. 2015-11-24 16:41:53 -08:00
Jacob Hoffman-Andrews 608a0c9073 Move file reading to DBConfig and out of SA.
Also remove AMQP secret changes: one thing at a time.
2015-11-23 22:09:54 -08:00
Jacob Hoffman-Andrews 5dd212dd47 Add ConfigSecret.
This allows secret values to be stored externally to the config file, so that
config files can be easily shared without revealing secret data.
2015-11-19 22:41:27 -08:00
Jacob Hoffman-Andrews 2fc0f3143e Improve logging.
Consolidate initialization of stats and logging from each main.go into cmd
package.

Define a new config parameter, `StdoutLevel`, that determines the maximum log
level that will be printed to stdout. It can be set to 6 to inhibit debug
messages, or 0 to print only emergency messages, or -1 to print no messages at
all.

Remove the existing config parameter `Tag`. Instead, choose the tag from the
basename of the currently running process. Previously all Boulder log messages
had the tag "boulder", but now they will be differentiated by process, like
"boulder-wfe".

Shorten the date format used in stdout logging, and add the current binary's
basename.

Consolidate setup function in audit-logger_test.go.

Note: Most CLI binaries now get their stats and logging from the parameters of
Action. However, a few of our binaries don't use our custom AppShell, and
instead use codegangsta/cli directly. For those binaries, we export the new
StatsAndLogging method from cmd.

Fixes https://github.com/letsencrypt/boulder/issues/852
2015-11-11 16:52:42 -08:00
Richard Barnes 174011f6d8 Move validation and defaults out of UnmarshalJSON 2015-11-09 15:30:13 -05:00
Richard Barnes f61183e144 Use a map and set defaults 2015-11-07 12:39:57 -05:00
Richard Barnes fe047a1da8 Change config to flags from strings 2015-11-03 23:17:26 +09:00
Richard Barnes d8c67285cf Enable configuration of supported challenges 2015-10-31 16:55:59 +09:00
Jeff Hodges 5217af94b0 allow whitelisting by a specific reg id
Currently, the whitelisted registration ID is one that is impossible for the
database to return. Once the partner's registration is in place, we can
deploy a change to it.

Fixes #810
2015-10-05 14:11:38 -07:00
Jacob Hoffman-Andrews e97880aaa7 Audit log version info as early as possible.
This means after parsing the config file, setting up stats, and dialing the
syslogger. But it is still before trying to initialize the given server. This
means that we are more likely to get version numbers logged for some common
runtime failures.
2015-09-29 17:16:03 -07:00
Jacob Hoffman-Andrews 79e0dfd485 Fix cert-checker for different-length serials. 2015-09-22 16:17:29 -07:00
Jacob Hoffman-Andrews 875a71e53e Fix WFE test properly.
The WFE test relies on a pre-generated cert. Since there are some sanity checks
on the dates in certs, we were getting errors during the test.

One quick fix is to have those sanity checks rely on RA's clock object, which
can be replaced with a fake for testing. In order to do that, I had to move the
sanity check (MatchesCSR) into the registration authority package, where it
makes more sense anyhow.

I also removed a handful of equality testing functions in objects.go that were
only used by MatchesCSR and whose purpose is better served by reflect.DeepEqual.
This was to avoid having to also move those equality testing functions into the
registration authority.
2015-09-11 13:17:18 -04:00
Roland Shoemaker 5c1ea7a93c Merge master 2015-09-06 15:02:41 -07:00
Roland Shoemaker 1fbcc6c93c Review fixes 2015-09-06 15:00:25 -07:00
Jeff Hodges 40d1c446d9 correct ca and sa revocation code and tests
The ca's TestRevoke was failing occasionally.

The test was saying "has the certificate's OCSPLastUpdated been set to a
time within the last second?" as a way to see if the revocation updated
the OCSPLastUpdated. OCSPLastUpdated was not being set on revocation,
but the test still passed most of the time.

The test still passed most of the time because the creation of the
certificate (which also sets the OCSPLastUpdated) has usually happened
within the last second. So, even without revocation, the OCSPLastUpdated
was set to something in the last second because the test is fast.

Threading a clock.FakeClock through the CA induced the test to fail
consistently. Debugging and threading a FakeClock through the SA caused
changes in times reported but did not fix the test because the
OCSPLastUpdated was simply not being updated. There were not tests for
the sa.MarkCertificateRevoked API that was being called by
ca.RevokeCertificate.

Now the SA has tests for its MarkCertificateRevoked method. It uses a
fake clock to ensure not just that OCSPLastUpdated is set correctly, but
that RevokedDate is, as well. The test also checks for the
CertificateStatus's status and RevocationCode changes.

The SA and CA now use Clocks throughout instead of time.Now() allowing
for more reliable and expansive testing in the future.

The CA had to gain a public Clock field in order for the RA to use the
CertificateAuthorityImpl struct without using its constructor
function. Otherwise, the field would be nil and cause panics in the RA
tests.

The RA tests are similarly also panicking when the CAImpl attempts to
log something with its private, nil-in-those-tests log field but we're
getting "lucky" because the RA tests only cause the CAImpl to log when
they are broken.

There is a TODO there to make the CAImpl's constructor function take
just what it needs to operate instead of taking large config objects and
doing file IO and such. The Clk field should be made private and the log
field filled in for the RA tests.

Fixes #734.
2015-09-04 11:52:37 -07:00
Roland Shoemaker 85978dd461 Review fixes and other cleanup 2015-09-03 19:12:51 -07:00
Roland Shoemaker 7b2711f56c Remove obsolete comment 2015-09-02 17:48:02 -07:00
Roland Shoemaker 426d08296f Reverse naming order to make more sense 2015-09-02 17:46:39 -07:00
Roland Shoemaker 961231ba48 Protect report entries map with mutex to prevent concurrent writes causing a bad map state 2015-09-02 17:45:19 -07:00
Roland Shoemaker d5599c47c3 Fix expiry period check 2015-09-02 17:38:37 -07:00
Roland Shoemaker 98c5bae31d cert-checker fixes 2015-08-31 15:55:10 -07:00
Roland Shoemaker 36ee6f6447 Better filename construction 2015-08-28 14:05:12 -07:00
Roland Shoemaker 98ac983df2 Vendor jmhodges/clock 2015-08-28 13:02:35 -07:00
Roland Shoemaker 9bd4db2af6 Switch to jmhodges/clock and other review fixes 2015-08-28 13:01:02 -07:00
Roland Shoemaker 0c4824bf47 Tests 2015-08-27 23:26:24 -07:00
Roland Shoemaker 38a692dbca Batch queries, still need to add non-benchmark tests 2015-08-27 20:28:14 -07:00
Roland Shoemaker 11ecda5356 Standardized checkPeriod 2015-08-26 14:27:09 -07:00
Roland Shoemaker 21cd857f63 Review fixes pt. 2 2015-08-24 12:23:20 -07:00
Roland Shoemaker 08068642cf Review fixes 2015-08-24 12:19:46 -07:00
Roland Shoemaker 5e53196bfd Actually save the report file (might want to not save entries for valid certs though...) 2015-08-20 17:33:04 -07:00
Roland Shoemaker c40cfd4164 Process all certs from the last 90 days, still need to cleanup and write out the report 2015-08-20 13:59:40 -07:00
Roland Shoemaker 213d857026 Initial cert checker work 2015-08-19 19:34:02 -07:00