d7968f2163
Merge remote-tracking branch 'upstream/master' into errors
2015-06-18 14:49:33 -07:00
609b534e98
Merge pull request #366 from letsencrypt/match-ip-email
...
Check IPAddresses and EmailAddresses in Certificate.MatchesCSR
2015-06-18 14:36:16 -07:00
38b8701ae9
Merge remote-tracking branch 'upstream/master' into errors
2015-06-18 14:10:43 -07:00
93ff18b365
Finished addinig validation errors
2015-06-18 14:10:24 -07:00
f19cad3a04
Additional cleanup of error handling
2015-06-18 10:08:59 -07:00
f89b32b420
Check IPAddresses and EmailAddresses in Certificate.MatchesCSR
2015-06-17 18:53:02 -07:00
403af37a39
Hide Authorization.Expires field when uninitialized
2015-06-17 18:34:30 -07:00
6fac234036
Updated error messages and internal error handling
2015-06-17 10:56:46 -07:00
41f5788c77
Correct most `go lint` warnings. (274 -> 5)
2015-06-16 22:18:28 -05:00
b24f6b23fe
Moved to `miekg/dns` for the VA.
...
- Created some helper methods to run DNSSEC and reduce code reuse
- Support multiple DNS servers, but not in the Config file (yet)
- Fix typo; r=@rolandshoemaker
2015-06-16 19:37:15 -05:00
b094c81371
Merge remote-tracking branch 'upstream/master' into errors
2015-06-16 10:59:16 -07:00
cc97492a54
Issue #11 : Basic DNS Challenge support
2015-06-16 09:03:03 -05:00
3ca3d9b283
Finished adding basic errors
2015-06-15 19:30:11 -07:00
01c41c1bd0
Merge pull request #354 from letsencrypt/344-internal_server_errors
...
Resolves Issue #344 : Only send InternalServerError when needed
2015-06-15 15:57:04 -07:00
80d5e50e42
Enable revocation by account key.
...
In addition to cert private key. This required modifying the GetCertificate*
functions to return core.Certificate instead of certificate bytes.
2015-06-15 12:33:50 -07:00
1474b7f21f
Resolves Issue #344 : Only send InternalServerError when needed
...
Basically, just send InternalServerError when it indicates an internal state
was broken.
2015-06-13 00:21:44 -05:00
f4ee29d1d3
Change all references from SimpleHTTPS -> SimpleHTTP
2015-06-12 11:22:04 -07:00
ef3adda09b
Switch TLS to pointer
2015-06-11 22:08:38 -07:00
c301125e93
Add TLS field to core.Challenge per spec
2015-06-11 17:12:50 -07:00
2ad15a4a85
Issue #309 : Produce OCSP Responses immediately upon issuance, if at all possible.
...
This approach performs a best-effort generation of the first OCSP response during
certificate issuance. In the event that OCSP generation fails, it logs a warning at
the Boulder-CA console, but returns successfully since the Certificate was itself
issued.
2015-06-11 11:31:04 -05:00
b38ebe18fc
Merge remote-tracking branch 'upstream/master' into better-caa
2015-06-10 15:57:05 -07:00
676ebf721f
Merge pull request #325 from letsencrypt/anti-replay
...
Add an anti-replay nonce facility
2015-06-10 16:55:20 -04:00
0265b6f5d0
Merge upstream/master and fix conflicts
2015-06-10 12:43:11 -07:00
801810d2bd
Removing extraneous printfs
2015-06-10 15:28:25 -04:00
22bff4e537
Transition from random nonces to encrypted counters (for real)
2015-06-09 17:43:04 -04:00
76f7b1c1e4
Improve build identification
...
New example:
2015/06/09 09:20:13 Versions: boulder=(generate_ocsp +0c101f2 Tue Jun 9 16:20:06 UTC 2015) Golang=(devel +46b4f67 Thu Apr 16 20:01:13 2015 +0000) BuildHost=(user@vm.local )
2015-06-09 09:22:29 -07:00
603e625758
Remove debug statement
2015-06-08 18:09:02 -07:00
bc2c28a5ce
Check Challenge.Path isn't malformed in Challenge.IsSane
2015-06-08 18:02:01 -07:00
370b6f9bf9
Return error from core.GoodKey
2015-06-06 17:12:16 -07:00
75a40e3597
Fix typo
2015-06-06 06:15:19 -07:00
bb5c042cef
Fix tests and various other cleanup
2015-06-06 02:06:35 +01:00
d6591ada58
Speed up test
2015-06-05 19:03:45 +01:00
0bfc50b7e5
Add check for max key size
2015-06-05 19:02:10 +01:00
6a4aa8de3c
Merge pull request #304 from letsencrypt/296-ca_tx_move
...
Issue #296 : Fix erroneous transaction handling in CA
2015-06-03 22:10:43 -07:00
a3521bcb61
Merge pull request #277 from rolandshoemaker/check-cert
...
Check generated certificate matches CSR
2015-06-03 22:10:35 -07:00
27f5aebbcd
Updates per review
2015-06-03 21:57:01 -07:00
abdc174be8
Issue #296 : Fix erroneous transaction handling in CA
...
- Moved the transaction handling up to the `certificate-authority.go` file
- Simplified `certificate-authority-data.go`
- Created a mocks file in `test/` and reworked RA and CA to use it
- More audit logging to CA
2015-06-03 19:23:24 -07:00
78e621c95f
further review fixes
2015-06-03 00:27:08 +01:00
04479eca5c
Merge pull request #291 from letsencrypt/fix-revocation
...
Revert change to revocation from #275
2015-06-02 17:52:35 -04:00
7a60d431d6
Revert "Supporess the 'expires' field in public Authorizations"
...
This reverts commit d47b7c12ac
2015-06-02 12:02:05 -07:00
026cb424fc
Revert "Replace RevokeCertficate with something more in line with the spec"
...
This reverts commit b1bad40fe6
2015-06-02 10:45:54 -07:00
51890a9626
Move cert-csr check to boulder/core and review fixes
2015-06-02 17:56:28 +01:00
e5bf16711c
Add generated cert checks
2015-06-01 14:00:49 +01:00
bfd9e4ac20
Fixing JCJ nits
2015-06-01 02:11:10 -04:00
b1bad40fe6
Replace RevokeCertficate with something more in line with the spec
2015-06-01 02:11:10 -04:00
d47b7c12ac
Supporess the 'expires' field in public Authorizations
2015-06-01 02:08:47 -04:00
e8edbf5f21
Making capitalization consistent with Go standards
2015-06-01 02:08:47 -04:00
acc6963a90
Some simplifications to good_key.go
2015-06-01 02:05:17 -04:00
9917ca17f6
Clean up TODOs
2015-06-01 02:05:17 -04:00
c0bacc3fb6
Add more detailed error code reporting
2015-05-31 15:58:08 -04:00
c3c52eda17
Merge branch 'master' into check-validity2
2015-05-31 13:32:44 -04:00
3e593d73c9
Merge pull request #262 from letsencrypt/ra-tests
...
Miscellaneous Fixes
2015-05-30 22:08:49 -07:00
9b747d08be
More tests
2015-05-30 15:29:58 -04:00
7a09c78788
Issue #254
2015-05-30 13:21:36 -04:00
441ce328c7
Merge pull request #255 from letsencrypt/202-ocsp-responder
...
Issue #202 : Initial OCSP Responder
2015-05-30 13:10:50 -04:00
a684177a09
Issue #236
2015-05-30 11:08:18 -04:00
9653974130
Remove spurious objects.go.orig.
2015-05-29 13:25:49 -07:00
92967f03b6
go fmt
2015-05-29 13:11:57 -07:00
6a6a8aa72d
Merge branch 'master' into goodkey
...
Conflicts:
ca/certificate-authority.go
ra/registration-authority.go
ra/registration-authority_test.go
2015-05-29 12:26:24 -07:00
8846fd2c90
Merge upstream/master
2015-05-29 09:36:46 +01:00
4518f0bf17
Migrate CADB to using GORP.
2015-05-28 23:11:03 -07:00
68fc8a8f4f
More rebase
2015-05-28 20:35:29 -07:00
0d7555b7af
Rebase on master
2015-05-28 20:34:47 -07:00
b59682cb91
Add validity interval checking
2015-05-28 20:30:46 -07:00
8766edaa93
Issue #239 - Add a build ID method to WFE, and print Info on startup for all
2015-05-28 11:13:09 -07:00
d1321f2d78
More RPC fixes for Issue #202
...
- NewPendingAuthorization now uses a core.Authorization object, so
that foreign key constraints are followed
- core.Authorization now serializes RegistrationID to JSON, so it has to get
blanked out in WFE before transmission to client.
- Remove ParsedCertificate from core.Certificate, as type x509.Certificate cannot
be marshaled.
- Added AssertDeepEquals and AssertMarhsaledEquals to test-tools.go
- Caught several overloaded and misleadingly named errors in WFE
2015-05-28 11:05:55 -07:00
81c7466e97
add rpc-wrapper and interface code
2015-05-28 09:58:16 +01:00
e4e52e7315
More work on Issue #202 for RPC functions
...
- Fix a bunch of typos in rpc-wrappers.go
- Unblank `id` in core.Registration JSON:
- It's not spec, but it's not hurting anything, and we reveal it to clients anyway.
- We need knowledge of the ID in RPC, so if we don't want to include this in the object, we need to make a transfer object to wrap it.
- Make the RPC logs much clearer as to who's talking to who
- Typo in WFE where we called a registration an authz
2015-05-27 23:37:12 -07:00
af0f8446eb
Issue #202 , Periodic OCSP Signer Tool
...
- Move dbMap construction and type converter into individual files in the sa package.
- Add DB configuration for the OCSP tool to the boulder config:
- left to the user if they want to use different boulder-config.json files
for different purposes.
- Added updater to Makefile
- Fix trailing ',' in the Boulder config, add more panic logging
- Ignore .pem files produced by the integration test
- Change RPC to use per-instance named reply-to queues.
- Finish OCSP Updater logic
- Rework RPC for OCSP to use a transfer object (due to serialization problems of x509.Certificate)
2015-05-27 22:01:29 -07:00
343920cfe3
Fix integration test while running with MySQL
...
- Add SQL configuration options
- Increase the width of the authz and pending_authz tables' challenges field
- Make it configurable whether CREATE TABLE commands should run
2015-05-27 13:39:18 -07:00
f15da06af7
Issue #238 - MySql column width too narrow
...
- Added SQL debug logging (SA option: "SQLDebug")
- Added timestamps to the log prints to stdout
- Ignore *.pem in test/js
- Modified start.sh to support environment overrides for BOULDER_CONFIG, like the AMQP mode
- Changed boulder-test-config to open the server on the loopback device, so as to not cause firewall prompts on each integration test run for those of us being restrictive
- Renamed "key" column to "jwk" in DB, to avoid keyword conflict
- Set MaxLength on "jwk" column to 512
2015-05-27 12:12:41 -07:00
6c6199023d
Merge pull request #231 from letsencrypt/230-unknown-key-type
...
Resolved Issue #230
2015-05-26 15:05:34 -07:00
bc3acca096
Resolved Issue #230
...
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
2015-05-26 14:44:15 -07:00
19fd285859
Merge pull request #223 from rolandshoemaker/revoker
...
admin-revoker tool
2015-05-26 14:37:33 -07:00
e1eeebce52
Only run validations against updated challenges (instead of everything)
2015-05-26 17:08:49 +01:00
d184862427
gofmt and move deniedCSR table creation back to SA
2015-05-25 01:17:28 +01:00
0ab71bed62
initial revoker work
2015-05-23 12:46:56 +01:00
f63c8ec5ca
Merge pull request #218 from letsencrypt/204_audit_challenges
...
Audit all Challenges (success/failure) in VA for Issue #204
2015-05-21 14:23:54 -07:00
1c9837ddf8
Audit all Challenges (success/failure) in VA for Issue #204
...
- Don't ignore entropy underruns in challenges.go
- Correct identity crisis in Policy Authority; hopefully it will remember.
- Add a method `AuditObject` in audit-logger and convert RA/VA to use it
- Fix json typo in registration-authority that caused empty audit logs
- Fix vet issue in WFE where RegID was being printed as a 32-bit int instead of 64-bit
- Unfix the issue in WFE where RegID isn't right, per PR #215
2015-05-21 13:58:40 -07:00
870f02917c
check subscriber agreement in new/updated registrations
2015-05-18 20:56:51 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
c3b312118e
Add audit logging
...
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
faa1d5ac45
review cleanups
2015-05-16 13:25:36 -07:00
e233fdaa61
switch authz and pending_authz to store registration ID instead of key (and update all the random stuff they touched)
2015-05-14 14:14:36 -07:00
6be5c4910e
Merge pull request #185 from rolandshoemaker/deny-store
...
Store and check previously denied CSRs
2015-05-14 09:03:06 -07:00
b9745cf894
check key is assosiated with existing registration in verifyPOST
2015-05-13 19:16:20 -07:00
aa8c20f84a
Fixes in response to review feedback.
2015-05-13 17:36:39 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
5d5eea7071
switch to only store dns names
2015-05-13 12:08:50 -07:00
314fb5e9f6
add WFE mashaling test
2015-05-12 21:04:48 -07:00
07182500eb
add missing rpc methods
2015-05-12 00:08:48 -07:00
d95c552ab4
add denied csr table and AddDeniedCSR + AlreadyDeniedCSR methods for checking, added AddDeniedCSR to ra.NewCertificate
2015-05-11 23:02:39 -07:00
1bf93f42ec
add anonymous tags to LockCol fields on core objects
2015-05-11 21:57:45 -07:00
915956c779
Once, initialize small primes as big.Int
2015-05-09 11:54:34 -07:00
cb00816e48
Merge branch 'goodkey' of github.com:letsencrypt/boulder into goodkey
...
Conflicts:
ca/certificate-authority.go
core/good_key.go
core/good_key_test.go
2015-05-09 11:48:32 -07:00
ea457f7167
Split out RSA/ECDSA functions.
2015-05-09 11:34:13 -07:00
34a6e1511d
Add good_key.go.
2015-05-09 11:24:47 -07:00
8acae627eb
Fix sanity checking for challenges.
...
Also add more debug logging.
2015-05-08 15:32:11 -07:00
8b1139be70
Merge pull request #149 from rolandshoemaker/gorp
...
Switch SQL backend to gorp
2015-05-08 09:47:46 -07:00
b47d402533
Merge pull request #154 from rolandshoemaker/sanity
...
Challenge sanity check
2015-05-08 08:48:04 -07:00
79b8958f70
fix conflict
2015-05-07 02:07:32 -07:00
651689711f
move table comments from SA to relevant core object fields
2015-05-06 21:56:05 -07:00
1cc1df2726
use core objects as models (except for pending/final authz)
2015-05-06 21:45:37 -07:00
3f6bf6d35d
add status check
2015-05-06 17:24:26 -07:00
0882e34ec6
Add testing for small prime divisibility.
2015-05-06 16:51:13 -07:00
02421fefd9
Add tests.
2015-05-06 16:10:00 -07:00
771d6d9b6d
add serial conv. functions and basic tests
2015-05-06 16:07:19 -07:00
07310b5fa1
hook sanity check into VA and RA
2015-05-06 15:19:21 -07:00
f778ba12de
Implement key checking in RA and CA.
2015-05-06 10:25:30 -07:00
d555e0d0c5
proper nonce test
2015-05-06 01:08:49 -07:00
e3f9e142f8
sanity test
2015-05-06 00:51:37 -07:00
aea9fbf0f7
challenge sanity check
2015-05-06 00:16:53 -07:00
175fc26450
Add good_key.go.
2015-05-05 19:03:06 -07:00
1cee83c262
add db tags to structs we are embeding, update models, add custom type converter, simplify DumpTables (+ fix it), move GetCert... methods to gorp
2015-05-02 21:28:39 -07:00
ac78f333f8
Merge branch 'master' into ocsp-table
...
Conflicts:
ca/certificate-authority.go
ca/certificate-authority_test.go
cmd/boulder-ca/main.go
cmd/boulder/main.go
sa/storage-authority.go
sa/storage-authority_test.go
2015-05-02 11:10:05 -07:00
9c272cebe8
Resolve comments from PR #141
2015-05-01 22:06:38 -07:00
1543a71c3e
Remove stray code...
2015-05-01 22:04:00 -07:00
d609aebc3f
Some NewToken tests
2015-05-01 22:03:59 -07:00
f00848e115
Hypothetical RNG failure handling
2015-05-01 22:03:59 -07:00
7352757086
Add test
2015-05-01 16:01:50 -07:00
79b548ad37
Add interface for RevokeCertificate.
2015-04-30 12:44:17 -07:00
73603c95cf
Add reason code and fix index.
2015-04-30 11:31:36 -07:00
8e30ff81fb
Partly done implementation of revoke.
2015-04-29 18:36:26 -07:00
1d2c6a5d7c
Split out GetCertificate / GetCertificateByShortSerial.
...
Also stub out some initial revocation code.
2015-04-29 11:48:08 -07:00
7145207104
Add initial certificate status in SA.
...
Also improve test tools.
2015-04-23 19:52:34 -07:00
7d8ef9a019
Fix tests and tidy up for review.
2015-04-18 23:44:42 -04:00
431ad092eb
Query certs by sequential part of serial number.
...
Also refactor WFE for better initialization and change StorageAuthority to
support this type of query.
2015-04-18 00:48:19 -04:00
e389f98ba2
Fixes for golint
2015-04-13 16:24:35 -07:00
e972647b5e
Serial number get-and-increment method
...
Add stubs for integration with Issue #83 .
2015-04-12 08:10:28 -07:00
97b356fcd4
Add a Certificate Authority Database stub
...
* A few tests, but they don't all pass
* needs actual DB code
2015-04-12 08:10:28 -07:00
84df10fd6e
Add empty tests where missing.
...
This will bring our coverage numbers down to a more meaningful number, and will
mean that we can start aiming to increase them monotonically.
2015-04-07 11:27:33 -07:00
33db859a5d
Fix non-compliance issue stemming from PR #31 .
...
Caught by @kuba, thanks!
2015-03-24 09:18:03 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
e604b8edb9
Update per spec
...
- Spec says the Challenge objects contain a field "Validated" not "Completed."
- The Challenge object says "Validated" should be omitempty, but wasn't a pointer.
- Swapped to using pointers so it will not be "completed":"0001-01-01T00:00:00Z"
- Sort of related to [Issue #71 in Acme-Spec](https://github.com/letsencrypt/acme-spec/issues/71 )
- Remove commented-out line from Dockerfile (whoops)
2015-03-20 15:37:53 -07:00
752e91d8eb
Initial policy authority
2015-03-16 12:55:05 -04:00
568bad588a
Identifier checking (syntax,blacklist,PSL)
2015-03-16 12:17:31 -04:00
96bd7e215a
Further plumbing of registrations
2015-03-15 15:33:05 -04:00
d938deb3fd
Separate resources for challenges [initial]
2015-03-14 19:07:16 -04:00
e3dd04e9b8
Merge pull request #34 from bifurcation/coverage
...
Improved test coverage in boulder/core
2015-03-14 13:19:52 -04:00
4db3f77607
Fixing 'go vet' issue
2015-03-14 13:09:06 -04:00
2c9ed3c792
Fixing errors discovered with increased testing.
2015-03-14 11:20:59 -04:00
227eb2fd36
Improved test coverage for 'core' module
2015-03-14 11:20:32 -04:00
8f4ea0efd8
Adapting to point to mainlined JOSE
2015-03-13 13:11:04 -07:00
91b12a2e1a
Simplify if err != nil structure when applicable
2015-03-12 12:46:18 +01:00
6c0c22b8f9
Separate imports from the standard library
2015-03-12 12:29:21 +01:00
d66e581736
Replace Https by HTTPS as per golint
2015-03-12 12:21:40 +01:00
880821801e
hash.Hash.Write() never returns an error
2015-03-12 12:18:37 +01:00
083fb1b7e7
Ignore rand.Read() errors uniformly
2015-03-12 12:18:30 +01:00
c931b559a8
Fix "if block ends with a return statement"
2015-03-12 12:13:50 +01:00
9d9ad5f1ab
Fix a 'vet' issue, and more travis cleaning
...
It'd be nice if I could simulate a travis build locally first...
2015-03-11 08:37:33 -06:00
37919058e5
Pulling out va module
2015-03-10 14:26:20 -07:00
b545ad6956
Pulling out ra module
2015-03-10 14:22:37 -07:00
c6673ade2e
Pulling out core module
2015-03-10 13:54:13 -07:00
Brad Warren
James 'J.C.' Jones
Roland Shoemaker
J.C. Jones
Jacob Hoffman-Andrews
bifurcation
Richard Barnes
Peter Eckersley
Daniel Martí
J.C. Jones