Commit Graph

704 Commits

Author SHA1 Message Date
Roland Bracewell Shoemaker 62f3978f3b
Add inital CTPolicy impl (#3414)
Adds a package which implements group based SCT retrieval.

Fixes #3412.
2018-02-06 10:52:20 -08:00
Daniel McCarney eea049da40
Fix order reuse, calc order status by authz status (#3402)
This PR is a rework of what was originally https://github.com/letsencrypt/boulder/pull/3382, integrating the design feedback proposed by @jsha: https://github.com/letsencrypt/boulder/pull/3382#issuecomment-359912549 

This PR removes the stored Order status field and replaces it with a value that is calculated on-the-fly by the SA when fetching an order, based on the order's associated authorizations. 

In summary (and order of precedence):
* If any of the order's authorizations are invalid, the order is invalid.
* If any of the order's authorizations are deactivated, the order is deactivated.
* If any of the order's authorizations are pending, the order is pending.
* If all of the order's authorizations are valid, and there is a certificate serial, the order is valid.
* If all of the order's authorizations are valid, and we have began processing, but there is no certificate serial, the order is processing.
* If all of the order's authorizations are valid, and we haven't processing, then the order is pending waiting a finalization request.

This avoids having to explicitly update the order status when an associated authorization changes status.

The RA's implementation of new-order is updated to only reuse an existing order if the calculated status is pending. This avoids giving back invalid or deactivated orders to clients.

Resolves #3333
2018-02-01 16:33:42 -05:00
Roland Bracewell Shoemaker 8f168b909e Omit empty fields in JSON representation of core.ValidationRecord struct (#3399) 2018-01-29 10:51:57 -08:00
Jacob Hoffman-Andrews 8153b919be
Implement TLSSNIRevalidation (#3361)
This change adds a feature flag, TLSSNIRevalidation. When it is enabled, Boulder
will create new authorization objects with TLS-SNI challenges if the requesting
account has issued a certificate with the relevant domain name, and was the most
recent account to do so*. This setting overrides the configured list of
challenges in the PolicyAuthority, so even if TLS-SNI is disabled in general, it
will be enabled for revalidation.

Note that this interacts with EnforceChallengeDisable. Because
EnforceChallengeDisable causes additional checked at validation time and at
issuance time, we need to update those two places as well. We'll send a
follow-up PR with that.

*We chose to make this work only for the most recent account to issue, even if
there were overlapping certificates, because it significantly simplifies the
database access patterns and should work for 95+% of cases.

Note that this change will let an account revalidate and reissue for a domain
even if the previous issuance on that account used http-01 or dns-01. This also
simplifies implementation, and fits within the intent of the mitigation plan: If
someone previously issued for a domain using http-01, we have high confidence
that they are actually the owner, and they are not going to "steal" the domain
from themselves using tls-sni-01.

Also note: This change also doesn't work properly with ReusePendingAuthz: true.
Specifically, if you attempted issuance in the last couple days and failed
because there was no tls-sni challenge, you'll still have an http-01 challenge
lying around, and we'll reuse that; then your client will fail due to lack of
tls-sni challenge again.

This change was joint work between @rolandshoemaker and @jsha.
2018-01-12 11:00:06 -08:00
Maciej Dębski 44984cd84a Implement regID whitelist for allowed challenge types. (#3352)
This updates the PA component to allow authorization challenge types that are globally disabled if the account ID owning the authorization is on a configured whitelist for that challenge type.
2018-01-10 13:44:53 -05:00
Roland Shoemaker dcd2b438f4 Fix previous impl, add valid authz reuse fix and existing authz validation fix 2018-01-09 19:53:48 -08:00
Roland Shoemaker 5ca646c5dd Disallow the use of valid authorizations that used currently disabled challenges for issuance 2018-01-09 18:52:29 -08:00
Daniel McCarney 7bb16ff21e ACMEv2: Add pending order reuse (#3290)
This commit adds pending order reuse. Subsequent to this commit multiple
add-order requests from the same account ID for the same set of order
names will result in only one order being created. Orders are only
reused while they are not expired. Finalized orders will not be reused
for subsequent new-order requests allowing for duplicate order issuance.

Note that this is a second level of reuse, building on the pending
authorization reuse that's done between separate orders already.

To efficiently find an appropriate order ID given a set of names,
a registration ID, and the current time a new orderFqdnSets table is
added with appropriate indexes and foreign keys.

Resolves #3258
2018-01-02 13:27:16 -08:00
Daniel McCarney ca54d9758f More small WFE2 fixes (#3296)
- Fixes two places WFE2 returned http.StatusAccepted when it should return http.StatusOK
- Removes the legacy challenge "URI" field in place of "URL"
2017-12-20 10:34:03 -08:00
Jacob Hoffman-Andrews 52bb0aa7ba Use lowercase for the "status" field of registrations (#3293) 2017-12-19 15:48:13 -08:00
Daniel McCarney 0684d5fc73
Add pending orders rate limit to new-order. (#3257)
This commit adds a new rate limit to restrict the number of outstanding
pending orders per account. If the threshold for this rate limit is
crossed subsequent new-order requests will return a 429 response.

Note: Since this the rate limit object itself defines an `Enabled()`
test based on whether or not it has been configured there is **not**
a feature flag for this change.

Resolves https://github.com/letsencrypt/boulder/issues/3246
2017-12-04 16:36:48 -05:00
Daniel McCarney 1c99f91733 Policy based issuance for wildcard identifiers (Round two) (#3252)
This PR implements issuance for wildcard names in the V2 order flow. By policy, pending authorizations for wildcard names only receive a DNS-01 challenge for the base domain. We do not re-use authorizations for the base domain that do not come from a previous wildcard issuance (e.g. a normal authorization for example.com turned valid by way of a DNS-01 challenge will not be reused for a *.example.com order).

The wildcard prefix is stripped off of the authorization identifier value in two places:

When presenting the authorization to the user - ACME forbids having a wildcard character in an authorization identifier.
When performing validation - We validate the base domain name without the *. prefix.
This PR is largely a rewrite/extension of #3231. Instead of using a pseudo-challenge-type (DNS-01-Wildcard) to indicate an authorization & identifier correspond to the base name of a wildcard order name we instead allow the identifier to take the wildcard order name with the *. prefix.
2017-12-04 12:18:10 -08:00
Daniel McCarney 2f263f8ed5 ACME v2 Finalize order support (#3169)
This PR implements order finalization for the ACME v2 API.

In broad strokes this means:

* Removing the CSR from order objects & the new-order flow
* Adding identifiers to the order object & new-order
* Providing a finalization URL as part of orders returned by new-order
* Adding support to the WFE's Order endpoint to receive finalization POST requests with a CSR
* Updating the RA to accept finalization requests and to ensure orders are fully validated before issuance can proceed
* Updating the SA to allow finding order authorizations & updating orders.
* Updating the CA to accept an Order ID to log when issuing a certificate corresponding to an order object

Resolves #3123
2017-11-01 12:39:44 -07:00
Roland Bracewell Shoemaker b7bca87134 Batch fetching of existing authorizations and creation of pending authorizations (#3058)
For the new-order endpoint only. This does some refactoring of the order of operations in `ra.NewAuthorization` as well in order to reduce the duplication of code relating to creating pending authorizations, existing tests still seem to work as intended... A close eye should be given to this since we don't have integration tests yet that test it end to end. This also changes the inner type of `grpc.StorageAuthorityServerWrapper` to `core.StorageAuthority` so that we can avoid a circular import that is created by needing to import `grpc.AuthzToPB` and `grpc.PBToAuthz` in `sa/sa.go`.

This is a big change but should considerably improve the performance of the new-order flow.

Fixes #2955.
2017-09-25 09:10:59 -07:00
Roland Bracewell Shoemaker e91349217e Switch to using go 1.9 (#3047)
* Switch to using go 1.9

* Regenerate with 1.9

* Manually fix import path...

* Upgrade mockgen and regenerate

* Update github.com/golang/mock
2017-09-06 16:30:13 -04:00
Jacob Hoffman-Andrews 18f15b2b3d Remove unused error types (#3041)
* Remove all of the errors under core. Their purpose is now served by errors, and they were almost entirely unused. The remaining uses were switched to errors.
* Remove errors.NotSupportedError. It was used in only one place (ca.go), and that usage is more appropriately a ServerInternal error.
2017-09-05 16:51:32 -07:00
Roland Bracewell Shoemaker 191a043585 Implement handler for retrieving an order object and SA RPC (#3016)
Fixes #2984 and fixes #2985.
2017-09-01 15:26:36 -07:00
Roland Bracewell Shoemaker c560fa4fc5 Remove features checks from wfe2 (#2982) 2017-08-16 10:53:47 -04:00
Brian Smith e670e6e6b5 CA: Stub IssueCertificateForPrecertificate(). (#2973)
Stub out IssueCertificateForPrecertificate() enough so that we can continue with the PRs that implement & test it in parallel with PRs that implement and test the calling side (via mock implementations of the CA side).
2017-08-15 16:50:21 -07:00
Roland Bracewell Shoemaker 90ba766af9 Add NewOrder RPCs + methods to SA and RA (#2907)
Fixes #2875, #2900 and #2901.
2017-08-11 14:24:25 -04:00
Brian Smith d2291f6c5a CA: Implement IssuePrecertificate. (#2946)
* CA: Stub IssuePrecertificate gPRC method.

* CA: Implement IssuePrecertificate.

* CA: Test Precertificate flow in TestIssueCertificate().

move verification of certificate storage

IssuePrecertificate tests

Add CT precertificate poison extension to CFSSL whitelist.

CFSSL won't allow us to add an extension to a certificate unless that
certificate is in the whitelist.

According to its documentation, "Extensions requested in the CSR are
ignored, except for those processed by ParseCertificateRequest (mainly
subjectAltName)." Still, at least we need to add tests to make sure a
poison extension in a CSR isn't copied into the final certificate.

This allows us to avoid making invasive changes to CFSSL.

* CA: Test precertificate issuance in TestInvalidCSRs().

* CA: Only support IssuePrecertificate() if it is explicitly enabled.

* CA: Test that we produce CT poison extensions in the valid form.

The poison extension must be critical in order to work correctly. It probably wouldn't
matter as much what the value is, but the spec requires the value to be ASN.1 NULL, so
verify that it is.
2017-08-09 21:05:39 -07:00
Roland Bracewell Shoemaker fcef38f78c Performance and cleanup database migration (#2882)
Switch certificates and certificateStatus to use autoincrement primary keys to avoid performance problems with clustered indexes (fixes #2754).

Remove empty externalCerts and identifierData tables (fixes #2881).

Make progress towards deleting unnecessary LockCol and subscriberApproved fields (#856,  #873) by making them NULLable and not including them in INSERTs and UPDATEs.
2017-07-26 15:18:28 -07:00
Jacob Hoffman-Andrews 8bc1db742c Improve recycling of pending authzs (#2896)
The existing ReusePendingAuthz implementation had some bugs:

It would recycle deactivated authorizations, which then couldn't be fulfilled. (#2840)
Since it was implemented in the SA, it wouldn't get called until after the RA checks the Pending Authorizations rate limit. Which means it wouldn't fulfill its intended purpose of making accounts less likely to get stuck in a Pending Authorizations limited state. (#2831)
This factors out the reuse functionality, which used to be inside an "if" statement in the SA. Now the SA has an explicit GetPendingAuthorization RPC, which gets called from the RA before calling NewPendingAuthorization. This happens to obsolete #2807, by putting the recycling logic for both valid and pending authorizations in the RA.
2017-07-26 14:00:30 -07:00
Daniel McCarney 2a84bc2495 Replace go-jose v1 with go-jose v2. (#2899)
This commit replaces the Boulder dependency on
gopkg.in/square/go-jose.v1 with gopkg.in/square/go-jose.v2. This is
necessary both to stay in front of bitrot and because the ACME v2 work
will require a feature from go-jose.v2 for JWS validation.

The largest part of this diff is cosmetic changes:

Changing import paths
jose.JsonWebKey -> jose.JSONWebKey
jose.JsonWebSignature -> jose.JSONWebSignature
jose.JoseHeader -> jose.Header
Some more significant changes were caused by updates in the API for
for creating new jose.Signer instances. Previously we constructed
these with jose.NewSigner(algorithm, key). Now these are created with
jose.NewSigner(jose.SigningKey{},jose.SignerOptions{}). At present all
signers specify EmbedJWK: true but this will likely change with
follow-up ACME V2 work.

Another change was the removal of the jose.LoadPrivateKey function
that the wfe tests relied on. The jose v2 API removed these functions,
moving them to a cmd's main package where we can't easily import them.
This function was reimplemented in the WFE's test code & updated to fail
fast rather than return errors.

Per CONTRIBUTING.md I have verified the go-jose.v2 tests at the imported
commit pass:

ok      gopkg.in/square/go-jose.v2      14.771s
ok      gopkg.in/square/go-jose.v2/cipher       0.025s
?       gopkg.in/square/go-jose.v2/jose-util    [no test files]
ok      gopkg.in/square/go-jose.v2/json 1.230s
ok      gopkg.in/square/go-jose.v2/jwt  0.073s

Resolves #2880
2017-07-26 10:55:14 -07:00
Brian Smith ac63c78313 CA: Have IssueCertificate use IssueCertificateRequest directly. (#2886)
This is a step towards the long-term goal of eliminating wrappers and a step
towards the short-term goal of making it easier to refactor ca/ca_test.go to
add testing of precertificate-based issuance.
2017-07-25 13:35:25 -04:00
Roland Bracewell Shoemaker 764658ab84 Remove CAA distributed resolver (#2804)
We never used it and it's been superseded by the multi-VA design.
2017-06-15 13:35:50 -04:00
Daniel McCarney fbd87b1757 Splits CountRegistrationsByIP to exact-match and by /48. (#2782)
Prior to this PR the SA's `CountRegistrationsByIP` treated IPv6
differently than IPv4 by counting registrations within a /48 for IPv6 as
opposed to exact matches for IPv4. This PR updates
`CountRegistrationsByIP` to treat IPv4 and IPv6 the
same, always matching exactly. The existing RegistrationsPerIP rate
limit policy will be applied against this exact matching count.

A new `CountRegistrationsByIPRange` function is added to the SA that
performs the historic matching process, e.g. for IPv4 it counts exactly
the same as `CountRegistrationsByIP`, but for IPv6 it counts within
a /48.

A new `RegistrationsPerIPRange` rate limit policy is added to allow
configuring the threshold/window for the fuzzy /48 matching registration
limit. Stats for the "Exceeded" and "Pass" events for this rate limit are
separated into a separate `RegistrationsByIPRange` stats scope under
the `RateLimit` scope to allow us to track it separate from the exact 
registrations per IP rate limit.

Resolves https://github.com/letsencrypt/boulder/issues/2738
2017-05-30 15:12:20 -07:00
Daniel McCarney 47452d6c6c Prefer IPv6 addresses, fall back to IPv4. (#2715)
This PR introduces a new feature flag "IPv6First". 

When the "IPv6First" feature is enabled the VA's HTTP dialer and TLS SNI
(01 and 02) certificate fetch requests will attempt to automatically
retry when the initial connection was to IPv6 and there is an IPv4
address available to retry with.

This resolves https://github.com/letsencrypt/boulder/issues/2623
2017-05-08 13:00:16 -07:00
Daniel McCarney 361e7d4caa Clean up `berrors` (#2724)
This PR removes two berrors that aren't used anywhere in the codebase:

TooManyRequests , a holdover from AMQP, and is no longer used.
UnsupportedIdentifier, used just for rejecting IDNs, which we no longer do.
In addition, the SignatureValidation error was only used by the WFE so it is moved there and unexported.

Note for reviewers: To remove berrors.UnsupportedIdentifierError I replaced the errIDNNotSupported error in policy/pa.go with a berrors.MalformedError with the same name. This allows removing UnsupportedIdentifierError ahead of #2712 which removes the IDNASupport feature flag. This seemed OK to me, but I can restore UnsupportedIdentifierError and clean it up after 2712 if that's preferred.

Resolves #2709
2017-05-04 10:56:26 +01:00
Daniel McCarney 1ed34a4a5d Fixes cert count rate limit for exact PSL matches. (#2703)
Prior to this PR if a domain was an exact match to a public suffix
list entry the certificates per name rate limit was applied based on the
count of certificates issued for that exact name and all of its
subdomains.

This PR introduces an exception such that exact public suffix
matches correctly have the certificate per name rate limit applied based
on only exact name matches.

In order to accomplish this a new RPC is added to the SA
`CountCertificatesByExactNames`. This operates similar to the existing
`CountCertificatesByNames` but does *not* include subdomains in the
count, only exact matches to the names provided. The usage of this new
RPC is feature flag gated behind the "CountCertificatesExact" feature flag.

The RA unit tests are updated to test the new code paths both with and
without the feature flag enabled.

Resolves #2681
2017-05-02 13:43:35 -07:00
David Calavera cc5ee3906b Refactor IsSane and IsSane* to return useful errors. (#2685)
This change changes the returning values from boolean to error.

It makes `checkConsistency` an internal function and removes the
optional argument in favor of making checks explicit where they are
used.

It also renames those functions to CheckConsistency* to not
give the impression of still returning boolean values.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-04-19 12:08:47 -04:00
Roland Bracewell Shoemaker fd561ef842 Block issuance on first OCSP response generation (#2633)
Generate first OCSP response in ca.IssueCertificate instead of ocsp-updater.newCertificateTick
if features.GenerateOCSPEarly is enabled. Adds a new field to the sa.AddCertiifcate RPC for
the OCSP response and only adds it to the certificate status + sets ocspLastUpdated if it is a
non-empty slice. ocsp-updater.newCertificateTick stays the same so we can catch certificates
that were successfully signed + stored but a OCSP response couldn't be generated (for whatever
reason).

Fixes #2477.
2017-04-04 11:28:09 -07:00
Roland Bracewell Shoemaker e2b2511898 Overhaul internal error usage (#2583)
This patch removes all usages of the `core.XXXError` and almost all usages of `probs` outside of the WFE and VA and replaces them with a unified internal error type. Since the VA uses `probs.ProblemDetails` quite extensively in challenges, and currently stores them in the DB I've saved this change for another change (it'll also require a migration). Since `ProblemDetails` should only ever be exposed to end-users all of its related logic should be moved into the `WFE` but since it still needs to be exposed to the VA and SA I've left it in place for now.

The new internal `errors` package offers the same convenience functions as `probs` does as well as a new simpler type testing method. A few small changes have also been made to error messages, mainly adding the library and function name to internal server errors for easier debugging (i.e. where a number of functions return the exact same errors and there is no other way to distinguish which method threw the error).

Also adds proper encoding of internal errors transferred over gRPC (the current encoding scheme is kept for `core` and `probs` errors since it'll be ideally be removed after we deploy this and follow-up changes) using `grpc/metadata` instead of the gRPC status codes.

Fixes #2507. Updates #2254 and #2505.
2017-03-22 23:27:31 -07:00
David Calavera c71c3cff80 Implement TLS-SNI-02 challenge validations. (#2585)
I think these are all the necessary changes to implement TLS-SNI-02 validations, according to the section 7.3 of draft 05:

https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.3

I don't have much experience with this code, I'll really appreciate your feedback.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-03-22 10:17:59 -07:00
David Calavera 0dc2513d2d
Generate GRPC objects with Go 1.8.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-02-21 12:11:17 +01:00
Daniel McCarney a2b8faea1e Only resubmit missing SCTs. (#2342)
This PR introduces the ability for the ocsp-updater to only resubmit certificates to logs that we are missing SCTs from. Prior to this commit when a certificate was missing one or more SCTs we would submit it to every log, causing unnecessary overhead for us and the log operator.

To accomplish this a new RPC endpoint is added to the Publisher service "SubmitToSingleCT". Unlike the existing "SubmitToCT" this RPC endpoint accepts a log URI and public key in addition to the certificate DER bytes. The certificate is submitted directly to that log, and a cache of constructed resources is maintained so that subsequent submissions to the same log can reuse the stat name, verifier, and submission client.

Resolves #1679
2016-12-05 13:54:02 -08:00
Roland Bracewell Shoemaker 03fdd65bfe Add gRPC server to SA (#2374)
Adds a gRPC server to the SA and SA gRPC Clients to the WFE, RA, CA, Publisher, OCSP updater, orphan finder, admin revoker, and expiration mailer.

Also adds a CA gRPC client to the OCSP Updater which was missed in #2193.

Fixes #2347.
2016-12-02 17:24:46 -08:00
Daniel 3abc2ee896
Fixes unused digest 2016-11-30 13:43:41 -05:00
Daniel 5f7ec2217e
Spelling fixes 2016-11-30 13:17:56 -05:00
Roland Bracewell Shoemaker a87379bc6e Add gRPC server to RA (#2350)
Fixes #2348.
2016-11-29 15:34:35 -08:00
Daniel McCarney 95e231b91b Moves `core/reverse-name.go` to SA, adds test. (#2360)
The only consumer of `core/reverse-name.go` and the `core.ReverseName`
function was the SA. In keeping with minimizing the junk that collects
up in `core` this commit moves `core.ReverseName` into the SA as the
unexported `reverseName` function. There was no unit test for
`ReverseName` so this commit also adds a unit test to `sa_test.go`.
2016-11-28 12:22:26 -08:00
Daniel McCarney a6f2b0fafb Updates `go-jose` dep to v1.1.0 (#2314)
This commit updates the `go-jose` dependency to [v1.1.0](https://github.com/square/go-jose/releases/tag/v1.1.0) (Commit: aa2e30fdd1fe9dd3394119af66451ae790d50e0d). Since the import path changed from `github.com/square/...` to `gopkg.in/square/go-jose.v1/` this means removing the old dep and adding the new one.

The upstream go-jose library added a `[]*x509.Certificate` member to the `JsonWebKey` struct that prevents us from using a direct equality test against two `JsonWebKey` instances. Instead we now must compare the inner `Key` members.

The `TestRegistrationContactUpdate` function from `ra_test.go` was updated to populate the `Key` members used in testing instead of only using KeyID's to allow the updated comparisons to work as intended.

The `Key` field of the `Registration` object was switched from `jose.JsonWebKey` to `*jose.JsonWebKey ` to make it easier to represent a registration w/o a Key versus using a value with a nil `JsonWebKey.Key`.

I verified the upstream unit tests pass per contributing.md:
```
daniel@XXXXX:~/go/src/gopkg.in/square/go-jose.v1$ git show
commit aa2e30fdd1fe9dd3394119af66451ae790d50e0d
Merge: 139276c e18a743
Author: Cedric Staub <cs@squareup.com>
Date:   Thu Sep 22 17:08:11 2016 -0700

    Merge branch 'master' into v1
    
    * master:
      Better docs explaining embedded JWKs
      Reject invalid embedded public keys
      Improve multi-recipient/multi-sig handling

daniel@XXXXX:~/go/src/gopkg.in/square/go-jose.v1$ go test ./...
ok  	gopkg.in/square/go-jose.v1	17.599s
ok  	gopkg.in/square/go-jose.v1/cipher	0.007s
?   	gopkg.in/square/go-jose.v1/jose-util	[no test files]
ok  	gopkg.in/square/go-jose.v1/json	1.238s
```
2016-11-08 13:56:50 -05:00
Roland Bracewell Shoemaker 313bc75c05 Switch to Golang 1.7.3 in travis (#2305)
Protobuf files need to be regenerated because (I think) Golang 1.7.3 uses a somewhat different method of ordering fields in a struct when marshaling to bytes.
2016-11-07 10:49:23 -08:00
Roland Bracewell Shoemaker ce679bad41 Implement key rollover (#2231)
Fixes #503.

Functionality is gated by the feature flag `AllowKeyRollover`. Since this functionality is only specified in ACME draft-03 and we mostly implement the draft-02 style this takes some liberties in the implementation, which are described in the updated divergences doc. The `key-change` resource is used to side-step draft-03 `url` requirement.
2016-10-27 10:22:09 -04:00
Daniel McCarney 4c9cf065a8 `certificateStatus` table optimizations (Part One) (#2177)
This PR adds a migration to create two new fields on the `certificateStatus` table: `notAfter` and `isExpired`. The rationale for these fields is explained in #1864. Usage of these fields is gated behind `features.CertStatusOptimizationsMigrated` per [CONTRIBUTING.md](https://github.com/letsencrypt/boulder/blob/master/CONTRIBUTING.md#gating-migrations). This flag should be set to true **only** when the `20160817143417_CertStatusOptimizations.sql` migration has been applied.

Points of difference from #2132 (the initial preparatory "all-in-one go" PR):
**Note 1**: Updating the `isExpired` field in the OCSP updater can not be done yet, the `notAfter` field needs to be fully populated first - otherwise a separate query or a messy `JOIN` would have to be used to determine if a certStatus `isExpired` by using the `certificates` table's `expires` field. 
**Note 2**: Similarly we can't remove the `JOIN` on `certificates` from the `findStaleOCSPResponse` query yet until all DB rows have `notAfter` populated. This will happen in a separate **Part Two** PR.
2016-09-30 14:52:19 -04:00
Roland Bracewell Shoemaker c6e3ef660c Re-apply 2138 with proper gating (#2199)
Re-applies #2138 using the new style of feature-flag gated migrations. Account deactivation is gated behind `features.AllowAccountDeactivation`.
2016-09-29 17:16:03 -04:00
Roland Bracewell Shoemaker 2c966c61b2 Revert "Allow account deactivation (#2138)" (#2188)
This reverts commit 6f3d078414, reversing
changes made to c8f1fb3e2f.
2016-09-19 11:20:41 -07:00
Roland Shoemaker dbf9afa7d6 Review fixes pt. 1 2016-08-25 16:28:58 -07:00
Roland Shoemaker aa7f85d3f5 Merge branch 'master' into reg-deact 2016-08-24 11:51:15 -07:00
Roland Bracewell Shoemaker 51ee04e6a9 Allow authorization deactivation (#2116)
Implements `valid` and `pending` authz deactivation.
2016-08-23 16:25:06 -04:00
Roland Bracewell Shoemaker 91bfd05127 Revert #2088 (#2137)
* Remove oldx509 usage

* Un-vendor old crypto/x509, crypto/x509/pkix, and encoding/asn1
2016-08-23 14:01:37 -04:00
Roland Shoemaker 003158c9e3 Initial impl 2016-08-18 14:12:09 -07:00
Ben Irving 8ed5b1e6a1 Replace *AcmeURL with string (#2117)
Removes core.AcmeURL from boulder and uses string instead.

Fixes #1996
2016-08-11 13:27:19 -07:00
Ben Irving 8b622c805a Move MergeUpdate out of core (#2114)
Fixes #2022
2016-08-08 17:12:52 -07:00
Roland Bracewell Shoemaker fc39781274 Allow user specified revocation reason (#2089)
Fixes #140.

This patch allows users to specify the following revocation reasons based on my interpretation of the meaning of the codes but could use confirmation from others.

* unspecified (0)
* keyCompromise (1)
* affiliationChanged (3)
* superseded (4)
* cessationOfOperation (5)
2016-08-08 14:26:52 -07:00
Jacob Hoffman-Andrews 474b76ad95 Import forked x509 for parsing of CSRs with empty integers (#2088)
Part of #2080.

This change vendors `crypto/x509`, `crypto/x509/pkix`, and `encoding/asn1` from  1d5f6a765d. That commit is a direct child of the Go 1.5.4 release tag, so it contains the same code as the current Go version we are using. In that commit I rewrote imports in those packages so they depend on each other internally rather than calling out to the standard library, which would cause type disagreements.

I changed the imports in each place where we're parsing CSRs, and imported under a different name `oldx509`, both to avoid collisions and make it clear what's going on. Places that only use `x509` to parse certificates are not changed, and will use the current standard library.

This will unblock us from moving to Go 1.6, and subsequently Go 1.7.
2016-07-28 10:38:33 -04:00
Daniel McCarney 7e946eaacc Registration update optimizations (#2001)
This PR adds two optimizations to fix the optimistic lock errors observed in #1986.

First, the WFE now returns early for registration POST's (before invoking the RA and SA) when the POST body is the trivial update (`{"resource":"reg"}`). This prevents any DB operations from being performed when there is no work to be done.

Second, the RA now tracks whether a update actually changes the base registration's `Contact` slice, or `Agreement` string. If the proposed update doesn't change either of these fields then the RA will return early before handing the update to the SA. 

Both changes save database operations from being performed needlessly and will help avoid the optimistic lock errors we observed when a problematic client was POSTing the trivial update repeatedly in a short period.

The fix was verified as follows: I checked out master and artificially introduced lock contention into the SA by adding a 2s sleep into `UpdateRegistration` between fetching the `existingRegModel` to get the `LockCol` value and calling `ssa.dbMap.Update`. With the sleep in place & two certbot clients posting matching registration updates the lock contention error is produced as expected. After checking out the `empty-reg-updates` branch, re-adding the sleep to the SA, and performing the same two client reg updates no error is produced.
2016-07-07 13:40:55 -04:00
Jacob Hoffman-Andrews fd095b8881 Fix Docker test builds: latest certbot and grpc (#1991)
The `letsencrypt/boulder-tools` image was recently updated, pulling in version
0.8.0 of certbot. That version stores the output of `certonly` requests in a
different path. In test.sh, we check out a specific tagged release of certbot in
order to get its integration tests. Prior to this commit, we were using
certbot 0.8.0 with the integration tests from version 0.6.0 of certbot,
which looked for `certonly` output in the wrong place, and failed.

This commit changes test.sh to checkout the 0.8.0 branch, and also removes a
temporary shim we used to make the `certbot` command call out to the
`letsencrypt` command.

Also, since the latest version of `letsencrypt/boulder-tools` includes an updated
`protoc-gen-go`, this change also updates the support packages to match.
2016-06-29 10:54:03 -07:00
Roland Bracewell Shoemaker 04961d7c66 Add basic ASN.1 structure test for pre-1.0.2 OpenSSL CSRs (#1972)
Adds a test for CSRs generated using a pre-1.0.2 version of OpenSSL and a buggy client which will fail to parse with Golang 1.6+.

This test checks the values of the bytes in the 8th and 9th offsets, which in a properly formatted CSR should be the version integer declaration bytes, and if the malformed values are present will return a error to the user informing them that they are using an old version of OpenSSL and/or a client which doesn't explicitly set the CSR version.

Fixes #1902.
2016-06-28 12:38:52 -07:00
Ben Irving d3db851403 remove regID from WillingToIssue (#1957)
The `regID` parameter in the PA's `WillingToIssue` function was originally used for whitelisting purposes, but is not used any longer. This PR removes it.
2016-06-22 12:21:07 -04:00
Ben Irving 77e64fef79 Disallow non-ASCII email addresses (#1953)
This PR, adds a check in registration authority for non-ASCII encoded characters in an email address. This is due to a 'funky email implementation'.

Fixes #1350
2016-06-21 17:53:38 -07:00
Jacob Hoffman-Andrews 4e0f96d924 Remove last vestiges of challenge.AccountKey. (#1949)
This is a followup from https://github.com/letsencrypt/boulder/pull/1942. That PR stopped setting challenge.AccountKey. This one removes it entirely.

Fixes #1948
2016-06-21 16:25:58 -07:00
Jacob Hoffman-Andrews 0535ac78d7 Stop setting AccountKey in challenges (#1942)
In https://github.com/letsencrypt/boulder/pull/774 we introduced and account key stored with the challenge. This was a stopgap fix to the now-defunct SimpleHTTP and DNS challenges in the face of https://mailarchive.ietf.org/arch/msg/acme/F71iz6qq1o_QPVhJCV4dqWf-4Yc. However, we no longer offer or implement those challenges, so the extra field is unnecessary. It also take up a huge amount of space in the challenges table, which is our biggest table. SimpleHTTP and DNS challenges were removed in https://github.com/letsencrypt/boulder/pull/1247.

We can provide a follow-up migration to delete the column later, once we have a plan for large migrations without downtime.

Fixes #1909
2016-06-20 14:26:53 -07:00
Daniel McCarney cd2d1c4f6b Allow removing registration contact. (#1923)
The RA UpdateRegistration function merges a base registration object with an update by calling Registration.MergeUpdate. Prior to this commit MergeUpdate only allowed the updated registration object to overwrite the Contact field of the existing registration if the updated reg. defined at least one AcmeURL. This prevented clients from being able to outright remove the contact associated with an existing registration.

This commit removes the len() check on the input.Contact in MergeUpdate to allow the r.Contact field to be overwritten by a []*core.AcmeURL(nil) Contact field. Subsequently clients can now send an empty contacts list in the update registration POST in order to remove their reg contact.

Fixes #1846

* Allow removing registration contact.
* Adds a test for `MergeUpdate` contact removal.
* Change `Registration.Contact` type to `*[]*core.AcmeURL`.
* End validateContacts early for empty contacts
* Test removing reg. contact more thoroughly.
2016-06-13 11:02:29 -07:00
Jacob Hoffman-Andrews ba47c61dd6 Remove UpdateOCSP and DeniedCSRs (#1866)
Neither is currently used.

* Remove unused UpdateOCSP method.
* Remove deniedCSRs
* Rename and fix migration.
2016-06-02 12:36:55 -07:00
Jacob Hoffman-Andrews 9a4b979397 Move goodkey and nonce out of core (#1869) 2016-06-02 11:29:58 -07:00
Kane York 0430c08388 Implement gRPC for VA's RPCs (#1738)
Adds appropriate protobufs, and sets up RA / VA to use the gRPC versions of the calls in boulder-config-next.json.

Fixes #1626.
2016-05-31 16:44:48 -07:00
Daniel McCarney 77030c3eb1 Make it easier to instantiate ProblemDetails (#1851)
Several of the `ProblemType`s had convenience functions to instantiate `ProblemDetails`s using their type and a detail message. Where these existed I did a quick scan of the codebase to convert places where callers were explicitly constructing the `ProblemDetails` to use the convenience function.

For the `ProblemType`s that did not have such a function, I created one and then converted callers to use it.

Solves #1837.
2016-05-31 14:05:37 -07:00
Roland Bracewell Shoemaker 54573b36ba Remove all stray copyright headers and appends the initial line to LICENSE.txt (#1853) 2016-05-31 12:32:04 -07:00
Jacob Hoffman-Andrews d8d1753168 Remove OnValidationUpdate callback in RA (#1848)
Also, UpdateValidations in VA.
2016-05-31 12:27:26 -07:00
Roland Bracewell Shoemaker 5abe7e3cdf Move CSR normalization/verification to their own methods (#1826)
* Split CSR testing and name hoisting into own functions, verify CSR in RA & CA

* Move tests around and various other fixes

* 1.5.3 doesn't have the needed stringer

* Move functions to their own lib

* Remove unused imports

* Move MaxCNLength and BadSignatureAlgorithms to csr package

* Always normalizeCSR in VerifyCSR and de-export it

* Update comments
2016-05-26 14:17:41 -07:00
Kane York c4197ea7df Remove unused Validated field from Challenge (#1817)
Remove unused Validated field from core.Challenge
2016-05-12 17:33:10 -07:00
Jacob Hoffman-Andrews d5dcc1f157 Remove external-cert-importer. (#1794)
Not currently used.
2016-05-10 10:45:19 -07:00
Jacob Hoffman-Andrews 9ed8268acd Make authz lookup more efficient (remove ORDER BY) (#1784)
- Improve speed of authz lookup.
- Remove all uses of obsolete GetLatestValidAuthorization
- Update test to call GetValidAuthorizations.
2016-05-05 13:48:32 -07:00
Roland Bracewell Shoemaker 35b6e83e81 Implement CAA quorum checking after failure (#1763)
When a CAA request to Unbound times out, fall back to checking CAA via Google Public DNS' HTTPS API, through multiple proxies so as to hit geographically distributed paths. All successful multipath responses must be identical in order to succeed, and at most one can fail.

Fixes #1618
2016-05-05 11:16:58 -07:00
Kane York b7cf618f5d context.Context as the first parameter of all RPC calls (#1741)
Change core/interfaces to put context.Context as the first parameter of all RPC calls in preparation for gRPC.
2016-04-19 11:34:36 -07:00
Kane York 37fd71d21e Rework how KeyAuthorization works (#1688)
* Enhance error message in NewKeyAuthFromString

* va: generate expected response and string compare

* NewKeyAuth can return error, handle that...

* wip commit

* convert ch.KeyAuthorization to string and rename

* more wip commit

* wip 3

* wip 4

* delete NewKeyAuthorizationFromString

* change to ServerInternalProblem

* fix compile error

* semantic merge conflicts are the worst

actually compiled this time.

* Replace new error with statsd increment
2016-04-19 10:54:39 -07:00
Jacob Hoffman-Andrews e6c17e1717 Switch to new vendor style (#1747)
* Switch to new vendor style.

* Fix metrics generate command.

* Fix miekg/dns types_generate.

* Use generated copies of files.

* Update miekg to latest.

Fixes a problem with `go generate`.

* Set GO15VENDOREXPERIMENT.

* Build in letsencrypt/boulder.

* fix travis more.

* Exclude vendor instead of godeps.

* Replace some ...

* Fix unformatted cmd

* Fix errcheck for vendorexp

* Add GO15VENDOREXPERIMENT to Makefile.

* Temp disable errcheck.

* Restore master fetch.

* Restore errcheck.

* Build with 1.6 also.

* Match statsd.*"

* Skip errcheck unles Go1.6.

* Add other ignorepkg.

* Fix errcheck.

* move errcheck

* Remove go1.6 requirement.

* Put godep-restore with errcheck.

* Remove go1.6 dep.

* Revert master fetch revert.

* Remove -r flag from godep save.

* Set GO15VENDOREXPERIMENT in Dockerfile and remove _worskpace.

* Fix Godep version.
2016-04-18 12:51:36 -07:00
Kane York 25b45a45ec Errcheck errors fixed (#1677)
* Fix all errcheck errors
* Add errcheck to test.sh
* Add a new sa.Rollback method to make handling errors in rollbacks easier.
This also causes a behavior change in the VA. If a HTTP connection is
abruptly closed after serving the headers for a non-200 response, the
reported error will be the read failure instead of the non-200.
2016-04-12 16:54:01 -07:00
Jacob Hoffman-Andrews ecc04e8e61 Refactor log package (#1717)
- Remove error signatures from log methods. This means fewer places where errcheck will show ignored errors.
- Pull in latest cfssl to be compatible with errorless log messages.
- Reduce the number of message priorities we support to just those we actually use.
- AuditNotice -> AuditInfo
- Remove InfoObject (only one use, switched to Info)
- Remove EmergencyExit and related functions in favor of panic
- Remove SyslogWriter / AuditLogger separate types in favor of a single interface, Logger, that has all the logging methods on it.
- Merge mock log into logger. This allows us to unexport the internals but still override them in the mock.
- Shorten names to be compatible with Go style: New, Set, Get, Logger, NewMock, etc.
- Use a shorter log format for stdout logs.
- Remove "... Starting" log messages. We have better information in the "Versions" message logged at startup.

Motivation: The AuditLogger / SyslogWriter distinction was confusing and exposed internals only necessary for tests. Some components accepted one type and some accepted the other. This made it hard to consistently use mock loggers in tests. Also, the unnecessarily fat interface for AuditLogger made it hard to meaningfully mock out.
2016-04-08 16:12:20 -07:00
Jacob Hoffman-Andrews 4fb0f49be3 Replace CertificateIssuanceError
with MalformedRequestError. The distinction was not useful and was out of line
with similar errors in the CA.
2016-03-27 20:56:55 -07:00
Kane York 6024176ee0 Add calls to PerformValidation in the RA 2016-03-23 10:39:23 -07:00
Kane York d778115c5d Add PerformValidation RA→VA rpc call
The RPC call returns only the updated Challenge object instead of the
whole authz, because the VA shouldn't be allowed to update any of the
other fields of the Authorization object.
2016-03-23 10:39:23 -07:00
Roland Shoemaker 00b617b59a Switch to upstream square/go-jose + pull latest 2016-03-15 13:54:22 -07:00
Jacob Hoffman-Andrews 821414e967 Check that modulus length is divisible by 8.
Serial numbers in the CT logs that have non-divisible-by-8 modulus length:

https://crt.sh/?serial=017af157d77b1413a239902834178e72bb20
https://crt.sh/?serial=0173c209ff6792316c3e0cab55968f351cc5
https://crt.sh/?serial=01431cb7f9470ee45b6f4b319102553d3a38
https://crt.sh/?serial=01bcd7c197d51a603c930ec09b55e1d69eed
https://crt.sh/?serial=013f51353565895a67fe253c8f4983d5c82f
https://crt.sh/?serial=01a35299515cb75409169d9e0a6627ccc597
https://crt.sh/?serial=011e0adddca49ee0b786813ec2b49154bdf7
https://crt.sh/?serial=01eebb9e9a9108979b3a47217e29b391eb99
https://crt.sh/?serial=01c64e5cda78a9d0f578d6e1cc61c785af7c
https://crt.sh/?serial=0145dda768e38137c8596560b15d52d56e8a
https://crt.sh/?serial=01524fd91b9177ef3adcaf5e9eb832f25b4d
https://crt.sh/?serial=01275f34e47ce1a2df9f0f2b124b72a622f1
https://crt.sh/?serial=018544846d192a1652a549cf4ccb584d397c
https://crt.sh/?serial=01ab9f4b503e8ab947906336053c287a9c10
https://crt.sh/?serial=0166de8ca507dcaa724c74e94d259b4e8ca6
https://crt.sh/?serial=018f3a50178f77d0b41fac0e11867a405151
https://crt.sh/?serial=01d0b50c60f0282c350f2f1928c8229263f6
https://crt.sh/?serial=01ec8978d09bcb2141bea31a3a87d1f121ff
https://crt.sh/?serial=01c7f2ef18a58b9dd3347aab41df0bf9c683
https://crt.sh/?serial=0178783968354b800e99c14eb40c62105e8a
https://crt.sh/?serial=01bb0c96d7ccd5109ed702430cb95500ebe9
https://crt.sh/?serial=016c8263a384d5a4dc07dd97341f5541d008
https://crt.sh/?serial=01f94a33fa393a412213f21c0237b35f4164
https://crt.sh/?serial=01961af313383a735ff249244c974d19cdce
https://crt.sh/?serial=0151d15074797912559203d37f547ab05982
https://crt.sh/?serial=01381e15c57bb71b70449790ea10c6eef499
https://crt.sh/?serial=01dd1b47443c2d9f3a2132a8c77f3c9afe6f
https://crt.sh/?serial=018b36bca7a19f688d8e10d40963701f1921
https://crt.sh/?serial=01fa24288bc7c536d1b4b0cbf75f9d532288
https://crt.sh/?serial=0144c0826a57df425bda751b974823a6c7ec
https://crt.sh/?serial=01e1ddf3fad5db4da5d6a0466076fb5b149d
https://crt.sh/?serial=01bc18004b4fd44d671d1b0b68736eacfe39
https://crt.sh/?serial=01883492513641e5971dfea02f360fdfc3ee
https://crt.sh/?serial=01a3ce708f71ab16dbe3eac66451d9657ae7
https://crt.sh/?serial=018a078bb7ee336d645d2dbb4a15643cd63c
https://crt.sh/?serial=01be4bde2b3811493e902580bbb9ed41a289
https://crt.sh/?serial=015acd1d2052b6febd3517e06fbc3c044be2
https://crt.sh/?serial=01b9c9b5bbde0e0fafafaebea7f940238385
https://crt.sh/?serial=0108c061334fe22f20035f041727fd9f6cca
https://crt.sh/?serial=017d0806db5a1948bd5958984d794da8e760
https://crt.sh/?serial=01e0c375d8ae91a633e161c5e711889edc12
https://crt.sh/?serial=014513db6c2b0e5fc9b01bd3e16c5a301f20
https://crt.sh/?serial=01fe3c857949c085bb9f835d41ebfbc79502
https://crt.sh/?serial=015bb41be9a46f0df2e2335fc1efd35ac0f0
https://crt.sh/?serial=0116674dfc27cfdbb2eadd26cf4ea157d943
https://crt.sh/?serial=013660f7d53adc2f037da825e7b35a29f6b8
https://crt.sh/?serial=01fbb17a9df2644e7941ac07d5e0df44a1a6
https://crt.sh/?serial=01dd34ea3b6d7feac0721edeca78c9bd88d0
https://crt.sh/?serial=012c5988711884e9d55dadb1638d7ad1df52
https://crt.sh/?serial=01c444b69d012963779163e91ee0b91c1a01
https://crt.sh/?serial=01516e6e00180b95fbf547fbb46e4e47b0b6
https://crt.sh/?serial=01e5d33aa90a735d2c29bedc78d7817b312a
https://crt.sh/?serial=0125f110e63dc999257e598ba39335c7dff8
https://crt.sh/?serial=01f8c9f7a2172c12adf04427c45b80288ad4
https://crt.sh/?serial=01f6701c5b7136a31629b5e6c1765c60320b
https://crt.sh/?serial=0191dc216d7b60635234cae78a1435bb5b3c
https://crt.sh/?serial=01ebcb1969e94c6d3bf0dd44cc6a4b5f5ab2
https://crt.sh/?serial=0109c156ec04afb57324ed6c6b1f2a5ce1f8
https://crt.sh/?serial=01f60c6f42fa140fe42853e023450f756416
https://crt.sh/?serial=01f35430bd4f9694e37d840a5556815b79f2
https://crt.sh/?serial=016427f1cafff52874f25b15a6e4fdba10de
https://crt.sh/?serial=01ff6175eb17edf908025dbf493865ba95d4
https://crt.sh/?serial=01ebc2be4a25a16403fb4beab7a40249c522
https://crt.sh/?serial=01362ecda73b646c1a8049a8033f1bd0ba78
https://crt.sh/?serial=015e71d8961c18b0f6b78415f60a30b29d27
https://crt.sh/?serial=015d0bb44d282d072ff242ba803a33275c93
https://crt.sh/?serial=019a7f3ee9e4e31b9007562323189c8a380c
https://crt.sh/?serial=0274a695c57a3e2a50b9f57b4f2deb628038
https://crt.sh/?serial=025cd371a47b72b296770cbc7828444fc1da
https://crt.sh/?serial=0260909d0b06ff102e423212e14355998336
https://crt.sh/?serial=02db0eb690a65d32b627905899a6849f62ee
https://crt.sh/?serial=02a562288c440698a57b212cc711d4094cf5
https://crt.sh/?serial=02475901b9647ce788ac13367714ad2a61bd
https://crt.sh/?serial=022ec8409c3ffd22fff04d2d621b8d1eb36c
https://crt.sh/?serial=02e8ae9030d45c56f32e1b676c004c01ed09
https://crt.sh/?serial=02b8fd0e373feefe408b77869ec7b4c39365
https://crt.sh/?serial=02fb6e63231ccfb98aa26fe486de59ab5620
https://crt.sh/?serial=028751f4757cd98c94a56c9ddf7c87e7fbf3
https://crt.sh/?serial=02255c1a9b63982992c3b9af91f144774989
2016-03-14 15:41:11 -07:00
Kane York 91bc75b0e3 Add GetValidAuthorizations to batch authz checks
By performing only one query to MySQL, we should be able to avoid
blowing the timeouts.

Fixes #1567
2016-03-11 10:26:55 -08:00
Roland Shoemaker 56c45d1330 Bypass per domain rate limit if FQDN set was previously issued
In ra.checkCertificatesPerName allow a bypass of the rate limit
if the exact name set has previously been issued for. This should
make a few current scenarios people have been running into slightly
less painful.
2016-03-09 13:03:07 -08:00
Roland Shoemaker c4dd3506aa Remove CA HSM lockout and make the OCSP updater CA backoff more HSM specific 2016-03-01 14:22:12 -08:00
Roland Shoemaker e4a18a8738 Review fixes 2016-02-26 14:20:06 -08:00
Roland Shoemaker ee7a86e07d Review fixes 2016-02-22 22:56:07 -08:00
Roland Shoemaker 8fb87b7e7f Add exact FQDN set rate limit
Adds a new rate limit, certficatesPerFQDNSet, which counts certificates
with the same set of FQDNS using a table containing the hash of the dNSNames
mapped to a certificate serial. A new method is added to the SA in AddCertificate
to add this hash to the fqdnSets table, which is gated by a config bool.
2016-02-19 15:58:07 -08:00
Damian Poddebniak a3aac300b9 Merge branch 'master' into ChallengesFor_remove_error_type_return 2016-02-17 09:24:44 +01:00
Jessica Frazelle 3df2e942be
go fmt fixes
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-02-16 12:19:15 -08:00
Damian Poddebniak 01cee65079 Changed return type for "ChallengesFor". 2016-02-13 23:01:28 +01:00
Jeff Hodges c36bc382dd remove unused CheckCAA RPC
Helpful for #1486 and was already in my local repo.
2016-02-12 13:01:05 -08:00
Jeff Hodges cb8085541e Merge branch 'master' into more-revoker 2016-01-27 13:57:55 -08:00
Damian Duesentrieb 6f3a275c87 Fixed usage of wrong err object 2016-01-27 18:02:27 +01:00
Jeff Hodges e2025cd5b6 Merge branch 'master' into more-revoker 2016-01-21 17:17:28 -08:00
Romain Fliedel e592485229 add omitempty on ValidationRecord Authorities 2016-01-21 21:59:36 +01:00
Romain Fliedel ee36b5f2b4 don't expect all txt dns replies to contain an authority section
Server *MAY* return an authority section, especially on NXDOMAIN
the server will return an SOA authority response in order to
provide the nxdomain ttl value.
Otherwise there is no need for such section.
Dns client should be checking the header aa flags to check if the
response is authoritative and not check the presence of authority
section.
2016-01-21 15:25:31 +01:00
Richard Barnes a39be0a85d Remove superfluous VerifyCSR method 2016-01-20 10:32:01 -05:00
Roland Shoemaker 11661bab9e Merge branch 'master' into more-revoker 2016-01-15 13:41:55 -08:00
Roland Shoemaker a77c8e3d5b Switch to single RevokeAuthorizationsByDomain SA method 2016-01-12 11:49:51 -08:00
Roland Shoemaker cbdf0444b6 review fixes 2016-01-08 16:21:12 -08:00
Hugo Landau f218e314f8 Add good key testing for ECDSA. 2016-01-07 22:48:38 +00:00
Roland Bracewell Shoemaker 21f20b1430 Merge branch 'master' into delete_ca_revokecertificate 2016-01-07 12:34:39 -08:00
Jeff Hodges f6473efcc2 delete ca.RevokeCertificate
Also, delete the unused core.CertificateAuthorityDatabase while we're
here.

Fixes #1319
2016-01-04 23:59:21 -08:00
Jeff Hodges 9913eb61ba Merge branch 'master' into more-revoker 2016-01-04 17:02:51 -08:00
Jeff Hodges a00094faa8 Merge branch 'master' into dns-meta 2016-01-04 16:16:33 -08:00
Alex Gaynor cbeffe96a6 Fixed a bunch of typos 2016-01-04 18:39:34 -05:00
Roland Shoemaker d18b8a536d Add DNS ValidationRecord metadata 2016-01-04 12:20:45 -08:00
Roland Shoemaker 6eb9c87dcb Add RPC to get all authorizations for a domain 2016-01-04 10:56:27 -08:00
Roland Shoemaker 4c47b2aa75 Add RevokeAuthorization RPC method 2015-12-31 16:13:06 +00:00
Jacob Hoffman-Andrews 70ac73ca58 Remove unneeded code in core.
B64enc and B64dec can be replaced by base64.RawURLEncoding.
Thumbprint is now implemented in go-jose, and we have the relevant version
imported already, so we can use that.
SyntaxError isn't used anywhere and can be deleted.
2015-12-17 13:36:24 -08:00
Roland Shoemaker d8110a425a Add DNS challenge integration test
Adds a dns-01 type validation to test.js and reworks dns-test-srv to allow changing TXT record values.
Also makes some changes to how integration-test.py works in order to reduce complexity now the
ct-test-srv is working again.
2015-12-16 17:57:15 -08:00
Jeff Hodges 6b0e53b8e0 use ProblemDetails inside of wfe
This uses ProblemDetails throughout the wfe. This is the last step in
allowing the backend services to pass ProblemDetails from RPCs through
to the user.

Updates #1153.

Fixes #1161.
2015-12-15 11:44:33 -08:00
Jeff Hodges b31165444f move dns code to dns pkg and rename to bdns
Moves the DNS code from core to dns and renames the dns package to bdns
to be clearer.

Fixes #1260 and will be good to have while we add retries and such.
2015-12-14 11:21:43 -08:00
Jeff Hodges 8300b06ad6 Merge branch 'master' into delete_old_challenges 2015-12-10 23:04:00 -08:00
Jacob Hoffman-Andrews c6d6a3edd8 Merge branch 'master' into google-ct 2015-12-10 18:12:55 -08:00
Jeff Hodges c9010744b4 delete old challenge code
Specifically, delete the simpleHttp and dvsni.

Hooray!

Fixes #894
2015-12-10 15:41:40 -08:00
Jeff Hodges 568dd72f00 require a valid challenge type in RecordsSane
This is a change to ValidationRecord. This case is unlikely to be
trigged by code, but was allowing tests to pass in a branch that deleted
the simpleHttp and dvsni challenge types and is a good check to have in
place.

Updates #894
2015-12-07 12:56:55 -08:00
Jeff Hodges b19ea71dbf Merge branch 'master' into google-ct 2015-12-04 16:17:27 -08:00
Jacob Hoffman-Andrews d5bb20561f Fix nil dereference in AcmeURL unmarshal and in validateContacts. 2015-12-04 09:46:46 -08:00
Roland Shoemaker 7e093c3ed4 Merge branch 'master' into google-ct 2015-11-30 12:05:17 -08:00
Roland Shoemaker 52b7effa5d Review fixes pt. 2 2015-11-25 12:56:44 -08:00
Jeff Hodges 2114f5d5cc move ProblemDetails into its own package
Part of #1161
2015-11-24 23:14:38 -08:00
Roland Bracewell Shoemaker 444c3ff8cb Merge branch 'master' into google-ct 2015-11-24 17:25:56 -08:00
Jacob Hoffman-Andrews 169a0b79e3 Export BuildID via expvars. 2015-11-24 14:24:51 -08:00
Roland Shoemaker 3ae32d4d61 Switch back to using an internal SCT representation to make life easier 2015-11-23 14:27:06 -08:00
Roland Shoemaker 01895a13d0 Switch to google, part 1 2015-11-23 12:42:50 -08:00
Jeff Hodges 2d1339f5f5 Merge branch 'master' into nonce-err 2015-11-23 12:02:49 -08:00
Jacob Hoffman-Andrews 3463d72554 Replace DialTimeout with ReadTimeout.
Generally Dial will be very fast because our resolver is local, so there's no
need to override its default of 2s. However, since our resolver recurses more or
less every time, getting the answer back is very slow. So we want to be able to
set a high ReadTimeout.
2015-11-22 14:34:23 -08:00
Roland Shoemaker 458c7e2b4a Add badNonce error as described in the specification 2015-11-20 15:57:22 -08:00
J.C. Jones 31aaef3f4e Only use TCP for DNS.
Since Boulder always requests DNSSEC records, in practice DNS responses often
exceed the IP MTU.

Boulder installations expect to have a local DNS resolver, and all modern DNS
resolvers support TCP connections. Since miekg/dns does not perform an
"attempt udp, timeout, retry via tcp" approach, it's simpler and more reliable
to always use TCP for internal DNS resolution. This makes failures more
obvious as well.

Also change the integration test DNS server to TCP.
2015-11-18 10:54:08 -07:00
Jacob Hoffman-Andrews 538df43438 Merge branch 'master' into short-nonce 2015-11-16 11:21:24 -08:00
Jacob Hoffman-Andrews 8b2c50bc65 Return pointer from NewNonceService. 2015-11-11 12:47:38 -08:00
Jacob Hoffman-Andrews c6bb0ad45b Merge branch 'master' into fix-nonce-race 2015-11-11 12:35:43 -08:00
Jacob Hoffman-Andrews dc4af5b364 Print errors and use pointer receivers. 2015-11-11 12:35:18 -08:00
Jacob Hoffman-Andrews e3669c24c7 Fix some races in nonce.go 2015-11-11 12:28:20 -08:00
Jacob Hoffman-Andrews 2b546a4306 Fix nonceLen and unexport const. 2015-11-07 11:18:44 -08:00
Jacob Hoffman-Andrews 4b42ede192 Check for short nonces. 2015-11-07 10:26:34 -08:00
Richard Barnes f61183e144 Use a map and set defaults 2015-11-07 12:39:57 -05:00
Jeff Hodges 13cab5c257 add Google Safe Browsing API calls
This allows us to call the Google Safe Browsing calls through the VA.

If the RA config's boolean UseIsSafeDomain is true, the RA will make the RPC
call to the VA during its NewAuthorization.

If the VA config's GoogleSafeBrowsingConfig struct is not nil, the VA
will check the Google Safe Browsing API in
VA.IsSafeDomain. If the GoogleSafeBrowsingConfig struct is nil, it will
always return true.

In order to actually make requests, the VA's GoogleSafeBrowsingConfig
will need to have a directory on disk it can store the local GSB hashes
it will check first and a working Google API key for the GSB API.

Fixes #1058
2015-11-06 16:37:34 -08:00
Jacob Hoffman-Andrews 65777155be Remove CNAME/DNAME logic
Fixes https://github.com/letsencrypt/boulder/issues/1048
2015-11-02 15:34:00 -08:00
Roland Shoemaker 661476f40e Backoff OCSP Updater on HSM failure
If a ServiceUnavailableError is returned from GenerateOCSP backoff before
attempting to retry the call as to not to overwhelm the CA with calls that
may instantly fail.
2015-10-26 14:06:32 -07:00
Richard Barnes 3637dfb0c1 ServiceUnavailableError 2015-10-21 16:25:43 -04:00
Roland Shoemaker 6171420108 Golint fixes to builds work 2015-10-18 18:59:05 -07:00
Jacob Hoffman-Andrews 2f75214a88 Add limit on number of pending authorizations.
Adds a new method CountPendingAuthorizations to SA.
2015-10-14 13:50:43 -07:00
Roland Shoemaker 45ec69951a Revert removal of ca.RevokeCertificate 2015-10-13 15:38:11 -07:00
Roland Shoemaker 2b604eef6e Review fixes pt. 2 2015-10-09 18:02:02 -07:00
Roland Shoemaker 1d710f91cd Merge branch 'master' into ocsp-revoke
Conflicts:
	cmd/ocsp-updater/main.go
2015-10-09 15:50:14 -07:00
Jeff Hodges 68536ac22a Merge branch 'master' into lower_domains 2015-10-09 13:04:00 -07:00
Jacob Hoffman-Andrews be36c3d71d Merge branch 'master' into test-reg-rate-limit-3 2015-10-09 12:48:13 -07:00
Jacob Hoffman-Andrews 88614a444f Merge branch 'master' into lower_domains 2015-10-09 12:10:22 -07:00
Roland Shoemaker 10b6bb5548 Refactor certificate revocation and OCSP generation workflows
* Moves revocation from the CA to the OCSP-Updater, the RA will mark certificates as
  revoked then wait for the OCSP-Updater to create a new (final) revoked response
* Merges the ocspResponses table with the certificateStatus table and only use UPDATES
  to update the OCSP response (vs INSERT-only since this happens quite often and will
  lead to an extremely large table)
2015-10-08 18:55:11 -07:00
Jeff Hodges 0df44e5d90 clean up CSRs with capitalized letters
This change lowercases domains before they are stored in the database
and makes policy.WillingToIssue reject any domains with uppercase
letters.

Fixes #927.
2015-10-08 17:04:07 -07:00
Roland Shoemaker c0f5fd1bb6 Fix AddSCTReceipt RPC transit 2015-10-08 17:00:35 -07:00
Jacob Hoffman-Andrews 487d08ec2e Add rate limiting by registration IP. 2015-10-08 15:47:08 -07:00
Jacob Hoffman-Andrews acdb1fa91b Merge branch 'master' into issued-names-limit-2
Conflicts:
	mocks/mocks.go
	rpc/rpc-wrappers.go
	sa/storage-authority.go
2015-10-07 17:20:36 -07:00
Richard Barnes b01e99ea04 Merge branch 'master' into golint 2015-10-07 10:42:36 -04:00
Richard Barnes b6469b4bba Merge branch 'master' into golint 2015-10-06 23:04:23 -04:00
Jacob Hoffman-Andrews e0cdd13bbb Merge branch 'master' into issued-names-limit-2 2015-10-06 16:10:29 -07:00
bifurcation f210ee0a9f Merge branch 'master' into sig-reuse 2015-10-06 18:01:50 -04:00
Jeff Hodges 06879cb44f remove some allocations from B64enc codepath
B64enc makes some nasty allocations through its use of strings.Replace
in unpad. This changes that strings.Replace into a simple for-loop.

B64enc gets used in many places, including the rpc library on every
request and response. While we should probably not use it in the rpc
library (#909), there are enough other places it's used (now or in the near
future) that make this valuable.

Was a performance problem found during early load-testing (#20) of the
CA. More to come.
2015-10-06 00:31:51 -07:00
Richard Barnes f064c6d5c7 Merge branch 'master' to 'sig-reuse' 2015-10-05 23:16:16 -04:00
bifurcation 90050e91f5 Merge branch 'master' into golint 2015-10-05 19:23:24 -04:00
Richard Barnes 4405bc5dbc Address @jsha comments 2015-10-05 19:23:31 -04:00
Jeff Hodges 5217af94b0 allow whitelisting by a specific reg id
Currently, the whitelisted registration ID is one that is impossible for the
database to return. Once the partner's registration is in place, we can
deploy a change to it.

Fixes #810
2015-10-05 14:11:38 -07:00
bifurcation e7f47d4f09 Merge branch 'master' into golint 2015-10-05 00:14:29 -04:00
Roland Shoemaker 5d4fccabeb Merge master 2015-10-04 21:08:51 -07:00
Roland Shoemaker 4a98145992 Review fixes 2015-10-04 21:05:44 -07:00
Jacob Hoffman-Andrews 1d91d81158 Implement rate limiting by domain name. 2015-10-04 21:04:26 -07:00
Richard Barnes 961e392521 Merge branch 'master' into sig-reuse 2015-10-04 23:25:54 -04:00
Richard Barnes f3a40ac76c Address @jcjones comments 2015-10-04 23:24:06 -04:00
Richard Barnes 0f3f766d26 Fix golint in ./core 2015-10-04 20:07:13 -04:00
Jacob Hoffman-Andrews 6906e395a4 Pass RateLimitedError properly through RPC layer. 2015-10-03 22:59:28 -07:00
Richard Barnes 9414b1a37e Address @jmhodges comments and make tests pass 2015-10-03 14:47:17 -04:00
Richard Barnes 3f7247a80d Change to KeyAuthorization in sa 2015-10-03 13:18:33 -04:00
Richard Barnes a7a0f8d235 Change to KeyAuthorization in core 2015-10-03 12:58:05 -04:00
Richard Barnes eb42a08258 Make RA check sanity and make tests pass 2015-10-03 10:41:23 -04:00
Richard Barnes b4d45321a8 Have the client provide the authorized key object 2015-10-02 13:45:32 -04:00
Richard Barnes 4c20bfe310 Merge master to sig-reuse 2015-10-01 18:58:35 -07:00
Richard Barnes 367973122e Change 'TO DELETE' comments to something more useful 2015-10-01 18:48:15 -07:00
Richard Barnes 72bbc8fd1f Move UnsafeSetToken to /test/ 2015-10-01 18:27:17 -07:00
Jeff Hodges a07e3b4e13 Merge branch 'master' into paranoid-key 2015-10-01 16:17:32 -07:00
Jeff Hodges d433062f16 Merge branch 'master' into issued-names-count 2015-10-01 14:19:14 -07:00
Jacob Hoffman-Andrews 6963811ab5 Merge remote-tracking branch 'le/master' into paranoid-key
Conflicts:
	core/util.go
2015-10-01 14:13:05 -07:00
Jacob Hoffman-Andrews 685c6e4206 Use stored key to verify JWS POSTs
instead of submitted key. This minimizes the chances of unexpected JWK fields in
the submitted key altering its interpretation without altering the lookup in the
registrations table.

In the process, fix handling of NoSuchRegistration responses.

Fixes https://github.com/letsencrypt/boulder/issues/865.
2015-09-29 23:37:16 -07:00
Richard Barnes 0f4ebae6e0 Address @bifurcation comments 2015-09-29 09:33:44 -04:00
Richard Barnes ea50be6c50 Change 00 to 01, and drop the underscore 2015-09-29 08:57:43 -04:00
Jacob Hoffman-Andrews f476432449 Store a DB of issued names.
Add counting for issued names within a given time period.

First part of https://github.com/letsencrypt/boulder/issues/864.
2015-09-28 19:37:50 -07:00
Richard Barnes f579863e0e Purge SimpleHTTP and DVSNI from VA 2015-09-28 14:34:03 -04:00
Richard Barnes c1c3d1e871 Changes to core, sa, policy 2015-09-28 10:51:55 -04:00
Richard Barnes 1a9fd9b455 Update to latest ACME spec 2015-09-28 10:10:06 -04:00
Richard Barnes 54c924b436 Merge branch 'master' into sig-reuse 2015-09-27 18:29:14 -04:00
Roland Shoemaker 96afd94e88 Review fixes
* Rewrite JSONDuration as ConfigDuration that can handle both JSON and YAML unmarshaling
* Factor out RPC certificate count request struct
* Return 429 to WFE on rate limit exceeded
* Fix wonky RateLimitPolicy comment
2015-09-25 14:39:53 -07:00
Roland Shoemaker 6e3f0e18c6 Merge branch 'master' into cert-limit 2015-09-25 14:08:09 -07:00
Roland Shoemaker 6f41cc9e39 Add issuance rate limiting based on total number of certificates issued in a window
Since the issuance count requires a full table scan a RA process local cache of the
count is kept and expired after 30 minutes.
2015-09-24 12:54:38 -07:00
Jacob Hoffman-Andrews af7f4eb32f Remove GetCertificateByShortSerial. 2015-09-22 16:59:38 -07:00
Jacob Hoffman-Andrews 73216a461d Also check length >= 32. 2015-09-22 14:27:38 -07:00
Jacob Hoffman-Andrews 668ccc2d97 Merge github.com:letsencrypt/boulder into longserial 2015-09-22 14:04:19 -07:00
Jacob Hoffman-Andrews c858b4d430 Consolidate serial number validity checking.
Also, set the requirement to be hexadecimal and <36 characters, rather than
exactly 36 characters.
2015-09-22 14:03:29 -07:00
Roland Shoemaker 7369fb89e1 Better private network blocking 2015-09-21 17:02:48 -07:00
Jacob Hoffman-Andrews 02314f4041 Implement the new 144-bit mostly-random serial.
To keep the change small, I have not yet completely removed the
GetCertificateByShortSerial method from interfaces and the RPC. I will do taht
in a follow up change.
2015-09-21 13:10:16 -07:00
Roland Shoemaker ff6eca7a29 Submit all issued certificates to configured CT logs
Adds a new service, Publisher, which exists to submit issued certificates to various Certificate Transparency logs. Once submitted the Publisher will also parse and store the returned SCT (Signed Certificate Timestamp) receipts that are used to prove inclusion in a specific log in the SA database. A SA migration adds the new SCT receipt table.

The Publisher only exposes one method, SubmitToCT, which is called in a goroutine by ca.IssueCertificate as to not block any other issuance operations. This method will iterate through all of the configured logs attempting to submit the certificate, and any required intermediate certificates, to them. If a submission to a log fails it will be retried the pre-configured number of times and will either use a back-off set in a Retry-After header or a pre-configured back-off between submission attempts.

This changeset is the first of a number of changes ending with serving SCT receipts in OCSP responses and purposefully leaves out the following pieces for follow-up PRs.

* A fake CT server for integration testing
* A external tool to search the database for certificates lacking a full set of SCT receipts
* A method to construct X.509 v3 extensions containing receipts for the OCSP responder
* Returned SCT signature verification (beyond just checking that the signature is of the correct type so we aren't just serving arbitrary binary blobs to clients)

Resolves #95.
2015-09-17 18:11:05 -07:00
Jacob Hoffman-Andrews 71c682179e Switch to authorizationLifetime 2015-09-11 16:36:56 -04:00
Richard Barnes 275b086acc Merge branch 'master' into sig-reuse 2015-09-11 15:24:43 -04:00
Richard Barnes b89b5ac980 Switch authzKeys from client- to server-provided 2015-09-11 15:23:34 -04:00
Jacob Hoffman-Andrews e3c226a84e Remove earliestExpiry from IssueCertificate call. 2015-09-11 15:09:11 -04:00
Roland Bracewell Shoemaker d55e0e0d8d Merge branch 'master' into fix-wfe-test-better 2015-09-11 11:58:28 -07:00
Jacob Hoffman-Andrews 875a71e53e Fix WFE test properly.
The WFE test relies on a pre-generated cert. Since there are some sanity checks
on the dates in certs, we were getting errors during the test.

One quick fix is to have those sanity checks rely on RA's clock object, which
can be replaced with a fake for testing. In order to do that, I had to move the
sanity check (MatchesCSR) into the registration authority package, where it
makes more sense anyhow.

I also removed a handful of equality testing functions in objects.go that were
only used by MatchesCSR and whose purpose is better served by reflect.DeepEqual.
This was to avoid having to also move those equality testing functions into the
registration authority.
2015-09-11 13:17:18 -04:00
Richard Barnes f08e824018 Val -> AuthzKeys in Challenges 2015-09-10 21:28:39 -04:00
Jeff Hodges 6945bdc86c Merge branch 'master' into fix-docker 2015-09-10 14:30:58 -07:00
Jacob Hoffman-Andrews 253d700d06 Merge branch 'master' into challenge-display-uri
Conflicts:
	cmd/boulder-ra/main.go
	ra/registration-authority.go
	ra/registration-authority_test.go
2015-09-10 15:44:21 -04:00
Jacob Hoffman-Andrews 998ffc79cb Do GoodKey checking in WFE. 2015-09-09 20:30:55 -04:00
Jacob Hoffman-Andrews ffcd1c866d Make challenge URI a display-time property.
Challenge URIs should be determined by the WFE at fetch time, rather than stored
alongside the challenge in the DB. This simplifies a lot of the logic, and
allows to to remove a code path in NewAuthorization where we create an
authorization, then immediately save it with modifications to the challenges.

This change also gives challenges their own endpoint, which contains the
challenge id rather than the challenge's offset within its parent authorization.
This is also a first step towards replacing UpdateAuthorization with
UpdateChallenge: https://github.com/letsencrypt/boulder/issues/760.
2015-09-09 16:23:45 -04:00
Jacob Hoffman-Andrews 19c68a01e0 Fix Docker setup.
Add an easy script to build and run the Docker instance.
Update some out-of-date information in the README.
Add goose to the Docker image.
Remove unnecessary go install step from Dockerfile.

Allow dns-test-srv to return a hardcoded address other than localhost. This was
preventing a Dockerized Boulder from answering requests from a letsencrypt
client on the host.

Change allowLoopbackAddresses to allowRestrictedAddresses and make it cover all
the private IPv4 ranges. The host IP in Docker is commonly in the 172.* range.

Fix a couple of references to lets-encrypt-preview.

This was inspired by investigation into https://github.com/letsencrypt/boulder/issues/756.
To try and reproduce, I tried running Boulder inside a container, and found some
broken things.
2015-09-08 23:31:04 -04:00
Roland Shoemaker e5e947ee09 Better construction 2015-09-03 21:00:51 -07:00
Roland Shoemaker 3da1081b02 Merge branch 'master' into block-more 2015-09-03 20:47:34 -07:00
Jacob Hoffman-Andrews 2a8804b792 Merge branch 'master' into test-js-content-length
Conflicts:
	wfe/web-front-end_test.go
2015-09-02 23:23:53 -04:00
Roland Shoemaker 37517052c7 Add checks for addresses in the loopback block and a bool to allow them for testing 2015-09-02 15:25:21 -07:00
Jeff Hodges be44b0bf50 drop unused status column from certificates
Also, use certificateStatus's status in the expiration-mailer join.

Fixes #694.
Fixes #713.
2015-09-01 15:53:27 -07:00
Roland Bracewell Shoemaker fe00decc92 Merge pull request #697 from letsencrypt/revoke-split
Split RA revoke method
2015-09-01 14:08:33 -07:00
Jeff Hodges dedb5f96a7 clean up some pointer type conversions
I grepped around and only found these.
2015-08-31 23:51:43 -07:00
Roland Shoemaker d11d1ed774 Rename admin-revoker RA call 2015-08-30 22:33:36 -07:00
Jacob Hoffman-Andrews 9fa1e02d7d Require content length. 2015-08-30 12:59:43 -04:00
Jacob Hoffman-Andrews 5afb1187bf Merge pull request #664 from letsencrypt/sig-misuse
Mitigate signature misuse vulnerability
2015-08-28 16:18:56 -07:00
Richard Barnes 3d540ff481 Addressing review comments 2015-08-28 11:21:13 -04:00
Roland Shoemaker 82ea4aba31 Rest of RPC layer and splitting 2015-08-28 00:00:03 -07:00
Roland Shoemaker 3df37cc3db Merge branch 'master' into cert-checker 2015-08-27 23:26:46 -07:00
Roland Shoemaker a4aa450ee6 Switch to custom revocation code type 2015-08-27 17:09:41 -07:00
Roland Shoemaker d6b09c2cf9 Clean up 2015-08-27 14:50:00 -07:00
Roland Shoemaker 0f1efe55ae Log information about revocation procedure 2015-08-27 13:00:55 -07:00
Richard Barnes c552984784 Merge master 2015-08-25 19:21:02 -04:00
Richard Barnes c7eaece4da Have RA reject update by a different account key. 2015-08-25 17:50:26 -04:00
Richard Barnes 8868ac9dad Remove explicit account key from VA calls 2015-08-25 16:32:32 -04:00
Richard Barnes fd8f8eb446 Add account key to challenge object 2015-08-25 15:27:27 -04:00
Jeff Hodges 7b6f2894f7 add goose as the migration tool
This has required some substantive changes to the tests. Where
previously the foreign key constraints did not exist in the tests, now
that we use the actual production schema, they do. This has mostly led
to having to create real Registrations in the sa, ca, and ra tests. Long
term, it would be nice to fake this out better instead of needing a real
sa in the ca and ra tests.

The "goose" being referred to is <https://bitbucket.org/liamstask/goose>.

Database migrations are stored in a _db directory inside the relevant
owner service (namely, ca/_db, and sa/_db, today).

An example of migrating up with goose:

    goose -path ./sa/_db -env test up

An example of creating a new migration with goose:

    goose -path ./sa/_db -env test create NameOfNewMigration sql

Notice the "sql" at the end. It would be easier for us to manage sql
migrations. I would like us to stick to only them. In case we do use Go
migrations in the future, the underscore at the beginning of "_db" will
at least prevent build errors when using "..." with goose-created Go
files. Goose-created Go migrations do not compile with the go tool but
only with goose.

Fixes #111
Unblocks #623
2015-08-25 12:02:31 -07:00
Roland Shoemaker 37b28a20c0 Merge master 2015-08-24 12:20:26 -07:00
Roland Shoemaker 725e0e30da Merge branch 'master' into fixed-505 2015-08-21 14:12:36 -07:00
Roland Shoemaker c40cfd4164 Process all certs from the last 90 days, still need to cleanup and write out the report 2015-08-20 13:59:40 -07:00
Roland Shoemaker 015e089b7d Review fixes pt. 2 2015-08-18 13:33:25 -07:00
Roland Shoemaker d56c99ff71 Remove db struct tags 2015-08-15 16:03:58 -07:00
Roland Shoemaker 3d5185d0db Merge branch 'master' into fixed-505 2015-08-13 22:50:13 -07:00
Roland Shoemaker f15402282c Review rework
Refactor DNS problem details use

Actually store and log resolved addresses

Less convuluted get adresses function/usage

Store redirects, reconstruct transport on redirect, add redirect + lookup tests

Add another test

Review fixes

Initial bulk of review fixes (cleanups inc)

Comment cleanup

Add some more tests

Cleanups

Give addrFilter a type and add the config wiring

Expose filters

LookupHost cleanups

Remove Resolved Addresses and Redirect chain from replies to client without breaking RPC layer

Switch address/redirect logging method, add redirect loop checking + test

Review fixes + remove IPv6

Remove AddressFilter remnant + constant-ize the VA timeout

Review fixes pt. 1

Initialize validation record

Don't blank out validation reocrds

Add validation record sanity checking

Switch to shared struct

Check port is in valid range

Review fixes
2015-08-13 22:49:33 -07:00
Roland Shoemaker 9a328b4fd1 Log IPs in a better place, by storing them in the challenge objects! 2015-08-13 22:45:19 -07:00
Roland Shoemaker 1d863fca32 Merge master 2015-08-13 20:52:18 -07:00
Roland Shoemaker 5be6e588ee Initial work 2015-08-13 20:24:25 -07:00
Jeff Hodges 24dca1a758 remove some no longer used db struct tags 2015-08-13 14:29:53 -07:00
Roland Shoemaker bcb0ecb3ba Revert "Resolve and store IP addresses for SimpleHTTP and DVSNI validation (also store redirect chains)" 2015-08-13 13:00:37 -07:00