f63c8ec5ca
Merge pull request #218 from letsencrypt/204_audit_challenges
...
Audit all Challenges (success/failure) in VA for Issue #204
2015-05-21 14:23:54 -07:00
1c9837ddf8
Audit all Challenges (success/failure) in VA for Issue #204
...
- Don't ignore entropy underruns in challenges.go
- Correct identity crisis in Policy Authority; hopefully it will remember.
- Add a method `AuditObject` in audit-logger and convert RA/VA to use it
- Fix json typo in registration-authority that caused empty audit logs
- Fix vet issue in WFE where RegID was being printed as a 32-bit int instead of 64-bit
- Unfix the issue in WFE where RegID isn't right, per PR #215
2015-05-21 13:58:40 -07:00
74ecad349b
Merge upstream/master
2015-05-20 13:03:43 -07:00
0f4f17e82b
make sure user has agreed before any subsequent actions
2015-05-20 12:58:14 -07:00
48cdd35026
gofmt wfe
2015-05-19 18:25:02 -07:00
8c9830618b
Use absolute URL for link to issuer cert
2015-05-19 16:30:33 -07:00
8dd4c650bd
Disallow GETs for Registration.
...
Per the spec, authenticated requests must be signed by an account key, and
GET requests can't be signed under the current protocol. If the account holder
wishes to fetch their current registration, they can do so by posting a signed,
empty update to their registration resource.
Also fix a bug in generating registration URLs.
2015-05-19 12:44:04 -07:00
870f02917c
check subscriber agreement in new/updated registrations
2015-05-18 20:56:51 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
d2be0dcb95
Review updates
2015-05-18 18:24:37 -07:00
894703ae67
Follow-on work for Issue #62
...
- Documentation correction
- Don't lose the problemDoc failback (merge issue, I guess?)
- Add the start of an ack script to find methods implementing the audit UUIDs
- Documentation fix (RA calls VA, not WFE)
- Audit log revocations
- Audit log unauthorized domains
- Include all SANs in issuance audit log
- Add a script to locate all audit markers
2015-05-18 18:23:09 -07:00
c3b312118e
Add audit logging
...
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
4cda5e11f3
Merge pull request #201 from rolandshoemaker/remkey
...
Switch Authorization object from key to registration ID as association
2015-05-18 11:24:51 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
faa1d5ac45
review cleanups
2015-05-16 13:25:36 -07:00
f8d54a728c
Fix up rebase issues.
2015-05-14 16:11:56 -07:00
b43d647fa2
Call RevokeCertificate through RA.
2015-05-14 15:54:12 -07:00
7b5038ac89
Switch WFE to revoke by posting cert rather than serial.
2015-05-14 15:54:10 -07:00
de4e37bf60
Implement user-facing revocation.
2015-05-14 15:53:58 -07:00
bff5ea2cfe
Implement user-facing revocation.
2015-05-14 15:52:11 -07:00
e233fdaa61
switch authz and pending_authz to store registration ID instead of key (and update all the random stuff they touched)
2015-05-14 14:14:36 -07:00
b3d85ed9b5
fix breakage introduced by b0rked rebase
2015-05-13 19:30:37 -07:00
8aa2a0607e
return full registration object and proper JSON marshal
2015-05-13 19:16:55 -07:00
c580041ed5
appropriate error messages
2015-05-13 19:16:55 -07:00
b9745cf894
check key is assosiated with existing registration in verifyPOST
2015-05-13 19:16:20 -07:00
aa8c20f84a
Fixes in response to review feedback.
2015-05-13 17:36:39 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
8e95c98cb5
add type namespacing
2015-05-11 14:44:54 -07:00
8655e900ab
send problem doc types in sendError (ignoring badCSR for now)
2015-05-11 14:44:54 -07:00
debf86375b
Remove Location header.
2015-05-10 21:37:29 -07:00
1276d82146
Add /acme/issuer-cert endpoint and up links to it
...
In /acme/new-cert and /acme/cert/<serial>.
2015-05-10 21:35:28 -07:00
3fddff8dcf
further tests for VA, consistent sendError for verifyPOST in WFE
2015-05-05 15:31:53 -07:00
2db4194b4d
add new registration + authorization tests for wfe
2015-05-04 20:54:58 -07:00
b5ca98130e
remove unused struct from broken fix
2015-05-04 19:40:08 -07:00
11a4a5019f
better reg test, ignore empty payload for now
2015-05-04 19:39:24 -07:00
4fc3a1146e
VA tests, WFE tests, plus WFE NewRegistration empty payload fix
2015-05-04 18:43:18 -07:00
3383809c20
Properly route index ( fixes #146 )
2015-05-03 20:35:53 +00:00
c4497aca72
Merge pull request #134 from letsencrypt/ocsp-table
...
More steps towards revocation / OCSP support
2015-05-02 11:22:23 -07:00
ac78f333f8
Merge branch 'master' into ocsp-table
...
Conflicts:
ca/certificate-authority.go
ca/certificate-authority_test.go
cmd/boulder-ca/main.go
cmd/boulder/main.go
sa/storage-authority.go
sa/storage-authority_test.go
2015-05-02 11:10:05 -07:00
c4aec38066
WFE: index (GET /)
2015-05-02 15:55:46 +00:00
a77152e828
Rework Authority "New" methods to obtain AuditLogger from Singleton
...
- Also ran `go fmt` against these files I was touching anyway:
sa/storage-authority.go
va/validation-authority.go
wfe/web-front-end.go
2015-05-01 21:50:07 -07:00
35834bf262
test.InitAuthorities, progress tests for wfe.Challenge
2015-05-01 00:33:22 +00:00
373636952e
Progress fixing tests for wfe.Challenge
2015-04-30 22:37:29 +00:00
4311f02a90
Add tests for wfe.Challenge
2015-04-30 20:48:02 +00:00
738e442f63
Fix build.
2015-04-30 19:25:28 +00:00
37f430d80f
Location and "up" Link for Challenge
2015-04-30 19:05:02 +00:00
7d98856ad7
"POST challenge" returns Challenge instead of Authorization ( fixes : #130 ).
2015-04-30 18:45:27 +00:00
1d2c6a5d7c
Split out GetCertificate / GetCertificateByShortSerial.
...
Also stub out some initial revocation code.
2015-04-29 11:48:08 -07:00
1065b14c9c
Add more logging to boulder.
2015-04-24 18:39:50 -07:00
830f64585c
Merge branch 'master' of github.com:letsencrypt/boulder into certificate-query
2015-04-18 23:45:47 -04:00
7d8ef9a019
Fix tests and tidy up for review.
2015-04-18 23:44:42 -04:00
431ad092eb
Query certs by sequential part of serial number.
...
Also refactor WFE for better initialization and change StorageAuthority to
support this type of query.
2015-04-18 00:48:19 -04:00
f839d89f25
add return
2015-04-16 17:44:14 -07:00
e7f2f4f90c
hook cmd.ProfileCmd into all the polylithic clients
2015-04-12 20:26:02 -07:00
f64665cd1b
better statsd hooks
2015-04-12 18:02:00 -07:00
c9fbc82883
Fix encoding of errors in WFE.
...
This fixes the problem Kuba reported on IRC of receiving messages like:
[123 34 100 101 116 97 105 108 34 58 34 77 101 116 104 111 100 32 110 111 116 32
97 108 108 111 119 101 100 34 125]
from Boulder.
This changelist also adds the beginning of a test to WFE, but much more is
needed.
2015-03-27 20:49:37 -07:00
316d3a6925
Unless we want multiple Content-Type headers, Set them rather than Add()ing
...
(Also restore myteriously missing portion of previous commit)
2015-03-26 10:08:27 -07:00
24d48a0c36
http.Error sets the wrong content-type
...
Also gofmt fixes
2015-03-26 10:08:27 -07:00
60d8446eac
A more accurate and complete attempt at Content-Type setting
2015-03-26 10:08:27 -07:00
7377c5c362
Content-Type: application/pkix-cert
...
- Minimally, send it when it applies
- Flag that none of this implementation really matches the spec;
probably the spec should change?
2015-03-25 18:26:18 -07:00
33ac212b70
Add logging infrastructure to all authorities and commands
2015-03-24 19:06:11 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
19fada5b27
Support for subscriber agreement
2015-03-15 23:47:55 -04:00
f5546ad407
Miscellaneous fixes to get e2e working
2015-03-15 22:42:35 -04:00
96bd7e215a
Further plumbing of registrations
2015-03-15 15:33:05 -04:00
d938deb3fd
Separate resources for challenges [initial]
2015-03-14 19:07:16 -04:00
8f4ea0efd8
Adapting to point to mainlined JOSE
2015-03-13 13:11:04 -07:00
70ab4a4605
Log problems when writing response bodies
2015-03-13 08:46:43 +01:00
91b12a2e1a
Simplify if err != nil structure when applicable
2015-03-12 12:46:18 +01:00
5fe97f1895
Replace []byte with nil, simplify response logic
2015-03-12 12:38:46 +01:00
e8126fd390
Pulling out wfe module
2015-03-10 14:33:22 -07:00
James 'J.C.' Jones
J.C. Jones
Roland Shoemaker
Jacob Hoffman-Andrews
Richard Barnes
Jakub Warmuz
Peter Eckersley
Daniel Martí