8b0fcde9ce
Merge pull request #352 from letsencrypt/allow
...
Send an Allow header whenever we send 405
2015-06-12 14:58:50 -07:00
af64f5a534
Add missing return.
2015-06-12 14:37:26 -07:00
2b2f4110d4
Revoke path should not end in slash.
2015-06-12 13:26:43 -07:00
615366636a
Send CORS headers
2015-06-11 22:26:16 -04:00
d398bd962a
Send an Allow header whenever we send 405
2015-06-11 22:12:01 -04:00
676ebf721f
Merge pull request #325 from letsencrypt/anti-replay
...
Add an anti-replay nonce facility
2015-06-10 16:55:20 -04:00
8289a6d2fa
Make tests pass
2015-06-09 17:43:16 -04:00
a64d521023
Add more details to the /build endpoint in the WFE as well.
2015-06-09 12:25:33 -07:00
d653f97cb8
Transition from random nonces to encrypted counters
2015-06-09 12:30:49 -04:00
fca1567cb2
Fixes to integration tests
2015-06-08 15:31:56 -04:00
a620fe4583
Initial anti-replay mechanism
2015-06-08 15:02:39 -04:00
573e35ed56
Disallow multiple registrations with same key (and fix all related tests)
2015-06-04 20:21:59 +01:00
bbd5ff1821
Merge pull request #301 from rolandshoemaker/299-audit
...
Only audit log internal server errors in WFE
2015-06-03 13:15:20 -07:00
7de8bef948
Add comment
2015-06-03 18:15:12 +01:00
ce84a4c31a
Only audit log internal server errors in WFE
2015-06-03 18:11:19 +01:00
ccb401f993
Add comment clarifying agreement check.
2015-06-02 15:56:26 -07:00
3974a0eaa6
Revert "Actually verify compliance to a specific subscriber agreement"
...
This reverts commit 33ed771180
2015-06-02 15:56:23 -07:00
04479eca5c
Merge pull request #291 from letsencrypt/fix-revocation
...
Revert change to revocation from #275
2015-06-02 17:52:35 -04:00
7a60d431d6
Revert "Supporess the 'expires' field in public Authorizations"
...
This reverts commit d47b7c12ac
2015-06-02 12:02:05 -07:00
026cb424fc
Revert "Replace RevokeCertficate with something more in line with the spec"
...
This reverts commit b1bad40fe6
2015-06-02 10:45:54 -07:00
6c66207834
Fix nil key bug in AMQP mode.
2015-06-01 12:24:23 -07:00
63ca50229d
Fix a bug introduced in 81fa97f and make ./start.sh work
2015-06-01 12:46:19 -04:00
577478db7a
One more nit from JCJ
2015-06-01 02:16:32 -04:00
bfd9e4ac20
Fixing JCJ nits
2015-06-01 02:11:10 -04:00
b1bad40fe6
Replace RevokeCertficate with something more in line with the spec
2015-06-01 02:11:10 -04:00
ba84275611
Enable GET on Challenge resources
2015-06-01 02:08:47 -04:00
d47b7c12ac
Supporess the 'expires' field in public Authorizations
2015-06-01 02:08:47 -04:00
791118eee7
Clean up argument names in WFE methods
2015-06-01 02:08:47 -04:00
f6cf178edc
Simplify Terms() output
2015-06-01 02:08:47 -04:00
1492c8b0cf
Remove Let's Encrypt from Index()
2015-06-01 02:08:47 -04:00
129b05f42a
Always check the method first thing
2015-06-01 02:05:17 -04:00
afc5fb8e93
Add Link header field to Authz GET
2015-06-01 02:05:17 -04:00
764c7165b0
Do registration check before attempting to parse response
2015-06-01 02:05:17 -04:00
6a518383ba
Actually verify compliance to a specific subscriber agreement
2015-06-01 02:05:17 -04:00
81fa97fb21
Remove duplicative calls to MergeUpdate
2015-06-01 02:05:17 -04:00
9917ca17f6
Clean up TODOs
2015-06-01 02:05:17 -04:00
c0bacc3fb6
Add more detailed error code reporting
2015-05-31 15:58:08 -04:00
8766edaa93
Issue #239 - Add a build ID method to WFE, and print Info on startup for all
2015-05-28 11:13:09 -07:00
d1321f2d78
More RPC fixes for Issue #202
...
- NewPendingAuthorization now uses a core.Authorization object, so
that foreign key constraints are followed
- core.Authorization now serializes RegistrationID to JSON, so it has to get
blanked out in WFE before transmission to client.
- Remove ParsedCertificate from core.Certificate, as type x509.Certificate cannot
be marshaled.
- Added AssertDeepEquals and AssertMarhsaledEquals to test-tools.go
- Caught several overloaded and misleadingly named errors in WFE
2015-05-28 11:05:55 -07:00
c5415c77c0
Fix: Challenge URIs were incomplete when running in RPC mode.
2015-05-28 08:19:58 -07:00
e4e52e7315
More work on Issue #202 for RPC functions
...
- Fix a bunch of typos in rpc-wrappers.go
- Unblank `id` in core.Registration JSON:
- It's not spec, but it's not hurting anything, and we reveal it to clients anyway.
- We need knowledge of the ID in RPC, so if we don't want to include this in the object, we need to make a transfer object to wrap it.
- Make the RPC logs much clearer as to who's talking to who
- Typo in WFE where we called a registration an authz
2015-05-27 23:37:12 -07:00
5d82c5f994
Merge pull request #224 from rolandshoemaker/182-return
...
Return 500 for multiple certs with same short serial
2015-05-26 15:53:02 -07:00
bc3acca096
Resolved Issue #230
...
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
2015-05-26 14:44:15 -07:00
5541a8ab37
remove trailing , and return 500 for multi certs with the same short serial
2015-05-25 09:26:37 +01:00
c1f3791b27
Fix some issues brought up by integration test
2015-05-21 17:25:56 -07:00
153234204d
Add an integration test using test.js
...
Include updates to test.js to make its output more useful as a diagnostic.
It remains a future TODO to do integration testing with the real letsencrypt
client.
Also, work around a go vet bug.
2015-05-21 16:51:40 -07:00
f63c8ec5ca
Merge pull request #218 from letsencrypt/204_audit_challenges
...
Audit all Challenges (success/failure) in VA for Issue #204
2015-05-21 14:23:54 -07:00
1c9837ddf8
Audit all Challenges (success/failure) in VA for Issue #204
...
- Don't ignore entropy underruns in challenges.go
- Correct identity crisis in Policy Authority; hopefully it will remember.
- Add a method `AuditObject` in audit-logger and convert RA/VA to use it
- Fix json typo in registration-authority that caused empty audit logs
- Fix vet issue in WFE where RegID was being printed as a 32-bit int instead of 64-bit
- Unfix the issue in WFE where RegID isn't right, per PR #215
2015-05-21 13:58:40 -07:00
74ecad349b
Merge upstream/master
2015-05-20 13:03:43 -07:00
0f4f17e82b
make sure user has agreed before any subsequent actions
2015-05-20 12:58:14 -07:00
48cdd35026
gofmt wfe
2015-05-19 18:25:02 -07:00
8c9830618b
Use absolute URL for link to issuer cert
2015-05-19 16:30:33 -07:00
8dd4c650bd
Disallow GETs for Registration.
...
Per the spec, authenticated requests must be signed by an account key, and
GET requests can't be signed under the current protocol. If the account holder
wishes to fetch their current registration, they can do so by posting a signed,
empty update to their registration resource.
Also fix a bug in generating registration URLs.
2015-05-19 12:44:04 -07:00
870f02917c
check subscriber agreement in new/updated registrations
2015-05-18 20:56:51 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
d2be0dcb95
Review updates
2015-05-18 18:24:37 -07:00
894703ae67
Follow-on work for Issue #62
...
- Documentation correction
- Don't lose the problemDoc failback (merge issue, I guess?)
- Add the start of an ack script to find methods implementing the audit UUIDs
- Documentation fix (RA calls VA, not WFE)
- Audit log revocations
- Audit log unauthorized domains
- Include all SANs in issuance audit log
- Add a script to locate all audit markers
2015-05-18 18:23:09 -07:00
c3b312118e
Add audit logging
...
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
4cda5e11f3
Merge pull request #201 from rolandshoemaker/remkey
...
Switch Authorization object from key to registration ID as association
2015-05-18 11:24:51 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
faa1d5ac45
review cleanups
2015-05-16 13:25:36 -07:00
f8d54a728c
Fix up rebase issues.
2015-05-14 16:11:56 -07:00
b43d647fa2
Call RevokeCertificate through RA.
2015-05-14 15:54:12 -07:00
7b5038ac89
Switch WFE to revoke by posting cert rather than serial.
2015-05-14 15:54:10 -07:00
de4e37bf60
Implement user-facing revocation.
2015-05-14 15:53:58 -07:00
bff5ea2cfe
Implement user-facing revocation.
2015-05-14 15:52:11 -07:00
e233fdaa61
switch authz and pending_authz to store registration ID instead of key (and update all the random stuff they touched)
2015-05-14 14:14:36 -07:00
b3d85ed9b5
fix breakage introduced by b0rked rebase
2015-05-13 19:30:37 -07:00
8aa2a0607e
return full registration object and proper JSON marshal
2015-05-13 19:16:55 -07:00
c580041ed5
appropriate error messages
2015-05-13 19:16:55 -07:00
b9745cf894
check key is assosiated with existing registration in verifyPOST
2015-05-13 19:16:20 -07:00
aa8c20f84a
Fixes in response to review feedback.
2015-05-13 17:36:39 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
8e95c98cb5
add type namespacing
2015-05-11 14:44:54 -07:00
8655e900ab
send problem doc types in sendError (ignoring badCSR for now)
2015-05-11 14:44:54 -07:00
debf86375b
Remove Location header.
2015-05-10 21:37:29 -07:00
1276d82146
Add /acme/issuer-cert endpoint and up links to it
...
In /acme/new-cert and /acme/cert/<serial>.
2015-05-10 21:35:28 -07:00
3fddff8dcf
further tests for VA, consistent sendError for verifyPOST in WFE
2015-05-05 15:31:53 -07:00
2db4194b4d
add new registration + authorization tests for wfe
2015-05-04 20:54:58 -07:00
b5ca98130e
remove unused struct from broken fix
2015-05-04 19:40:08 -07:00
11a4a5019f
better reg test, ignore empty payload for now
2015-05-04 19:39:24 -07:00
4fc3a1146e
VA tests, WFE tests, plus WFE NewRegistration empty payload fix
2015-05-04 18:43:18 -07:00
3383809c20
Properly route index ( fixes #146 )
2015-05-03 20:35:53 +00:00
c4497aca72
Merge pull request #134 from letsencrypt/ocsp-table
...
More steps towards revocation / OCSP support
2015-05-02 11:22:23 -07:00
ac78f333f8
Merge branch 'master' into ocsp-table
...
Conflicts:
ca/certificate-authority.go
ca/certificate-authority_test.go
cmd/boulder-ca/main.go
cmd/boulder/main.go
sa/storage-authority.go
sa/storage-authority_test.go
2015-05-02 11:10:05 -07:00
c4aec38066
WFE: index (GET /)
2015-05-02 15:55:46 +00:00
a77152e828
Rework Authority "New" methods to obtain AuditLogger from Singleton
...
- Also ran `go fmt` against these files I was touching anyway:
sa/storage-authority.go
va/validation-authority.go
wfe/web-front-end.go
2015-05-01 21:50:07 -07:00
35834bf262
test.InitAuthorities, progress tests for wfe.Challenge
2015-05-01 00:33:22 +00:00
373636952e
Progress fixing tests for wfe.Challenge
2015-04-30 22:37:29 +00:00
4311f02a90
Add tests for wfe.Challenge
2015-04-30 20:48:02 +00:00
738e442f63
Fix build.
2015-04-30 19:25:28 +00:00
37f430d80f
Location and "up" Link for Challenge
2015-04-30 19:05:02 +00:00
7d98856ad7
"POST challenge" returns Challenge instead of Authorization ( fixes : #130 ).
2015-04-30 18:45:27 +00:00
1d2c6a5d7c
Split out GetCertificate / GetCertificateByShortSerial.
...
Also stub out some initial revocation code.
2015-04-29 11:48:08 -07:00
1065b14c9c
Add more logging to boulder.
2015-04-24 18:39:50 -07:00
830f64585c
Merge branch 'master' of github.com:letsencrypt/boulder into certificate-query
2015-04-18 23:45:47 -04:00
7d8ef9a019
Fix tests and tidy up for review.
2015-04-18 23:44:42 -04:00
431ad092eb
Query certs by sequential part of serial number.
...
Also refactor WFE for better initialization and change StorageAuthority to
support this type of query.
2015-04-18 00:48:19 -04:00
f839d89f25
add return
2015-04-16 17:44:14 -07:00
e7f2f4f90c
hook cmd.ProfileCmd into all the polylithic clients
2015-04-12 20:26:02 -07:00
f64665cd1b
better statsd hooks
2015-04-12 18:02:00 -07:00
c9fbc82883
Fix encoding of errors in WFE.
...
This fixes the problem Kuba reported on IRC of receiving messages like:
[123 34 100 101 116 97 105 108 34 58 34 77 101 116 104 111 100 32 110 111 116 32
97 108 108 111 119 101 100 34 125]
from Boulder.
This changelist also adds the beginning of a test to WFE, but much more is
needed.
2015-03-27 20:49:37 -07:00
316d3a6925
Unless we want multiple Content-Type headers, Set them rather than Add()ing
...
(Also restore myteriously missing portion of previous commit)
2015-03-26 10:08:27 -07:00
24d48a0c36
http.Error sets the wrong content-type
...
Also gofmt fixes
2015-03-26 10:08:27 -07:00
60d8446eac
A more accurate and complete attempt at Content-Type setting
2015-03-26 10:08:27 -07:00
7377c5c362
Content-Type: application/pkix-cert
...
- Minimally, send it when it applies
- Flag that none of this implementation really matches the spec;
probably the spec should change?
2015-03-25 18:26:18 -07:00
33ac212b70
Add logging infrastructure to all authorities and commands
2015-03-24 19:06:11 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
19fada5b27
Support for subscriber agreement
2015-03-15 23:47:55 -04:00
f5546ad407
Miscellaneous fixes to get e2e working
2015-03-15 22:42:35 -04:00
96bd7e215a
Further plumbing of registrations
2015-03-15 15:33:05 -04:00
d938deb3fd
Separate resources for challenges [initial]
2015-03-14 19:07:16 -04:00
8f4ea0efd8
Adapting to point to mainlined JOSE
2015-03-13 13:11:04 -07:00
70ab4a4605
Log problems when writing response bodies
2015-03-13 08:46:43 +01:00
91b12a2e1a
Simplify if err != nil structure when applicable
2015-03-12 12:46:18 +01:00
5fe97f1895
Replace []byte with nil, simplify response logic
2015-03-12 12:38:46 +01:00
e8126fd390
Pulling out wfe module
2015-03-10 14:33:22 -07:00
Jacob Hoffman-Andrews
Richard Barnes
bifurcation
J.C. Jones
Roland Shoemaker
James 'J.C.' Jones
Jakub Warmuz
Peter Eckersley
Daniel Martí