a4aa450ee6
Switch to custom revocation code type
2015-08-27 17:09:41 -07:00
d6b09c2cf9
Clean up
2015-08-27 14:50:00 -07:00
0e1e38011a
Review fixes pt. 2
2015-08-26 12:09:15 -07:00
4fb747ead1
Merge master
2015-08-15 16:50:57 -07:00
b9913a2b41
Review fixes
2015-08-14 17:14:02 -07:00
8789f925cc
Merge master
2015-08-11 16:39:31 -07:00
1a2825138d
Actually wire everything into the PADB
2015-08-06 16:57:38 -07:00
0f03494d56
use pointer to AcmeURL everywhere
...
This has the benefit of not requiring us to copy very fat url.URL
objects when we pass them to funcs or call their methods.
2015-08-05 18:23:38 -07:00
652702bd7f
Merge master
2015-07-30 13:47:10 -04:00
5ea17d980a
Merge master
2015-07-29 16:37:39 -04:00
272fbbd480
Merge pull request #541 from r0ro/remove-authz-newcert
...
Remove the need for a client to send authorizations url when requesting new certificate
2015-07-29 13:10:46 -07:00
7b5581a046
Remove recovery token in WFE test
2015-07-29 15:53:03 -04:00
9e87cef807
Further test fixes
2015-07-29 12:20:00 -04:00
26b140b0cc
Removing unused literals and exposing more error info
2015-07-29 11:17:26 -04:00
911827cd2d
Removing extraneous quoting
...
I know this should go in a separate PR, but it's so trivial it's not worth it.
2015-07-29 10:27:57 -04:00
f016d02365
Unit tests for 'resource'
2015-07-29 10:24:44 -04:00
36cba96fb2
update tests after jwk encoding fix.
2015-07-28 16:25:30 +02:00
4bbd0fdccd
Remove the need for a client to submit authorization urls when requesting a certificate.
2015-07-27 20:26:56 +02:00
713f7ea352
Merge pull request #528 from letsencrypt/remove_posts
...
remove dead POST code in wfe.Certificate
2015-07-25 16:23:25 -07:00
b0402d1880
add POST back to wfe Authz test
2015-07-25 14:16:57 -07:00
eb3ef4c98c
Merge pull request #509 from r0ro/missing-reg-link
...
Add missing link headers for registration resource update.
2015-07-24 18:26:24 -07:00
0ea7b36b6a
remove dead POST code in wfe.Certificate
...
The Certificate endpoint (a.k.a. /acme/cert) had code that took POSTs
but always returned errors when they were hit.
2015-07-24 16:46:49 -07:00
9423467142
Switch to our own fork of go-jose.
...
This is the result of `godep save -r ./...` and
`git rm -r -f Godeps/_workspace/src/github.com/square`
Our fork is currently at the head of go-jose when Richard made the local nonce
changes, with the nonce changes added on top. In other words, the newly created
files are exactly equal to the deleted files.
In a separate commit I will bring our own go-jose fork up to the remote head,
then update our deps.
Also note: Square's go-jose repo contains a `cipher` package. Since we don't
make any changes to that package, we leave it imported as-is.
2015-07-24 14:39:00 -07:00
620a012c62
Rewrite go-jose dependencies to our fork.
2015-07-24 14:16:01 -07:00
7a3c061576
Add new test to ensure Link headers are correctly set in Registration/NewRegistration reply.
2015-07-23 18:13:41 +02:00
941df62ad4
Switch to AuditObject for CSR logging.
...
This allows us to log the remote address and registration object along with the
CSR.
Also, restore part of a comment on CertificateRequest that was deleted.
2015-07-22 16:32:11 -07:00
6952aebeb3
Record initial application CSR.
...
Fixes https://github.com/letsencrypt/boulder/issues/493 .
Also, modify MockSyslogWriter so that it implements the SyslogWriter interface
(no pointer receivers).
2015-07-22 15:34:59 -07:00
ce4ca429a6
Merge pull request #502 from letsencrypt/directory
...
Basic ACME directory endpoint
2015-07-22 15:32:15 -07:00
7fce01b7ce
Merge pull request #491 from letsencrypt/cache-headers
...
WFE cache headers
2015-07-22 15:09:02 -07:00
b093613191
Add cache helper methods and always send static cache max-age
2015-07-21 18:21:48 -07:00
0e83538b56
Merge master
2015-07-21 17:48:19 -07:00
99c339f850
Merge pull request #498 from tomclegg/490-mock-logs
...
Add mock for syslog.
2015-07-21 17:40:06 -07:00
1a3e41ee57
Review fixes
2015-07-21 17:39:16 -07:00
2d758a7ab6
Basic ACME directory endpoint
2015-07-21 16:55:57 -07:00
6e03f78ad0
Extend wfe.Certificate tests
2015-07-20 12:27:26 -07:00
249664383d
Simplify init(). Add UseMockLog(), to mock syslog for an entire test process.
2015-07-19 14:21:48 -04:00
6a2344e1bf
Add config vars and wire them into cmd/boulder and cmd/boulder-wfe
2015-07-17 17:44:03 -07:00
f08261edb5
Add cache-control headers to terms, issuer, and certificate endpoints
2015-07-17 17:14:39 -07:00
ff491962b9
Dry up "method not allowed" handling.
2015-07-16 22:07:44 -04:00
738d959417
Merge pull request #429 from letsencrypt/unknown-key
...
Return better message to client if JWK is unknown
2015-07-08 10:50:36 -07:00
a745160ee6
Merge master
2015-07-06 17:38:04 -07:00
c233aa8e56
411 - Redirect /terms to wfe.SubscriberAgreementURL
...
- Rebased (jcjones)
2015-07-06 17:16:40 -07:00
1d4afe4c70
Add status code check to the right PR
2015-07-06 21:03:36 +01:00
f8e6b06b12
Add status code check to test
2015-07-06 20:55:33 +01:00
d9d537f7f4
Add location header to /acme/new-reg if key is already in use
2015-07-06 18:40:40 +01:00
12589834a3
Merge master
2015-06-25 15:59:59 -07:00
ff192330f8
Propagate nonce errors through WFE
2015-06-23 13:15:09 -07:00
9edd2b8e07
Refactor StatsD metrics collection
...
- Moved HandlerTimer definition from various cmd/ binaries to cmd/shell.go
- Cleaned up HandlerTimer endpoint metrics
- Moved New... counter metrics from WFE to RA and add Updated... and Finalized... ones
- Added error code and problem type counter metrics to WFE
- Added validation type / status counter metrics to VA
- Consistently return the total RTT from LookupCAA, LookupCNAME, and LookupDNSSEC method
- Added DNS RTT timing metrics to VA for the various Loookup... methods
2015-06-21 23:28:10 -07:00
f21dc2e146
Merge branch 'master' into wfe-logging
2015-06-19 17:00:05 -07:00
f228ac41f5
Add connection logging to the WFE
2015-06-19 16:47:54 -07:00
4655447a35
Reformatted error messages
2015-06-19 14:47:45 -07:00
426b03b7de
Final cleanup
2015-06-19 14:09:09 -07:00
403af37a39
Hide Authorization.Expires field when uninitialized
2015-06-17 18:34:30 -07:00
41f5788c77
Correct most `go lint` warnings. (274 -> 5)
2015-06-16 22:18:28 -05:00
01c41c1bd0
Merge pull request #354 from letsencrypt/344-internal_server_errors
...
Resolves Issue #344 : Only send InternalServerError when needed
2015-06-15 15:57:04 -07:00
80d5e50e42
Enable revocation by account key.
...
In addition to cert private key. This required modifying the GetCertificate*
functions to return core.Certificate instead of certificate bytes.
2015-06-15 12:33:50 -07:00
1474b7f21f
Resolves Issue #344 : Only send InternalServerError when needed
...
Basically, just send InternalServerError when it indicates an internal state
was broken.
2015-06-13 00:21:44 -05:00
615366636a
Send CORS headers
2015-06-11 22:26:16 -04:00
d398bd962a
Send an Allow header whenever we send 405
2015-06-11 22:12:01 -04:00
2ad15a4a85
Issue #309 : Produce OCSP Responses immediately upon issuance, if at all possible.
...
This approach performs a best-effort generation of the first OCSP response during
certificate issuance. In the event that OCSP generation fails, it logs a warning at
the Boulder-CA console, but returns successfully since the Certificate was itself
issued.
2015-06-11 11:31:04 -05:00
8289a6d2fa
Make tests pass
2015-06-09 17:43:16 -04:00
573e35ed56
Disallow multiple registrations with same key (and fix all related tests)
2015-06-04 20:21:59 +01:00
a3521bcb61
Merge pull request #277 from rolandshoemaker/check-cert
...
Check generated certificate matches CSR
2015-06-03 22:10:35 -07:00
78e621c95f
further review fixes
2015-06-03 00:27:08 +01:00
04479eca5c
Merge pull request #291 from letsencrypt/fix-revocation
...
Revert change to revocation from #275
2015-06-02 17:52:35 -04:00
7a60d431d6
Revert "Supporess the 'expires' field in public Authorizations"
...
This reverts commit d47b7c12ac
2015-06-02 12:02:05 -07:00
026cb424fc
Revert "Replace RevokeCertficate with something more in line with the spec"
...
This reverts commit b1bad40fe6
2015-06-02 10:45:54 -07:00
51890a9626
Move cert-csr check to boulder/core and review fixes
2015-06-02 17:56:28 +01:00
c830921b5a
WFE test comment cleanup
2015-06-01 16:39:21 +01:00
0048453fc8
remove JWS request generation cruft
2015-06-01 16:15:38 +01:00
33df806d25
wfe test fixes + DNSNames and CommonName cleanup
2015-06-01 15:01:24 +01:00
e5bf16711c
Add generated cert checks
2015-06-01 14:00:49 +01:00
b1bad40fe6
Replace RevokeCertficate with something more in line with the spec
2015-06-01 02:11:10 -04:00
d47b7c12ac
Supporess the 'expires' field in public Authorizations
2015-06-01 02:08:47 -04:00
7f8f12c91b
Fixing broken WFE tests due to agreement checking
2015-06-01 02:08:47 -04:00
a188c2c775
Fixing some additional cases from #265
2015-05-31 16:16:25 -04:00
466154cc61
Merge master
2015-05-31 16:13:06 -04:00
457f71a512
Merge master
2015-05-31 16:03:43 -04:00
c0bacc3fb6
Add more detailed error code reporting
2015-05-31 15:58:08 -04:00
c8d001b3fb
better MockCA IssueCertificate argument name
2015-05-31 20:47:18 +01:00
94a3a1effb
fix mock bug
2015-05-31 20:33:44 +01:00
170012808c
Remove invalid openssl signature comment
2015-05-31 20:21:03 +01:00
c67b4393a1
HandlePath work around
2015-05-31 11:37:14 +01:00
4afa15201b
Merge remote-tracking branch 'upstream/master' into wfe-tests
2015-05-31 11:33:05 +01:00
62d25cffe0
review cleanup
2015-05-31 11:32:55 +01:00
e563e831d2
store random cert as hex
2015-05-30 21:38:39 +01:00
ba8b84ef09
Another couple of test fixes
2015-05-30 14:41:18 -04:00
b2f78525dc
gofmt
2015-05-30 19:00:42 +01:00
c6b51176a2
add *even* more header checks
2015-05-30 18:59:01 +01:00
0493c8e4ff
add actual header checks
2015-05-30 18:44:48 +01:00
78bbc3e2e5
Add header checks
2015-05-30 18:37:43 +01:00
20e36a9dff
full IssueCertificate test
2015-05-30 18:36:03 +01:00
1fd691564d
Fix broken test, only run integration tests if unit tests pass.
2015-05-28 08:35:13 -07:00
bc3acca096
Resolved Issue #230
...
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
2015-05-26 14:44:15 -07:00
74ecad349b
Merge upstream/master
2015-05-20 13:03:43 -07:00
0f4f17e82b
make sure user has agreed before any subsequent actions
2015-05-20 12:58:14 -07:00
8dd4c650bd
Disallow GETs for Registration.
...
Per the spec, authenticated requests must be signed by an account key, and
GET requests can't be signed under the current protocol. If the account holder
wishes to fetch their current registration, they can do so by posting a signed,
empty update to their registration resource.
Also fix a bug in generating registration URLs.
2015-05-19 12:44:04 -07:00
870f02917c
check subscriber agreement in new/updated registrations
2015-05-18 20:56:51 -07:00
97ff1c8423
merge upstream/master
2015-05-18 19:07:04 -07:00
1c7d0d5411
gofmt touched files
2015-05-18 19:03:25 -07:00
cf7f6f5db3
add RA regID checks
2015-05-18 18:53:48 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
c3b312118e
Add audit logging
...
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
faa1d5ac45
review cleanups
2015-05-16 13:25:36 -07:00
e233fdaa61
switch authz and pending_authz to store registration ID instead of key (and update all the random stuff they touched)
2015-05-14 14:14:36 -07:00
b43e7de8dc
Add missing mock method to fix build for PR #185 .
2015-05-14 10:25:40 -07:00
b9745cf894
check key is assosiated with existing registration in verifyPOST
2015-05-13 19:16:20 -07:00
7c6a5332eb
Fix WFE test
...
Use a static key so we can test for exact output equality.
2015-05-13 19:01:16 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
314fb5e9f6
add WFE mashaling test
2015-05-12 21:04:48 -07:00
21c52747c5
...also update tests
2015-05-11 14:44:54 -07:00
8655e900ab
send problem doc types in sendError (ignoring badCSR for now)
2015-05-11 14:44:54 -07:00
3fddff8dcf
further tests for VA, consistent sendError for verifyPOST in WFE
2015-05-05 15:31:53 -07:00
2db4194b4d
add new registration + authorization tests for wfe
2015-05-04 20:54:58 -07:00
11a4a5019f
better reg test, ignore empty payload for now
2015-05-04 19:39:24 -07:00
4fc3a1146e
VA tests, WFE tests, plus WFE NewRegistration empty payload fix
2015-05-04 18:43:18 -07:00
c4aec38066
WFE: index (GET /)
2015-05-02 15:55:46 +00:00
a77152e828
Rework Authority "New" methods to obtain AuditLogger from Singleton
...
- Also ran `go fmt` against these files I was touching anyway:
sa/storage-authority.go
va/validation-authority.go
wfe/web-front-end.go
2015-05-01 21:50:07 -07:00
e828c61818
Add singleton semantics to Audit Logger, per Issue #135
...
- Update tests to use the singleton logger
- Update commands to set the audit logger singleton
- Formatting updates to the tests (go fmt)
2015-05-01 21:48:24 -07:00
e713658931
Revert 35834bf2, fix tests for wfe.Challenge
2015-05-01 08:14:23 +00:00
35834bf262
test.InitAuthorities, progress tests for wfe.Challenge
2015-05-01 00:33:22 +00:00
373636952e
Progress fixing tests for wfe.Challenge
2015-04-30 22:37:29 +00:00
4311f02a90
Add tests for wfe.Challenge
2015-04-30 20:48:02 +00:00
945d508da5
Fix wfe test.
2015-04-16 14:10:38 -04:00
5fb6741052
fix tests
2015-04-13 02:00:31 -07:00
c9fbc82883
Fix encoding of errors in WFE.
...
This fixes the problem Kuba reported on IRC of receiving messages like:
[123 34 100 101 116 97 105 108 34 58 34 77 101 116 104 111 100 32 110 111 116 32
97 108 108 111 119 101 100 34 125]
from Boulder.
This changelist also adds the beginning of a test to WFE, but much more is
needed.
2015-03-27 20:49:37 -07:00
Roland Shoemaker
Jeff Hodges
Richard Barnes
Romain Fliedel
Jacob Hoffman-Andrews
Tom Clegg
Brad Warren
J.C. Jones
James 'J.C.' Jones
bifurcation
Jakub Warmuz