Moves the wfe to it's own config file.
Each config will now belong in `test/config` and `test/config-next` analogous to `boulder-config` and `boulder-config-next`.
Moves the `subscriberAgreementURL` from a top-level config variable to the WFE section. The top level configuration is still respected until we can change the prod configs.
Presently clients may request a new AuthZ be created for a domain that they have already proved authorization over. This results in unnecessary bloat in the authorizations table and duplicated effort.
This commit alters the `NewAuthorization` function of the RA such that before going through the work of creating a new AuthZ it checks whether there already exists a valid AuthZ for the domain/regID that expires in more than 24 hours from the current date. If there is, then we short circuit creation and return the existing AuthZ. When this case occurs the `RA.ReusedValidAuthz` counter is incremented to provide visibility.
Since clients requesting a new AuthZ and getting an AuthZ back expect to turn around and post updates to the corresponding challenges we also return early in `UpdateAuthorization` when asked to update an AuthZ that is already valid. When this case occurs the `RA.ReusedValidAuthzChallenge` counter is incremented.
All of the above behaviour is gated by a new RA config flag `reuseValidAuthz`. In the default case (false) the RA does **not** reuse any AuthZ's and instead maintains the historic behaviour; always creating a new AuthZ when requested, irregardless of whether there are already valid AuthZ's that could be reused. In the true case (enabled only in `boulder-config-next.json`) the AuthZ reuse described above is enabled.
Resolves#1854
Prior to this PR the /directory JSON result was built once in Handler() and returned as-is for all requests. Each endpoint URL was fully qualified as an absolute URL using the BaseURL configuration
parameter. This required a configuration change in order to tweak the origin being used for subsequent requests. Returning purely relative URLs (e.g. /acme/new-reg vs http://localhost:4000/acme/new-reg) would break clients that assume absolute paths and we don't want that.
This PR introduces a new behaviour where the /directory JSON is built per-request using the HTTP Host header in place of the BaseURL. Clients will still receive a fully qualified URL in each directory entry but we gain the ability to more easily control the host without requiring config changes. To allow gradual migration via the config file we use the old /directory behaviour when a BaseURL is specified in the configuration file. This will address #1823.
Since the request.URL is not populated (Spare the Path attribute) we can not use request.URL.Scheme for the initial http:// vs https:// prefix when constructing the URLs and instead differentiate between the two cases using the req.TLS attribute. For cases (such as in production) where another service is terminating the initial request and making a subsequent HTTP request to the WFE we support the X-Forwarded-Proto header to ensure we use the original request's protocol when building URLs.
Many unit tests for the WFE assumed that when there is no BaseURL specified and no Host header is sent in the request, that the output will return relative paths. This PR changes that behaviour to always return absolute URLs by defaulting to localhost for the Host when it is not specified via the initial request or the BaseURL config option. This PR changes the expected test output to match this behaviour.
* Split CSR testing and name hoisting into own functions, verify CSR in RA & CA
* Move tests around and various other fixes
* 1.5.3 doesn't have the needed stringer
* Move functions to their own lib
* Remove unused imports
* Move MaxCNLength and BadSignatureAlgorithms to csr package
* Always normalizeCSR in VerifyCSR and de-export it
* Update comments
When a CAA request to Unbound times out, fall back to checking CAA via Google Public DNS' HTTPS API, through multiple proxies so as to hit geographically distributed paths. All successful multipath responses must be identical in order to succeed, and at most one can fail.
Fixes#1618
* Split out CAA checking service (minus logging etc)
* Add example.yml config + follow general Boulder style
* Update protobuf package to correct version
* Add grpc client to va
* Add TLS authentication in both directions for CAA client/server
* Remove go lint check
* Add bcodes package listing custom codes for Boulder
* Add very basic (pull-only) gRPC metrics to VA + caa-service
It's now the default in all cases that it was configurable. When we want to
suppress SQL debug messages, we can simply adjust the logging level to suppress
debug messages in general.
Also, pass a logger to SetSQLDebug rather than calling GetAuditLogger.
Ben Irving