letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,873 Commits 89 Branches 416 Tags 101 MiB
Commit Graph

179 Commits

Author SHA1 Message Date
Jacob Hoffman-Andrews a9db85adf2 Merge branch 'master' into paranoid-key 2015-10-01 14:12:38 -07:00
Jacob Hoffman-Andrews 685c6e4206 Use stored key to verify JWS POSTs 
instead of submitted key. This minimizes the chances of unexpected JWK fields in
the submitted key altering its interpretation without altering the lookup in the
registrations table.

In the process, fix handling of NoSuchRegistration responses.

Fixes https://github.com/letsencrypt/boulder/issues/865.
 2015-09-29 23:37:16 -07:00
Jacob Hoffman-Andrews 1fbf2d4990 Fix HEAD to work only for GET resources. 2015-09-27 23:49:59 -07:00
Jacob Hoffman-Andrews ecd08c0798 Allow HEAD for all GET resources. 2015-09-27 12:36:18 -07:00
Jacob Hoffman-Andrews 954004fafb Merge branch 'longserial' of github.com:letsencrypt/boulder into longserial 2015-09-22 16:18:07 -07:00
Jacob Hoffman-Andrews 3c5ffdea49 Restore full test for certificate location. 2015-09-22 16:17:22 -07:00
Jeff Hodges a645430a23 Merge branch 'master' into longserial 2015-09-22 15:01:47 -07:00
Jacob Hoffman-Andrews 02314f4041 Implement the new 144-bit mostly-random serial. 
To keep the change small, I have not yet completely removed the
GetCertificateByShortSerial method from interfaces and the RPC. I will do taht
in a follow up change.
 2015-09-21 13:10:16 -07:00
Roland Shoemaker 536de0249d Merge master 2015-09-16 18:08:26 -07:00
Jacob Hoffman-Andrews f7910753b5 Move MockSA from WFE to mocks. 2015-09-16 12:57:06 -07:00
Roland Shoemaker cc65beef3f Merge master 2015-09-15 14:52:40 -07:00
Jeff Hodges 7648e452b9 Merge branch 'master' into earliest-expiry 2015-09-15 13:26:44 -07:00
Roland Bracewell Shoemaker acf2999d5f Merge branch 'master' into clean_up_new_reg_test 2015-09-15 12:22:19 -07:00
Roland Shoemaker f35643bcaf Merge master 2015-09-15 12:05:58 -07:00
Jacob Hoffman-Andrews e3c226a84e Remove earliestExpiry from IssueCertificate call. 2015-09-11 15:09:11 -04:00
Roland Bracewell Shoemaker d55e0e0d8d Merge branch 'master' into fix-wfe-test-better 2015-09-11 11:58:28 -07:00
Jeff Hodges 52055d3190 Merge branch 'master' into clean_up_new_reg_test 2015-09-11 11:31:46 -07:00
Jacob Hoffman-Andrews 6233c0891c Fix typo. 2015-09-11 14:08:26 -04:00
Jacob Hoffman-Andrews 57e349ef00 Merge github.com:letsencrypt/boulder into fix-wfe-error 2015-09-11 13:54:25 -04:00
Jacob Hoffman-Andrews a48142e3c7 Remove testing arg. 2015-09-11 13:54:18 -04:00
Jacob Hoffman-Andrews 875a71e53e Fix WFE test properly. 
The WFE test relies on a pre-generated cert. Since there are some sanity checks
on the dates in certs, we were getting errors during the test.

One quick fix is to have those sanity checks rely on RA's clock object, which
can be replaced with a fake for testing. In order to do that, I had to move the
sanity check (MatchesCSR) into the registration authority package, where it
makes more sense anyhow.

I also removed a handful of equality testing functions in objects.go that were
only used by MatchesCSR and whose purpose is better served by reflect.DeepEqual.
This was to avoid having to also move those equality testing functions into the
registration authority.
 2015-09-11 13:17:18 -04:00
Jeff Hodges 845e1261a4 Merge branch 'master' into clean_up_new_reg_test 2015-09-10 14:48:59 -07:00
Jeff Hodges bea4ca29b4 Merge branch 'master' into metrics-cleanup 2015-09-10 14:33:50 -07:00
Jeff Hodges e938969f3d de-dupe TestNewRegistration 
I didn't follow what was going on in it. Another test is being added in
a later PR.
 2015-09-10 14:07:55 -07:00
Jacob Hoffman-Andrews 4724bb7e80 Merge branch 'master' into index-fix 2015-09-10 16:51:38 -04:00
Roland Shoemaker 346a8c1a01 Merge master 2015-09-10 13:47:19 -07:00
Jeff Hodges 092e0b19ef Merge branch 'master' into challenge-display-uri 2015-09-10 13:12:46 -07:00
Roland Shoemaker 871a77c4b8 Merge master 2015-09-10 13:00:52 -07:00
Jacob Hoffman-Andrews 253d700d06 Merge branch 'master' into challenge-display-uri 
Conflicts:
	cmd/boulder-ra/main.go
	ra/registration-authority.go
	ra/registration-authority_test.go
 2015-09-10 15:44:21 -04:00
Jeff Hodges def66fc85d Merge branch 'master' into index-fix 2015-09-10 12:37:03 -07:00
Jeff Hodges 442e6e28e5 set /directory's content-type correctly to json 
Fixes #769
 2015-09-10 12:30:01 -07:00
Jacob Hoffman-Andrews 998ffc79cb Do GoodKey checking in WFE. 2015-09-09 20:30:55 -04:00
Jacob Hoffman-Andrews 09c2a05a01 Fix index method. 
The HTML reply pointed to the new-reg URL, when it should point to the
directory.

Also fix https://github.com/letsencrypt/boulder/issues/717 by checking first
whether the request path is exactly "/" and giving 404 otherwise.
 2015-09-09 16:50:54 -04:00
Jacob Hoffman-Andrews ffcd1c866d Make challenge URI a display-time property. 
Challenge URIs should be determined by the WFE at fetch time, rather than stored
alongside the challenge in the DB. This simplifies a lot of the logic, and
allows to to remove a code path in NewAuthorization where we create an
authorization, then immediately save it with modifications to the challenges.

This change also gives challenges their own endpoint, which contains the
challenge id rather than the challenge's offset within its parent authorization.
This is also a first step towards replacing UpdateAuthorization with
UpdateChallenge: https://github.com/letsencrypt/boulder/issues/760.
 2015-09-09 16:23:45 -04:00
Jacob Hoffman-Andrews c91f1c2549 Fix error message when revoking with wrong key. 
Also split up revocation test case into two cases, and add a new one.
 2015-09-09 16:19:35 -04:00
Jacob Hoffman-Andrews e44126a034 Fix path for clock import. 2015-09-09 00:24:49 -04:00
Jeff Hodges 6dcba1ae49 allow NULL expires in authz on validation failure 
The RA did not have any code to test what occurred when a challenge
failed. This let in the authz schema change in #705.

This change sets the expires column in authz back to NULLable and fixes
the RA tests (including, using clock.Clocks in the RA).

Fixes #744.
 2015-09-04 12:14:24 -07:00
Roland Shoemaker af8299d607 Merge master 2015-09-03 11:36:08 -07:00
Jacob Hoffman-Andrews 2a8804b792 Merge branch 'master' into test-js-content-length 
Conflicts:
	wfe/web-front-end_test.go
 2015-09-02 23:23:53 -04:00
Roland Shoemaker d70ebf6c09 Merge master 2015-09-01 14:39:26 -07:00
Roland Bracewell Shoemaker fe00decc92 Merge pull request #697 from letsencrypt/revoke-split 
Split RA revoke method
 2015-09-01 14:08:33 -07:00
Jeff Hodges dedb5f96a7 clean up some pointer type conversions 
I grepped around and only found these.
 2015-08-31 23:51:43 -07:00
Roland Shoemaker e54d3d322e Merge branch 'master' into blacklist 2015-08-31 15:39:24 -07:00
Roland Shoemaker 1ad7bea579 Move PA construction out of other authority constructors 2015-08-31 15:33:03 -07:00
Roland Shoemaker d11d1ed774 Rename admin-revoker RA call 2015-08-30 22:33:36 -07:00
Roland Shoemaker 0534680907 Merge master 2015-08-30 22:17:14 -07:00
Jacob Hoffman-Andrews ae3e41dffb Refactor WFE tests to pass with content-length. 
This also factors out some of the complexity of the test into a helper function.
 2015-08-30 12:59:46 -04:00
Jacob Hoffman-Andrews 9fa1e02d7d Require content length. 2015-08-30 12:59:43 -04:00
Jacob Hoffman-Andrews e370d1276b Split up WFE Authorization function. 
This function splits out Authorization into its three separate cases:
GET a challenge
POST a challenge
GET an authorization

This is a refactoring I needed to do on the way to
https://github.com/letsencrypt/boulder/issues/638. I split it out to avoid
having that change grow too big and full of ancillary refactorings.
 2015-08-28 19:07:28 -07:00
Roland Shoemaker 88c2f95179 Cleanup authority creation 2015-08-28 15:03:02 -07:00