In ra.checkCertificatesPerName allow a bypass of the rate limit
if the exact name set has previously been issued for. This should
make a few current scenarios people have been running into slightly
less painful.
Adds a new rate limit, certficatesPerFQDNSet, which counts certificates
with the same set of FQDNS using a table containing the hash of the dNSNames
mapped to a certificate serial. A new method is added to the SA in AddCertificate
to add this hash to the fqdnSets table, which is gated by a config bool.
B64enc and B64dec can be replaced by base64.RawURLEncoding.
Thumbprint is now implemented in go-jose, and we have the relevant version
imported already, so we can use that.
SyntaxError isn't used anywhere and can be deleted.
Fixes https://github.com/letsencrypt/boulder/issues/1212.
This exposes a new constructor in amqp-rpc.go specifically for ActivityMonitor,
which overrides the normal routingKey to be the wildcard "#".
It also adds an expvar for the number of messages processed in ActivityMonitor,
and adds an integration test case that checks that ActivityMonitor has received
more than zero messages.
Previously our executables would all try to declare the boulder exchange on
startup, which may have been leading to some race conditions in Travis. Also,
the Activity Monitor would try to bind a queue to the exchange at startup.
In prod both of these tasks are taken care of administratively, so including
them in the app code was adding unnecessary complexity. It also may have been
part of an issue causing Activity Monitor to fail to start up recently.
Also, turn the Activity Monitor into an RPC service, which gets it reconnects
for free, and add it to startservers.py.
This allows us to return a for-users ProblemDetails from services that
the WFE calls (or services that those services call). Doing so means we
can give better errors to the WFE once we teach the WFE how to pass
along ProblemDetails itself.
This is for #1153 and a few other tickets in the error-messages label.
Fixes#1160
This decreases log size 27% in a simple test, and more importantly makes the
logs human readable and searchable.
Fixes#1031
Also, change corrID to an 8-byte value and break dependency on NewToken().
Fixes#909
In the process, break out AMQP config into its own struct, one per service.
The AMQPConfig struct is included by composition in the config structs that need
it. If any given service lacks an AMQP config of its own, it gets a default
value from the top-level AMQP config struct, for deployability reasons.
Tightens the RPC code to take a specific AMQP config, not an over-broad
cmd.Config.
Shortens construction of specific RPC clients so they instatiate the generic
client connection themselves, simplifying per-service startup code.
Remove unused SetTimeout method on RPC clients.
This allows us to call the Google Safe Browsing calls through the VA.
If the RA config's boolean UseIsSafeDomain is true, the RA will make the RPC
call to the VA during its NewAuthorization.
If the VA config's GoogleSafeBrowsingConfig struct is not nil, the VA
will check the Google Safe Browsing API in
VA.IsSafeDomain. If the GoogleSafeBrowsingConfig struct is nil, it will
always return true.
In order to actually make requests, the VA's GoogleSafeBrowsingConfig
will need to have a directory on disk it can store the local GSB hashes
it will check first and a working Google API key for the GSB API.
Fixes#1058
This fixes a memory leak. On every request timeout, the pending map
would not have the have the request's response channel removed and,
instead, would hold on to it for the lifetime of the process. This
change makes sure the response channel is removed on timeout.
That change would cause "misrouted messages" audit logs to occur when a
response was sent back from a server but arrived past the timeout. That
would get pretty noisy. Since we introduced specific client queues, our
"misrouted messages" audit logs in the clients are always timeouts. So,
we solve the noisy log problem by deleting some code.
Fixes#1045.
Roland Shoemaker