9bd9ed08da
Change from adding the parameter to enforcing it
2015-06-23 23:18:45 -07:00
e7a48127e6
Append ?parseTime=true when needed
2015-06-23 23:01:18 -07:00
403af37a39
Hide Authorization.Expires field when uninitialized
2015-06-17 18:34:30 -07:00
41f5788c77
Correct most `go lint` warnings. (274 -> 5)
2015-06-16 22:18:28 -05:00
80d5e50e42
Enable revocation by account key.
...
In addition to cert private key. This required modifying the GetCertificate*
functions to return core.Certificate instead of certificate bytes.
2015-06-15 12:33:50 -07:00
2d2efa5e85
Merge pull request #356 from letsencrypt/remove-slash
...
Revoke path should not end in slash
2015-06-12 13:55:10 -07:00
2b2f4110d4
Revoke path should not end in slash.
2015-06-12 13:26:43 -07:00
f4ee29d1d3
Change all references from SimpleHTTPS -> SimpleHTTP
2015-06-12 11:22:04 -07:00
32531c7f24
Merge pull request #350 from letsencrypt/252-remove_null_key_hack
...
Issue #252 : Remove the hack from Type Converter
2015-06-11 16:22:51 -07:00
ef0e7fd3f6
New tests
...
- Write a database.go test
- Start writing a type-converter.go test
2015-06-11 17:29:38 -05:00
b0cb08e49a
Issue #252 : Remove the hack from Type Converter
2015-06-11 13:24:10 -05:00
34bad37ab0
Remove dead code `DumpTables`.
...
If you really want to do this, use
the tools provided with your chosen Database backend.
2015-06-11 13:24:10 -05:00
2ad15a4a85
Issue #309 : Produce OCSP Responses immediately upon issuance, if at all possible.
...
This approach performs a best-effort generation of the first OCSP response during
certificate issuance. In the event that OCSP generation fails, it logs a warning at
the Boulder-CA console, but returns successfully since the Certificate was itself
issued.
2015-06-11 11:31:04 -05:00
a8b0e01c5a
Finish initial version of OCSP Responder
...
- Correct the Database implementation to match current schema & GORP
- Add some debug logging
- Correct CA Key identification
- Move SQL Debugging into the Database object and file, so that things that don't use the Storage Authority can toggle it
2015-06-05 15:03:38 -07:00
573e35ed56
Disallow multiple registrations with same key (and fix all related tests)
2015-06-04 20:21:59 +01:00
026cb424fc
Revert "Replace RevokeCertficate with something more in line with the spec"
...
This reverts commit b1bad40fe6
2015-06-02 10:45:54 -07:00
b1bad40fe6
Replace RevokeCertficate with something more in line with the spec
2015-06-01 02:11:10 -04:00
e8edbf5f21
Making capitalization consistent with Go standards
2015-06-01 02:08:47 -04:00
9917ca17f6
Clean up TODOs
2015-06-01 02:05:17 -04:00
3e593d73c9
Merge pull request #262 from letsencrypt/ra-tests
...
Miscellaneous Fixes
2015-05-30 22:08:49 -07:00
f7541f1bc2
Issue #252
2015-05-30 17:41:15 -04:00
1723a9641f
Some minor fixes to address build issues
2015-05-30 14:16:27 -04:00
7a09c78788
Issue #254
2015-05-30 13:21:36 -04:00
4518f0bf17
Migrate CADB to using GORP.
2015-05-28 23:11:03 -07:00
e14f59c559
Rework from PR #251 :
2015-05-28 23:03:48 -07:00
d1321f2d78
More RPC fixes for Issue #202
...
- NewPendingAuthorization now uses a core.Authorization object, so
that foreign key constraints are followed
- core.Authorization now serializes RegistrationID to JSON, so it has to get
blanked out in WFE before transmission to client.
- Remove ParsedCertificate from core.Certificate, as type x509.Certificate cannot
be marshaled.
- Added AssertDeepEquals and AssertMarhsaledEquals to test-tools.go
- Caught several overloaded and misleadingly named errors in WFE
2015-05-28 11:05:55 -07:00
e4e52e7315
More work on Issue #202 for RPC functions
...
- Fix a bunch of typos in rpc-wrappers.go
- Unblank `id` in core.Registration JSON:
- It's not spec, but it's not hurting anything, and we reveal it to clients anyway.
- We need knowledge of the ID in RPC, so if we don't want to include this in the object, we need to make a transfer object to wrap it.
- Make the RPC logs much clearer as to who's talking to who
- Typo in WFE where we called a registration an authz
2015-05-27 23:37:12 -07:00
af0f8446eb
Issue #202 , Periodic OCSP Signer Tool
...
- Move dbMap construction and type converter into individual files in the sa package.
- Add DB configuration for the OCSP tool to the boulder config:
- left to the user if they want to use different boulder-config.json files
for different purposes.
- Added updater to Makefile
- Fix trailing ',' in the Boulder config, add more panic logging
- Ignore .pem files produced by the integration test
- Change RPC to use per-instance named reply-to queues.
- Finish OCSP Updater logic
- Rework RPC for OCSP to use a transfer object (due to serialization problems of x509.Certificate)
2015-05-27 22:01:29 -07:00
e87f5245a5
OCSP Updater administrator cmdline tool
...
- First steps towards ocsp updater.
- Move the type converter into its own file in "sa" rather than core, to keep
Gorp from leaking out of the SA package.
2015-05-27 22:01:29 -07:00
714432e9d7
Max JWK size of 1024.
2015-05-27 16:08:04 -07:00
343920cfe3
Fix integration test while running with MySQL
...
- Add SQL configuration options
- Increase the width of the authz and pending_authz tables' challenges field
- Make it configurable whether CREATE TABLE commands should run
2015-05-27 13:39:18 -07:00
f15da06af7
Issue #238 - MySql column width too narrow
...
- Added SQL debug logging (SA option: "SQLDebug")
- Added timestamps to the log prints to stdout
- Ignore *.pem in test/js
- Modified start.sh to support environment overrides for BOULDER_CONFIG, like the AMQP mode
- Changed boulder-test-config to open the server on the loopback device, so as to not cause firewall prompts on each integration test run for those of us being restrictive
- Renamed "key" column to "jwk" in DB, to avoid keyword conflict
- Set MaxLength on "jwk" column to 512
2015-05-27 12:12:41 -07:00
d184862427
gofmt and move deniedCSR table creation back to SA
2015-05-25 01:17:28 +01:00
1d65bed82e
remove commented code
2015-05-25 01:06:59 +01:00
a4790fdd22
finish serial-revoke and reg-revoke, switch to transactional semantics
2015-05-25 00:49:52 +01:00
0ab71bed62
initial revoker work
2015-05-23 12:46:56 +01:00
97ff1c8423
merge upstream/master
2015-05-18 19:07:04 -07:00
1c7d0d5411
gofmt touched files
2015-05-18 19:03:25 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
af01cb0cf9
Cleanup RA.NewAuthorization and add SA tests for GetRegistration and GetRegistrationByKey with invalid arguments
2015-05-18 18:02:06 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
faa1d5ac45
review cleanups
2015-05-16 13:25:36 -07:00
e233fdaa61
switch authz and pending_authz to store registration ID instead of key (and update all the random stuff they touched)
2015-05-14 14:14:36 -07:00
6be5c4910e
Merge pull request #185 from rolandshoemaker/deny-store
...
Store and check previously denied CSRs
2015-05-14 09:03:06 -07:00
b3d85ed9b5
fix breakage introduced by b0rked rebase
2015-05-13 19:30:37 -07:00
8aa2a0607e
return full registration object and proper JSON marshal
2015-05-13 19:16:55 -07:00
b9745cf894
check key is assosiated with existing registration in verifyPOST
2015-05-13 19:16:20 -07:00
aa8c20f84a
Fixes in response to review feedback.
2015-05-13 17:36:39 -07:00
f51f0605da
Add reference to issue.
2015-05-13 17:36:38 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
5d5eea7071
switch to only store dns names
2015-05-13 12:08:50 -07:00
07182500eb
add missing rpc methods
2015-05-12 00:08:48 -07:00
a2b3461d6f
make CSR content unique in SQL table
2015-05-11 23:07:41 -07:00
d95c552ab4
add denied csr table and AddDeniedCSR + AlreadyDeniedCSR methods for checking, added AddDeniedCSR to ra.NewCertificate
2015-05-11 23:02:39 -07:00
79b8958f70
fix conflict
2015-05-07 02:07:32 -07:00
df1ff86acd
revert to original transactional semantics
2015-05-07 01:55:38 -07:00
3041423361
dont export the pending/authz utility models
2015-05-06 22:22:31 -07:00
6a065d5cfc
reversing part of the transaction cull
2015-05-06 21:48:55 -07:00
1cc1df2726
use core objects as models (except for pending/final authz)
2015-05-06 21:45:37 -07:00
ae62792d52
actually use them
2015-05-06 16:47:27 -07:00
8290206ef8
consistent test style
2015-05-04 15:17:20 -07:00
ca21cce198
some registration + authorization tests
2015-05-03 15:19:06 -07:00
e25c60eaf8
PK typo
2015-05-03 14:08:02 -07:00
06536fae13
v2 compatible lock column setting
2015-05-03 13:51:11 -07:00
1597af6d2b
fix vet problems
2015-05-03 13:35:15 -07:00
99f385c56e
only add lock cols to tables that need them...
2015-05-03 02:59:45 -07:00
7a1a7ec32a
add opti-lock (for v1) col, fix certificatesStatus typo, better FinalizeAuthorization
2015-05-03 02:29:58 -07:00
421434f2cb
clean up boulderTypeConverter
2015-05-03 01:57:30 -07:00
0a4affaeba
switch rest of functions to gorp, extended TypeConverter
2015-05-02 23:58:19 -07:00
1cee83c262
add db tags to structs we are embeding, update models, add custom type converter, simplify DumpTables (+ fix it), move GetCert... methods to gorp
2015-05-02 21:28:39 -07:00
4b27ae253e
finish dumpTables and make it public (DumpTables)
2015-05-02 17:08:47 -07:00
8a6748182e
add gorp dep
2015-05-02 16:00:35 -07:00
ac78f333f8
Merge branch 'master' into ocsp-table
...
Conflicts:
ca/certificate-authority.go
ca/certificate-authority_test.go
cmd/boulder-ca/main.go
cmd/boulder/main.go
sa/storage-authority.go
sa/storage-authority_test.go
2015-05-02 11:10:05 -07:00
a77152e828
Rework Authority "New" methods to obtain AuditLogger from Singleton
...
- Also ran `go fmt` against these files I was touching anyway:
sa/storage-authority.go
va/validation-authority.go
wfe/web-front-end.go
2015-05-01 21:50:07 -07:00
e828c61818
Add singleton semantics to Audit Logger, per Issue #135
...
- Update tests to use the singleton logger
- Update commands to set the audit logger singleton
- Formatting updates to the tests (go fmt)
2015-05-01 21:48:24 -07:00
7733793bb6
Fix test mode boulder instances.
...
Update initialization stanza.
Revert to inmemory sqlite storage for now.
Remove NOT NULL constraint from some fields.
2015-05-01 19:28:10 -07:00
7352757086
Add test
2015-05-01 16:01:50 -07:00
73603c95cf
Add reason code and fix index.
2015-04-30 11:31:36 -07:00
8e30ff81fb
Partly done implementation of revoke.
2015-04-29 18:36:26 -07:00
1d2c6a5d7c
Split out GetCertificate / GetCertificateByShortSerial.
...
Also stub out some initial revocation code.
2015-04-29 11:48:08 -07:00
3aa3355b27
TEXT -> VARCHAR(255)
2015-04-29 10:20:56 -07:00
f66651bc86
Add revokedDate to certificate status table.
2015-04-28 18:51:15 -07:00
ca6e349906
Fix tests.
2015-04-23 20:06:17 -07:00
7145207104
Add initial certificate status in SA.
...
Also improve test tools.
2015-04-23 19:52:34 -07:00
4d592ee261
Add cert metadata to table schema.
...
Also restructure table init to DRY it.
2015-04-23 17:57:18 -07:00
32e159d320
Always use %016x when formatting shortSerial.
2015-04-23 16:09:46 -07:00
b63c9f3dcf
fixed typo
...
Not sure how that got changed...
2015-04-23 13:51:09 -07:00
828ea5641f
cleanup
2015-04-22 20:27:42 -07:00
2c370de691
back to always-init method
2015-04-22 20:15:57 -07:00
7cf1872d74
typo
2015-04-21 18:44:34 -07:00
6944f233d4
sqlite doesn't support information_schema table
2015-04-21 17:53:53 -07:00
e43bd98c78
move InitTables to NewSQLStorageAuthority and add checks so tables are only created if they don't exist
2015-04-21 17:46:05 -07:00
7d8ef9a019
Fix tests and tidy up for review.
2015-04-18 23:44:42 -04:00
431ad092eb
Query certs by sequential part of serial number.
...
Also refactor WFE for better initialization and change StorageAuthority to
support this type of query.
2015-04-18 00:48:19 -04:00
84df10fd6e
Add empty tests where missing.
...
This will bring our coverage numbers down to a more meaningful number, and will
mean that we can start aiming to increase them monotonically.
2015-04-07 11:27:33 -07:00
33ac212b70
Add logging infrastructure to all authorities and commands
2015-03-24 19:06:11 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
96bd7e215a
Further plumbing of registrations
2015-03-15 15:33:05 -04:00
880821801e
hash.Hash.Write() never returns an error
2015-03-12 12:18:37 +01:00
dcdf9954ae
Pulling out sa module
2015-03-10 15:21:50 -07:00
Richard Barnes