1c573d592b
Followup from #5839. I chose groupcache/lru as our LRU cache implementation because it's part of the golang org, written by one of the Go authors, and very simple and easy to read. This adds an `AccountGetter` interface that is implemented by both the AccountCache and the SA. If the WFE config includes an AccountCache field, it will wrap the SA in an AccountCache with the configured max size and expiration time. We set an expiration time on account cache entries because we want a bounded amount of time that they may be stale by. This will be used in conjunction with a delay on account-updating pathways to ensure we don't allow authentication with a deactivated account or changed key. The account cache stores corepb.Registration objects because protobufs have an established way to do a deep copy. Deep copies are important so the cache can maintain its own internal state and ensure nothing external is modifying it. As part of this process I changed construction of the WFE. Previously, "SA" and "RA" were public fields that were mutated after construction. Now they are parameters to the constructor, along with the new "accountGetter" parameter. The cache includes stats for requests categorized by hits and misses. |
||
|---|---|---|
| .. | ||
| test | ||
| README.md | ||
| cache.go | ||
| cache_test.go | ||
| prod_aia.go | ||
| stale.go | ||
| stale_test.go | ||
| stats.go | ||
| test_aia.go | ||
| verify.go | ||
| verify_test.go | ||
| wfe.go | ||
| wfe_test.go | ||
README.md
WFE v2
The wfe2 package is copied from the wfe package in order to implement the
"ACME v2" API. This design choice
was made to facilitate a clean separation between v1 and v2 code and to support
running a separate API process on a different port alongside the v1 API process.