letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/test
History
Aaron Gable d1f8fd2921
RA: improve AdministrativelyRevokeCertificate (#7275) 
The RA.AdministrativelyRevokeCertificate method has two primary modes of
operation: if a certificate DER blob is provided, it parses and extracts
information from that blob, and revokes the cert; if no DER is provided,
it assumes the cert is malformed, and revokes it (but doesn't do an OCSP
cache purge) based on the serial alone. However, this scheme has
slightly confusing semantics in the RA and requires that the admin
tooling look up the certificates to provide them to the RA.

Instead, add a new "malformed" field to the RA's
AdministrativelyRevokeCertificateRequest, and deprecate the "cert" field
of that same request. When the malformed boolean is false, the RA will
look up and parse the certificate itself. When the malformed field is
true, it will revoke the cert based on serial alone.

Note that the main logic of AdministrativelyRevokeCertificate -- namely
revoking, potentially re-revoking, doing an akamai cache purge, etc --
is not changed by this PR. The only thing that changes here is how the
RA gets access to the to-be-revoked certificate's information.

Part of https://github.com/letsencrypt/boulder/issues/7135
 		2024-01-29 13:54:44 -08:00
..
akamai-test-srv Appease errcheck (#6821) 2023-04-14 22:32:24 -04:00
block-a-key Block keys using hex(sha256(spki)). (#4745) 2020-04-09 09:41:33 -07:00
boulder-tools boulder-tools: plumb TARGETPLATFORM into build.sh (#7278) 2024-01-23 11:43:43 -08:00
cert-ceremonies ceremony: Distinguish between intermediate and cross-sign ceremonies (#7005) 2023-08-23 14:01:19 -04:00
config Remove `service1` / `service2` names in consul (#7266) 2024-01-22 09:34:20 -08:00
config-next WFE: Check NewOrder rate limits (#7201) 2024-01-26 21:05:30 -05:00
consul Remove `service1` / `service2` names in consul (#7266) 2024-01-22 09:34:20 -08:00
ct-test-srv Fix non-gRPC process cleanup and exit (#6808) 2023-04-14 16:22:56 -04:00
grafana Python upgrade os upgrades and travis config cleanup (#5186) 2020-11-23 18:12:04 -08:00
grpc-creds Implement DoH for validation queries (#7178) 2023-12-11 10:49:00 -08:00
health-checker Remove `service1` / `service2` names in consul (#7266) 2024-01-22 09:34:20 -08:00
hierarchy CRLs: include IssuingDistributionPoint extension (#6412) 2022-10-24 11:21:55 -07:00
inmem RA: improve AdministrativelyRevokeCertificate (#7275) 2024-01-29 13:54:44 -08:00
integration WFE: Check NewOrder rate limits (#7201) 2024-01-26 21:05:30 -05:00
load-generator Run more go vet checks (#7255) 2024-01-17 12:27:55 -05:00
mail-test-srv Fix non-gRPC process cleanup and exit (#6808) 2023-04-14 16:22:56 -04:00
ocsp CI: Run staticcheck standalone (#7055) 2023-08-31 21:09:40 -07:00
prometheus Remove ocsp-updater from Boulder (#6769) 2023-03-31 14:39:04 -07:00
proxysql Remove ocsp-updater from Boulder (#6769) 2023-03-31 14:39:04 -07:00
redis-tls set permissions for generated certs and keys (#7193) 2023-12-07 20:03:35 -08:00
s3-test-srv crl-storer: check number before uploading (#7065) 2023-09-27 09:12:44 -07:00
secrets WFE: Add new key-value ratelimits implementation (#7089) 2023-10-04 14:12:38 -04:00
vars Improve cert_storage_failed_test (#6849) 2023-05-02 15:43:07 -07:00
wfe-tls Add Redis to Boulder's docker-compose (#5747) 2021-10-28 10:36:11 -07:00
PKI.md ceremony: Distinguish between intermediate and cross-sign ceremonies (#7005) 2023-08-23 14:01:19 -04:00
asserts.go test: better message for different empty slices (#6920) 2023-05-26 09:41:23 -07:00
certs.go Further simplifications to test.ThrowAwayCert (#7129) 2023-11-02 09:45:56 -07:00
challtestsrv.py challtestsrv.py: change address of target (#6234) 2022-07-18 11:10:00 -07:00
chisel2.py VA: Use default PortConfig during testing (#6609) 2023-01-25 16:16:08 -05:00
create_db.sh Clean up database schema (#6832) 2023-04-21 10:37:05 -07:00
db.go It's borpin' time! (#6982) 2023-07-17 14:38:29 -07:00
entrypoint.sh grpc/sa: Implement deep health checks (#6928) 2023-06-12 13:58:53 -04:00
example-bad-key-revoker-template Add bad-key-revoker daemon (#4788) 2020-04-23 11:51:59 -07:00
example-blocked-keys.yaml Block keys using hex(sha256(spki)). (#4745) 2020-04-09 09:41:33 -07:00
example-weak-keys.json Remove executable bit from JSON file (#6764) 2023-03-21 08:59:41 -07:00
format-configs.py lints: Consistently format JSON configuration files (#6755) 2023-03-20 18:11:19 -04:00
helpers.py Remove `service1` / `service2` names in consul (#7266) 2024-01-22 09:34:20 -08:00
hostname-policy.yaml PA: Support YAML for hostname policy. (#4180) 2019-04-26 14:35:28 -04:00
integration-test.py Remove `service1` / `service2` names in consul (#7266) 2024-01-22 09:34:20 -08:00
rate-limit-policies.yml RA: Implement leaky bucket for duplicate certificate limit (#6262) 2022-07-29 17:39:31 -07:00
redis-cli.sh ratelimits: Add Redis source (#7016) 2023-08-10 11:45:04 -04:00
redis-ocsp.config ratelimits: Add Redis source (#7016) 2023-08-10 11:45:04 -04:00
redis-ratelimits.config ratelimits: Add Redis source (#7016) 2023-08-10 11:45:04 -04:00
startservers.py Remove `service1` / `service2` names in consul (#7266) 2024-01-22 09:34:20 -08:00
test-ca-cross.pem wfe: implement alternate certificate chains (#4714) 2020-03-24 12:43:26 -07:00
test-ca.der Unflake OCSP integration test 2015-10-21 14:38:15 -07:00
test-ca.key Make it easier to start a test config. 2015-04-09 18:26:40 -07:00
test-ca.key-pkcs11.json Switch to OS-provided SoftHSM2. (#5365) 2021-03-30 17:37:58 -07:00
test-ca.key.der Add DER form of test-ca key in-tree. (#2041) 2016-07-12 09:06:59 -07:00
test-ca.pem Unflake OCSP integration test 2015-10-21 14:38:15 -07:00
test-ca.pubkey.pem Fix test pubkey files. (#4826) 2020-05-27 12:30:47 -07:00
test-ca2-cross.pem wfe: implement alternate certificate chains (#4714) 2020-03-24 12:43:26 -07:00
test-ca2.pem Add multi-issuer support to the CA. 2016-03-21 20:56:58 -07:00
test-caa-log-checker.sh Add support for subcommands to "boulder" command (#6426) 2022-10-06 11:21:47 -07:00
test-ee.key WFE: Always use precert revocation path (#5227) 2021-01-20 16:00:11 -08:00
test-ee.pem WFE: Always use precert revocation path (#5227) 2021-01-20 16:00:11 -08:00
test-example.key Implement TLS-ALPN-01 and integration test for it (#3654) 2018-06-06 13:04:09 -04:00
test-example.pem Implement TLS-ALPN-01 and integration test for it (#3654) 2018-06-06 13:04:09 -04:00
test-key-5.der Fix wfe2 key rollover (#3373) 2018-01-18 14:31:48 -08:00
test-root.der Update pkcs11key to v4 (#4602) 2019-12-09 10:03:33 -08:00
test-root.key Unflake OCSP integration test 2015-10-21 14:38:15 -07:00
test-root.key-pkcs11.json Switch to OS-provided SoftHSM2. (#5365) 2021-03-30 17:37:58 -07:00
test-root.key.der Improve single-ocsp command (#2181) 2016-09-15 15:28:54 -07:00
test-root.pem Unflake OCSP integration test 2015-10-21 14:38:15 -07:00
test-root.pubkey.pem Fix test pubkey files. (#4826) 2020-05-27 12:30:47 -07:00
test-root2.key wfe: implement alternate certificate chains (#4714) 2020-03-24 12:43:26 -07:00
test-root2.pem wfe: implement alternate certificate chains (#4714) 2020-03-24 12:43:26 -07:00
v2_integration.py WFE: Check NewOrder rate limits (#7201) 2024-01-26 21:05:30 -05:00
wait-for-it.sh Quiet the output of wait-for-it (#5775) 2021-11-05 11:38:20 -07:00