https-github-com-bit
diff --git a/‎cmd/boulder-va/main.go‎
Lines changed: 2 additions & 2 deletions b/‎cmd/boulder-va/main.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎core/interfaces.go‎
Lines changed: 5 additions & 0 deletions b/‎core/interfaces.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎core/objects.go‎
Lines changed: 1 addition & 0 deletions b/‎core/objects.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎core/va.go‎
Lines changed: 0 additions & 15 deletions b/‎core/va.go‎
Lines changed: 0 additions & 15 deletions
diff --git a/‎grpc/pb-marshalling.go‎
Lines changed: 2 additions & 58 deletions b/‎grpc/pb-marshalling.go‎
Lines changed: 2 additions & 58 deletions
diff --git a/‎grpc/pb-marshalling_test.go‎
Lines changed: 8 additions & 64 deletions b/‎grpc/pb-marshalling_test.go‎
Lines changed: 8 additions & 64 deletions
diff --git a/‎grpc/va-wrappers.go‎
Lines changed: 9 additions & 44 deletions b/‎grpc/va-wrappers.go‎
Lines changed: 9 additions & 44 deletions
diff --git a/‎ra/ra.go‎
Lines changed: 26 additions & 5 deletions b/‎ra/ra.go‎
Lines changed: 26 additions & 5 deletions
@@ -141,8 +141,8 @@ func main() {
 			remotes = append(
 				remotes,
 				va.RemoteVA{
-					ValidationAuthority: bgrpc.NewValidationAuthorityGRPCClient(vaConn),
-					Address:             rva.ServerAddress,
+					VAClient: bgrpc.NewValidationAuthorityGRPCClient(vaConn),
+					Address:  rva.ServerAddress,
 				},
 			)
 		}
 
@@ -16,6 +16,7 @@ import (
 	rapb "github.com/letsencrypt/boulder/ra/proto"
 	"github.com/letsencrypt/boulder/revocation"
 	sapb "github.com/letsencrypt/boulder/sa/proto"
+	vapb "github.com/letsencrypt/boulder/va/proto"
 )
 
 // A WebFrontEnd object supplies methods that can be hooked into
@@ -91,6 +92,10 @@ type RegistrationAuthority interface {
 	AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, code revocation.Reason, adminName string) error
 }
 
+// ValidationAuthority defines the public interface for the Boulder VA
+// TODO(#4956): Remove this unnecessary type alias.
+type ValidationAuthority vapb.VAServer
+
 // CertificateAuthority defines the public interface for the Boulder CA
 type CertificateAuthority interface {
 	// [RegistrationAuthority]
 
@@ -58,6 +58,7 @@ const (
 )
 
 // These types are the available challenges
+// TODO(#5009): Make this a custom type as well.
 const (
 	ChallengeTypeHTTP01    = "http-01"
 	ChallengeTypeDNS01     = "dns-01"
 
@@ -26,23 +26,6 @@ var ErrMissingParameters = CodedError(codes.FailedPrecondition, "required RPC pa
 // This file defines functions to translate between the protobuf types and the
 // code types.
 
-func authzMetaToPB(authz core.Authorization) (*vapb.AuthzMeta, error) {
-	return &vapb.AuthzMeta{
-		Id:    &authz.ID,
-		RegID: &authz.RegistrationID,
-	}, nil
-}
-
-func pbToAuthzMeta(in *vapb.AuthzMeta) (core.Authorization, error) {
-	if in == nil || in.Id == nil || in.RegID == nil {
-		return core.Authorization{}, ErrMissingParameters
-	}
-	return core.Authorization{
-		ID:             *in.Id,
-		RegistrationID: *in.RegID,
-	}, nil
-}
-
 func ProblemDetailsToPB(prob *probs.ProblemDetails) (*corepb.ProblemDetails, error) {
 	if prob == nil {
 		// nil problemDetails is valid
@@ -98,7 +81,7 @@ func ChallengeToPB(challenge core.Challenge) (*corepb.Challenge, error) {
 	}, nil
 }
 
-func pbToChallenge(in *corepb.Challenge) (challenge core.Challenge, err error) {
+func PBToChallenge(in *corepb.Challenge) (challenge core.Challenge, err error) {
 	if in == nil {
 		return core.Challenge{}, ErrMissingParameters
 	}
@@ -224,45 +207,6 @@ func pbToValidationResult(in *vapb.ValidationResult) ([]core.ValidationRecord, *
 	return recordAry, prob, nil
 }
 
-func performValidationReqToArgs(in *vapb.PerformValidationRequest) (domain string, challenge core.Challenge, authz core.Authorization, err error) {
-	if in == nil {
-		err = ErrMissingParameters
-		return
-	}
-	if in.Domain == nil {
-		err = ErrMissingParameters
-		return
-	}
-	domain = *in.Domain
-	challenge, err = pbToChallenge(in.Challenge)
-	if err != nil {
-		return
-	}
-	authz, err = pbToAuthzMeta(in.Authz)
-	if err != nil {
-		return
-	}
-
-	return domain, challenge, authz, nil
-}
-
-func argsToPerformValidationRequest(domain string, challenge core.Challenge, authz core.Authorization) (*vapb.PerformValidationRequest, error) {
-	pbChall, err := ChallengeToPB(challenge)
-	if err != nil {
-		return nil, err
-	}
-	authzMeta, err := authzMetaToPB(authz)
-	if err != nil {
-		return nil, err
-	}
-	return &vapb.PerformValidationRequest{
-		Domain:    &domain,
-		Challenge: pbChall,
-		Authz:     authzMeta,
-	}, nil
-
-}
-
 func registrationToPB(reg core.Registration) (*corepb.Registration, error) {
 	keyBytes, err := reg.Key.MarshalJSON()
 	if err != nil {
@@ -357,7 +301,7 @@ func AuthzToPB(authz core.Authorization) (*corepb.Authorization, error) {
 func PBToAuthz(pb *corepb.Authorization) (core.Authorization, error) {
 	challs := make([]core.Challenge, len(pb.Challenges))
 	for i, c := range pb.Challenges {
-		chall, err := pbToChallenge(c)
+		chall, err := PBToChallenge(c)
 		if err != nil {
 			return core.Authorization{}, err
 		}
 
@@ -13,40 +13,8 @@ import (
 	"github.com/letsencrypt/boulder/identifier"
 	"github.com/letsencrypt/boulder/probs"
 	"github.com/letsencrypt/boulder/test"
-	vapb "github.com/letsencrypt/boulder/va/proto"
 )
 
-func TestAuthzMeta(t *testing.T) {
-	authz := core.Authorization{ID: "asd", RegistrationID: 10}
-	pb, err := authzMetaToPB(authz)
-	test.AssertNotError(t, err, "authzMetaToPB failed")
-	test.Assert(t, pb != nil, "return vapb.AuthzMeta is nill")
-	test.Assert(t, pb.Id != nil, "Id field is nil")
-	test.AssertEquals(t, *pb.Id, authz.ID)
-	test.Assert(t, pb.RegID != nil, "RegistrationID field is nil")
-	test.AssertEquals(t, *pb.RegID, authz.RegistrationID)
-
-	recon, err := pbToAuthzMeta(pb)
-	test.AssertNotError(t, err, "pbToAuthzMeta failed")
-	test.AssertEquals(t, recon.ID, authz.ID)
-	test.AssertEquals(t, recon.RegistrationID, authz.RegistrationID)
-
-	_, err = pbToAuthzMeta(nil)
-	test.AssertError(t, err, "pbToAuthzMeta did not fail")
-	test.AssertEquals(t, err, ErrMissingParameters)
-	_, err = pbToAuthzMeta(&vapb.AuthzMeta{})
-	test.AssertError(t, err, "pbToAuthzMeta did not fail")
-	test.AssertEquals(t, err, ErrMissingParameters)
-	empty := ""
-	one := int64(1)
-	_, err = pbToAuthzMeta(&vapb.AuthzMeta{Id: &empty})
-	test.AssertError(t, err, "pbToAuthzMeta did not fail")
-	test.AssertEquals(t, err, ErrMissingParameters)
-	_, err = pbToAuthzMeta(&vapb.AuthzMeta{RegID: &one})
-	test.AssertError(t, err, "pbToAuthzMeta did not fail")
-	test.AssertEquals(t, err, ErrMissingParameters)
-}
-
 const JWK1JSON = `{"kty":"RSA","n":"vuc785P8lBj3fUxyZchF_uZw6WtbxcorqgTyq-qapF5lrO1U82Tp93rpXlmctj6fyFHBVVB5aXnUHJ7LZeVPod7Wnfl8p5OyhlHQHC8BnzdzCqCMKmWZNX5DtETDId0qzU7dPzh0LP0idt5buU7L9QNaabChw3nnaL47iu_1Di5Wp264p2TwACeedv2hfRDjDlJmaQXuS8Rtv9GnRWyC9JBu7XmGvGDziumnJH7Hyzh3VNu-kSPQD3vuAFgMZS6uUzOztCkT0fpOalZI6hqxtWLvXUMj-crXrn-Maavz8qRhpAyp5kcYk3jiHGgQIi7QSK2JIdRJ8APyX9HlmTN5AQ","e":"AQAB"}`
 
 func TestProblemDetails(t *testing.T) {
@@ -96,8 +64,8 @@ func TestChallenge(t *testing.T) {
 	test.AssertNotError(t, err, "ChallengeToPB failed")
 	test.Assert(t, pb != nil, "Returned corepb.Challenge is nil")
 
-	recon, err := pbToChallenge(pb)
-	test.AssertNotError(t, err, "pbToChallenge failed")
+	recon, err := PBToChallenge(pb)
+	test.AssertNotError(t, err, "PBToChallenge failed")
 	test.AssertDeepEquals(t, recon, chall)
 
 	ip := net.ParseIP("1.1.1.1")
@@ -116,15 +84,15 @@ func TestChallenge(t *testing.T) {
 	test.AssertNotError(t, err, "ChallengeToPB failed")
 	test.Assert(t, pb != nil, "Returned corepb.Challenge is nil")
 
-	recon, err = pbToChallenge(pb)
-	test.AssertNotError(t, err, "pbToChallenge failed")
+	recon, err = PBToChallenge(pb)
+	test.AssertNotError(t, err, "PBToChallenge failed")
 	test.AssertDeepEquals(t, recon, chall)
 
-	_, err = pbToChallenge(nil)
-	test.AssertError(t, err, "pbToChallenge did not fail")
+	_, err = PBToChallenge(nil)
+	test.AssertError(t, err, "PBToChallenge did not fail")
 	test.AssertEquals(t, err, ErrMissingParameters)
-	_, err = pbToChallenge(&corepb.Challenge{})
-	test.AssertError(t, err, "pbToChallenge did not fail")
+	_, err = PBToChallenge(&corepb.Challenge{})
+	test.AssertError(t, err, "PBToChallenge did not fail")
 	test.AssertEquals(t, err, ErrMissingParameters)
 }
 
@@ -179,30 +147,6 @@ func TestValidationResult(t *testing.T) {
 	test.AssertDeepEquals(t, reconProb, prob)
 }
 
-func TestPerformValidationReq(t *testing.T) {
-	var jwk jose.JSONWebKey
-	err := json.Unmarshal([]byte(JWK1JSON), &jwk)
-	test.AssertNotError(t, err, "Failed to unmarshal test key")
-	domain := "example.com"
-	chall := core.Challenge{
-		Type:                     core.ChallengeTypeDNS01,
-		Status:                   core.StatusPending,
-		Token:                    "asd",
-		ProvidedKeyAuthorization: "keyauth",
-	}
-	authz := core.Authorization{ID: "asd", RegistrationID: 10}
-
-	pb, err := argsToPerformValidationRequest(domain, chall, authz)
-	test.AssertNotError(t, err, "argsToPerformValidationRequest failed")
-	test.Assert(t, pb != nil, "Return vapb.PerformValidationRequest is nil")
-
-	reconDomain, reconChall, reconAuthz, err := performValidationReqToArgs(pb)
-	test.AssertNotError(t, err, "performValidationReqToArgs failed")
-	test.AssertEquals(t, reconDomain, domain)
-	test.AssertDeepEquals(t, reconChall, chall)
-	test.AssertDeepEquals(t, reconAuthz, authz)
-}
-
 func TestRegistration(t *testing.T) {
 	contacts := []string{"email"}
 	var key jose.JSONWebKey
 
@@ -11,68 +11,33 @@ import (
 
 	ggrpc "google.golang.org/grpc"
 
-	"github.com/letsencrypt/boulder/core"
-	"github.com/letsencrypt/boulder/probs"
 	vapb "github.com/letsencrypt/boulder/va/proto"
 )
 
 type ValidationAuthorityGRPCServer struct {
-	impl core.ValidationAuthority
+	inner vapb.VAServer
 }
 
-func (s *ValidationAuthorityGRPCServer) PerformValidation(ctx context.Context, in *vapb.PerformValidationRequest) (*vapb.ValidationResult, error) {
-	domain, challenge, authz, err := performValidationReqToArgs(in)
-	if err != nil {
-		return nil, err
-	}
-	records, err := s.impl.PerformValidation(ctx, domain, challenge, authz)
-	// If the type of error was a ProblemDetails, we need to return
-	// both that and the records to the caller (so it can update
-	// the challenge / authz in the SA with the failing records).
-	// The least error-prone way of doing this is to send a struct
-	// as the RPC response and return a nil error on the RPC layer,
-	// then unpack that into (records, error) to the caller.
-	prob, ok := err.(*probs.ProblemDetails)
-	if !ok && err != nil {
-		return nil, err
-	}
-	return ValidationResultToPB(records, prob)
+func (s *ValidationAuthorityGRPCServer) PerformValidation(ctx context.Context, req *vapb.PerformValidationRequest) (*vapb.ValidationResult, error) {
+	return s.inner.PerformValidation(ctx, req)
 }
 
-func RegisterValidationAuthorityGRPCServer(s *ggrpc.Server, impl core.ValidationAuthority) error {
-	rpcSrv := &ValidationAuthorityGRPCServer{impl}
+func RegisterValidationAuthorityGRPCServer(s *ggrpc.Server, inner vapb.VAServer) error {
+	rpcSrv := &ValidationAuthorityGRPCServer{inner}
 	vapb.RegisterVAServer(s, rpcSrv)
 	return nil
 }
 
 type ValidationAuthorityGRPCClient struct {
-	gc vapb.VAClient
+	inner vapb.VAClient
 }
 
-func NewValidationAuthorityGRPCClient(cc *ggrpc.ClientConn) core.ValidationAuthority {
+func NewValidationAuthorityGRPCClient(cc *ggrpc.ClientConn) vapb.VAClient {
 	return &ValidationAuthorityGRPCClient{vapb.NewVAClient(cc)}
 }
 
 // PerformValidation has the VA revalidate the specified challenge and returns
 // the updated Challenge object.
-func (vac ValidationAuthorityGRPCClient) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, authz core.Authorization) ([]core.ValidationRecord, error) {
-	req, err := argsToPerformValidationRequest(domain, challenge, authz)
-	if err != nil {
-		return nil, err
-	}
-	gRecords, err := vac.gc.PerformValidation(ctx, req)
-	if err != nil {
-		return nil, err
-	}
-	records, prob, err := pbToValidationResult(gRecords)
-	if err != nil {
-		return nil, err
-	}
-	if prob != nil {
-		return records, prob
-	}
-
-	// We return nil explicitly to avoid "typed nil" problems.
-	// https://golang.org/doc/faq#nil_error
-	return records, nil
+func (vac ValidationAuthorityGRPCClient) PerformValidation(ctx context.Context, req *vapb.PerformValidationRequest, opts ...ggrpc.CallOption) (*vapb.ValidationResult, error) {
+	return vac.inner.PerformValidation(ctx, req)
 }
@@ -57,7 +57,7 @@ type caaChecker interface {
 // populated, or there is a risk of panic.
 type RegistrationAuthorityImpl struct {
 	CA        core.CertificateAuthority
-	VA        core.ValidationAuthority
+	VA        vapb.VAClient
 	SA        core.StorageAuthority
 	PA        core.PolicyAuthority
 	publisher core.Publisher
@@ -1609,18 +1609,39 @@ func (ra *RegistrationAuthorityImpl) PerformValidation(
 		challenges := make([]core.Challenge, len(authz.Challenges))
 		copy(challenges, authz.Challenges)
 		authz.Challenges = challenges
+		chall, _ := bgrpc.ChallengeToPB(authz.Challenges[challIndex])
+
+		req := vapb.PerformValidationRequest{
+			Domain:    &authz.Identifier.Value,
+			Challenge: chall,
+			Authz: &vapb.AuthzMeta{
+				Id:    &authz.ID,
+				RegID: &authz.RegistrationID,
+			},
+		}
+		res, err := ra.VA.PerformValidation(vaCtx, &req)
 
-		records, err := ra.VA.PerformValidation(vaCtx, authz.Identifier.Value, authz.Challenges[challIndex], authz)
 		var prob *probs.ProblemDetails
-		if p, ok := err.(*probs.ProblemDetails); ok {
-			prob = p
-		} else if err != nil {
+		if err != nil {
 			prob = probs.ServerInternal("Could not communicate with VA")
 			ra.log.AuditErrf("Could not communicate with VA: %s", err)
+		} else if res.Problems != nil {
+			prob, err = bgrpc.PBToProblemDetails(res.Problems)
+			if err != nil {
+				prob = probs.ServerInternal("Could not communicate with VA")
+				ra.log.AuditErrf("Could not communicate with VA: %s", err)
+			}
 		}
 
 		// Save the updated records
 		challenge := &authz.Challenges[challIndex]
+		records := make([]core.ValidationRecord, len(res.Records))
+		for i, r := range res.Records {
+			records[i], err = bgrpc.PBToValidationRecord(r)
+			if err != nil {
+				prob = probs.ServerInternal("Records for validation corrupt")
+			}
+		}
 		challenge.ValidationRecord = records
 
 		if !challenge.RecordsSane() && prob == nil {
Original file line number	Diff line number	Diff line change
`@@ -141,8 +141,8 @@ func main() {`
`141`	`141`	`remotes = append(`
`142`	`142`	`remotes,`
`143`	`143`	`va.RemoteVA{`
`144`		`- ValidationAuthority: bgrpc.NewValidationAuthorityGRPCClient(vaConn),`
`145`		`- Address: rva.ServerAddress,`
	`144`	`+ VAClient: bgrpc.NewValidationAuthorityGRPCClient(vaConn),`
	`145`	`+ Address: rva.ServerAddress,`
`146`	`146`	`},`
`147`	`147`	`)`
`148`	`148`	`}`
Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ const (`
`58`	`58`	`)`
`59`	`59`
`60`	`60`	`// These types are the available challenges`
	`61`	`+// TODO(#5009): Make this a custom type as well.`
`61`	`62`	`const (`
`62`	`63`	`ChallengeTypeHTTP01 = "http-01"`
`63`	`64`	`ChallengeTypeDNS01 = "dns-01"`