Skip to content

Commit 1126389

Browse files
aarongableaarongable
authored
Remove RA NewAuthorization and NewCertificate (letsencrypt#5900)
These gRPC methods were only used by the ACMEv1 code paths. Now that boulder-wfe has been fully removed, we can be confident that no clients ever call these methods, and can remove them from the gRPC service interface. Part of letsencrypt#5816
1 parent 8ffae7d commit 1126389

File tree

7 files changed

+169
-458
lines changed

7 files changed

+169
-458
lines changed

ra/proto/ra.pb.go

Lines changed: 164 additions & 335 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ra/proto/ra.proto

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,6 @@ import "google/protobuf/empty.proto";
88

99
service RegistrationAuthority {
1010
rpc NewRegistration(core.Registration) returns (core.Registration) {}
11-
rpc NewAuthorization(NewAuthorizationRequest) returns (core.Authorization) {}
12-
rpc NewCertificate(NewCertificateRequest) returns (core.Certificate) {}
1311
rpc UpdateRegistration(UpdateRegistrationRequest) returns (core.Registration) {}
1412
rpc PerformValidation(PerformValidationRequest) returns (core.Authorization) {}
1513
rpc RevokeCertificateWithReg(RevokeCertificateWithRegRequest) returns (google.protobuf.Empty) {}
@@ -20,17 +18,6 @@ service RegistrationAuthority {
2018
rpc FinalizeOrder(FinalizeOrderRequest) returns (core.Order) {}
2119
}
2220

23-
message NewAuthorizationRequest {
24-
core.Authorization authz = 1;
25-
int64 regID = 2;
26-
}
27-
28-
message NewCertificateRequest {
29-
bytes csr = 1;
30-
int64 regID = 2;
31-
int64 issuerNameID = 3;
32-
}
33-
3421
message UpdateRegistrationRequest {
3522
core.Registration base = 1;
3623
core.Registration update = 2;

ra/proto/ra_grpc.pb.go

Lines changed: 0 additions & 72 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ra/ra.go

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -571,13 +571,6 @@ func (ra *RegistrationAuthorityImpl) checkNewOrdersPerAccountLimit(ctx context.C
571571
return nil
572572
}
573573

574-
// NewAuthorization constructs a new Authz from a request. Values (domains) in
575-
// request.Identifier will be lowercased before storage.
576-
// TODO(#5681): Remove this method entirely
577-
func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, req *rapb.NewAuthorizationRequest) (*corepb.Authorization, error) {
578-
return nil, fmt.Errorf("The ACME v1 NewAuthorization flow is deprecated")
579-
}
580-
581574
// MatchesCSR tests the contents of a generated certificate to make sure
582575
// that the PublicKey, CommonName, and DNSNames match those provided in
583576
// the CSR that was used to generate the certificate. It also checks the
@@ -1000,11 +993,6 @@ func (ra *RegistrationAuthorityImpl) FinalizeOrder(ctx context.Context, req *rap
1000993
return order, nil
1001994
}
1002995

1003-
// NewCertificate requests the issuance of a certificate for the v1 flow.
1004-
func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req *rapb.NewCertificateRequest) (*corepb.Certificate, error) {
1005-
return nil, errors.New("The ACME v1 NewCertificate flow is deprecated")
1006-
}
1007-
1008996
// To help minimize the chance that an accountID would be used as an order ID
1009997
// (or vice versa) when calling `issueCertificate` we define internal
1010998
// `accountID` and `orderID` types so that callers must explicitly cast.

ra/ra_test.go

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -206,12 +206,7 @@ var (
206206

207207
Registration = &corepb.Registration{Id: 1}
208208

209-
AuthzRequest = &rapb.NewAuthorizationRequest{
210-
Authz: &corepb.Authorization{
211-
Identifier: "not-example.com",
212-
},
213-
RegID: Registration.Id,
214-
}
209+
Identifier = "not-example.com"
215210

216211
log = blog.UseMock()
217212
)
@@ -718,7 +713,7 @@ func TestPerformValidationExpired(t *testing.T) {
718713
_, sa, ra, fc, cleanUp := initAuthorities(t)
719714
defer cleanUp()
720715

721-
authz := createPendingAuthorization(t, sa, AuthzRequest.Authz.Identifier, fc.Now().Add(-2*time.Hour))
716+
authz := createPendingAuthorization(t, sa, Identifier, fc.Now().Add(-2*time.Hour))
722717

723718
_, err := ra.PerformValidation(ctx, &rapb.PerformValidationRequest{
724719
Authz: authz,
@@ -776,7 +771,7 @@ func TestPerformValidationSuccess(t *testing.T) {
776771
defer cleanUp()
777772

778773
// We know this is OK because of TestNewAuthorization
779-
authzPB := createPendingAuthorization(t, sa, AuthzRequest.Authz.Identifier, fc.Now().Add(12*time.Hour))
774+
authzPB := createPendingAuthorization(t, sa, Identifier, fc.Now().Add(12*time.Hour))
780775

781776
va.ResultReturn = &vapb.ValidationResult{
782777
Records: []*corepb.ValidationRecord{
@@ -836,7 +831,7 @@ func TestPerformValidationVAError(t *testing.T) {
836831
va, sa, ra, fc, cleanUp := initAuthorities(t)
837832
defer cleanUp()
838833

839-
authzPB := createPendingAuthorization(t, sa, AuthzRequest.Authz.Identifier, fc.Now().Add(12*time.Hour))
834+
authzPB := createPendingAuthorization(t, sa, Identifier, fc.Now().Add(12*time.Hour))
840835

841836
va.ResultError = fmt.Errorf("Something went wrong")
842837

@@ -3106,7 +3101,7 @@ func TestUpdateMissingAuthorization(t *testing.T) {
31063101
defer cleanUp()
31073102
ctx := context.Background()
31083103

3109-
authzPB := createPendingAuthorization(t, sa, AuthzRequest.Authz.Identifier, fc.Now().Add(12*time.Hour))
3104+
authzPB := createPendingAuthorization(t, sa, Identifier, fc.Now().Add(12*time.Hour))
31103105
authz, err := bgrpc.PBToAuthz(authzPB)
31113106
test.AssertNotError(t, err, "failed to deserialize authz")
31123107

test/inmem/ra/ra.go

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ package ra
33
import (
44
"context"
55

6-
"github.com/letsencrypt/boulder/core/proto"
76
"github.com/letsencrypt/boulder/ra"
87
rapb "github.com/letsencrypt/boulder/ra/proto"
98

@@ -24,8 +23,3 @@ type RA struct {
2423
func (ra RA) AdministrativelyRevokeCertificate(ctx context.Context, req *rapb.AdministrativelyRevokeCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
2524
return ra.Impl.AdministrativelyRevokeCertificate(ctx, req)
2625
}
27-
28-
// NewCertificate is a wrapper for `*ra.RegistrationAuthorityImpl.NewCertificate`.
29-
func (ra RA) NewCertificate(ctx context.Context, req *rapb.NewCertificateRequest, _ ...grpc.CallOption) (*proto.Certificate, error) {
30-
return ra.Impl.NewCertificate(ctx, req)
31-
}

wfe2/wfe_test.go

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -219,16 +219,6 @@ func (ra *MockRegistrationAuthority) NewRegistration(ctx context.Context, in *co
219219
return in, nil
220220
}
221221

222-
func (ra *MockRegistrationAuthority) NewAuthorization(ctx context.Context, in *rapb.NewAuthorizationRequest, _ ...grpc.CallOption) (*corepb.Authorization, error) {
223-
in.Authz.RegistrationID = in.RegID
224-
in.Authz.Id = "bkrPh2u0JUf18-rVBZtOOWWb3GuIiliypL-hBM9Ak1Q"
225-
return in.Authz, nil
226-
}
227-
228-
func (ra *MockRegistrationAuthority) NewCertificate(context.Context, *rapb.NewCertificateRequest, ...grpc.CallOption) (*corepb.Certificate, error) {
229-
return &corepb.Certificate{}, nil
230-
}
231-
232222
func (ra *MockRegistrationAuthority) UpdateRegistration(ctx context.Context, in *rapb.UpdateRegistrationRequest, _ ...grpc.CallOption) (*corepb.Registration, error) {
233223
if !bytes.Equal(in.Base.Key, in.Update.Key) {
234224
in.Base.Key = in.Update.Key

0 commit comments

Comments
 (0)