Skip to content

Commit 5383ab4

Browse files
jmhodgesjmhodges
committed
remove the ca database
The last step of removing the ca incremented serial number generation. Fixes letsencrypt#813.
1 parent 1de62e6 commit 5383ab4

11 files changed

+13
-257
lines changed

ca/_db/dbconf.yml

Lines changed: 0 additions & 9 deletions
This file was deleted.

ca/_db/migrations/20150818205601_InitialSchema.sql

Lines changed: 0 additions & 23 deletions
This file was deleted.

ca/_db/migrations/20150821232907_FutzWithSerialNumber.sql

Lines changed: 0 additions & 30 deletions
This file was deleted.

ca/certificate-authority-data.go

Lines changed: 0 additions & 60 deletions
This file was deleted.

ca/certificate-authority-data_test.go

Lines changed: 0 additions & 61 deletions
This file was deleted.

ca/certificate-authority.go

Lines changed: 1 addition & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,6 @@ type CertificateAuthorityImpl struct {
5454
OCSPSigner ocsp.Signer
5555
SA core.StorageAuthority
5656
PA core.PolicyAuthority
57-
DB core.CertificateAuthorityDatabase
5857
Publisher core.Publisher
5958
Clk clock.Clock // TODO(jmhodges): should be private, like log
6059
log *blog.AuditLogger
@@ -70,7 +69,7 @@ type CertificateAuthorityImpl struct {
7069
// using CFSSL's authenticated signature scheme. A CA created in this way
7170
// issues for a single profile on the remote signer, which is indicated
7271
// by name in this constructor.
73-
func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config cmd.CAConfig, clk clock.Clock, issuerCert string) (*CertificateAuthorityImpl, error) {
72+
func NewCertificateAuthorityImpl(config cmd.CAConfig, clk clock.Clock, issuerCert string) (*CertificateAuthorityImpl, error) {
7473
var ca *CertificateAuthorityImpl
7574
var err error
7675
logger := blog.GetAuditLogger()
@@ -127,7 +126,6 @@ func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config
127126
Signer: signer,
128127
OCSPSigner: ocspSigner,
129128
profile: config.Profile,
130-
DB: cadb,
131129
Prefix: config.SerialPrefix,
132130
Clk: clk,
133131
log: logger,
@@ -306,15 +304,6 @@ func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest
306304
Bytes: csr.Raw,
307305
}))
308306

309-
// Get the next serial number
310-
tx, err := ca.DB.Begin()
311-
if err != nil {
312-
err = core.InternalServerError(err.Error())
313-
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
314-
ca.log.AuditErr(err)
315-
return emptyCert, err
316-
}
317-
318307
// Hack: CFSSL always sticks a 64-bit random number at the end of the
319308
// serialSeq we provide, but we want 136 bits of random number, plus an 8-bit
320309
// instance id prefix. For now, we generate the extra 72 bits of randomness
@@ -328,7 +317,6 @@ func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest
328317
err = core.InternalServerError(err.Error())
329318
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
330319
ca.log.Audit(fmt.Sprintf("Serial randomness failed, err=[%v]", err))
331-
tx.Rollback()
332320
return emptyCert, err
333321
}
334322
serialHex := hex.EncodeToString([]byte{byte(ca.Prefix)}) + hex.EncodeToString(randSlice)
@@ -349,15 +337,13 @@ func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest
349337
err = core.InternalServerError(err.Error())
350338
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
351339
ca.log.Audit(fmt.Sprintf("Signer failed, rolling back: serial=[%s] err=[%v]", serialHex, err))
352-
tx.Rollback()
353340
return emptyCert, err
354341
}
355342

356343
if len(certPEM) == 0 {
357344
err = core.InternalServerError("No certificate returned by server")
358345
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
359346
ca.log.Audit(fmt.Sprintf("PEM empty from Signer, rolling back: serial=[%s] err=[%v]", serialHex, err))
360-
tx.Rollback()
361347
return emptyCert, err
362348
}
363349

@@ -366,7 +352,6 @@ func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest
366352
err = core.InternalServerError("Invalid certificate value returned")
367353
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
368354
ca.log.Audit(fmt.Sprintf("PEM decode error, aborting and rolling back issuance: pem=[%s] err=[%v]", certPEM, err))
369-
tx.Rollback()
370355
return emptyCert, err
371356
}
372357
certDER := block.Bytes
@@ -380,7 +365,6 @@ func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest
380365
err = core.InternalServerError(err.Error())
381366
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
382367
ca.log.Audit(fmt.Sprintf("Uncaught error, aborting and rolling back issuance: pem=[%s] err=[%v]", certPEM, err))
383-
tx.Rollback()
384368
return emptyCert, err
385369
}
386370

@@ -390,14 +374,6 @@ func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest
390374
err = core.InternalServerError(err.Error())
391375
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
392376
ca.log.Audit(fmt.Sprintf("Failed RPC to store at SA, orphaning certificate: pem=[%s] err=[%v]", certPEM, err))
393-
tx.Rollback()
394-
return emptyCert, err
395-
}
396-
397-
if err = tx.Commit(); err != nil {
398-
err = core.InternalServerError(err.Error())
399-
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
400-
ca.log.Audit(fmt.Sprintf("Failed to commit, orphaning certificate: pem=[%s] err=[%v]", certPEM, err))
401377
return emptyCert, err
402378
}
403379

0 commit comments

Comments
 (0)