https-github-com-bit
diff --git a/‎mocks/mocks.go‎
Lines changed: 45 additions & 0 deletions b/‎mocks/mocks.go‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎probs/probs.go‎
Lines changed: 14 additions & 13 deletions b/‎probs/probs.go‎
Lines changed: 14 additions & 13 deletions
diff --git a/‎probs/probs_test.go‎
Lines changed: 1 addition & 1 deletion b/‎probs/probs_test.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎va/va_test.go‎
Lines changed: 1 addition & 1 deletion b/‎va/va_test.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎wfe/wfe.go‎
Lines changed: 20 additions & 11 deletions b/‎wfe/wfe.go‎
Lines changed: 20 additions & 11 deletions
@@ -15,6 +15,7 @@ import (
 	"github.com/letsencrypt/boulder/core"
 	corepb "github.com/letsencrypt/boulder/core/proto"
 	berrors "github.com/letsencrypt/boulder/errors"
+	"github.com/letsencrypt/boulder/probs"
 	"github.com/letsencrypt/boulder/revocation"
 	sapb "github.com/letsencrypt/boulder/sa/proto"
 )
@@ -494,3 +495,47 @@ func (m *Mailer) Close() error {
 func (m *Mailer) Connect() error {
 	return nil
 }
+
+// mockSAWithFailedChallenges is a mocks.StorageAuthority that has
+// a `GetAuthorization` implementation that can return authorizations with
+// failed challenges.
+type SAWithFailedChallenges struct {
+	StorageAuthority
+	Clk clock.FakeClock
+}
+
+func (sa *SAWithFailedChallenges) GetAuthorization(_ context.Context, id string) (core.Authorization, error) {
+	authz := core.Authorization{
+		ID:             "valid",
+		Status:         core.StatusValid,
+		RegistrationID: 1,
+		Identifier:     core.AcmeIdentifier{Type: "dns", Value: "not-an-example.com"},
+		Challenges: []core.Challenge{
+			{
+				ID:   23,
+				Type: "dns",
+			},
+		},
+	}
+	prob := &probs.ProblemDetails{
+		Type:       "things:are:whack",
+		Detail:     "whack attack",
+		HTTPStatus: 555,
+	}
+	exp := sa.Clk.Now().AddDate(100, 0, 0)
+	authz.Expires = &exp
+	// "oldNS" returns an authz with a failed challenge that has the problem type
+	// statically prefixed by the V1ErrorNS
+	if id == "oldNS" {
+		prob.Type = probs.V1ErrorNS + prob.Type
+		authz.Challenges[0].Error = prob
+		return authz, nil
+	}
+	// "failed" returns an authz with a failed challenge that has no error
+	// namespace on the problem type.
+	if id == "failed" {
+		authz.Challenges[0].Error = prob
+		return authz, nil
+	}
+	return core.Authorization{}, berrors.NotFoundError("no authorization found with id %q", id)
+}
@@ -7,19 +7,20 @@ import (
 
 // Error types that can be used in ACME payloads
 const (
-	ConnectionProblem         = ProblemType("urn:acme:error:connection")
-	MalformedProblem          = ProblemType("urn:acme:error:malformed")
-	ServerInternalProblem     = ProblemType("urn:acme:error:serverInternal")
-	TLSProblem                = ProblemType("urn:acme:error:tls")
-	UnauthorizedProblem       = ProblemType("urn:acme:error:unauthorized")
-	UnknownHostProblem        = ProblemType("urn:acme:error:unknownHost")
-	RateLimitedProblem        = ProblemType("urn:acme:error:rateLimited")
-	BadNonceProblem           = ProblemType("urn:acme:error:badNonce")
-	InvalidEmailProblem       = ProblemType("urn:acme:error:invalidEmail")
-	RejectedIdentifierProblem = ProblemType("urn:acme:error:rejectedIdentifier")
-
-	v2ErrorNS                  = "urn:ietf:params:acme:error:"
-	AccountDoesNotExistProblem = ProblemType(v2ErrorNS + "accountDoesNotExist")
+	ConnectionProblem          = ProblemType("connection")
+	MalformedProblem           = ProblemType("malformed")
+	ServerInternalProblem      = ProblemType("serverInternal")
+	TLSProblem                 = ProblemType("tls")
+	UnauthorizedProblem        = ProblemType("unauthorized")
+	UnknownHostProblem         = ProblemType("unknownHost")
+	RateLimitedProblem         = ProblemType("rateLimited")
+	BadNonceProblem            = ProblemType("badNonce")
+	InvalidEmailProblem        = ProblemType("invalidEmail")
+	RejectedIdentifierProblem  = ProblemType("rejectedIdentifier")
+	AccountDoesNotExistProblem = ProblemType("accountDoesNotExist")
+
+	V1ErrorNS = "urn:acme:error:"
+	V2ErrorNS = "urn:ietf:params:acme:error:"
 )
 
 // ProblemType defines the error types in the ACME protocol
 
@@ -14,7 +14,7 @@ func TestProblemDetails(t *testing.T) {
 		Detail:     "Wat? o.O",
 		HTTPStatus: 403,
 	}
-	test.AssertEquals(t, pd.Error(), "urn:acme:error:malformed :: Wat? o.O")
+	test.AssertEquals(t, pd.Error(), "malformed :: Wat? o.O")
 }
 
 func TestProblemDetailsToStatusCode(t *testing.T) {
 
@@ -813,7 +813,7 @@ func TestDNSValidationEmpty(t *testing.T) {
 		"empty-txts.com",
 		chalDNS,
 		core.Authorization{})
-	test.AssertEquals(t, prob.Error(), "urn:acme:error:unauthorized :: No TXT records found for DNS challenge")
+	test.AssertEquals(t, prob.Error(), "unauthorized :: No TXT records found for DNS challenge")
 }
 
 func TestPerformValidationValid(t *testing.T) {
 
@@ -603,8 +603,10 @@ func (wfe *WebFrontEndImpl) verifyPOST(ctx context.Context, logEvent *requestEve
 
 // sendError sends an error response represented by the given ProblemDetails,
 // and, if the ProblemDetails.Type is ServerInternalProblem, audit logs the
-// internal ierr.
+// internal ierr. The rendered Problem will have its Type prefixed with the ACME
+// v1 namespace.
 func (wfe *WebFrontEndImpl) sendError(response http.ResponseWriter, logEvent *requestEvent, prob *probs.ProblemDetails, ierr error) {
+	// Determine the HTTP status code to use for this problem
 	code := probs.ProblemDetailsToStatusCode(prob)
 
 	// Record details to the log event
@@ -620,22 +622,21 @@ func (wfe *WebFrontEndImpl) sendError(response http.ResponseWriter, logEvent *re
 		}
 	}
 
+	// Increment a stat for this problem type
+	wfe.stats.Inc(fmt.Sprintf("HTTP.ProblemTypes.%s", prob.Type), 1)
+
+	// Prefix the problem type with the ACME V1 error namespace and marshal to JSON
+	prob.Type = probs.V1ErrorNS + prob.Type
 	problemDoc, err := marshalIndent(prob)
 	if err != nil {
 		wfe.log.AuditErr(fmt.Sprintf("Could not marshal error message: %s - %+v", err, prob))
 		problemDoc = []byte("{\"detail\": \"Problem marshalling error message.\"}")
 	}
 
-	// Paraphrased from
-	// https://golang.org/src/net/http/server.go#L1272
+	// Write the JSON problem response
 	response.Header().Set("Content-Type", "application/problem+json")
 	response.WriteHeader(code)
 	response.Write(problemDoc)
-
-	problemSegments := strings.Split(string(prob.Type), ":")
-	if len(problemSegments) > 0 {
-		wfe.stats.Inc(fmt.Sprintf("HTTP.ProblemTypes.%s", problemSegments[len(problemSegments)-1]), 1)
-	}
 }
 
 func link(url, relation string) string {
@@ -1078,12 +1079,20 @@ func (wfe *WebFrontEndImpl) Challenge(
 
 // prepChallengeForDisplay takes a core.Challenge and prepares it for display to
 // the client by filling in its URI field and clearing its ID field.
-// TODO: Come up with a cleaner way to do this.
-// https://github.com/letsencrypt/boulder/issues/761
 func (wfe *WebFrontEndImpl) prepChallengeForDisplay(request *http.Request, authz core.Authorization, challenge *core.Challenge) {
+	// Update the challenge URI to be relative to the HTTP request Host
 	challenge.URI = wfe.relativeEndpoint(request, fmt.Sprintf("%s%s/%d", challengePath, authz.ID, challenge.ID))
-	// 0 is considered "empty" for the purpose of the JSON omitempty tag.
+	// Ensure the challenge ID isn't written. 0 is considered "empty" for the purpose of the JSON omitempty tag.
 	challenge.ID = 0
+
+	// Historically the Type field of a problem was always prefixed with a static
+	// error namespace. To support the V2 API and migrating to the correct IETF
+	// namespace we now prefix the Type with the correct namespace at runtime when
+	// we write the problem JSON to the user. We skip this process if the
+	// challenge error type has already been prefixed with the V1ErrorNS.
+	if challenge.Error != nil && !strings.HasPrefix(string(challenge.Error.Type), probs.V1ErrorNS) {
+		challenge.Error.Type = probs.V1ErrorNS + challenge.Error.Type
+	}
 }
 
 // prepAuthorizationForDisplay takes a core.Authorization and prepares it for
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ func TestProblemDetails(t *testing.T) {`
`14`	`14`	`Detail: "Wat? o.O",`
`15`	`15`	`HTTPStatus: 403,`
`16`	`16`	`}`
`17`		`- test.AssertEquals(t, pd.Error(), "urn:acme:error:malformed :: Wat? o.O")`
	`17`	`+ test.AssertEquals(t, pd.Error(), "malformed :: Wat? o.O")`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`func TestProblemDetailsToStatusCode(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -813,7 +813,7 @@ func TestDNSValidationEmpty(t *testing.T) {`
`813`	`813`	`"empty-txts.com",`
`814`	`814`	`chalDNS,`
`815`	`815`	`core.Authorization{})`
`816`		`- test.AssertEquals(t, prob.Error(), "urn:acme:error:unauthorized :: No TXT records found for DNS challenge")`
	`816`	`+ test.AssertEquals(t, prob.Error(), "unauthorized :: No TXT records found for DNS challenge")`
`817`	`817`	`}`
`818`	`818`
`819`	`819`	`func TestPerformValidationValid(t *testing.T) {`