Skip to content

Commit c0ffa3d

Browse files
jshacpu
jsha
authored and
cpu
committed
Remove logging of Request/ResponseNonce. (letsencrypt#3421)
These take up a lot of space in the logs, and we almost never reference them.
1 parent 1b9eccf commit c0ffa3d

File tree

5 files changed

+14
-21
lines changed

5 files changed

+14
-21
lines changed

web/context.go

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,16 @@ import (
1111
)
1212

1313
type RequestEvent struct {
14-
RealIP string `json:",omitempty"`
15-
Endpoint string `json:",omitempty"`
16-
Method string `json:",omitempty"`
17-
Errors []string `json:",omitempty"`
18-
Requester int64 `json:",omitempty"`
19-
Contacts *[]string `json:",omitempty"`
20-
RequestNonce string `json:",omitempty"`
21-
ResponseNonce string `json:",omitempty"`
22-
UserAgent string `json:",omitempty"`
23-
Code int
24-
Payload string `json:",omitempty"`
25-
Extra map[string]interface{} `json:",omitempty"`
14+
RealIP string `json:",omitempty"`
15+
Endpoint string `json:",omitempty"`
16+
Method string `json:",omitempty"`
17+
Errors []string `json:",omitempty"`
18+
Requester int64 `json:",omitempty"`
19+
Contacts *[]string `json:",omitempty"`
20+
UserAgent string `json:",omitempty"`
21+
Code int
22+
Payload string `json:",omitempty"`
23+
Extra map[string]interface{} `json:",omitempty"`
2624
}
2725

2826
func (e *RequestEvent) AddError(msg string, args ...interface{}) {

wfe/wfe.go

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,6 @@ func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h web
160160
nonce, err := wfe.nonceService.Nonce()
161161
if err == nil {
162162
response.Header().Set("Replay-Nonce", nonce)
163-
logEvent.ResponseNonce = nonce
164163
} else {
165164
logEvent.AddError("unable to make nonce: %s", err)
166165
}
@@ -544,7 +543,6 @@ func (wfe *WebFrontEndImpl) verifyPOST(ctx context.Context, logEvent *web.Reques
544543

545544
// Check that the request has a known anti-replay nonce
546545
nonce := parsedJws.Signatures[0].Header.Nonce
547-
logEvent.RequestNonce = nonce
548546
if len(nonce) == 0 {
549547
wfe.stats.Inc("Errors.JWSMissingNonce", 1)
550548
return nil, nil, reg, probs.BadNonce("JWS has no anti-replay nonce")

wfe2/verify.go

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -159,16 +159,14 @@ func (wfe *WebFrontEndImpl) validPOSTRequest(request *http.Request) *probs.Probl
159159
}
160160

161161
// validNonce checks a JWS' Nonce header to ensure it is one that the
162-
// nonceService knows about, otherwise a bad nonce problem is returned. The
163-
// provided logEvent is mutated to set the observed RequestNonce.
162+
// nonceService knows about, otherwise a bad nonce problem is returned.
164163
// NOTE: this function assumes the JWS has already been verified with the
165164
// correct public key.
166-
func (wfe *WebFrontEndImpl) validNonce(jws *jose.JSONWebSignature, logEvent *web.RequestEvent) *probs.ProblemDetails {
165+
func (wfe *WebFrontEndImpl) validNonce(jws *jose.JSONWebSignature) *probs.ProblemDetails {
167166
// validNonce is called after validPOSTRequest() and parseJWS() which
168167
// defend against the incorrect number of signatures.
169168
header := jws.Signatures[0].Header
170169
nonce := header.Nonce
171-
logEvent.RequestNonce = nonce
172170
if len(nonce) == 0 {
173171
wfe.stats.joseErrorCount.With(prometheus.Labels{"type": "JWSMissingNonce"}).Inc()
174172
return probs.BadNonce("JWS has no anti-replay nonce")
@@ -451,7 +449,7 @@ func (wfe *WebFrontEndImpl) validJWSForKey(
451449
logEvent.Payload = string(payload)
452450

453451
// Check that the JWS contains a correct Nonce header
454-
if prob := wfe.validNonce(jws, logEvent); prob != nil {
452+
if prob := wfe.validNonce(jws); prob != nil {
455453
return nil, prob
456454
}
457455

wfe2/verify_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -575,7 +575,7 @@ func TestValidNonce(t *testing.T) {
575575
for _, tc := range testCases {
576576
t.Run(tc.Name, func(t *testing.T) {
577577
wfe.stats.joseErrorCount.Reset()
578-
prob := wfe.validNonce(tc.JWS, newRequestEvent())
578+
prob := wfe.validNonce(tc.JWS)
579579
if tc.ExpectedResult == nil && prob != nil {
580580
t.Fatal(fmt.Sprintf("Expected nil result, got %#v", prob))
581581
} else {

wfe2/wfe.go

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,6 @@ func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h web
161161
nonce, err := wfe.nonceService.Nonce()
162162
if err == nil {
163163
response.Header().Set("Replay-Nonce", nonce)
164-
logEvent.ResponseNonce = nonce
165164
} else {
166165
logEvent.AddError("unable to make nonce: %s", err)
167166
}

0 commit comments

Comments
 (0)