remove regID from WillingToIssue (letsencrypt#1957)

benileo · cpu · commit d3db85140348 · 2016-06-22T12:21:07.000-04:00
The `regID` parameter in the PA's `WillingToIssue` function was originally used for whitelisting purposes, but is not used any longer. This PR removes it.
diff --git a/cmd/cert-checker/main.go b/cmd/cert-checker/main.go
@@ -206,7 +206,7 @@ func (c *certChecker) checkCert(cert core.Certificate) (problems []string) {
 		// Check that the PA is still willing to issue for each name in DNSNames + CommonName
 		for _, name := range append(parsedCert.DNSNames, parsedCert.Subject.CommonName) {
 			id := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: name}
-			if err = c.pa.WillingToIssue(id, cert.RegistrationID); err != nil {
+			if err = c.pa.WillingToIssue(id); err != nil {
 				problems = append(problems, fmt.Sprintf("Policy Authority isn't willing to issue for '%s': %s", name, err))
 			}
 		}
diff --git a/core/interfaces.go b/core/interfaces.go
@@ -81,7 +81,7 @@ type CertificateAuthority interface {
 
 // PolicyAuthority defines the public interface for the Boulder PA
 type PolicyAuthority interface {
-	WillingToIssue(domain AcmeIdentifier, regID int64) error
+	WillingToIssue(domain AcmeIdentifier) error
 	ChallengesFor(domain AcmeIdentifier) (challenges []Challenge, validCombinations [][]int)
 }
 
diff --git a/csr/csr.go b/csr/csr.go
@@ -64,7 +64,7 @@ func VerifyCSR(csr *x509.CertificateRequest, maxNames int, keyPolicy *goodkey.Ke
 		if err := pa.WillingToIssue(core.AcmeIdentifier{
 			Type:  core.IdentifierDNS,
 			Value: name,
-		}, regID); err != nil {
+		}); err != nil {
 			badNames = append(badNames, name)
 		}
 	}
diff --git a/csr/csr_test.go b/csr/csr_test.go
@@ -26,7 +26,7 @@ func (pa *mockPA) ChallengesFor(identifier core.AcmeIdentifier) (challenges []co
 	return
 }
 
-func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier, regID int64) error {
+func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier) error {
 	if id.Value == "bad-name.com" {
 		return errors.New("")
 	}
diff --git a/policy/pa.go b/policy/pa.go
@@ -94,12 +94,6 @@ const (
 	// octets: https://tools.ietf.org/html/rfc1035#page-10
 	maxLabelLength         = 63
 	maxDNSIdentifierLength = 255
-
-	// whitelistedPartnerRegID is the registartion ID we check for to see if we need
-	// to skip the domain whitelist (but not the blacklist). This is for an
-	// early partner integration during the beta period and should be removed
-	// later.
-	whitelistedPartnerRegID = 131
 )
 
 var dnsLabelRegexp = regexp.MustCompile("^[a-z0-9][a-z0-9-]{0,62}$")
@@ -163,7 +157,7 @@ var (
 //    where comparison is case-independent (normalized to lower case)
 //
 // If WillingToIssue returns an error, it will be of type MalformedRequestError.
-func (pa *AuthorityImpl) WillingToIssue(id core.AcmeIdentifier, regID int64) error {
+func (pa *AuthorityImpl) WillingToIssue(id core.AcmeIdentifier) error {
 	if id.Type != core.IdentifierDNS {
 		return errInvalidIdentifier
 	}
diff --git a/policy/pa_test.go b/policy/pa_test.go
@@ -140,15 +140,15 @@ func TestWillingToIssue(t *testing.T) {
 
 	// Test for invalid identifier type
 	identifier := core.AcmeIdentifier{Type: "ip", Value: "example.com"}
-	err = pa.WillingToIssue(identifier, 100)
+	err = pa.WillingToIssue(identifier)
 	if err != errInvalidIdentifier {
 		t.Error("Identifier was not correctly forbidden: ", identifier)
 	}
 
 	// Test syntax errors
 	for _, tc := range testCases {
 		identifier := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: tc.domain}
-		err := pa.WillingToIssue(identifier, 100)
+		err := pa.WillingToIssue(identifier)
 		if err != tc.err {
 			t.Errorf("WillingToIssue(%q) = %q, expected %q", tc.domain, err, tc.err)
 		}
@@ -157,7 +157,7 @@ func TestWillingToIssue(t *testing.T) {
 	// Test domains that are equal to public suffixes
 	for _, domain := range shouldBeTLDError {
 		identifier := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: domain}
-		err := pa.WillingToIssue(identifier, 100)
+		err := pa.WillingToIssue(identifier)
 		if err != errICANNTLD {
 			t.Error("Identifier was not correctly forbidden: ", identifier, err)
 		}
@@ -166,7 +166,7 @@ func TestWillingToIssue(t *testing.T) {
 	// Test blacklisting
 	for _, domain := range shouldBeBlacklisted {
 		identifier := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: domain}
-		err := pa.WillingToIssue(identifier, 100)
+		err := pa.WillingToIssue(identifier)
 		if err != errBlacklisted {
 			t.Error("Identifier was not correctly forbidden: ", identifier, err)
 		}
@@ -175,7 +175,7 @@ func TestWillingToIssue(t *testing.T) {
 	// Test acceptance of good names
 	for _, domain := range shouldBeAccepted {
 		identifier := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: domain}
-		if err := pa.WillingToIssue(identifier, 100); err != nil {
+		if err := pa.WillingToIssue(identifier); err != nil {
 			t.Error("Identifier was incorrectly forbidden: ", identifier, err)
 		}
 	}
diff --git a/ra/ra.go b/ra/ra.go
@@ -345,7 +345,7 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, reque
 	identifier.Value = strings.ToLower(identifier.Value)
 
 	// Check that the identifier is present and appropriate
-	if err = ra.PA.WillingToIssue(identifier, regID); err != nil {
+	if err = ra.PA.WillingToIssue(identifier); err != nil {
 		return authz, err
 	}
 
diff --git a/wfe/wfe_test.go b/wfe/wfe_test.go
@@ -181,7 +181,7 @@ func (pa *mockPA) ChallengesFor(identifier core.AcmeIdentifier) (challenges []co
 	return
 }
 
-func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier, regID int64) error {
+func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier) error {
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ func (c *certChecker) checkCert(cert core.Certificate) (problems []string) {`
`206`	`206`	`// Check that the PA is still willing to issue for each name in DNSNames + CommonName`
`207`	`207`	`for _, name := range append(parsedCert.DNSNames, parsedCert.Subject.CommonName) {`
`208`	`208`	`id := core.AcmeIdentifier{Type: core.IdentifierDNS, Value: name}`
`209`		`- if err = c.pa.WillingToIssue(id, cert.RegistrationID); err != nil {`
	`209`	`+ if err = c.pa.WillingToIssue(id); err != nil {`
`210`	`210`	`problems = append(problems, fmt.Sprintf("Policy Authority isn't willing to issue for '%s': %s", name, err))`
`211`	`211`	`}`
`212`	`212`	`}`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ type CertificateAuthority interface {`
`81`	`81`
`82`	`82`	`// PolicyAuthority defines the public interface for the Boulder PA`
`83`	`83`	`type PolicyAuthority interface {`
`84`		`- WillingToIssue(domain AcmeIdentifier, regID int64) error`
	`84`	`+ WillingToIssue(domain AcmeIdentifier) error`
`85`	`85`	`ChallengesFor(domain AcmeIdentifier) (challenges []Challenge, validCombinations [][]int)`
`86`	`86`	`}`
`87`	`87`
Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ func VerifyCSR(csr x509.CertificateRequest, maxNames int, keyPolicy goodkey.Ke`
`64`	`64`	`if err := pa.WillingToIssue(core.AcmeIdentifier{`
`65`	`65`	`Type: core.IdentifierDNS,`
`66`	`66`	`Value: name,`
`67`		`- }, regID); err != nil {`
	`67`	`+ }); err != nil {`
`68`	`68`	`badNames = append(badNames, name)`
`69`	`69`	`}`
`70`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ func (pa *mockPA) ChallengesFor(identifier core.AcmeIdentifier) (challenges []co`
`26`	`26`	`return`
`27`	`27`	`}`
`28`	`28`
`29`		`-func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier, regID int64) error {`
	`29`	`+func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier) error {`
`30`	`30`	`if id.Value == "bad-name.com" {`
`31`	`31`	`return errors.New("")`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -345,7 +345,7 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, reque`
`345`	`345`	`identifier.Value = strings.ToLower(identifier.Value)`
`346`	`346`
`347`	`347`	`// Check that the identifier is present and appropriate`
`348`		`- if err = ra.PA.WillingToIssue(identifier, regID); err != nil {`
	`348`	`+ if err = ra.PA.WillingToIssue(identifier); err != nil {`
`349`	`349`	`return authz, err`
`350`	`350`	`}`
`351`	`351`
Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,7 @@ func (pa *mockPA) ChallengesFor(identifier core.AcmeIdentifier) (challenges []co`
`181`	`181`	`return`
`182`	`182`	`}`
`183`	`183`
`184`		`-func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier, regID int64) error {`
	`184`	`+func (pa *mockPA) WillingToIssue(id core.AcmeIdentifier) error {`
`185`	`185`	`return nil`
`186`	`186`	`}`
`187`	`187`