func (ra *RegistrationAuthorityImpl) checkCertificatesPerNameLimit(names []string, limit cmd.RateLimitPolicy, regID int64) error { names, err := domainsForRateLimiting(names) if err != nil { return err } now := ra.clk.Now() windowBegin := limit.WindowBegin(now) counts, err := ra.SA.CountCertificatesByNames(names, windowBegin, now) if err != nil { return err } var badNames []string for _, name := range names { count, ok := counts[name] if !ok { // Shouldn't happen, but let's be careful anyhow. return errors.New("StorageAuthority failed to return a count for every name") } if count >= limit.GetThreshold(name, regID) { badNames = append(badNames, name) } } if len(badNames) > 0 { return core.RateLimitedError(fmt.Sprintf( "Too many certificates already issued for: %s", strings.Join(badNames, ", "))) } return nil }
func (ra *RegistrationAuthorityImpl) checkCertificatesPerNameLimit(ctx context.Context, names []string, limit cmd.RateLimitPolicy, regID int64) error { names, err := domainsForRateLimiting(names) if err != nil { return err } now := ra.clk.Now() windowBegin := limit.WindowBegin(now) counts, err := ra.SA.CountCertificatesByNames(ctx, names, windowBegin, now) if err != nil { return err } var badNames []string for _, name := range names { count, ok := counts[name] if !ok { // Shouldn't happen, but let's be careful anyhow. return errors.New("StorageAuthority failed to return a count for every name") } if count >= limit.GetThreshold(name, regID) { badNames = append(badNames, name) } } if len(badNames) > 0 { // check if there is already a existing certificate for // the exact name set we are issuing for. If so bypass the // the certificatesPerName limit. exists, err := ra.SA.FQDNSetExists(ctx, names) if err != nil { return err } if exists { ra.certsForDomainStats.Inc("FQDNSetBypass", 1) return nil } domains := strings.Join(badNames, ", ") ra.certsForDomainStats.Inc("Exceeded", 1) ra.log.Info(fmt.Sprintf("Rate limit exceeded, CertificatesForDomain, regID: %d, domains: %s", regID, domains)) return core.RateLimitedError(fmt.Sprintf( "Too many certificates already issued for: %s", domains)) } ra.certsForDomainStats.Inc("Pass", 1) return nil }