func checkDER(sai core.StorageAuthority, der []byte) error {
cert, err := x509.ParseCertificate(der)
if err != nil {
return fmt.Errorf("Failed to parse DER: %s", err)
}
_, err = sai.GetCertificate(core.SerialToString(cert.SerialNumber))
if err == nil {
return fmt.Errorf("Existing certificate found with serial %s", core.SerialToString(cert.SerialNumber))
}
if _, ok := err.(core.NotFoundError); ok {
return nil
}
return fmt.Errorf("Existing certificate lookup failed: %s", err)
}
// CreateWorkingRegistration inserts a new, correct Registration into
// SA using GoodKey under the hood. This a hack to allow both the CA
// and SA tests to benefit because the CA tests currently require a
// full-fledged SQLSAImpl. Long term, when the CA tests no longer need
// CreateWorkingRegistration, this and CreateWorkingRegistration can
// be pushed back into the SA tests proper.
func CreateWorkingRegistration(t *testing.T, sa core.StorageAuthority) core.Registration {
contact, err := core.ParseAcmeURL("mailto:[email protected]")
if err != nil {
t.Fatalf("unable to parse contact link: %s", err)
}
contacts := []*core.AcmeURL{contact}
reg, err := sa.NewRegistration(core.Registration{
Key: GoodJWK(),
Contact: contacts,
})
if err != nil {
t.Fatalf("Unable to create new registration")
}
return reg
}
// CreateWorkingRegistration inserts a new, correct Registration into
// SA using GoodKey under the hood. This a hack to allow both the CA
// and SA tests to benefit because the CA tests currently require a
// full-fledged SQLSAImpl. Long term, when the CA tests no longer need
// CreateWorkingRegistration, this and CreateWorkingRegistration can
// be pushed back into the SA tests proper.
func CreateWorkingRegistration(t *testing.T, sa core.StorageAuthority) core.Registration {
contact, err := core.ParseAcmeURL("mailto:[email protected]")
if err != nil {
t.Fatalf("unable to parse contact link: %s", err)
}
contacts := []*core.AcmeURL{contact}
reg, err := sa.NewRegistration(core.Registration{
Key: GoodJWK(),
Contact: contacts,
InitialIP: net.ParseIP("88.77.66.11"),
CreatedAt: time.Date(2003, 5, 10, 0, 0, 0, 0, time.UTC),
})
if err != nil {
t.Fatalf("Unable to create new registration: %s", err)
}
return reg
}
func parseLogLine(sa core.StorageAuthority, logger *blog.AuditLogger, line string) (found bool, added bool) {
if !strings.Contains(line, "b64der=") {
return false, false
}
derStr := b64derOrphan.FindStringSubmatch(line)
if len(derStr) <= 1 {
logger.Err(fmt.Sprintf("b64der variable is empty, [%s]", line))
return true, false
}
der, err := base64.StdEncoding.DecodeString(derStr[1])
if err != nil {
logger.Err(fmt.Sprintf("Couldn't decode b64: %s, [%s]", err, line))
return true, false
}
err = checkDER(sa, der)
if err != nil {
logger.Err(fmt.Sprintf("%s, [%s]", err, line))
return true, false
}
// extract the regID
regStr := regOrphan.FindStringSubmatch(line)
if len(regStr) <= 1 {
logger.Err(fmt.Sprintf("regID variable is empty, [%s]", line))
return true, false
}
regID, err := strconv.Atoi(regStr[1])
if err != nil {
logger.Err(fmt.Sprintf("Couldn't parse regID: %s, [%s]", err, line))
return true, false
}
_, err = sa.AddCertificate(der, int64(regID))
if err != nil {
logger.Err(fmt.Sprintf("Failed to store certificate: %s, [%s]", err, line))
return true, false
}
return true, true
}
// NewStorageAuthorityServer constructs an RPC server
func NewStorageAuthorityServer(rpc RPCServer, impl core.StorageAuthority) error {
rpc.Handle(MethodUpdateRegistration, func(req []byte) (response []byte, err error) {
var reg core.Registration
if err = json.Unmarshal(req, ®); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateRegistration, err, req)
return
}
err = impl.UpdateRegistration(reg)
return
})
rpc.Handle(MethodGetRegistration, func(req []byte) (response []byte, err error) {
var grReq getRegistrationRequest
err = json.Unmarshal(req, &grReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetRegistration, err, req)
return
}
reg, err := impl.GetRegistration(grReq.ID)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistration, err, req)
return
}
return
})
rpc.Handle(MethodGetRegistrationByKey, func(req []byte) (response []byte, err error) {
var jwk jose.JsonWebKey
if err = json.Unmarshal(req, &jwk); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetRegistrationByKey, err, req)
return
}
reg, err := impl.GetRegistrationByKey(jwk)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistrationByKey, err, req)
return
}
return
})
rpc.Handle(MethodGetAuthorization, func(req []byte) (response []byte, err error) {
authz, err := impl.GetAuthorization(string(req))
if err != nil {
return
}
response, err = json.Marshal(authz)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodGetLatestValidAuthorization, func(req []byte) (response []byte, err error) {
var lvar latestValidAuthorizationRequest
if err = json.Unmarshal(req, &lvar); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewAuthorization, err, req)
return
}
authz, err := impl.GetLatestValidAuthorization(lvar.RegID, lvar.Identifier)
if err != nil {
return
}
response, err = json.Marshal(authz)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetLatestValidAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodAddCertificate, func(req []byte) (response []byte, err error) {
var acReq addCertificateRequest
err = json.Unmarshal(req, &acReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAddCertificate, err, req)
return
}
id, err := impl.AddCertificate(acReq.Bytes, acReq.RegID)
if err != nil {
return
}
response = []byte(id)
return
})
rpc.Handle(MethodNewRegistration, func(req []byte) (response []byte, err error) {
var registration core.Registration
err = json.Unmarshal(req, ®istration)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewRegistration, err, req)
return
}
output, err := impl.NewRegistration(registration)
if err != nil {
return
}
response, err = json.Marshal(output)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewRegistration, err, req)
return
}
return
})
rpc.Handle(MethodNewPendingAuthorization, func(req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewPendingAuthorization, err, req)
return
}
output, err := impl.NewPendingAuthorization(authz)
if err != nil {
return
}
response, err = json.Marshal(output)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewPendingAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodUpdatePendingAuthorization, func(req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdatePendingAuthorization, err, req)
return
}
err = impl.UpdatePendingAuthorization(authz)
return
})
rpc.Handle(MethodFinalizeAuthorization, func(req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodFinalizeAuthorization, err, req)
return
}
err = impl.FinalizeAuthorization(authz)
return
})
rpc.Handle(MethodGetCertificate, func(req []byte) (response []byte, err error) {
cert, err := impl.GetCertificate(string(req))
if err != nil {
return
}
jsonResponse, err := json.Marshal(cert)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificate, err, req)
return
}
return jsonResponse, nil
})
rpc.Handle(MethodGetCertificateByShortSerial, func(req []byte) (response []byte, err error) {
cert, err := impl.GetCertificateByShortSerial(string(req))
if err != nil {
return
}
jsonResponse, err := json.Marshal(cert)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificateByShortSerial, err, req)
return
}
return jsonResponse, nil
})
rpc.Handle(MethodGetCertificateStatus, func(req []byte) (response []byte, err error) {
status, err := impl.GetCertificateStatus(string(req))
if err != nil {
return
}
response, err = json.Marshal(status)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificateStatus, err, req)
return
}
return
})
rpc.Handle(MethodMarkCertificateRevoked, func(req []byte) (response []byte, err error) {
var mcrReq markCertificateRevokedRequest
if err = json.Unmarshal(req, &mcrReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodMarkCertificateRevoked, err, req)
return
}
err = impl.MarkCertificateRevoked(mcrReq.Serial, mcrReq.OCSPResponse, mcrReq.ReasonCode)
return
})
rpc.Handle(MethodUpdateOCSP, func(req []byte) (response []byte, err error) {
var updateOCSPReq updateOCSPRequest
if err = json.Unmarshal(req, &updateOCSPReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateOCSP, err, req)
return
}
err = impl.UpdateOCSP(updateOCSPReq.Serial, updateOCSPReq.OCSPResponse)
return
})
rpc.Handle(MethodAlreadyDeniedCSR, func(req []byte) (response []byte, err error) {
var adcReq alreadyDeniedCSRReq
err = json.Unmarshal(req, &adcReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAlreadyDeniedCSR, err, req)
return
}
exists, err := impl.AlreadyDeniedCSR(adcReq.Names)
if err != nil {
return
}
if exists {
response = []byte{1}
} else {
response = []byte{0}
}
return
})
return nil
}
// NewStorageAuthorityServer constructs an RPC server
func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error {
rpc.Handle(MethodUpdateRegistration, func(req []byte) (response []byte, err error) {
var reg core.Registration
if err = json.Unmarshal(req, ®); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateRegistration, err, req)
return
}
err = impl.UpdateRegistration(reg)
return
})
rpc.Handle(MethodGetRegistration, func(req []byte) (response []byte, err error) {
var grReq getRegistrationRequest
err = json.Unmarshal(req, &grReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetRegistration, err, req)
return
}
reg, err := impl.GetRegistration(grReq.ID)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistration, err, req)
return
}
return
})
rpc.Handle(MethodGetRegistrationByKey, func(req []byte) (response []byte, err error) {
var jwk jose.JsonWebKey
if err = json.Unmarshal(req, &jwk); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetRegistrationByKey, err, req)
return
}
reg, err := impl.GetRegistrationByKey(jwk)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistrationByKey, err, req)
return
}
return
})
rpc.Handle(MethodGetAuthorization, func(req []byte) (response []byte, err error) {
authz, err := impl.GetAuthorization(string(req))
if err != nil {
return
}
response, err = json.Marshal(authz)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodGetLatestValidAuthorization, func(req []byte) (response []byte, err error) {
var lvar latestValidAuthorizationRequest
if err = json.Unmarshal(req, &lvar); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewAuthorization, err, req)
return
}
authz, err := impl.GetLatestValidAuthorization(lvar.RegID, lvar.Identifier)
if err != nil {
return
}
response, err = json.Marshal(authz)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetLatestValidAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodAddCertificate, func(req []byte) (response []byte, err error) {
var acReq addCertificateRequest
err = json.Unmarshal(req, &acReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAddCertificate, err, req)
return
}
id, err := impl.AddCertificate(acReq.Bytes, acReq.RegID)
if err != nil {
return
}
response = []byte(id)
return
})
rpc.Handle(MethodNewRegistration, func(req []byte) (response []byte, err error) {
var registration core.Registration
err = json.Unmarshal(req, ®istration)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewRegistration, err, req)
return
}
output, err := impl.NewRegistration(registration)
if err != nil {
return
}
response, err = json.Marshal(output)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewRegistration, err, req)
return
}
return
})
rpc.Handle(MethodNewPendingAuthorization, func(req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewPendingAuthorization, err, req)
return
}
output, err := impl.NewPendingAuthorization(authz)
if err != nil {
return
}
response, err = json.Marshal(output)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewPendingAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodUpdatePendingAuthorization, func(req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdatePendingAuthorization, err, req)
return
}
err = impl.UpdatePendingAuthorization(authz)
return
})
rpc.Handle(MethodFinalizeAuthorization, func(req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodFinalizeAuthorization, err, req)
return
}
err = impl.FinalizeAuthorization(authz)
return
})
rpc.Handle(MethodRevokeAuthorizationsByDomain, func(req []byte) (response []byte, err error) {
var reqObj revokeAuthsRequest
err = json.Unmarshal(req, &reqObj)
if err != nil {
return
}
aRevoked, paRevoked, err := impl.RevokeAuthorizationsByDomain(reqObj.Ident)
if err != nil {
return
}
var raResp = revokeAuthsResponse{FinalRevoked: aRevoked, PendingRevoked: paRevoked}
response, err = json.Marshal(raResp)
return
})
rpc.Handle(MethodGetCertificate, func(req []byte) (response []byte, err error) {
cert, err := impl.GetCertificate(string(req))
if err != nil {
return
}
jsonResponse, err := json.Marshal(cert)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificate, err, req)
return
}
return jsonResponse, nil
})
rpc.Handle(MethodGetCertificateStatus, func(req []byte) (response []byte, err error) {
status, err := impl.GetCertificateStatus(string(req))
if err != nil {
return
}
response, err = json.Marshal(status)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificateStatus, err, req)
return
}
return
})
rpc.Handle(MethodMarkCertificateRevoked, func(req []byte) (response []byte, err error) {
var mcrReq markCertificateRevokedRequest
if err = json.Unmarshal(req, &mcrReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodMarkCertificateRevoked, err, req)
return
}
err = impl.MarkCertificateRevoked(mcrReq.Serial, mcrReq.ReasonCode)
return
})
rpc.Handle(MethodUpdateOCSP, func(req []byte) (response []byte, err error) {
var updateOCSPReq updateOCSPRequest
if err = json.Unmarshal(req, &updateOCSPReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateOCSP, err, req)
return
}
err = impl.UpdateOCSP(updateOCSPReq.Serial, updateOCSPReq.OCSPResponse)
return
})
rpc.Handle(MethodAlreadyDeniedCSR, func(req []byte) (response []byte, err error) {
var adcReq alreadyDeniedCSRReq
err = json.Unmarshal(req, &adcReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAlreadyDeniedCSR, err, req)
return
}
exists, err := impl.AlreadyDeniedCSR(adcReq.Names)
if err != nil {
return
}
if exists {
response = []byte{1}
} else {
response = []byte{0}
}
return
})
rpc.Handle(MethodCountCertificatesRange, func(req []byte) (response []byte, err error) {
var cReq countRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
count, err := impl.CountCertificatesRange(cReq.Start, cReq.End)
if err != nil {
return
}
return json.Marshal(count)
})
rpc.Handle(MethodCountCertificatesByNames, func(req []byte) (response []byte, err error) {
var cReq countCertificatesByNamesRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
counts, err := impl.CountCertificatesByNames(cReq.Names, cReq.Earliest, cReq.Latest)
if err != nil {
return
}
return json.Marshal(counts)
})
rpc.Handle(MethodCountRegistrationsByIP, func(req []byte) (response []byte, err error) {
var cReq countRegistrationsByIPRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
count, err := impl.CountRegistrationsByIP(cReq.IP, cReq.Earliest, cReq.Latest)
if err != nil {
return
}
return json.Marshal(count)
})
rpc.Handle(MethodCountPendingAuthorizations, func(req []byte) (response []byte, err error) {
var cReq countPendingAuthorizationsRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
count, err := impl.CountPendingAuthorizations(cReq.RegID)
if err != nil {
return
}
return json.Marshal(count)
})
rpc.Handle(MethodGetSCTReceipt, func(req []byte) (response []byte, err error) {
var gsctReq struct {
Serial string
LogID string
}
err = json.Unmarshal(req, &gsctReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetSCTReceipt, err, req)
return
}
sct, err := impl.GetSCTReceipt(gsctReq.Serial, gsctReq.LogID)
jsonResponse, err := json.Marshal(sct)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetSCTReceipt, err, req)
return
}
return jsonResponse, nil
})
rpc.Handle(MethodAddSCTReceipt, func(req []byte) (response []byte, err error) {
var sct core.SignedCertificateTimestamp
err = json.Unmarshal(req, &sct)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAddSCTReceipt, err, req)
return
}
err = impl.AddSCTReceipt(core.SignedCertificateTimestamp(sct))
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodAddSCTReceipt, err, req)
return
}
return nil, nil
})
return nil
}
// NewStorageAuthorityServer constructs an RPC server
func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error {
rpc.Handle(MethodUpdateRegistration, func(ctx context.Context, req []byte) (response []byte, err error) {
var reg core.Registration
if err = json.Unmarshal(req, ®); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateRegistration, err, req)
return
}
err = impl.UpdateRegistration(ctx, reg)
return
})
rpc.Handle(MethodGetRegistration, func(ctx context.Context, req []byte) (response []byte, err error) {
var grReq getRegistrationRequest
err = json.Unmarshal(req, &grReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetRegistration, err, req)
return
}
reg, err := impl.GetRegistration(ctx, grReq.ID)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistration, err, req)
return
}
return
})
rpc.Handle(MethodGetRegistrationByKey, func(ctx context.Context, req []byte) (response []byte, err error) {
var jwk jose.JsonWebKey
if err = json.Unmarshal(req, &jwk); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetRegistrationByKey, err, req)
return
}
reg, err := impl.GetRegistrationByKey(ctx, jwk)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistrationByKey, err, req)
return
}
return
})
rpc.Handle(MethodGetAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) {
authz, err := impl.GetAuthorization(ctx, string(req))
if err != nil {
return
}
response, err = json.Marshal(authz)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodGetValidAuthorizations, func(ctx context.Context, req []byte) (response []byte, err error) {
var mreq getValidAuthorizationsRequest
if err = json.Unmarshal(req, &mreq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetValidAuthorizations, err, req)
return
}
auths, err := impl.GetValidAuthorizations(ctx, mreq.RegID, mreq.Names, mreq.Now)
if err != nil {
return
}
response, err = json.Marshal(auths)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetValidAuthorizations, err, req)
return
}
return
})
rpc.Handle(MethodAddCertificate, func(ctx context.Context, req []byte) (response []byte, err error) {
var acReq addCertificateRequest
err = json.Unmarshal(req, &acReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAddCertificate, err, req)
return
}
id, err := impl.AddCertificate(ctx, acReq.Bytes, acReq.RegID)
if err != nil {
return
}
response = []byte(id)
return
})
rpc.Handle(MethodNewRegistration, func(ctx context.Context, req []byte) (response []byte, err error) {
var registration core.Registration
err = json.Unmarshal(req, ®istration)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewRegistration, err, req)
return
}
output, err := impl.NewRegistration(ctx, registration)
if err != nil {
return
}
response, err = json.Marshal(output)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewRegistration, err, req)
return
}
return
})
rpc.Handle(MethodNewPendingAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewPendingAuthorization, err, req)
return
}
output, err := impl.NewPendingAuthorization(ctx, authz)
if err != nil {
return
}
response, err = json.Marshal(output)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewPendingAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodUpdatePendingAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdatePendingAuthorization, err, req)
return
}
err = impl.UpdatePendingAuthorization(ctx, authz)
return
})
rpc.Handle(MethodFinalizeAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodFinalizeAuthorization, err, req)
return
}
err = impl.FinalizeAuthorization(ctx, authz)
return
})
rpc.Handle(MethodRevokeAuthorizationsByDomain, func(ctx context.Context, req []byte) (response []byte, err error) {
var reqObj revokeAuthsRequest
err = json.Unmarshal(req, &reqObj)
if err != nil {
return
}
aRevoked, paRevoked, err := impl.RevokeAuthorizationsByDomain(ctx, reqObj.Ident)
if err != nil {
return
}
var raResp = revokeAuthsResponse{FinalRevoked: aRevoked, PendingRevoked: paRevoked}
response, err = json.Marshal(raResp)
return
})
rpc.Handle(MethodGetCertificate, func(ctx context.Context, req []byte) (response []byte, err error) {
cert, err := impl.GetCertificate(ctx, string(req))
if err != nil {
return
}
jsonResponse, err := json.Marshal(cert)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificate, err, req)
return
}
return jsonResponse, nil
})
rpc.Handle(MethodGetCertificateStatus, func(ctx context.Context, req []byte) (response []byte, err error) {
status, err := impl.GetCertificateStatus(ctx, string(req))
if err != nil {
return
}
response, err = json.Marshal(status)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificateStatus, err, req)
return
}
return
})
rpc.Handle(MethodMarkCertificateRevoked, func(ctx context.Context, req []byte) (response []byte, err error) {
var mcrReq markCertificateRevokedRequest
if err = json.Unmarshal(req, &mcrReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodMarkCertificateRevoked, err, req)
return
}
err = impl.MarkCertificateRevoked(ctx, mcrReq.Serial, mcrReq.ReasonCode)
return
})
rpc.Handle(MethodCountCertificatesRange, func(ctx context.Context, req []byte) (response []byte, err error) {
var cReq countRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
count, err := impl.CountCertificatesRange(ctx, cReq.Start, cReq.End)
if err != nil {
return
}
return json.Marshal(count)
})
rpc.Handle(MethodCountCertificatesByNames, func(ctx context.Context, req []byte) (response []byte, err error) {
var cReq countCertificatesByNamesRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
counts, err := impl.CountCertificatesByNames(ctx, cReq.Names, cReq.Earliest, cReq.Latest)
if err != nil {
return
}
return json.Marshal(counts)
})
rpc.Handle(MethodCountRegistrationsByIP, func(ctx context.Context, req []byte) (response []byte, err error) {
var cReq countRegistrationsByIPRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
count, err := impl.CountRegistrationsByIP(ctx, cReq.IP, cReq.Earliest, cReq.Latest)
if err != nil {
return
}
return json.Marshal(count)
})
rpc.Handle(MethodCountPendingAuthorizations, func(ctx context.Context, req []byte) (response []byte, err error) {
var cReq countPendingAuthorizationsRequest
err = json.Unmarshal(req, &cReq)
if err != nil {
return
}
count, err := impl.CountPendingAuthorizations(ctx, cReq.RegID)
if err != nil {
return
}
return json.Marshal(count)
})
rpc.Handle(MethodGetSCTReceipt, func(ctx context.Context, req []byte) (response []byte, err error) {
var gsctReq struct {
Serial string
LogID string
}
err = json.Unmarshal(req, &gsctReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetSCTReceipt, err, req)
return
}
sct, err := impl.GetSCTReceipt(ctx, gsctReq.Serial, gsctReq.LogID)
jsonResponse, err := json.Marshal(sct)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetSCTReceipt, err, req)
return
}
return jsonResponse, nil
})
rpc.Handle(MethodAddSCTReceipt, func(ctx context.Context, req []byte) (response []byte, err error) {
var sct core.SignedCertificateTimestamp
err = json.Unmarshal(req, &sct)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAddSCTReceipt, err, req)
return
}
return nil, impl.AddSCTReceipt(ctx, core.SignedCertificateTimestamp(sct))
})
rpc.Handle(MethodCountFQDNSets, func(ctx context.Context, req []byte) (response []byte, err error) {
var r countFQDNsRequest
err = json.Unmarshal(req, &r)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodCountFQDNSets, err, req)
return
}
count, err := impl.CountFQDNSets(ctx, r.Window, r.Names)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodCountFQDNSets, err, req)
return
}
response, err = json.Marshal(countFQDNSetsResponse{count})
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodCountFQDNSets, err, req)
return
}
return
})
rpc.Handle(MethodFQDNSetExists, func(ctx context.Context, req []byte) (response []byte, err error) {
var r fqdnSetExistsRequest
err = json.Unmarshal(req, &r)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodFQDNSetExists, err, req)
return
}
exists, err := impl.FQDNSetExists(ctx, r.Names)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodFQDNSetExists, err, req)
return
}
response, err = json.Marshal(fqdnSetExistsResponse{exists})
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodFQDNSetExists, err, req)
return
}
return
})
return nil
}
func NewStorageAuthorityServer(serverQueue string, channel *amqp.Channel, impl core.StorageAuthority) *AmqpRPCServer {
rpc := NewAmqpRPCServer(serverQueue, channel)
rpc.Handle(MethodGetRegistration, func(req []byte) (response []byte) {
var intReq struct {
ID int64
}
err := json.Unmarshal(req, &intReq)
if err != nil {
return nil
}
reg, err := impl.GetRegistration(intReq.ID)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistration, err, req)
return nil
}
response, err = json.Marshal(reg)
if err != nil {
return nil
}
return response
})
rpc.Handle(MethodGetRegistrationByKey, func(req []byte) (response []byte) {
var jwk jose.JsonWebKey
if err := json.Unmarshal(req, &jwk); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodGetRegistrationByKey, err, req)
}
reg, err := impl.GetRegistrationByKey(jwk)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetRegistrationByKey, err, jwk)
return nil
}
response, err = json.Marshal(reg)
if err != nil {
return nil
}
return response
})
rpc.Handle(MethodGetAuthorization, func(req []byte) []byte {
authz, err := impl.GetAuthorization(string(req))
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetAuthorization, err, req)
return nil
}
jsonAuthz, err := json.Marshal(authz)
if err != nil {
return nil
}
return jsonAuthz
})
rpc.Handle(MethodAddCertificate, func(req []byte) []byte {
var icReq struct {
Bytes []byte
RegID int64
}
err := json.Unmarshal(req, &icReq)
if err != nil {
return nil
}
id, err := impl.AddCertificate(icReq.Bytes, icReq.RegID)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodAddCertificate, err, req)
return nil
}
return []byte(id)
})
rpc.Handle(MethodNewRegistration, func(req []byte) (response []byte) {
var registration core.Registration
err := json.Unmarshal(req, registration)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewRegistration, err, req)
return nil
}
output, err := impl.NewRegistration(registration)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewRegistration, err, registration)
return nil
}
jsonOutput, err := json.Marshal(output)
if err != nil {
return nil
}
return []byte(jsonOutput)
})
rpc.Handle(MethodNewPendingAuthorization, func(req []byte) (response []byte) {
id, err := impl.NewPendingAuthorization()
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewPendingAuthorization, err, req)
} else {
response = []byte(id)
}
return response
})
rpc.Handle(MethodUpdatePendingAuthorization, func(req []byte) []byte {
var authz core.Authorization
if err := json.Unmarshal(req, authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdatePendingAuthorization, err, req)
return nil
}
if err := impl.UpdatePendingAuthorization(authz); err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodUpdatePendingAuthorization, err, authz)
}
return nil
})
rpc.Handle(MethodFinalizeAuthorization, func(req []byte) []byte {
var authz core.Authorization
if err := json.Unmarshal(req, authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodFinalizeAuthorization, err, req)
return nil
}
if err := impl.FinalizeAuthorization(authz); err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodFinalizeAuthorization, err, authz)
}
return nil
})
rpc.Handle(MethodGetCertificate, func(req []byte) (response []byte) {
cert, err := impl.GetCertificate(string(req))
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificate, err, req)
} else {
response = []byte(cert)
}
return response
})
rpc.Handle(MethodGetCertificateByShortSerial, func(req []byte) (response []byte) {
cert, err := impl.GetCertificateByShortSerial(string(req))
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificateByShortSerial, err, req)
} else {
response = []byte(cert)
}
return response
})
rpc.Handle(MethodGetCertificateStatus, func(req []byte) (response []byte) {
status, err := impl.GetCertificateStatus(string(req))
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodGetCertificateStatus, err, req)
return nil
}
jsonStatus, err := json.Marshal(status)
if err != nil {
return nil
}
return jsonStatus
})
rpc.Handle(MethodMarkCertificateRevoked, func(req []byte) (response []byte) {
var revokeReq struct {
Serial string
OcspResponse []byte
ReasonCode int
}
if err := json.Unmarshal(req, revokeReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodMarkCertificateRevoked, err, req)
return nil
}
// Error explicitly ignored since response is nil anyway
err := impl.MarkCertificateRevoked(revokeReq.Serial, revokeReq.OcspResponse, revokeReq.ReasonCode)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodMarkCertificateRevoked, err, revokeReq)
}
return nil
})
rpc.Handle(MethodAddDeniedCSR, func(req []byte) []byte {
var csrReq struct {
Names []string
}
if err := json.Unmarshal(req, csrReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAddDeniedCSR, err, req)
return nil
}
if err := impl.AddDeniedCSR(csrReq.Names); err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodAddDeniedCSR, err, csrReq)
}
return nil
})
rpc.Handle(MethodAlreadyDeniedCSR, func(req []byte) []byte {
var csrReq struct {
Names []string
}
err := json.Unmarshal(req, csrReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodAlreadyDeniedCSR, err, req)
return nil
}
exists, err := impl.AlreadyDeniedCSR(csrReq.Names)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodAlreadyDeniedCSR, err, csrReq)
return nil
}
if exists {
return []byte{1}
} else {
return []byte{0}
}
})
return rpc
}