From 22b1771d2341977992e42bba132e25d28129605b Mon Sep 17 00:00:00 2001 From: Aaron Gable Date: Mon, 12 Aug 2024 10:24:58 -0700 Subject: [PATCH] RA: Add GetAuthorization method to filter disabled challenges (#7652) Add a new "GetAuthorization" method to the RA. This method is very similar to the SA's existing "GetAuthorization2" method, except that it also uses the RA's built-in Policy Authority to filter out any challenges which are currently disabled. In a follow-up change, the WFE will be updated to use this method when retrieving authorizations and challenges for display, so that we can ensure disabled challenges are not presented to ACME clients. Part of https://github.com/letsencrypt/boulder/issues/5913 --- ra/proto/ra.pb.go | 303 +++++++++++++++++++++++++---------------- ra/proto/ra.proto | 5 + ra/proto/ra_grpc.pb.go | 38 ++++++ ra/ra.go | 23 ++++ ra/ra_test.go | 52 +++++++ 5 files changed, 304 insertions(+), 117 deletions(-) diff --git a/ra/proto/ra.pb.go b/ra/proto/ra.pb.go index f7910695d85..25e9e56ad70 100644 --- a/ra/proto/ra.pb.go +++ b/ra/proto/ra.pb.go @@ -535,6 +535,53 @@ func (x *NewOrderRequest) GetIsRenewal() bool { return false } +type GetAuthorizationRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"` +} + +func (x *GetAuthorizationRequest) Reset() { + *x = GetAuthorizationRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_ra_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetAuthorizationRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetAuthorizationRequest) ProtoMessage() {} + +func (x *GetAuthorizationRequest) ProtoReflect() protoreflect.Message { + mi := &file_ra_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetAuthorizationRequest.ProtoReflect.Descriptor instead. +func (*GetAuthorizationRequest) Descriptor() ([]byte, []int) { + return file_ra_proto_rawDescGZIP(), []int{8} +} + +func (x *GetAuthorizationRequest) GetId() int64 { + if x != nil { + return x.Id + } + return 0 +} + type FinalizeOrderRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -547,7 +594,7 @@ type FinalizeOrderRequest struct { func (x *FinalizeOrderRequest) Reset() { *x = FinalizeOrderRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[8] + mi := &file_ra_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -560,7 +607,7 @@ func (x *FinalizeOrderRequest) String() string { func (*FinalizeOrderRequest) ProtoMessage() {} func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[8] + mi := &file_ra_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -573,7 +620,7 @@ func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead. func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{8} + return file_ra_proto_rawDescGZIP(), []int{9} } func (x *FinalizeOrderRequest) GetOrder() *proto.Order { @@ -602,7 +649,7 @@ type UnpauseAccountRequest struct { func (x *UnpauseAccountRequest) Reset() { *x = UnpauseAccountRequest{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[9] + mi := &file_ra_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -615,7 +662,7 @@ func (x *UnpauseAccountRequest) String() string { func (*UnpauseAccountRequest) ProtoMessage() {} func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[9] + mi := &file_ra_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -628,7 +675,7 @@ func (x *UnpauseAccountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UnpauseAccountRequest.ProtoReflect.Descriptor instead. func (*UnpauseAccountRequest) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{9} + return file_ra_proto_rawDescGZIP(), []int{10} } func (x *UnpauseAccountRequest) GetRegistrationID() int64 { @@ -650,7 +697,7 @@ type UnpauseAccountResponse struct { func (x *UnpauseAccountResponse) Reset() { *x = UnpauseAccountResponse{} if protoimpl.UnsafeEnabled { - mi := &file_ra_proto_msgTypes[10] + mi := &file_ra_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -663,7 +710,7 @@ func (x *UnpauseAccountResponse) String() string { func (*UnpauseAccountResponse) ProtoMessage() {} func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message { - mi := &file_ra_proto_msgTypes[10] + mi := &file_ra_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -676,7 +723,7 @@ func (x *UnpauseAccountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use UnpauseAccountResponse.ProtoReflect.Descriptor instead. func (*UnpauseAccountResponse) Descriptor() ([]byte, []int) { - return file_ra_proto_rawDescGZIP(), []int{10} + return file_ra_proto_rawDescGZIP(), []int{11} } func (x *UnpauseAccountResponse) GetCount() int64 { @@ -758,78 +805,85 @@ var file_ra_proto_rawDesc = []byte{ 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x52, - 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x22, 0x4b, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, - 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, - 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, - 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, - 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, - 0x63, 0x73, 0x72, 0x22, 0x3f, 0x0a, 0x15, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, - 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x49, 0x44, 0x22, 0x2e, 0x0a, 0x16, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, - 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, - 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x32, 0xf8, 0x06, 0x0a, 0x15, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, - 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x12, 0x55, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x1d, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x77, 0x61, 0x6c, 0x22, 0x29, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, + 0x64, 0x22, 0x4b, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x05, 0x6f, 0x72, 0x64, + 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, + 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, + 0x63, 0x73, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x73, 0x72, 0x22, 0x3f, + 0x0a, 0x15, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x22, + 0x2e, 0x0a, 0x16, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, + 0xc0, 0x07, 0x0a, 0x15, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, + 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, - 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, 0x61, - 0x2e, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x12, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x2e, 0x72, + 0x61, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, + 0x00, 0x12, 0x48, 0x0a, 0x11, 0x50, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, + 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x2e, 0x72, 0x61, 0x2e, 0x50, 0x65, 0x72, 0x66, + 0x6f, 0x72, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, + 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, + 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, + 0x79, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, + 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13, + 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x53, 0x0a, + 0x15, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, + 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, + 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, + 0x22, 0x00, 0x12, 0x47, 0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, + 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x6b, 0x0a, 0x21, 0x41, + 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x12, 0x2c, 0x2e, 0x72, 0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, + 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77, 0x4f, + 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, + 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x2e, 0x72, + 0x61, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, - 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, - 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, - 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x17, 0x44, 0x65, 0x61, 0x63, - 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, - 0x22, 0x00, 0x12, 0x53, 0x0a, 0x15, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, - 0x42, 0x79, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x12, 0x20, 0x2e, 0x72, 0x61, - 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x41, 0x70, 0x70, - 0x6c, 0x69, 0x63, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x47, 0x0a, 0x0f, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x2e, 0x72, 0x61, 0x2e, - 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, - 0x12, 0x6b, 0x0a, 0x21, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, - 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x2e, 0x72, 0x61, 0x2e, 0x41, 0x64, 0x6d, 0x69, 0x6e, - 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x2e, 0x0a, - 0x08, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x72, 0x61, 0x2e, 0x4e, - 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, - 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x38, 0x0a, - 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, - 0x2e, 0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, - 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, 0x6e, 0x65, 0x72, - 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x72, 0x61, 0x2e, 0x47, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, - 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x19, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, - 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, - 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, - 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, - 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, - 0x72, 0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x12, 0x38, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, + 0x72, 0x12, 0x18, 0x2e, 0x72, 0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, + 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0c, 0x47, 0x65, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x17, 0x2e, 0x72, 0x61, 0x2e, + 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x63, 0x61, 0x2e, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e, 0x55, 0x6e, 0x70, 0x61, 0x75, + 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x19, 0x2e, 0x72, 0x61, 0x2e, 0x55, + 0x6e, 0x70, 0x61, 0x75, 0x73, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x72, 0x61, 0x2e, 0x55, 0x6e, 0x70, 0x61, 0x75, 0x73, + 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, + 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x72, 0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -844,7 +898,7 @@ func file_ra_proto_rawDescGZIP() []byte { return file_ra_proto_rawDescData } -var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 11) +var file_ra_proto_msgTypes = make([]protoimpl.MessageInfo, 12) var file_ra_proto_goTypes = []interface{}{ (*GenerateOCSPRequest)(nil), // 0: ra.GenerateOCSPRequest (*UpdateRegistrationRequest)(nil), // 1: ra.UpdateRegistrationRequest @@ -854,49 +908,52 @@ var file_ra_proto_goTypes = []interface{}{ (*RevokeCertByKeyRequest)(nil), // 5: ra.RevokeCertByKeyRequest (*AdministrativelyRevokeCertificateRequest)(nil), // 6: ra.AdministrativelyRevokeCertificateRequest (*NewOrderRequest)(nil), // 7: ra.NewOrderRequest - (*FinalizeOrderRequest)(nil), // 8: ra.FinalizeOrderRequest - (*UnpauseAccountRequest)(nil), // 9: ra.UnpauseAccountRequest - (*UnpauseAccountResponse)(nil), // 10: ra.UnpauseAccountResponse - (*proto.Registration)(nil), // 11: core.Registration - (*proto.Authorization)(nil), // 12: core.Authorization - (*proto.Challenge)(nil), // 13: core.Challenge - (*proto.Order)(nil), // 14: core.Order - (*emptypb.Empty)(nil), // 15: google.protobuf.Empty - (*proto1.OCSPResponse)(nil), // 16: ca.OCSPResponse + (*GetAuthorizationRequest)(nil), // 8: ra.GetAuthorizationRequest + (*FinalizeOrderRequest)(nil), // 9: ra.FinalizeOrderRequest + (*UnpauseAccountRequest)(nil), // 10: ra.UnpauseAccountRequest + (*UnpauseAccountResponse)(nil), // 11: ra.UnpauseAccountResponse + (*proto.Registration)(nil), // 12: core.Registration + (*proto.Authorization)(nil), // 13: core.Authorization + (*proto.Challenge)(nil), // 14: core.Challenge + (*proto.Order)(nil), // 15: core.Order + (*emptypb.Empty)(nil), // 16: google.protobuf.Empty + (*proto1.OCSPResponse)(nil), // 17: ca.OCSPResponse } var file_ra_proto_depIdxs = []int32{ - 11, // 0: ra.UpdateRegistrationRequest.base:type_name -> core.Registration - 11, // 1: ra.UpdateRegistrationRequest.update:type_name -> core.Registration - 12, // 2: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization - 13, // 3: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge - 12, // 4: ra.PerformValidationRequest.authz:type_name -> core.Authorization - 14, // 5: ra.FinalizeOrderRequest.order:type_name -> core.Order - 11, // 6: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration + 12, // 0: ra.UpdateRegistrationRequest.base:type_name -> core.Registration + 12, // 1: ra.UpdateRegistrationRequest.update:type_name -> core.Registration + 13, // 2: ra.UpdateAuthorizationRequest.authz:type_name -> core.Authorization + 14, // 3: ra.UpdateAuthorizationRequest.response:type_name -> core.Challenge + 13, // 4: ra.PerformValidationRequest.authz:type_name -> core.Authorization + 15, // 5: ra.FinalizeOrderRequest.order:type_name -> core.Order + 12, // 6: ra.RegistrationAuthority.NewRegistration:input_type -> core.Registration 1, // 7: ra.RegistrationAuthority.UpdateRegistration:input_type -> ra.UpdateRegistrationRequest 3, // 8: ra.RegistrationAuthority.PerformValidation:input_type -> ra.PerformValidationRequest - 11, // 9: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration - 12, // 10: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization + 12, // 9: ra.RegistrationAuthority.DeactivateRegistration:input_type -> core.Registration + 13, // 10: ra.RegistrationAuthority.DeactivateAuthorization:input_type -> core.Authorization 4, // 11: ra.RegistrationAuthority.RevokeCertByApplicant:input_type -> ra.RevokeCertByApplicantRequest 5, // 12: ra.RegistrationAuthority.RevokeCertByKey:input_type -> ra.RevokeCertByKeyRequest 6, // 13: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:input_type -> ra.AdministrativelyRevokeCertificateRequest 7, // 14: ra.RegistrationAuthority.NewOrder:input_type -> ra.NewOrderRequest - 8, // 15: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest - 0, // 16: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest - 9, // 17: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest - 11, // 18: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration - 11, // 19: ra.RegistrationAuthority.UpdateRegistration:output_type -> core.Registration - 12, // 20: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization - 15, // 21: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty - 15, // 22: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty - 15, // 23: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty - 15, // 24: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty - 15, // 25: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty - 14, // 26: ra.RegistrationAuthority.NewOrder:output_type -> core.Order - 14, // 27: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order - 16, // 28: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse - 10, // 29: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse - 18, // [18:30] is the sub-list for method output_type - 6, // [6:18] is the sub-list for method input_type + 8, // 15: ra.RegistrationAuthority.GetAuthorization:input_type -> ra.GetAuthorizationRequest + 9, // 16: ra.RegistrationAuthority.FinalizeOrder:input_type -> ra.FinalizeOrderRequest + 0, // 17: ra.RegistrationAuthority.GenerateOCSP:input_type -> ra.GenerateOCSPRequest + 10, // 18: ra.RegistrationAuthority.UnpauseAccount:input_type -> ra.UnpauseAccountRequest + 12, // 19: ra.RegistrationAuthority.NewRegistration:output_type -> core.Registration + 12, // 20: ra.RegistrationAuthority.UpdateRegistration:output_type -> core.Registration + 13, // 21: ra.RegistrationAuthority.PerformValidation:output_type -> core.Authorization + 16, // 22: ra.RegistrationAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty + 16, // 23: ra.RegistrationAuthority.DeactivateAuthorization:output_type -> google.protobuf.Empty + 16, // 24: ra.RegistrationAuthority.RevokeCertByApplicant:output_type -> google.protobuf.Empty + 16, // 25: ra.RegistrationAuthority.RevokeCertByKey:output_type -> google.protobuf.Empty + 16, // 26: ra.RegistrationAuthority.AdministrativelyRevokeCertificate:output_type -> google.protobuf.Empty + 15, // 27: ra.RegistrationAuthority.NewOrder:output_type -> core.Order + 13, // 28: ra.RegistrationAuthority.GetAuthorization:output_type -> core.Authorization + 15, // 29: ra.RegistrationAuthority.FinalizeOrder:output_type -> core.Order + 17, // 30: ra.RegistrationAuthority.GenerateOCSP:output_type -> ca.OCSPResponse + 11, // 31: ra.RegistrationAuthority.UnpauseAccount:output_type -> ra.UnpauseAccountResponse + 19, // [19:32] is the sub-list for method output_type + 6, // [6:19] is the sub-list for method input_type 6, // [6:6] is the sub-list for extension type_name 6, // [6:6] is the sub-list for extension extendee 0, // [0:6] is the sub-list for field type_name @@ -1005,7 +1062,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FinalizeOrderRequest); i { + switch v := v.(*GetAuthorizationRequest); i { case 0: return &v.state case 1: @@ -1017,7 +1074,7 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UnpauseAccountRequest); i { + switch v := v.(*FinalizeOrderRequest); i { case 0: return &v.state case 1: @@ -1029,6 +1086,18 @@ func file_ra_proto_init() { } } file_ra_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UnpauseAccountRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_ra_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UnpauseAccountResponse); i { case 0: return &v.state @@ -1047,7 +1116,7 @@ func file_ra_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_ra_proto_rawDesc, NumEnums: 0, - NumMessages: 11, + NumMessages: 12, NumExtensions: 0, NumServices: 1, }, diff --git a/ra/proto/ra.proto b/ra/proto/ra.proto index b440b56fe61..b21dc6cd256 100644 --- a/ra/proto/ra.proto +++ b/ra/proto/ra.proto @@ -17,6 +17,7 @@ service RegistrationAuthority { rpc RevokeCertByKey(RevokeCertByKeyRequest) returns (google.protobuf.Empty) {} rpc AdministrativelyRevokeCertificate(AdministrativelyRevokeCertificateRequest) returns (google.protobuf.Empty) {} rpc NewOrder(NewOrderRequest) returns (core.Order) {} + rpc GetAuthorization(GetAuthorizationRequest) returns (core.Authorization) {} rpc FinalizeOrder(FinalizeOrderRequest) returns (core.Order) {} // Generate an OCSP response based on the DB's current status and reason code. rpc GenerateOCSP(GenerateOCSPRequest) returns (ca.OCSPResponse) {} @@ -80,6 +81,10 @@ message NewOrderRequest { bool isRenewal = 6; } +message GetAuthorizationRequest { + int64 id = 1; +} + message FinalizeOrderRequest { core.Order order = 1; bytes csr = 2; diff --git a/ra/proto/ra_grpc.pb.go b/ra/proto/ra_grpc.pb.go index 88a8ce823db..a5ce32e923a 100644 --- a/ra/proto/ra_grpc.pb.go +++ b/ra/proto/ra_grpc.pb.go @@ -31,6 +31,7 @@ const ( RegistrationAuthority_RevokeCertByKey_FullMethodName = "/ra.RegistrationAuthority/RevokeCertByKey" RegistrationAuthority_AdministrativelyRevokeCertificate_FullMethodName = "/ra.RegistrationAuthority/AdministrativelyRevokeCertificate" RegistrationAuthority_NewOrder_FullMethodName = "/ra.RegistrationAuthority/NewOrder" + RegistrationAuthority_GetAuthorization_FullMethodName = "/ra.RegistrationAuthority/GetAuthorization" RegistrationAuthority_FinalizeOrder_FullMethodName = "/ra.RegistrationAuthority/FinalizeOrder" RegistrationAuthority_GenerateOCSP_FullMethodName = "/ra.RegistrationAuthority/GenerateOCSP" RegistrationAuthority_UnpauseAccount_FullMethodName = "/ra.RegistrationAuthority/UnpauseAccount" @@ -49,6 +50,7 @@ type RegistrationAuthorityClient interface { RevokeCertByKey(ctx context.Context, in *RevokeCertByKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) AdministrativelyRevokeCertificate(ctx context.Context, in *AdministrativelyRevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) NewOrder(ctx context.Context, in *NewOrderRequest, opts ...grpc.CallOption) (*proto.Order, error) + GetAuthorization(ctx context.Context, in *GetAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error) FinalizeOrder(ctx context.Context, in *FinalizeOrderRequest, opts ...grpc.CallOption) (*proto.Order, error) // Generate an OCSP response based on the DB's current status and reason code. GenerateOCSP(ctx context.Context, in *GenerateOCSPRequest, opts ...grpc.CallOption) (*proto1.OCSPResponse, error) @@ -153,6 +155,16 @@ func (c *registrationAuthorityClient) NewOrder(ctx context.Context, in *NewOrder return out, nil } +func (c *registrationAuthorityClient) GetAuthorization(ctx context.Context, in *GetAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(proto.Authorization) + err := c.cc.Invoke(ctx, RegistrationAuthority_GetAuthorization_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *registrationAuthorityClient) FinalizeOrder(ctx context.Context, in *FinalizeOrderRequest, opts ...grpc.CallOption) (*proto.Order, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(proto.Order) @@ -196,6 +208,7 @@ type RegistrationAuthorityServer interface { RevokeCertByKey(context.Context, *RevokeCertByKeyRequest) (*emptypb.Empty, error) AdministrativelyRevokeCertificate(context.Context, *AdministrativelyRevokeCertificateRequest) (*emptypb.Empty, error) NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error) + GetAuthorization(context.Context, *GetAuthorizationRequest) (*proto.Authorization, error) FinalizeOrder(context.Context, *FinalizeOrderRequest) (*proto.Order, error) // Generate an OCSP response based on the DB's current status and reason code. GenerateOCSP(context.Context, *GenerateOCSPRequest) (*proto1.OCSPResponse, error) @@ -234,6 +247,9 @@ func (UnimplementedRegistrationAuthorityServer) AdministrativelyRevokeCertificat func (UnimplementedRegistrationAuthorityServer) NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error) { return nil, status.Errorf(codes.Unimplemented, "method NewOrder not implemented") } +func (UnimplementedRegistrationAuthorityServer) GetAuthorization(context.Context, *GetAuthorizationRequest) (*proto.Authorization, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAuthorization not implemented") +} func (UnimplementedRegistrationAuthorityServer) FinalizeOrder(context.Context, *FinalizeOrderRequest) (*proto.Order, error) { return nil, status.Errorf(codes.Unimplemented, "method FinalizeOrder not implemented") } @@ -418,6 +434,24 @@ func _RegistrationAuthority_NewOrder_Handler(srv interface{}, ctx context.Contex return interceptor(ctx, in, info, handler) } +func _RegistrationAuthority_GetAuthorization_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetAuthorizationRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RegistrationAuthorityServer).GetAuthorization(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: RegistrationAuthority_GetAuthorization_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RegistrationAuthorityServer).GetAuthorization(ctx, req.(*GetAuthorizationRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _RegistrationAuthority_FinalizeOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(FinalizeOrderRequest) if err := dec(in); err != nil { @@ -515,6 +549,10 @@ var RegistrationAuthority_ServiceDesc = grpc.ServiceDesc{ MethodName: "NewOrder", Handler: _RegistrationAuthority_NewOrder_Handler, }, + { + MethodName: "GetAuthorization", + Handler: _RegistrationAuthority_GetAuthorization_Handler, + }, { MethodName: "FinalizeOrder", Handler: _RegistrationAuthority_FinalizeOrder_Handler, diff --git a/ra/ra.go b/ra/ra.go index 534e5fdc993..0f1d8e84365 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -2815,6 +2815,29 @@ func (ra *RegistrationAuthorityImpl) UnpauseAccount(ctx context.Context, request return &rapb.UnpauseAccountResponse{Count: count.Count}, nil } +func (ra *RegistrationAuthorityImpl) GetAuthorization(ctx context.Context, req *rapb.GetAuthorizationRequest) (*corepb.Authorization, error) { + if core.IsAnyNilOrZero(req, req.Id) { + return nil, errIncompleteGRPCRequest + } + + authz, err := ra.SA.GetAuthorization2(ctx, &sapb.AuthorizationID2{Id: req.Id}) + if err != nil { + return nil, fmt.Errorf("getting authz from SA: %w", err) + } + + // Filter out any challenges which are currently disabled, so that the client + // doesn't attempt them. + challs := []*corepb.Challenge{} + for _, chall := range authz.Challenges { + if ra.PA.ChallengeTypeEnabled(core.AcmeChallenge(chall.Type)) { + challs = append(challs, chall) + } + } + + authz.Challenges = challs + return authz, nil +} + func (ra *RegistrationAuthorityImpl) DrainFinalize() { ra.finalizeWG.Wait() } diff --git a/ra/ra_test.go b/ra/ra_test.go index f9d6782db92..e0f00283e71 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -2396,6 +2396,15 @@ func (msa *mockSAWithAuthzs) GetAuthorizations2(ctx context.Context, req *sapb.G return resp, nil } +func (msa *mockSAWithAuthzs) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2, _ ...grpc.CallOption) (*corepb.Authorization, error) { + for _, authz := range msa.authzs { + if authz.ID == fmt.Sprintf("%d", req.Id) { + return bgrpc.AuthzToPB(*authz) + } + } + return nil, berrors.NotFoundError("no such authz") +} + // NewOrderAndAuthzs is a mock which just reflects the incoming request back, // pretending to have created new db rows for the requested newAuthzs. func (msa *mockSAWithAuthzs) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest, _ ...grpc.CallOption) (*corepb.Order, error) { @@ -4585,3 +4594,46 @@ func TestUnpauseAccount(t *testing.T) { test.AssertNotError(t, err, "Should have been able to unpause account") test.AssertEquals(t, res.Count, int64(50001)) } + +func TestGetAuthorization(t *testing.T) { + _, _, ra, _, cleanup := initAuthorities(t) + defer cleanup() + + ra.SA = &mockSAWithAuthzs{ + authzs: map[string]*core.Authorization{ + "example.com": { + ID: "1", + Identifier: identifier.DNSIdentifier("example.com"), + Status: "valid", + Challenges: []core.Challenge{ + { + Type: core.ChallengeTypeHTTP01, + Status: core.StatusValid, + }, + }, + }, + }, + } + + // With HTTP01 enabled, GetAuthorization should pass the mock challenge through. + pa, err := policy.New(map[core.AcmeChallenge]bool{ + core.ChallengeTypeHTTP01: true, + core.ChallengeTypeDNS01: true, + }, blog.NewMock()) + test.AssertNotError(t, err, "Couldn't create PA") + ra.PA = pa + authz, err := ra.GetAuthorization(context.Background(), &rapb.GetAuthorizationRequest{Id: 1}) + test.AssertNotError(t, err, "should not fail") + test.AssertEquals(t, len(authz.Challenges), 1) + test.AssertEquals(t, authz.Challenges[0].Type, string(core.ChallengeTypeHTTP01)) + + // With HTTP01 disabled, GetAuthorization should filter out the mock challenge. + pa, err = policy.New(map[core.AcmeChallenge]bool{ + core.ChallengeTypeDNS01: true, + }, blog.NewMock()) + test.AssertNotError(t, err, "Couldn't create PA") + ra.PA = pa + authz, err = ra.GetAuthorization(context.Background(), &rapb.GetAuthorizationRequest{Id: 1}) + test.AssertNotError(t, err, "should not fail") + test.AssertEquals(t, len(authz.Challenges), 0) +}