Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 47 additions & 55 deletions core/proto/core.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions core/proto/core.proto
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,7 @@ message Registration {

message Authorization {
// Next unused field number: 13
reserved 5, 7, 8;
string id = 1; // TODO(#8722): reserve
reserved 1, 5, 7, 8;
int64 idInt = 12; // TODO(#8722): rename
int64 registrationID = 3;
// Fields specified by RFC 8555, Section 7.1.4
Expand Down
21 changes: 5 additions & 16 deletions grpc/pb-marshalling.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ package grpc
import (
"fmt"
"net/netip"
"strconv"
"time"

"github.com/go-jose/go-jose/v4"
Expand Down Expand Up @@ -292,7 +291,6 @@ func AuthzToPB(authz core.Authorization) (*corepb.Authorization, error) {
}

return &corepb.Authorization{
Id: fmt.Sprintf("%d", authz.ID),
IdInt: authz.ID,
Identifier: authz.Identifier.ToProto(),
RegistrationID: authz.RegistrationID,
Expand All @@ -304,6 +302,10 @@ func AuthzToPB(authz core.Authorization) (*corepb.Authorization, error) {
}

func PBToAuthz(pb *corepb.Authorization) (core.Authorization, error) {
if pb.IdInt == 0 {
return core.Authorization{}, ErrMissingParameters
}

challs := make([]core.Challenge, len(pb.Challenges))
for i, c := range pb.Challenges {
chall, err := PBToChallenge(c)
Expand All @@ -318,21 +320,8 @@ func PBToAuthz(pb *corepb.Authorization) (core.Authorization, error) {
expires = &c
}

// TODO(#8722): remove this series of checks when pb.Id is int64-only
var authzIDInt int64
if pb.IdInt != 0 {
authzIDInt = pb.IdInt
} else if pb.Id != "" {
parsed, err := strconv.ParseInt(pb.Id, 10, 64)
if err != nil {
return core.Authorization{}, ErrInvalidParameters
}
authzIDInt = parsed
} else {
return core.Authorization{}, ErrMissingParameters
}
authz := core.Authorization{
ID: authzIDInt,
ID: pb.IdInt,
Identifier: identifier.FromProto(pb.Identifier),
RegistrationID: pb.RegistrationID,
Status: core.AcmeStatus(pb.Status),
Expand Down
27 changes: 0 additions & 27 deletions grpc/pb-marshalling_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -242,33 +242,6 @@ func TestAuthz(t *testing.T) {
outAuthz2, err := PBToAuthz(pbAuthz2)
test.AssertNotError(t, err, "PBToAuthz failed")
test.AssertDeepEquals(t, inAuthzNilExpires, outAuthz2)

// Manipulate pbAuthz to test Authz marshalling with various ID combinations
// TODO(#8722): clean up these tests when authz IDs are int-only
pbAuthz3 := pbAuthz

pbAuthz3.Id = ""
pbAuthz3.IdInt = 0
_, err = PBToAuthz(pbAuthz3)
test.AssertError(t, err, "PBToAuthz with empty ID and empty IDInt unexpectedly succeeded")

pbAuthz3.Id = "1"
pbAuthz3.IdInt = 0
outAuthz3, err := PBToAuthz(pbAuthz3)
test.AssertNotError(t, err, "PBToAuthz with only string ID failed")
test.AssertDeepEquals(t, inAuthz, outAuthz3)

pbAuthz3.Id = "1"
pbAuthz3.IdInt = 1
outAuthz3, err = PBToAuthz(pbAuthz3)
test.AssertNotError(t, err, "PBToAuthz with both string ID and int IDInt failed")
test.AssertDeepEquals(t, inAuthz, outAuthz3)

pbAuthz3.Id = ""
pbAuthz3.IdInt = 1
outAuthz3, err = PBToAuthz(pbAuthz3)
test.AssertNotError(t, err, "PBToAuthz with only int IDInt failed")
test.AssertDeepEquals(t, inAuthz, outAuthz3)
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a test that sets IdInt = 0 on a PB and asserts PBToAuthz() returns ErrMissingParameters.


func TestOrderValid(t *testing.T) {
Expand Down
24 changes: 4 additions & 20 deletions ra/ra.go
Original file line number Diff line number Diff line change
Expand Up @@ -689,7 +689,6 @@ func (ra *RegistrationAuthorityImpl) recheckCAA(ctx context.Context, authzs []*c
Identifier: authz.Identifier.ToProto(),
ValidationMethod: method,
AccountURIID: authz.RegistrationID,
AuthzID: fmt.Sprintf("%d", authz.ID),
AuthzIDInt: authz.ID,
})
if err != nil {
Expand Down Expand Up @@ -1384,8 +1383,7 @@ func (ra *RegistrationAuthorityImpl) PerformValidation(
// Clock for start of PerformValidation.
vStart := ra.clk.Now()

// TODO(#8722): Re-add req.Authz.Id to this check once int64-only
if core.IsAnyNilOrZero(req.Authz, req.Authz.Identifier, req.Authz.Status, req.Authz.Expires) {
if core.IsAnyNilOrZero(req.Authz, req.Authz.IdInt, req.Authz.Identifier, req.Authz.Status, req.Authz.Expires) {
return nil, errIncompleteGRPCRequest
}

Expand Down Expand Up @@ -1456,14 +1454,13 @@ func (ra *RegistrationAuthorityImpl) PerformValidation(
&vapb.PerformValidationRequest{
Identifier: authz.Identifier.ToProto(),
Challenge: &corepb.Challenge{Type: string(ch.Type), Status: string(ch.Status), Token: ch.Token},
Authz: &vapb.AuthzMeta{Id: fmt.Sprintf("%d", authz.ID), RegID: authz.RegistrationID, IdInt: authz.ID},
Authz: &vapb.AuthzMeta{IdInt: authz.ID, RegID: authz.RegistrationID},
ExpectedKeyAuthorization: expectedKeyAuthorization,
},
&vapb.IsCAAValidRequest{
Identifier: authz.Identifier.ToProto(),
ValidationMethod: string(ch.Type),
AccountURIID: authz.RegistrationID,
AuthzID: fmt.Sprintf("%d", authz.ID),
AuthzIDInt: authz.ID,
},
)
Expand Down Expand Up @@ -1975,23 +1972,10 @@ func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context,
func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, req *corepb.Authorization) (*emptypb.Empty, error) {
ident := identifier.FromProto(req.Identifier)

if core.IsAnyNilOrZero(ident, req.Status, req.RegistrationID) {
if core.IsAnyNilOrZero(ident, req.Status, req.RegistrationID, req.IdInt) {
return nil, errIncompleteGRPCRequest
}
// TODO(#8722): Re-add req.Id to IsAnyNilOrZero check above, and cleanup following blocks when authz ids are int64-only
var authzIDInt int64
if req.IdInt != 0 {
authzIDInt = req.IdInt
} else if req.Id != "" {
parsed, err := strconv.ParseInt(req.Id, 10, 64)
if err != nil {
return nil, fmt.Errorf("malformed gRPC request message field: %w", err)
}
authzIDInt = parsed
} else {
return nil, errIncompleteGRPCRequest
}
if _, err := ra.SA.DeactivateAuthorization2(ctx, &sapb.AuthorizationID2{Id: authzIDInt}); err != nil {
if _, err := ra.SA.DeactivateAuthorization2(ctx, &sapb.AuthorizationID2{Id: req.IdInt}); err != nil {
return nil, err
}
if req.Status == string(core.StatusPending) {
Expand Down
Loading