Merge remote-tracking branch 'origin/main' into mpic-backport-4

letsencrypt · Nov 20, 2024 · 76c1c1b · 76c1c1b
2 parents ce14a93 + c263258
commit 76c1c1b
Show file tree

Hide file tree

Showing 29 changed files with 1,129 additions and 1,828 deletions.
diff --git a/canceled/canceled.go b/canceled/canceled.go
diff --git a/canceled/canceled_test.go b/canceled/canceled_test.go
diff --git a/cmd/contact-auditor/main_test.go b/cmd/contact-auditor/main_test.go
@@ -3,7 +3,6 @@ package notmain
 import (
 	"context"
 	"fmt"
-	"net"
 	"os"
 	"strings"
 	"testing"
@@ -133,37 +132,31 @@ func (tc testCtx) addRegistrations(t *testing.T) {
   "e":"AQAB"
 }`)
 
-	initialIP, err := net.ParseIP("127.0.0.1").MarshalText()
-	test.AssertNotError(t, err, "Couldn't create initialIP")
-
 	regA = &corepb.Registration{
-		Id:        1,
-		Contact:   []string{emailA},
-		Key:       jsonKeyA,
-		InitialIP: initialIP,
+		Id:      1,
+		Contact: []string{emailA},
+		Key:     jsonKeyA,
 	}
 	regB = &corepb.Registration{
-		Id:        2,
-		Contact:   []string{emailB},
-		Key:       jsonKeyB,
-		InitialIP: initialIP,
+		Id:      2,
+		Contact: []string{emailB},
+		Key:     jsonKeyB,
 	}
 	regC = &corepb.Registration{
-		Id:        3,
-		Contact:   []string{emailC},
-		Key:       jsonKeyC,
-		InitialIP: initialIP,
+		Id:      3,
+		Contact: []string{emailC},
+		Key:     jsonKeyC,
 	}
 	// Reg D has a `tel:` contact ACME URL
 	regD = &corepb.Registration{
-		Id:        4,
-		Contact:   []string{tel},
-		Key:       jsonKeyD,
-		InitialIP: initialIP,
+		Id:      4,
+		Contact: []string{tel},
+		Key:     jsonKeyD,
 	}
 
 	// Add the four test registrations
 	ctx := context.Background()
+	var err error
 	regA, err = tc.ssa.NewRegistration(ctx, regA)
 	test.AssertNotError(t, err, "Couldn't store regA")
 	regB, err = tc.ssa.NewRegistration(ctx, regB)

diff --git a/cmd/expiration-mailer/main_test.go b/cmd/expiration-mailer/main_test.go
@@ -9,7 +9,6 @@ import (
 	"errors"
 	"fmt"
 	"math/big"
-	"net"
 	"strings"
 	"testing"
 	"text/template"
@@ -462,20 +461,10 @@ func TestFindExpiringCertificates(t *testing.T) {
 }
 
 func makeRegistration(sac sapb.StorageAuthorityClient, id int64, jsonKey []byte, contacts []string) (*corepb.Registration, error) {
-	var ip [4]byte
-	_, err := rand.Reader.Read(ip[:])
-	if err != nil {
-		return nil, err
-	}
-	ipText, err := net.IP(ip[:]).MarshalText()
-	if err != nil {
-		return nil, fmt.Errorf("formatting IP address: %s", err)
-	}
 	reg, err := sac.NewRegistration(context.Background(), &corepb.Registration{
-		Id:        id,
-		Contact:   contacts,
-		Key:       jsonKey,
-		InitialIP: ipText,
+		Id:      id,
+		Contact: contacts,
+		Key:     jsonKey,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("storing registration: %s", err)

diff --git a/cmd/id-exporter/main_test.go b/cmd/id-exporter/main_test.go
@@ -9,7 +9,6 @@ import (
 	"encoding/base64"
 	"fmt"
 	"math/big"
-	"net"
 	"os"
 	"testing"
 	"time"
@@ -276,38 +275,32 @@ func (tc testCtx) addRegistrations(t *testing.T) {
   "e":"AQAB"
 }`)
 
-	initialIP, err := net.ParseIP("127.0.0.1").MarshalText()
-	test.AssertNotError(t, err, "Couldn't create initialIP")
-
 	// Regs A through C have `mailto:` contact ACME URL's
 	regA = &corepb.Registration{
-		Id:        1,
-		Contact:   []string{emailA},
-		Key:       jsonKeyA,
-		InitialIP: initialIP,
+		Id:      1,
+		Contact: []string{emailA},
+		Key:     jsonKeyA,
 	}
 	regB = &corepb.Registration{
-		Id:        2,
-		Contact:   []string{emailB},
-		Key:       jsonKeyB,
-		InitialIP: initialIP,
+		Id:      2,
+		Contact: []string{emailB},
+		Key:     jsonKeyB,
 	}
 	regC = &corepb.Registration{
-		Id:        3,
-		Contact:   []string{emailC},
-		Key:       jsonKeyC,
-		InitialIP: initialIP,
+		Id:      3,
+		Contact: []string{emailC},
+		Key:     jsonKeyC,
 	}
 	// Reg D has a `tel:` contact ACME URL
 	regD = &corepb.Registration{
-		Id:        4,
-		Contact:   []string{tel},
-		Key:       jsonKeyD,
-		InitialIP: initialIP,
+		Id:      4,
+		Contact: []string{tel},
+		Key:     jsonKeyD,
 	}
 
 	// Add the four test registrations
 	ctx := context.Background()
+	var err error
 	regA, err = tc.ssa.NewRegistration(ctx, regA)
 	test.AssertNotError(t, err, "Couldn't store regA")
 	regB, err = tc.ssa.NewRegistration(ctx, regB)

diff --git a/core/objects.go b/core/objects.go
@@ -109,9 +109,6 @@ type Registration struct {
 	// Agreement with terms of service
 	Agreement string `json:"agreement,omitempty"`
 
-	// InitialIP is the IP address from which the registration was created
-	InitialIP net.IP `json:"initialIp"`
-
 	// CreatedAt is the time the registration was created.
 	CreatedAt *time.Time `json:"createdAt,omitempty"`
 

diff --git a/core/util.go b/core/util.go
@@ -1,6 +1,7 @@
 package core
 
 import (
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/rand"
@@ -27,9 +28,12 @@ import (
 	"unicode"
 
 	"github.com/go-jose/go-jose/v4"
-	"github.com/letsencrypt/boulder/identifier"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/letsencrypt/boulder/identifier"
 )
 
 const Unspecified = "Unspecified"
@@ -395,6 +399,14 @@ func IsASCII(str string) bool {
 	return true
 }
 
+// IsCanceled returns true if err is non-nil and is either context.Canceled, or
+// has a grpc code of Canceled. This is useful because cancellations propagate
+// through gRPC boundaries, and if we choose to treat in-process cancellations a
+// certain way, we usually want to treat cross-process cancellations the same way.
+func IsCanceled(err error) bool {
+	return errors.Is(err, context.Canceled) || status.Code(err) == codes.Canceled
+}
+
 func Command() string {
 	return path.Base(os.Args[0])
 }
diff --git a/core/util_test.go b/core/util_test.go
@@ -2,7 +2,9 @@ package core
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"math"
 	"math/big"
@@ -13,6 +15,8 @@ import (
 	"time"
 
 	"github.com/go-jose/go-jose/v4"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -362,3 +366,15 @@ func TestHashNames(t *testing.T) {
 	h2 = HashNames([]string{"a"})
 	test.AssertByteEquals(t, h1, h2)
 }
+
+func TestIsCanceled(t *testing.T) {
+	if !IsCanceled(context.Canceled) {
+		t.Errorf("Expected context.Canceled to be canceled, but wasn't.")
+	}
+	if !IsCanceled(status.Errorf(codes.Canceled, "hi")) {
+		t.Errorf("Expected gRPC cancellation to be canceled, but wasn't.")
+	}
+	if IsCanceled(errors.New("hi")) {
+		t.Errorf("Expected random error to not be canceled, but was.")
+	}
+}
diff --git a/db/map_test.go b/db/map_test.go
@@ -122,7 +122,7 @@ func TestTableFromQuery(t *testing.T) {
 		expectedTable string
 	}{
 		{
-			query:         "SELECT id, jwk, jwk_sha256, contact, agreement, initialIP, createdAt, LockCol, status FROM registrations WHERE jwk_sha256 = ?",
+			query:         "SELECT id, jwk, jwk_sha256, contact, agreement, createdAt, LockCol, status FROM registrations WHERE jwk_sha256 = ?",
 			expectedTable: "registrations",
 		},
 		{
@@ -134,15 +134,15 @@ func TestTableFromQuery(t *testing.T) {
 			expectedTable: "authz2",
 		},
 		{
-			query:         "insert into `registrations` (`id`,`jwk`,`jw      k_sha256`,`contact`,`agreement`,`initialIp`,`createdAt`,`LockCol`,`status`) values (null,?,?,?,?,?,?,?,?);",
+			query:         "insert into `registrations` (`id`,`jwk`,`jw      k_sha256`,`contact`,`agreement`,`createdAt`,`LockCol`,`status`) values (null,?,?,?,?,?,?,?,?);",
 			expectedTable: "`registrations`",
 		},
 		{
-			query:         "update `registrations` set `jwk`=?, `jwk_sh      a256`=?, `contact`=?, `agreement`=?, `initialIp`=?, `createdAt`=?, `LockCol`      =?, `status`=? where `id`=? and `LockCol`=?;",
+			query:         "update `registrations` set `jwk`=?, `jwk_sh      a256`=?, `contact`=?, `agreement`=?, `createdAt`=?, `LockCol`      =?, `status`=? where `id`=? and `LockCol`=?;",
 			expectedTable: "`registrations`",
 		},
 		{
-			query:         "SELECT COUNT(*) FROM registrations WHERE initialIP = ? AND ? < createdAt AND createdAt <= ?",
+			query:         "SELECT COUNT(*) FROM registrations WHERE ? < createdAt AND createdAt <= ?",
 			expectedTable: "registrations",
 		},
 		{

diff --git a/grpc/pb-marshalling.go b/grpc/pb-marshalling.go
@@ -224,10 +224,6 @@ func RegistrationToPB(reg core.Registration) (*corepb.Registration, error) {
 	if err != nil {
 		return nil, err
 	}
-	ipBytes, err := reg.InitialIP.MarshalText()
-	if err != nil {
-		return nil, err
-	}
 	var contacts []string
 	// Since the default value of corepb.Registration.Contact is a slice
 	// we need a indicator as to if the value is actually important on
@@ -250,7 +246,6 @@ func RegistrationToPB(reg core.Registration) (*corepb.Registration, error) {
 		Contact:         contacts,
 		ContactsPresent: contactsPresent,
 		Agreement:       reg.Agreement,
-		InitialIP:       ipBytes,
 		CreatedAt:       createdAt,
 		Status:          string(reg.Status),
 	}, nil
@@ -262,11 +257,6 @@ func PbToRegistration(pb *corepb.Registration) (core.Registration, error) {
 	if err != nil {
 		return core.Registration{}, err
 	}
-	var initialIP net.IP
-	err = initialIP.UnmarshalText(pb.InitialIP)
-	if err != nil {
-		return core.Registration{}, err
-	}
 	var createdAt *time.Time
 	if !core.IsAnyNilOrZero(pb.CreatedAt) {
 		c := pb.CreatedAt.AsTime()
@@ -291,7 +281,6 @@ func PbToRegistration(pb *corepb.Registration) (core.Registration, error) {
 		Key:       &key,
 		Contact:   contacts,
 		Agreement: pb.Agreement,
-		InitialIP: initialIP,
 		CreatedAt: createdAt,
 		Status:    core.AcmeStatus(pb.Status),
 	}, nil

diff --git a/grpc/pb-marshalling_test.go b/grpc/pb-marshalling_test.go
@@ -183,7 +183,6 @@ func TestRegistration(t *testing.T) {
 		Key:       &key,
 		Contact:   &contacts,
 		Agreement: "yup",
-		InitialIP: net.ParseIP("1.1.1.1"),
 		CreatedAt: &createdAt,
 		Status:    core.StatusValid,
 	}
@@ -214,7 +213,6 @@ func TestRegistration(t *testing.T) {
 		Key:       &key,
 		Contact:   &contacts,
 		Agreement: "yup",
-		InitialIP: net.ParseIP("1.1.1.1"),
 		CreatedAt: nil,
 		Status:    core.StatusValid,
 	}

diff --git a/mocks/sa.go b/mocks/sa.go
@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"errors"
 	"math/rand/v2"
-	"net"
 	"os"
 	"time"
 
@@ -113,7 +112,6 @@ func (sa *StorageAuthorityReadOnly) GetRegistration(_ context.Context, req *sapb
 		return goodReg, nil
 	}
 
-	goodReg.InitialIP, _ = net.ParseIP("5.6.7.8").MarshalText()
 	goodReg.CreatedAt = timestamppb.New(time.Date(2003, 9, 27, 0, 0, 0, 0, time.UTC))
 	return goodReg, nil
 }
@@ -323,16 +321,6 @@ func (sa *StorageAuthorityReadOnly) CountCertificatesByNames(_ context.Context,
 	return &sapb.CountByNames{}, nil
 }
 
-// CountRegistrationsByIP is a mock
-func (sa *StorageAuthorityReadOnly) CountRegistrationsByIP(_ context.Context, _ *sapb.CountRegistrationsByIPRequest, _ ...grpc.CallOption) (*sapb.Count, error) {
-	return &sapb.Count{}, nil
-}
-
-// CountRegistrationsByIPRange is a mock
-func (sa *StorageAuthorityReadOnly) CountRegistrationsByIPRange(_ context.Context, _ *sapb.CountRegistrationsByIPRequest, _ ...grpc.CallOption) (*sapb.Count, error) {
-	return &sapb.Count{}, nil
-}
-
 // CountOrders is a mock
 func (sa *StorageAuthorityReadOnly) CountOrders(_ context.Context, _ *sapb.CountOrdersRequest, _ ...grpc.CallOption) (*sapb.Count, error) {
 	return &sapb.Count{}, nil