Skip to content

Commit

Permalink
ra: remove special case for empty DNSNames (#7795)
Browse files Browse the repository at this point in the history
This case was added to work around a test case that didn't fill it out;
instead, fill DNSNames for that test case.
  • Loading branch information
jsha authored and jprenken committed Nov 12, 2024
1 parent 0c27488 commit ada6bee
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 12 deletions.
13 changes: 4 additions & 9 deletions ra/ra.go
Original file line number Diff line number Diff line change
Expand Up @@ -1336,16 +1336,11 @@ func (ra *RegistrationAuthorityImpl) issueCertificateInner(
return nil, nil, wrapError(err, "getting SCTs")
}

var isRenewal bool
if len(parsedPrecert.DNSNames) > 0 {
// This should never happen under normal operation, but it sometimes
// occurs under test.
exists, err := ra.SA.FQDNSetExists(ctx, &sapb.FQDNSetExistsRequest{DnsNames: parsedPrecert.DNSNames})
if err != nil {
return nil, nil, wrapError(err, "checking if certificate is a renewal")
}
isRenewal = exists.Exists
exists, err := ra.SA.FQDNSetExists(ctx, &sapb.FQDNSetExistsRequest{DnsNames: parsedPrecert.DNSNames})
if err != nil {
return nil, nil, wrapError(err, "checking if certificate is a renewal")
}
isRenewal := exists.Exists

cert, err := ra.CA.IssueCertificateForPrecertificate(ctx, &capb.IssueCertificateForPrecertificateRequest{
DER: precert.DER,
Expand Down
11 changes: 8 additions & 3 deletions ra/ra_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3755,15 +3755,20 @@ type mockCAFailCertForPrecert struct {

// IssuePrecertificate needs to be mocked for mockCAFailCertForPrecert's `IssueCertificateForPrecertificate` to get called.
func (ca *mockCAFailCertForPrecert) IssuePrecertificate(
context.Context,
*capb.IssueCertificateRequest,
...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) {
ctx context.Context,
req *capb.IssueCertificateRequest,
opts ...grpc.CallOption) (*capb.IssuePrecertificateResponse, error) {
k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
}
parsedCSR, err := x509.ParseCertificateRequest(req.Csr)
if err != nil {
return nil, err
}
tmpl := &ctx509.Certificate{
SerialNumber: big.NewInt(1),
DNSNames: parsedCSR.DNSNames,
ExtraExtensions: []ctpkix.Extension{
{
Id: ctx509.OIDExtensionCTPoison,
Expand Down

0 comments on commit ada6bee

Please sign in to comment.