forked from TrueCloudLab/certificates
Polish retry conditions
This commit is contained in:
Wesley Graham
David Cowden
parent
66b2c4b1a4
commit
f9779d0bed
5 changed files with 32 additions and 33 deletions
|
|
@ -183,7 +183,7 @@ func (h *Handler) GetChallenge(w http.ResponseWriter, r *http.Request) {
|
|||
} else if ch.Retry.Active {
|
||||
retryAfter := int(ch.Retry.Backoffs) * (10 - ch.Retry.Called)
|
||||
w.Header().Add("Retry-After", string(retryAfter))
|
||||
api.JSON(w, ch)
|
||||
api.WriteProcessing(w, ch)
|
||||
} else {
|
||||
getLink := h.Auth.GetLink
|
||||
w.Header().Add("Link", link(getLink(acme.AuthzLink, acme.URLSafeProvisionerName(prov), true, ch.GetAuthzID()), "up"))
|
||||
|
|
|
|||
|
|
@ -792,17 +792,19 @@ func TestHandlerGetChallenge(t *testing.T) {
|
|||
assert.Equals(t, ae.Identifier, prob.Identifier)
|
||||
assert.Equals(t, ae.Subproblems, prob.Subproblems)
|
||||
assert.Equals(t, res.Header["Content-Type"], []string{"application/problem+json"})
|
||||
} else if res.StatusCode >= 200 && assert.True(t,res.Header["Retry-After"] == nil){
|
||||
} else if res.StatusCode >= 200 {
|
||||
expB, err := json.Marshal(tc.ch)
|
||||
assert.FatalError(t, err)
|
||||
assert.Equals(t, bytes.TrimSpace(body), expB)
|
||||
assert.Equals(t, res.Header["Link"], []string{fmt.Sprintf("<https://ca.smallstep.com/acme/authz/%s>;rel=\"up\"", tc.ch.AuthzID)})
|
||||
assert.Equals(t, res.Header["Location"], []string{url})
|
||||
assert.Equals(t, res.Header["Content-Type"], []string{"application/json"})
|
||||
} else {
|
||||
} else if res.StatusCode >= 100 {
|
||||
expB, err := json.Marshal(tc.ch)
|
||||
assert.FatalError(t, err)
|
||||
assert.Equals(t, bytes.TrimSpace(body), expB)
|
||||
assert.True(t, res.Header["Retry-After"] != nil)
|
||||
assert.Equals(t, res.Header["Content-Type"], []string{"application/json"})
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -278,7 +278,7 @@ func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID strin
|
|||
dialer := &net.Dialer{
|
||||
Timeout: 30 * time.Second,
|
||||
}
|
||||
for i:=0; i < 10; i++ {
|
||||
for ch.getRetry().Active {
|
||||
ch, err = ch.validate(a.db, jwk, validateOptions{
|
||||
httpGet: client.Get,
|
||||
lookupTxt: net.LookupTXT,
|
||||
|
|
|
|||
|
|
@ -261,11 +261,6 @@ func (bc *baseChallenge) storeError(db nosql.DB, err *Error) error {
|
|||
return clone.save(db, bc)
|
||||
}
|
||||
|
||||
func (bc *baseChallenge) storeRetry(db nosql.DB, retry *Retry) error {
|
||||
clone := bc.clone()
|
||||
return clone.save(db, bc)
|
||||
}
|
||||
|
||||
// unmarshalChallenge unmarshals a challenge type into the correct sub-type.
|
||||
func unmarshalChallenge(data []byte) (challenge, error) {
|
||||
var getType struct {
|
||||
|
|
@ -376,18 +371,7 @@ func (hc *http01Challenge) validate(db nosql.DB, jwk *jose.JSONWebKey, vo valida
|
|||
if keyAuth != expected {
|
||||
rejectedErr := RejectedIdentifierErr(errors.Errorf("keyAuthorization does not match; "+
|
||||
"expected %s, but got %s", expected, keyAuth))
|
||||
upd := hc.clone()
|
||||
upd.Error = rejectedErr.ToACME()
|
||||
upd.Error.Subproblems = append(upd.Error.Subproblems, rejectedErr)
|
||||
upd.Retry.Called ++
|
||||
upd.Retry.Active = true
|
||||
if upd.Retry.Called >= 10 {
|
||||
upd.Status = StatusInvalid
|
||||
upd.Retry.Backoffs *= 2
|
||||
upd.Retry.Active = false
|
||||
upd.Retry.Called = 0
|
||||
}
|
||||
if err = upd.save(db, hc); err != nil {
|
||||
if err = hc.updateRetry(db, rejectedErr); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return hc, err
|
||||
|
|
@ -609,18 +593,7 @@ func (dc *dns01Challenge) validate(db nosql.DB, jwk *jose.JSONWebKey, vo validat
|
|||
if err != nil {
|
||||
dnsErr := DNSErr(errors.Wrapf(err, "error looking up TXT "+
|
||||
"records for domain %s", domain))
|
||||
upd := dc.clone()
|
||||
upd.Error = dnsErr.ToACME()
|
||||
upd.Error.Subproblems = append(upd.Error.Subproblems, dnsErr)
|
||||
upd.Retry.Called ++
|
||||
upd.Retry.Active = true
|
||||
if upd.Retry.Called >= 10 {
|
||||
upd.Status = StatusInvalid
|
||||
upd.Retry.Backoffs *= 2
|
||||
upd.Retry.Active = false
|
||||
upd.Retry.Called = 0
|
||||
}
|
||||
if err = upd.save(db, dc); err != nil {
|
||||
if err = dc.updateRetry(db, dnsErr); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return dc, nil
|
||||
|
|
@ -677,3 +650,22 @@ func getChallenge(db nosql.DB, id string) (challenge, error) {
|
|||
}
|
||||
return ch, nil
|
||||
}
|
||||
|
||||
// updateRetry updates a challenge's retry and error objects upon a failed validation attempt
|
||||
func (bc *baseChallenge) updateRetry(db nosql.DB, error *Error) error {
|
||||
upd := bc.clone()
|
||||
upd.Error = error.ToACME()
|
||||
upd.Error.Subproblems = append(upd.Error.Subproblems, error)
|
||||
upd.Retry.Called ++
|
||||
upd.Retry.Active = true
|
||||
if upd.Retry.Called >= 10 {
|
||||
upd.Status = StatusInvalid
|
||||
upd.Retry.Backoffs *= 2
|
||||
upd.Retry.Active = false
|
||||
upd.Retry.Called = 0
|
||||
}
|
||||
if err := upd.save(db, bc); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,6 +52,11 @@ func JSON(w http.ResponseWriter, v interface{}) {
|
|||
JSONStatus(w, v, http.StatusOK)
|
||||
}
|
||||
|
||||
// JSON writes the passed value into the http.ResponseWriter.
|
||||
func WriteProcessing(w http.ResponseWriter, v interface{}) {
|
||||
JSONStatus(w, v, http.StatusProcessing)
|
||||
}
|
||||
|
||||
// JSONStatus writes the given value into the http.ResponseWriter and the
|
||||
// given status is written as the status code of the response.
|
||||
func JSONStatus(w http.ResponseWriter, v interface{}, status int) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue