"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "cmd/ocsp-updater/main.go" between
boulder-release-2020-06-23.tar.gz and boulder-release-2020-06-29.tar.gz

About: Boulder is an ACME-based Certificate Authority (CA) used by Let’s Encrypt (written in Go).

main.go  (boulder-release-2020-06-23):main.go  (boulder-release-2020-06-29)
skipping to change at line 58 skipping to change at line 58
tickWindow time.Duration tickWindow time.Duration
batchSize int batchSize int
tickHistogram *prometheus.HistogramVec tickHistogram *prometheus.HistogramVec
maxBackoff time.Duration maxBackoff time.Duration
backoffFactor float64 backoffFactor float64
tickFailures int tickFailures int
// Used to calculate how far back stale OCSP responses should be looked f or // Used to calculate how far back stale OCSP responses should be looked f or
ocspMinTimeToExpiry time.Duration ocspMinTimeToExpiry time.Duration
// Used to calculate how far back in time the findStaleOCSPResponse will
look
ocspStaleMaxAge time.Duration
// Maximum number of individual OCSP updates to attempt in parallel. Maki ng // Maximum number of individual OCSP updates to attempt in parallel. Maki ng
// these requests in parallel allows us to get higher total throughput. // these requests in parallel allows us to get higher total throughput.
parallelGenerateOCSPRequests int parallelGenerateOCSPRequests int
purgerService akamaipb.AkamaiPurgerClient purgerService akamaipb.AkamaiPurgerClient
// issuer is used to generate OCSP request URLs to purge // issuer is used to generate OCSP request URLs to purge
issuer *x509.Certificate issuer *x509.Certificate
genStoreHistogram prometheus.Histogram genStoreHistogram prometheus.Histogram
generatedCounter *prometheus.CounterVec generatedCounter *prometheus.CounterVec
skipping to change at line 90 skipping to change at line 88
config OCSPUpdaterConfig, config OCSPUpdaterConfig,
issuerPath string, issuerPath string,
log blog.Logger, log blog.Logger,
) (*OCSPUpdater, error) { ) (*OCSPUpdater, error) {
if config.OldOCSPBatchSize == 0 { if config.OldOCSPBatchSize == 0 {
return nil, fmt.Errorf("Loop batch sizes must be non-zero") return nil, fmt.Errorf("Loop batch sizes must be non-zero")
} }
if config.OldOCSPWindow.Duration == 0 { if config.OldOCSPWindow.Duration == 0 {
return nil, fmt.Errorf("Loop window sizes must be non-zero") return nil, fmt.Errorf("Loop window sizes must be non-zero")
} }
if config.OCSPStaleMaxAge.Duration == 0 {
// Default to 30 days
config.OCSPStaleMaxAge = cmd.ConfigDuration{Duration: time.Hour *
24 * 30}
}
if config.ParallelGenerateOCSPRequests == 0 { if config.ParallelGenerateOCSPRequests == 0 {
// Default to 1 // Default to 1
config.ParallelGenerateOCSPRequests = 1 config.ParallelGenerateOCSPRequests = 1
} }
genStoreHistogram := prometheus.NewHistogram(prometheus.HistogramOpts{ genStoreHistogram := prometheus.NewHistogram(prometheus.HistogramOpts{
Name: "ocsp_updater_generate_and_store", Name: "ocsp_updater_generate_and_store",
Help: "A histogram of latencies of OCSP generation and storage la tencies", Help: "A histogram of latencies of OCSP generation and storage la tencies",
}) })
stats.MustRegister(genStoreHistogram) stats.MustRegister(genStoreHistogram)
skipping to change at line 127 skipping to change at line 121
}, []string{"result", "long"}) }, []string{"result", "long"})
stats.MustRegister(tickHistogram) stats.MustRegister(tickHistogram)
updater := OCSPUpdater{ updater := OCSPUpdater{
clk: clk, clk: clk,
dbMap: dbMap, dbMap: dbMap,
ogc: ogc, ogc: ogc,
log: log, log: log,
sac: sac, sac: sac,
ocspMinTimeToExpiry: config.OCSPMinTimeToExpiry.Duration , ocspMinTimeToExpiry: config.OCSPMinTimeToExpiry.Duration ,
ocspStaleMaxAge: config.OCSPStaleMaxAge.Duration,
parallelGenerateOCSPRequests: config.ParallelGenerateOCSPRequests , parallelGenerateOCSPRequests: config.ParallelGenerateOCSPRequests ,
purgerService: apc, purgerService: apc,
genStoreHistogram: genStoreHistogram, genStoreHistogram: genStoreHistogram,
generatedCounter: generatedCounter, generatedCounter: generatedCounter,
storedCounter: storedCounter, storedCounter: storedCounter,
tickHistogram: tickHistogram, tickHistogram: tickHistogram,
tickWindow: config.OldOCSPWindow.Duration, tickWindow: config.OldOCSPWindow.Duration,
batchSize: config.OldOCSPBatchSize, batchSize: config.OldOCSPBatchSize,
maxBackoff: config.SignFailureBackoffMax.Durati on, maxBackoff: config.SignFailureBackoffMax.Durati on,
backoffFactor: config.SignFailureBackoffFactor, backoffFactor: config.SignFailureBackoffFactor,
skipping to change at line 153 skipping to change at line 146
return nil, err return nil, err
} }
updater.issuer = issuer updater.issuer = issuer
} }
return &updater, nil return &updater, nil
} }
func (updater *OCSPUpdater) findStaleOCSPResponses(oldestLastUpdatedTime time.Ti me, batchSize int) ([]core.CertificateStatus, error) { func (updater *OCSPUpdater) findStaleOCSPResponses(oldestLastUpdatedTime time.Ti me, batchSize int) ([]core.CertificateStatus, error) {
var statuses []core.CertificateStatus var statuses []core.CertificateStatus
now := updater.clk.Now()
maxAgeCutoff := now.Add(-updater.ocspStaleMaxAge)
certStatusFields := "cs.serial, cs.status, cs.revokedDate, cs.notAfter, c s.revokedReason" certStatusFields := "cs.serial, cs.status, cs.revokedDate, cs.notAfter, c s.revokedReason"
if features.Enabled(features.StoreIssuerInfo) { if features.Enabled(features.StoreIssuerInfo) {
certStatusFields += ", cs.issuerID" certStatusFields += ", cs.issuerID"
} }
_, err := updater.dbMap.Select( _, err := updater.dbMap.Select(
&statuses, &statuses,
fmt.Sprintf(`SELECT fmt.Sprintf(`SELECT
%s %s
FROM certificateStatus AS cs FROM certificateStatus AS cs
WHERE cs.ocspLastUpdated > :maxAge WHERE cs.ocspLastUpdated < :lastUpdate
AND cs.ocspLastUpdated < :lastUpdate
AND NOT cs.isExpired AND NOT cs.isExpired
ORDER BY cs.ocspLastUpdated ASC ORDER BY cs.ocspLastUpdated ASC
LIMIT :limit`, certStatusFields), LIMIT :limit`, certStatusFields),
map[string]interface{}{ map[string]interface{}{
"lastUpdate": oldestLastUpdatedTime, "lastUpdate": oldestLastUpdatedTime,
"maxAge": maxAgeCutoff,
"limit": batchSize, "limit": batchSize,
}, },
) )
if db.IsNoRows(err) { if db.IsNoRows(err) {
return statuses, nil return statuses, nil
} }
return statuses, err return statuses, err
} }
func getCertDER(selector ocspDB, serial string) ([]byte, error) { func getCertDER(selector ocspDB, serial string) ([]byte, error) {
skipping to change at line 350 skipping to change at line 339
// OCSPUpdaterConfig provides the various window tick times and batch sizes need ed // OCSPUpdaterConfig provides the various window tick times and batch sizes need ed
// for the OCSP (and SCT) updater // for the OCSP (and SCT) updater
type OCSPUpdaterConfig struct { type OCSPUpdaterConfig struct {
cmd.ServiceConfig cmd.ServiceConfig
cmd.DBConfig cmd.DBConfig
OldOCSPWindow cmd.ConfigDuration OldOCSPWindow cmd.ConfigDuration
OldOCSPBatchSize int OldOCSPBatchSize int
OCSPMinTimeToExpiry cmd.ConfigDuration OCSPMinTimeToExpiry cmd.ConfigDuration
OCSPStaleMaxAge cmd.ConfigDuration
ParallelGenerateOCSPRequests int ParallelGenerateOCSPRequests int
AkamaiBaseURL string AkamaiBaseURL string
AkamaiClientToken string AkamaiClientToken string
AkamaiClientSecret string AkamaiClientSecret string
AkamaiAccessToken string AkamaiAccessToken string
AkamaiV3Network string AkamaiV3Network string
AkamaiPurgeRetries int AkamaiPurgeRetries int
AkamaiPurgeRetryBackoff cmd.ConfigDuration AkamaiPurgeRetryBackoff cmd.ConfigDuration
 End of changes. 7 change blocks. 
15 lines changed or deleted 1 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)