Skip to content

Commit 53f3cb9

Browse files
jshajsha
authored
wfe: rename deprecated paths and handlers (#7837)
Now that the paths with an account (and no `-v3`) are the default, rename the old-style path constants and handlers to reflect that they are deprecated. Part of #7683.
1 parent 01c1488 commit 53f3cb9

File tree

2 files changed

+65
-62
lines changed

2 files changed

+65
-62
lines changed

wfe2/wfe.go

Lines changed: 34 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -56,19 +56,22 @@ const (
5656
newAcctPath = "/acme/new-acct"
5757
acctPath = "/acme/acct/"
5858
// When we moved to authzv2, we used a "-v3" suffix to avoid confusion
59-
// regarding ACMEv2.
60-
authzPath = "/acme/authz-v3/"
61-
authzPathWithAcct = "/acme/authz/"
62-
challengePath = "/acme/chall-v3/"
63-
challengePathWithAcct = "/acme/chall/"
64-
certPath = "/acme/cert/"
65-
revokeCertPath = "/acme/revoke-cert"
66-
buildIDPath = "/build"
67-
rolloverPath = "/acme/key-change"
68-
newNoncePath = "/acme/new-nonce"
69-
newOrderPath = "/acme/new-order"
70-
orderPath = "/acme/order/"
71-
finalizeOrderPath = "/acme/finalize/"
59+
// regarding ACMEv2. More recently we moved back to using plain `/acme/authz/`
60+
// and `/acme/chall/`, so the `-v3` paths are deprecated.
61+
// TODO(#7683): Remove authz-v3 and chall-v3 once the new paths have been
62+
// the default in prod for 30 days.
63+
deprecatedAuthzPath = "/acme/authz-v3/"
64+
authzPathWithAcct = "/acme/authz/"
65+
deprecatedChallengePath = "/acme/chall-v3/"
66+
challengePathWithAcct = "/acme/chall/"
67+
certPath = "/acme/cert/"
68+
revokeCertPath = "/acme/revoke-cert"
69+
buildIDPath = "/build"
70+
rolloverPath = "/acme/key-change"
71+
newNoncePath = "/acme/new-nonce"
72+
newOrderPath = "/acme/new-order"
73+
orderPath = "/acme/order/"
74+
finalizeOrderPath = "/acme/finalize/"
7275

7376
getAPIPrefix = "/get/"
7477
getOrderPath = getAPIPrefix + "order/"
@@ -434,15 +437,15 @@ func (wfe *WebFrontEndImpl) Handler(stats prometheus.Registerer, oTelHTTPOptions
434437
// TODO(@cpu): After November 1st, 2020 support for "GET" to the following
435438
// endpoints will be removed, leaving only POST-as-GET support.
436439
wfe.HandleFunc(m, orderPath, wfe.GetOrder, "GET", "POST")
437-
wfe.HandleFunc(m, authzPath, wfe.AuthorizationHandler, "GET", "POST")
438-
wfe.HandleFunc(m, authzPathWithAcct, wfe.AuthorizationHandlerWithAccount, "GET", "POST")
439-
wfe.HandleFunc(m, challengePath, wfe.ChallengeHandler, "GET", "POST")
440-
wfe.HandleFunc(m, challengePathWithAcct, wfe.ChallengeHandlerWithAccount, "GET", "POST")
440+
wfe.HandleFunc(m, deprecatedAuthzPath, wfe.DeprecatedAuthorizationHandler, "GET", "POST")
441+
wfe.HandleFunc(m, authzPathWithAcct, wfe.AuthorizationHandler, "GET", "POST")
442+
wfe.HandleFunc(m, deprecatedChallengePath, wfe.DeprecatedChallengeHandler, "GET", "POST")
443+
wfe.HandleFunc(m, challengePathWithAcct, wfe.ChallengeHandler, "GET", "POST")
441444
wfe.HandleFunc(m, certPath, wfe.Certificate, "GET", "POST")
442445
// Boulder-specific GET-able resource endpoints
443446
wfe.HandleFunc(m, getOrderPath, wfe.GetOrder, "GET")
444-
wfe.HandleFunc(m, getAuthzPath, wfe.AuthorizationHandler, "GET")
445-
wfe.HandleFunc(m, getChallengePath, wfe.ChallengeHandler, "GET")
447+
wfe.HandleFunc(m, getAuthzPath, wfe.DeprecatedAuthorizationHandler, "GET")
448+
wfe.HandleFunc(m, getChallengePath, wfe.DeprecatedChallengeHandler, "GET")
446449
wfe.HandleFunc(m, getCertPath, wfe.Certificate, "GET")
447450

448451
// Endpoint for draft-ietf-acme-ari
@@ -1087,9 +1090,9 @@ func (wfe *WebFrontEndImpl) RevokeCertificate(
10871090
response.WriteHeader(http.StatusOK)
10881091
}
10891092

1090-
// ChallengeHandler handles POST requests to challenge URLs of the form /acme/chall-v3/<authorizationID>/<challengeID>.
1093+
// DeprecatedChallengeHandler handles POST requests to challenge URLs of the form /acme/chall-v3/<authorizationID>/<challengeID>.
10911094
// Such requests are clients' responses to the server's challenges.
1092-
func (wfe *WebFrontEndImpl) ChallengeHandler(
1095+
func (wfe *WebFrontEndImpl) DeprecatedChallengeHandler(
10931096
ctx context.Context,
10941097
logEvent *web.RequestEvent,
10951098
response http.ResponseWriter,
@@ -1100,11 +1103,11 @@ func (wfe *WebFrontEndImpl) ChallengeHandler(
11001103
return
11011104
}
11021105

1103-
wfe.Challenge(ctx, logEvent, challengePath, response, request, slug[0], slug[1])
1106+
wfe.Challenge(ctx, logEvent, deprecatedChallengePath, response, request, slug[0], slug[1])
11041107
}
11051108

1106-
// ChallengeHandlerWithAccount handles POST requests to challenge URLs of the form /acme/chall/{regID}/{authzID}/{challID}.
1107-
func (wfe *WebFrontEndImpl) ChallengeHandlerWithAccount(
1109+
// ChallengeHandler handles POST requests to challenge URLs of the form /acme/chall/{regID}/{authzID}/{challID}.
1110+
func (wfe *WebFrontEndImpl) ChallengeHandler(
11081111
ctx context.Context,
11091112
logEvent *web.RequestEvent,
11101113
response http.ResponseWriter,
@@ -1216,7 +1219,7 @@ func (wfe *WebFrontEndImpl) prepChallengeForDisplay(
12161219
challenge *core.Challenge,
12171220
) {
12181221
// Update the challenge URL to be relative to the HTTP request Host
1219-
challenge.URL = web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", challengePath, authz.ID, challenge.StringID()))
1222+
challenge.URL = web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", deprecatedChallengePath, authz.ID, challenge.StringID()))
12201223
if handlerPath == challengePathWithAcct || handlerPath == authzPathWithAcct {
12211224
challenge.URL = web.RelativeEndpoint(request, fmt.Sprintf("%s%d/%s/%s", challengePathWithAcct, authz.RegistrationID, authz.ID, challenge.StringID()))
12221225
}
@@ -1556,17 +1559,17 @@ func (wfe *WebFrontEndImpl) deactivateAuthorization(
15561559
return true
15571560
}
15581561

1559-
// AuthorizationHandler handles requests to authorization URLs of the form /acme/authz/{authzID}.
1560-
func (wfe *WebFrontEndImpl) AuthorizationHandler(
1562+
// DeprecatedAuthorizationHandler handles requests to authorization URLs of the form /acme/authz/{authzID}.
1563+
func (wfe *WebFrontEndImpl) DeprecatedAuthorizationHandler(
15611564
ctx context.Context,
15621565
logEvent *web.RequestEvent,
15631566
response http.ResponseWriter,
15641567
request *http.Request) {
1565-
wfe.Authorization(ctx, authzPath, logEvent, response, request, request.URL.Path)
1568+
wfe.Authorization(ctx, deprecatedAuthzPath, logEvent, response, request, request.URL.Path)
15661569
}
15671570

1568-
// AuthorizationHandlerWithAccount handles requests to authorization URLs of the form /acme/authz/{regID}/{authzID}.
1569-
func (wfe *WebFrontEndImpl) AuthorizationHandlerWithAccount(
1571+
// AuthorizationHandler handles requests to authorization URLs of the form /acme/authz/{regID}/{authzID}.
1572+
func (wfe *WebFrontEndImpl) AuthorizationHandler(
15701573
ctx context.Context,
15711574
logEvent *web.RequestEvent,
15721575
response http.ResponseWriter,
@@ -2796,5 +2799,5 @@ func urlForAuthz(handlerPath string, authz core.Authorization, request *http.Req
27962799
return web.RelativeEndpoint(request, fmt.Sprintf("%s%d/%s", authzPathWithAcct, authz.RegistrationID, authz.ID))
27972800
}
27982801

2799-
return web.RelativeEndpoint(request, authzPath+authz.ID)
2802+
return web.RelativeEndpoint(request, deprecatedAuthzPath+authz.ID)
28002803
}

0 commit comments

Comments
 (0)