Skip to content

Commit 56f0ed6

Browse files
jshajsha
authored
wfe: orders link to authz IDs with acccount (#7790)
This means that most traffic will go to the authz URLs with account. After this has been deployed for 30 days (the max lifetime of an order), we can remove support for the old paths. Part of #7683
1 parent 0d70b12 commit 56f0ed6

File tree

3 files changed

+15
-15
lines changed

3 files changed

+15
-15
lines changed

test/integration/otel_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -222,8 +222,8 @@ func TestTraces(t *testing.T) {
222222
httpSpan("/acme/new-acct",
223223
redisPipelineSpan("get", wfe)),
224224
httpSpan("/acme/new-order"),
225-
httpSpan("/acme/authz-v3/"),
226-
httpSpan("/acme/chall-v3/"),
225+
httpSpan("/acme/authz/"),
226+
httpSpan("/acme/chall/"),
227227
httpSpan("/acme/finalize/",
228228
rpcSpan("ra.RegistrationAuthority/FinalizeOrder", wfe, ra,
229229
rpcSpan("ca.CertificateAuthority/IssueCertificateForPrecertificate", ra, ca))),

wfe2/wfe.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2082,7 +2082,7 @@ func (wfe *WebFrontEndImpl) orderToOrderJSON(request *http.Request, order *corep
20822082
respObj.Error.Type = probs.ErrorNS + respObj.Error.Type
20832083
}
20842084
for _, v2ID := range order.V2Authorizations {
2085-
respObj.Authorizations = append(respObj.Authorizations, web.RelativeEndpoint(request, fmt.Sprintf("%s%d", authzPath, v2ID)))
2085+
respObj.Authorizations = append(respObj.Authorizations, web.RelativeEndpoint(request, fmt.Sprintf("%s%d/%d", authzPathWithAcct, order.RegistrationID, v2ID)))
20862086
}
20872087
if respObj.Status == core.StatusValid {
20882088
certURL := web.RelativeEndpoint(request,

wfe2/wfe_test.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2925,7 +2925,7 @@ func TestNewOrder(t *testing.T) {
29252925
{ "type": "dns", "value": "thisreallylongexampledomainisabytelongerthanthemaxcnbytelimit.com"}
29262926
],
29272927
"authorizations": [
2928-
"http://localhost/acme/authz-v3/1"
2928+
"http://localhost/acme/authz/1/1"
29292929
],
29302930
"finalize": "http://localhost/acme/finalize/1/1"
29312931
}`,
@@ -2942,7 +2942,7 @@ func TestNewOrder(t *testing.T) {
29422942
{ "type": "dns", "value": "thisreallylongexampledomainisabytelongerthanthemaxcnbytelimit.com"}
29432943
],
29442944
"authorizations": [
2945-
"http://localhost/acme/authz-v3/1"
2945+
"http://localhost/acme/authz/1/1"
29462946
],
29472947
"finalize": "http://localhost/acme/finalize/1/1"
29482948
}`,
@@ -2959,7 +2959,7 @@ func TestNewOrder(t *testing.T) {
29592959
{ "type": "dns", "value": "www.not-example.com"}
29602960
],
29612961
"authorizations": [
2962-
"http://localhost/acme/authz-v3/1"
2962+
"http://localhost/acme/authz/1/1"
29632963
],
29642964
"finalize": "http://localhost/acme/finalize/1/1"
29652965
}`,
@@ -2976,7 +2976,7 @@ func TestNewOrder(t *testing.T) {
29762976
{ "type": "dns", "value": "www.not-example.com"}
29772977
],
29782978
"authorizations": [
2979-
"http://localhost/acme/authz-v3/1"
2979+
"http://localhost/acme/authz/1/1"
29802980
],
29812981
"finalize": "http://localhost/acme/finalize/1/1"
29822982
}`,
@@ -3116,7 +3116,7 @@ func TestFinalizeOrder(t *testing.T) {
31163116
],
31173117
"profile": "default",
31183118
"authorizations": [
3119-
"http://localhost/acme/authz-v3/1"
3119+
"http://localhost/acme/authz/1/1"
31203120
],
31213121
"finalize": "http://localhost/acme/finalize/1/8"
31223122
}`,
@@ -3285,7 +3285,7 @@ func TestGetOrder(t *testing.T) {
32853285
{
32863286
Name: "Good request",
32873287
Request: makeGet("1/1"),
3288-
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
3288+
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
32893289
},
32903290
{
32913291
Name: "404 request",
@@ -3330,7 +3330,7 @@ func TestGetOrder(t *testing.T) {
33303330
{
33313331
Name: "Valid POST-as-GET",
33323332
Request: makePost(1, "1/1", ""),
3333-
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
3333+
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
33343334
},
33353335
{
33363336
Name: "GET new order",
@@ -3341,17 +3341,17 @@ func TestGetOrder(t *testing.T) {
33413341
{
33423342
Name: "GET new order from old endpoint",
33433343
Request: makeGet("1/9"),
3344-
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
3344+
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
33453345
},
33463346
{
33473347
Name: "POST-as-GET new order",
33483348
Request: makePost(1, "1/9", ""),
3349-
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
3349+
Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
33503350
},
33513351
{
33523352
Name: "POST-as-GET processing order",
33533353
Request: makePost(1, "1/10", ""),
3354-
Response: `{"status": "processing","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/10"}`,
3354+
Response: `{"status": "processing","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/10"}`,
33553355
Headers: map[string]string{"Retry-After": "3"},
33563356
},
33573357
}
@@ -3912,8 +3912,8 @@ func TestOrderToOrderJSONV2Authorizations(t *testing.T) {
39123912
V2Authorizations: []int64{1, 2},
39133913
})
39143914
test.AssertDeepEquals(t, orderJSON.Authorizations, []string{
3915-
"http://localhost/acme/authz-v3/1",
3916-
"http://localhost/acme/authz-v3/2",
3915+
"http://localhost/acme/authz/1/1",
3916+
"http://localhost/acme/authz/1/2",
39173917
})
39183918
}
39193919

0 commit comments

Comments
 (0)