Update NewOrderAndAuthzs

Author: aarongable

sa/model.go

@@ -25,6 +25,7 @@ import (
 	corepb "github.com/letsencrypt/boulder/core/proto"
 	"github.com/letsencrypt/boulder/db"
 	berrors "github.com/letsencrypt/boulder/errors"
+	"github.com/letsencrypt/boulder/features"
 	"github.com/letsencrypt/boulder/grpc"
 	"github.com/letsencrypt/boulder/identifier"
 	"github.com/letsencrypt/boulder/probs"
@@ -1258,24 +1259,47 @@ type authzValidity struct {
 
 // getAuthorizationStatuses takes a sequence of authz IDs, and returns the
 // status and expiration date of each of them.
-func getAuthorizationStatuses(ctx context.Context, s db.Selector, ids []int64) ([]authzValidity, error) {
-	var params []interface{}
+func getAuthorizationStatuses(ctx context.Context, s db.Selector, now time.Time, ids []int64) ([]authzValidity, error) {
+	var oldIDs, newIDs []interface{}
 	for _, id := range ids {
-		params = append(params, id)
+		if features.Get().ReadNewOrderSchema && looksLikeRandomID(id, now) {
+			newIDs = append(newIDs, id)
+		} else {
+			oldIDs = append(oldIDs, id)
+		}
 	}
-	var validities []authzValidity
-	_, err := s.Select(
-		ctx,
-		&validities,
-		fmt.Sprintf("SELECT identifierType, identifierValue, status, expires FROM authz2 WHERE id IN (%s)",
-			db.QuestionMarks(len(ids))),
-		params...,
-	)
-	if err != nil {
-		return nil, err
+
+	var oldValidities []authzValidity
+	if len(oldIDs) > 0 {
+		_, err := s.Select(
+			ctx,
+			&oldValidities,
+			fmt.Sprintf(
+				"SELECT identifierType, identifierValue, status, expires FROM authz2 WHERE id IN (%s)",
+				db.QuestionMarks(len(ids))),
+			oldIDs...,
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var newValidities []authzValidity
+	if len(newIDs) > 0 {
+		_, err := s.Select(
+			ctx,
+			&newValidities,
+			fmt.Sprintf(
+				"SELECT identifierType, identifierValue, status, expires FROM authorizations WHERE id IN (%s)",
+				db.QuestionMarks(len(ids))),
+			newIDs...,
+		)
+		if err != nil {
+			return nil, err
+		}
 	}
 
-	return validities, nil
+	return append(oldValidities, newValidities...), nil
 }
 
 // authzForOrder retrieves the authorization IDs for an order.

sa/sa.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/x509"
 	"database/sql"
+	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -576,7 +577,7 @@ func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, re
 }
 
 // NewOrderAndAuthzs adds the given authorizations to the database, adds their
-// autogenerated IDs to the given order, and then adds the order to the db.
+// IDs to the given order, and then adds the order to the db.
 // This is done inside a single transaction to prevent situations where new
 // authorizations are created, but then their corresponding order is never
 // created, leading to "invisible" pending authorizations.
@@ -597,7 +598,45 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 	output, err := db.WithTransaction(ctx, ssa.dbMap, func(tx db.Executor) (interface{}, error) {
 		// First, insert all of the new authorizations and record their IDs.
 		newAuthzIDs := make([]int64, 0)
-		if features.Get().InsertAuthzsIndividually {
+		if features.Get().WriteNewOrderSchema {
+			for _, authz := range req.NewAuthzs {
+				id, err := newRandomID(ssa.clk.Now())
+				if err != nil {
+					return nil, fmt.Errorf("generating authz ID: %w", err)
+				}
+
+				token, err := base64.RawURLEncoding.DecodeString(authz.Token)
+				if err != nil {
+					return nil, fmt.Errorf("decoding challenge token: %w", err)
+				}
+
+				var challenges uint8
+				for _, challType := range authz.ChallengeTypes {
+					challenges |= 1 << challTypeToUint[challType]
+				}
+
+				am := authorizationsModel{
+					ID:              id,
+					RegistrationID:  authz.RegistrationID,
+					IdentifierType:  identifierTypeToUint[authz.Identifier.Type],
+					IdentifierValue: authz.Identifier.Value,
+					Created:         ssa.clk.Now(),
+					Expires:         authz.Expires.AsTime(),
+					Profile:         req.NewOrder.CertificateProfileName,
+					Challenges:      challenges,
+					Token:           token,
+					Status:          statusToUint[core.StatusPending],
+					ValidationIDs:   nil, // Only set when validation is attempted
+				}
+
+				err = tx.Insert(ctx, am)
+				if err != nil {
+					return nil, fmt.Errorf("inserting authorizations row: %w", err)
+				}
+
+				newAuthzIDs = append(newAuthzIDs, id)
+			}
+		} else if features.Get().InsertAuthzsIndividually {
 			for _, authz := range req.NewAuthzs {
 				am, err := newAuthzReqToModel(authz)
 				if err != nil {
@@ -645,18 +684,45 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 			}
 		}
 
+		allAuthzIds := append(req.NewOrder.V2Authorizations, newAuthzIDs...)
+
 		// Second, insert the new order.
 		var orderID int64
 		var err error
 		created := ssa.clk.Now()
-		if features.Get().MultipleCertificateProfiles {
+		if features.Get().WriteNewOrderSchema {
+			id, err := newRandomID(ssa.clk.Now())
+			if err != nil {
+				return nil, fmt.Errorf("generating order ID: %w", err)
+			}
+
+			om := orders2Model{
+				ID:                id,
+				RegistrationID:    req.NewOrder.RegistrationID,
+				Created:           ssa.clk.Now(),
+				Expires:           req.NewOrder.Expires.AsTime(),
+				AuthorizationIDs:  allAuthzIds,
+				Profile:           req.NewOrder.CertificateProfileName,
+				BeganProcessing:   false, // Only set when finalization has begun
+				Error:             nil,   // Only set if finalization fails
+				CertificateSerial: "",    // Only set if finalization succeeds
+			}
+
+			err = tx.Insert(ctx, om)
+			if err != nil {
+				return nil, err
+			}
+		} else if features.Get().MultipleCertificateProfiles {
 			omv2 := orderModelv2{
 				RegistrationID:         req.NewOrder.RegistrationID,
 				Expires:                req.NewOrder.Expires.AsTime(),
 				Created:                created,
 				CertificateProfileName: &req.NewOrder.CertificateProfileName,
 			}
 			err = tx.Insert(ctx, &omv2)
+			if err != nil {
+				return nil, err
+			}
 			orderID = omv2.ID
 		} else {
 			omv1 := orderModelv1{
@@ -665,28 +731,29 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 				Created:        created,
 			}
 			err = tx.Insert(ctx, &omv1)
+			if err != nil {
+				return nil, err
+			}
 			orderID = omv1.ID
 		}
-		if err != nil {
-			return nil, err
-		}
 
-		// Third, insert all of the orderToAuthz relations.
-		// Have to combine the already-associated and newly-created authzs.
-		allAuthzIds := append(req.NewOrder.V2Authorizations, newAuthzIDs...)
-		inserter, err := db.NewMultiInserter("orderToAuthz2", []string{"orderID", "authzID"}, "")
-		if err != nil {
-			return nil, err
-		}
-		for _, id := range allAuthzIds {
-			err := inserter.Add([]interface{}{orderID, id})
+		if !features.Get().WriteNewOrderSchema {
+			// Third, insert all of the orderToAuthz relations.
+			// Have to combine the already-associated and newly-created authzs.
+			inserter, err := db.NewMultiInserter("orderToAuthz2", []string{"orderID", "authzID"}, "")
+			if err != nil {
+				return nil, err
+			}
+			for _, id := range allAuthzIds {
+				err := inserter.Add([]interface{}{orderID, id})
+				if err != nil {
+					return nil, err
+				}
+			}
+			_, err = inserter.Insert(ctx, tx)
 			if err != nil {
 				return nil, err
 			}
-		}
-		_, err = inserter.Insert(ctx, tx)
-		if err != nil {
-			return nil, err
 		}
 
 		// Fourth, insert the FQDNSet entry for the order.
@@ -705,7 +772,7 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 		}
 
 		// Get the partial Authorization objects for the order
-		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, allAuthzIds)
+		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, ssa.clk.Now(), allAuthzIds)
 		// If there was an error getting the authorizations, return it immediately
 		if err != nil {
 			return nil, err

sa/saro.go

@@ -549,7 +549,7 @@ func (ssa *SQLStorageAuthorityRO) GetOrder(ctx context.Context, req *sapb.OrderR
 		order.V2Authorizations = v2AuthzIDs
 
 		// Get the partial Authorization objects for the order
-		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, order.V2Authorizations)
+		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, ssa.clk.Now(), order.V2Authorizations)
 		// If there was an error getting the authorizations, return it immediately
 		if err != nil {
 			return nil, err