Remove dead code (#8506)

This started with noticing the semaphore package (forked for use in
OCSP) was dead.

That followed by using the golang `deadcode` tool and Goland's various
"Unused ..." inspection tools to find other dead code.

Nothing in here looks like it would be used externally to Boulder, as
far as I can tell.

Author: mcpherrinm

core/challenges.go

@@ -1,7 +1,5 @@
 package core
 
-import "fmt"
-
 func newChallenge(challengeType AcmeChallenge, token string) Challenge {
 	return Challenge{
 		Type:   challengeType,
@@ -29,20 +27,3 @@ func TLSALPNChallenge01(token string) Challenge {
 func DNSAccountChallenge01(token string) Challenge {
 	return newChallenge(ChallengeTypeDNSAccount01, token)
 }
-
-// NewChallenge constructs a challenge of the given kind. It returns an
-// error if the challenge type is unrecognized.
-func NewChallenge(kind AcmeChallenge, token string) (Challenge, error) {
-	switch kind {
-	case ChallengeTypeHTTP01:
-		return HTTPChallenge01(token), nil
-	case ChallengeTypeDNS01:
-		return DNSChallenge01(token), nil
-	case ChallengeTypeTLSALPN01:
-		return TLSALPNChallenge01(token), nil
-	case ChallengeTypeDNSAccount01:
-		return DNSAccountChallenge01(token), nil
-	default:
-		return Challenge{}, fmt.Errorf("unrecognized challenge type %q", kind)
-	}
-}

core/objects.go

@@ -33,21 +33,6 @@ const (
 	StatusDeactivated = AcmeStatus("deactivated") // Object has been deactivated
 )
 
-// AcmeResource values identify different types of ACME resources
-type AcmeResource string
-
-// The types of ACME resources
-const (
-	ResourceNewReg       = AcmeResource("new-reg")
-	ResourceNewAuthz     = AcmeResource("new-authz")
-	ResourceNewCert      = AcmeResource("new-cert")
-	ResourceRevokeCert   = AcmeResource("revoke-cert")
-	ResourceRegistration = AcmeResource("reg")
-	ResourceChallenge    = AcmeResource("challenge")
-	ResourceAuthz        = AcmeResource("authz")
-	ResourceKeyChange    = AcmeResource("key-change")
-)
-
 // AcmeChallenge values identify different types of ACME challenges
 type AcmeChallenge string
 

go.mod

@@ -38,7 +38,6 @@ require (
 	go.opentelemetry.io/otel/trace v1.38.0
 	golang.org/x/crypto v0.44.0
 	golang.org/x/net v0.47.0
-	golang.org/x/sync v0.18.0
 	golang.org/x/term v0.37.0
 	golang.org/x/text v0.31.0
 	golang.org/x/time v0.11.0
@@ -86,6 +85,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.38.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.7.1 // indirect
 	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/sync v0.18.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/tools v0.38.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect

grpc/internal/resolver/dns/dns_resolver_test.go

@@ -48,7 +48,6 @@ func TestMain(m *testing.M) {
 }
 
 const (
-	txtBytesLimit           = 255
 	defaultTestTimeout      = 10 * time.Second
 	defaultTestShortTimeout = 10 * time.Millisecond
 )

log/mock.go

@@ -5,7 +5,6 @@ import (
 	"log/syslog"
 	"regexp"
 	"strings"
-	"time"
 )
 
 // UseMock sets a mock logger as the default logger, and returns it.
@@ -20,13 +19,6 @@ func NewMock() *Mock {
 	return &Mock{impl{newMockWriter()}}
 }
 
-// NewWaitingMock creates a mock logger implementing the writer interface.
-// It stores all logged messages in a buffer for inspection by test
-// functions.
-func NewWaitingMock() *WaitingMock {
-	return &WaitingMock{impl{newWaitingMockWriter()}}
-}
-
 // Mock is a logger that stores all log messages in memory to be examined by a
 // test.
 type Mock struct {
@@ -130,39 +122,3 @@ func (m *Mock) Clear() {
 	w := m.w.(*mockWriter)
 	w.clearChan <- struct{}{}
 }
-
-type waitingMockWriter struct {
-	logChan chan string
-}
-
-// newWaitingMockWriter returns a new waitingMockWriter
-func newWaitingMockWriter() *waitingMockWriter {
-	logChan := make(chan string, 1000)
-	return &waitingMockWriter{
-		logChan,
-	}
-}
-
-func (m *waitingMockWriter) logAtLevel(p syslog.Priority, msg string, a ...any) {
-	m.logChan <- fmt.Sprintf("%s: %s", levelName[p&7], fmt.Sprintf(msg, a...))
-}
-
-// WaitForMatch returns the first log line matching a regex. It accepts a
-// regexp string and timeout. If the timeout value is met before the
-// matching pattern is read from the channel, an error is returned.
-func (m *WaitingMock) WaitForMatch(reString string, timeout time.Duration) (string, error) {
-	w := m.w.(*waitingMockWriter)
-	deadline := time.After(timeout)
-	re := regexp.MustCompile(reString)
-	for {
-		select {
-		case logLine := <-w.logChan:
-			if re.MatchString(logLine) {
-				close(w.logChan)
-				return logLine, nil
-			}
-		case <-deadline:
-			return "", fmt.Errorf("timeout waiting for match: %q", reString)
-		}
-	}
-}

mocks/sa.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"crypto/x509"
 	"errors"
-	"math/rand/v2"
 	"os"
 	"time"
 
@@ -34,17 +33,6 @@ func NewStorageAuthorityReadOnly(clk clock.Clock) *StorageAuthorityReadOnly {
 	return &StorageAuthorityReadOnly{clk}
 }
 
-// StorageAuthority is a mock of sapb.StorageAuthorityClient
-type StorageAuthority struct {
-	StorageAuthorityReadOnly
-}
-
-// NewStorageAuthority creates a new mock storage authority
-// with the given clock.
-func NewStorageAuthority(clk clock.Clock) *StorageAuthority {
-	return &StorageAuthority{StorageAuthorityReadOnly{clk}}
-}
-
 const (
 	test1KeyPublicJSON  = `{"kty":"RSA","n":"yNWVhtYEKJR21y9xsHV-PD_bYwbXSeNuFal46xYxVfRL5mqha7vttvjB_vc7Xg2RvgCxHPCqoxgMPTzHrZT75LjCwIW2K_klBYN8oYvTwwmeSkAz6ut7ZxPv-nZaT5TJhGk0NT2kh_zSpdriEJ_3vW-mqxYbbBmpvHqsa1_zx9fSuHYctAZJWzxzUZXykbWMWQZpEiE0J4ajj51fInEzVn7VxV-mzfMyboQjujPh7aNJxAWSq4oQEJJDgWwSh9leyoJoPpONHxh5nEE5AjE01FkGICSxjpZsF-w8hOTI3XXohUdu29Se26k2B0PolDSuj0GIQU6-W9TdLXSjBb2SpQ","e":"AQAB"}`
 	test2KeyPublicJSON  = `{"kty":"RSA","n":"qnARLrT7Xz4gRcKyLdydmCr-ey9OuPImX4X40thk3on26FkMznR3fRjs66eLK7mmPcBZ6uOJseURU6wAaZNmemoYx1dMvqvWWIyiQleHSD7Q8vBrhR6uIoO4jAzJZR-ChzZuSDt7iHN-3xUVspu5XGwXU_MVJZshTwp4TaFx5elHIT_ObnTvTOU3Xhish07AbgZKmWsVbXh5s-CrIicU4OexJPgunWZ_YJJueOKmTvnLlTV4MzKR2oZlBKZ27S0-SfdV_QDx_ydle5oMAyKVtlAV35cyPMIsYNwgUGBCdY_2Uzi5eX0lTc7MPRwz6qR1kip-i59VcGcUQgqHV6Fyqw","e":"AQAB"}`
@@ -221,51 +209,21 @@ func (sa *StorageAuthorityReadOnly) SerialsForIncident(ctx context.Context, _ *s
 	return &ServerStreamClient[sapb.IncidentSerial]{}, nil
 }
 
-// SerialsForIncident is a mock
-func (sa *StorageAuthority) SerialsForIncident(ctx context.Context, _ *sapb.SerialsForIncidentRequest, _ ...grpc.CallOption) (sapb.StorageAuthority_SerialsForIncidentClient, error) {
-	return &ServerStreamClient[sapb.IncidentSerial]{}, nil
-}
-
 // CheckIdentifiersPaused is a mock
 func (sa *StorageAuthorityReadOnly) CheckIdentifiersPaused(_ context.Context, _ *sapb.PauseRequest, _ ...grpc.CallOption) (*sapb.Identifiers, error) {
 	return nil, nil
 }
 
-// CheckIdentifiersPaused is a mock
-func (sa *StorageAuthority) CheckIdentifiersPaused(_ context.Context, _ *sapb.PauseRequest, _ ...grpc.CallOption) (*sapb.Identifiers, error) {
-	return nil, nil
-}
-
 // GetPausedIdentifiers is a mock
 func (sa *StorageAuthorityReadOnly) GetPausedIdentifiers(_ context.Context, _ *sapb.RegistrationID, _ ...grpc.CallOption) (*sapb.Identifiers, error) {
 	return nil, nil
 }
 
-// GetPausedIdentifiers is a mock
-func (sa *StorageAuthority) GetPausedIdentifiers(_ context.Context, _ *sapb.RegistrationID, _ ...grpc.CallOption) (*sapb.Identifiers, error) {
-	return nil, nil
-}
-
 // GetRevokedCertsByShard is a mock
 func (sa *StorageAuthorityReadOnly) GetRevokedCertsByShard(ctx context.Context, _ *sapb.GetRevokedCertsByShardRequest, _ ...grpc.CallOption) (grpc.ServerStreamingClient[corepb.CRLEntry], error) {
 	return &ServerStreamClient[corepb.CRLEntry]{}, nil
 }
 
-// AddRateLimitOverride is a mock
-func (sa *StorageAuthority) AddRateLimitOverride(_ context.Context, req *sapb.AddRateLimitOverrideRequest, _ ...grpc.CallOption) (*sapb.AddRateLimitOverrideResponse, error) {
-	return nil, nil
-}
-
-// DisableRateLimitOverride is a mock
-func (sa *StorageAuthority) DisableRateLimitOverride(ctx context.Context, req *sapb.DisableRateLimitOverrideRequest) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
-// EnableRateLimitOverride is a mock
-func (sa *StorageAuthority) EnableRateLimitOverride(ctx context.Context, req *sapb.EnableRateLimitOverrideRequest) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
 // GetRateLimitOverride is a mock
 func (sa *StorageAuthorityReadOnly) GetRateLimitOverride(_ context.Context, req *sapb.GetRateLimitOverrideRequest, _ ...grpc.CallOption) (*sapb.RateLimitOverrideResponse, error) {
 	return nil, nil
@@ -276,31 +234,6 @@ func (sa *StorageAuthorityReadOnly) GetEnabledRateLimitOverrides(_ context.Conte
 	return nil, nil
 }
 
-// AddPrecertificate is a mock
-func (sa *StorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
-// AddSerial is a mock
-func (sa *StorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
-// AddCertificate is a mock
-func (sa *StorageAuthority) AddCertificate(_ context.Context, _ *sapb.AddCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
-// NewRegistration is a mock
-func (sa *StorageAuthority) NewRegistration(_ context.Context, _ *corepb.Registration, _ ...grpc.CallOption) (*corepb.Registration, error) {
-	return &corepb.Registration{}, nil
-}
-
-// UpdateRegistration is a mock
-func (sa *StorageAuthority) UpdateRegistration(_ context.Context, _ *corepb.Registration, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return &emptypb.Empty{}, nil
-}
-
 // FQDNSetTimestampsForWindow is a mock
 func (sa *StorageAuthorityReadOnly) FQDNSetTimestampsForWindow(_ context.Context, _ *sapb.CountFQDNSetsRequest, _ ...grpc.CallOption) (*sapb.Timestamps, error) {
 	return &sapb.Timestamps{}, nil
@@ -311,45 +244,6 @@ func (sa *StorageAuthorityReadOnly) FQDNSetExists(_ context.Context, _ *sapb.FQD
 	return &sapb.Exists{Exists: false}, nil
 }
 
-// DeactivateRegistration is a mock
-func (sa *StorageAuthority) DeactivateRegistration(_ context.Context, _ *sapb.RegistrationID, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return &emptypb.Empty{}, nil
-}
-
-// NewOrderAndAuthzs is a mock
-func (sa *StorageAuthority) NewOrderAndAuthzs(_ context.Context, req *sapb.NewOrderAndAuthzsRequest, _ ...grpc.CallOption) (*corepb.Order, error) {
-	response := &corepb.Order{
-		// Fields from the input new order request.
-		RegistrationID:   req.NewOrder.RegistrationID,
-		Expires:          req.NewOrder.Expires,
-		Identifiers:      req.NewOrder.Identifiers,
-		V2Authorizations: req.NewOrder.V2Authorizations,
-		// Mock new fields generated by the database transaction.
-		Id:      rand.Int64(),
-		Created: timestamppb.Now(),
-		// A new order is never processing because it can't have been finalized yet.
-		BeganProcessing:        false,
-		Status:                 string(core.StatusPending),
-		CertificateProfileName: req.NewOrder.CertificateProfileName,
-	}
-	return response, nil
-}
-
-// SetOrderProcessing is a mock
-func (sa *StorageAuthority) SetOrderProcessing(_ context.Context, req *sapb.OrderRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return &emptypb.Empty{}, nil
-}
-
-// SetOrderError is a mock
-func (sa *StorageAuthority) SetOrderError(_ context.Context, req *sapb.SetOrderErrorRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return &emptypb.Empty{}, nil
-}
-
-// FinalizeOrder is a mock
-func (sa *StorageAuthority) FinalizeOrder(_ context.Context, req *sapb.FinalizeOrderRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return &emptypb.Empty{}, nil
-}
-
 // GetOrder is a mock
 func (sa *StorageAuthorityReadOnly) GetOrder(_ context.Context, req *sapb.OrderRequest, _ ...grpc.CallOption) (*corepb.Order, error) {
 	if req.Id == 2 {
@@ -416,14 +310,6 @@ func (sa *StorageAuthorityReadOnly) GetOrderForNames(_ context.Context, _ *sapb.
 	return nil, nil
 }
 
-func (sa *StorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return &emptypb.Empty{}, nil
-}
-
-func (sa *StorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
 func (sa *StorageAuthorityReadOnly) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID, _ ...grpc.CallOption) (*sapb.Count, error) {
 	return &sapb.Count{}, nil
 }
@@ -476,36 +362,11 @@ func (sa *StorageAuthorityReadOnly) GetSerialsByKey(ctx context.Context, _ *sapb
 	return &ServerStreamClient[sapb.Serial]{}, nil
 }
 
-// GetSerialsByKey is a mock
-func (sa *StorageAuthority) GetSerialsByKey(ctx context.Context, _ *sapb.SPKIHash, _ ...grpc.CallOption) (sapb.StorageAuthority_GetSerialsByKeyClient, error) {
-	return &ServerStreamClient[sapb.Serial]{}, nil
-}
-
 // GetSerialsByAccount is a mock
 func (sa *StorageAuthorityReadOnly) GetSerialsByAccount(ctx context.Context, _ *sapb.RegistrationID, _ ...grpc.CallOption) (sapb.StorageAuthorityReadOnly_GetSerialsByAccountClient, error) {
 	return &ServerStreamClient[sapb.Serial]{}, nil
 }
 
-// GetSerialsByAccount is a mock
-func (sa *StorageAuthority) GetSerialsByAccount(ctx context.Context, _ *sapb.RegistrationID, _ ...grpc.CallOption) (sapb.StorageAuthority_GetSerialsByAccountClient, error) {
-	return &ServerStreamClient[sapb.Serial]{}, nil
-}
-
-// RevokeCertificate is a mock
-func (sa *StorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
-// UpdateRevokedCertificate is a mock
-func (sa *StorageAuthority) UpdateRevokedCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return nil, nil
-}
-
-// AddBlockedKey is a mock
-func (sa *StorageAuthority) AddBlockedKey(ctx context.Context, req *sapb.AddBlockedKeyRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return &emptypb.Empty{}, nil
-}
-
 // KeyBlocked is a mock
 func (sa *StorageAuthorityReadOnly) KeyBlocked(ctx context.Context, req *sapb.SPKIHash, _ ...grpc.CallOption) (*sapb.Exists, error) {
 	return &sapb.Exists{Exists: false}, nil
@@ -516,16 +377,6 @@ func (sa *StorageAuthorityReadOnly) IncidentsForSerial(ctx context.Context, req
 	return &sapb.Incidents{}, nil
 }
 
-// LeaseCRLShard is a mock.
-func (sa *StorageAuthority) LeaseCRLShard(ctx context.Context, req *sapb.LeaseCRLShardRequest, _ ...grpc.CallOption) (*sapb.LeaseCRLShardResponse, error) {
-	return nil, errors.New("unimplemented")
-}
-
-// UpdateCRLShard is a mock.
-func (sa *StorageAuthority) UpdateCRLShard(ctx context.Context, req *sapb.UpdateCRLShardRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
-	return nil, errors.New("unimplemented")
-}
-
 // ReplacementOrderExists is a mock.
 func (sa *StorageAuthorityReadOnly) ReplacementOrderExists(ctx context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*sapb.Exists, error) {
 	return nil, nil

probs/probs.go

@@ -312,19 +312,6 @@ func UnsupportedIdentifier(detail string, a ...any) *ProblemDetails {
 // Additional helper functions that return variations on MalformedProblem with
 // different HTTP status codes set.
 
-// Canceled returns a ProblemDetails with a MalformedProblem and a 408 Request
-// Timeout status code.
-func Canceled(detail string, a ...any) *ProblemDetails {
-	if len(a) > 0 {
-		detail = fmt.Sprintf(detail, a...)
-	}
-	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     detail,
-		HTTPStatus: http.StatusRequestTimeout,
-	}
-}
-
 // Conflict returns a ProblemDetails with a ConflictProblem and a 409 Conflict
 // status code.
 func Conflict(detail string) *ProblemDetails {