SA: Create list of authzIDs earlier in NewOrderAndAuthzs (#7744)

Creating the list of authzIDs earlier in NewOrderAndAuthzs:
- Saves a `for` loop with duplicated code; we no longer need to range
over two different slices, just one.
- Allows us to create the Order PB later, after more of the data
collection logic, without interrupting it. This makes the order of
operations slightly easier to follow.

Author: jprenken

sa/sa.go

@@ -549,17 +549,13 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 		}
 
 		// Third, insert all of the orderToAuthz relations.
+		// Have to combine the already-associated and newly-created authzs.
+		allAuthzIds := append(req.NewOrder.V2Authorizations, newAuthzIDs...)
 		inserter, err := db.NewMultiInserter("orderToAuthz2", []string{"orderID", "authzID"}, "")
 		if err != nil {
 			return nil, err
 		}
-		for _, id := range req.NewOrder.V2Authorizations {
-			err := inserter.Add([]interface{}{orderID, id})
-			if err != nil {
-				return nil, err
-			}
-		}
-		for _, id := range newAuthzIDs {
+		for _, id := range allAuthzIds {
 			err := inserter.Add([]interface{}{orderID, id})
 			if err != nil {
 				return nil, err
@@ -576,6 +572,22 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 			return nil, err
 		}
 
+		if req.NewOrder.ReplacesSerial != "" {
+			// Update the replacementOrders table to indicate that this order
+			// replaces the provided certificate serial.
+			err := addReplacementOrder(ctx, tx, req.NewOrder.ReplacesSerial, orderID, req.NewOrder.Expires.AsTime())
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Get the partial Authorization objects for the order
+		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, allAuthzIds)
+		// If there was an error getting the authorizations, return it immediately
+		if err != nil {
+			return nil, err
+		}
+
 		// Finally, build the overall Order PB.
 		res := &corepb.Order{
 			// ID and Created were auto-populated on the order model when it was inserted.
@@ -585,8 +597,8 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 			RegistrationID: req.NewOrder.RegistrationID,
 			Expires:        req.NewOrder.Expires,
 			DnsNames:       req.NewOrder.DnsNames,
-			// Have to combine the already-associated and newly-reacted authzs.
-			V2Authorizations: append(req.NewOrder.V2Authorizations, newAuthzIDs...),
+			// This includes both reused and newly created authz IDs.
+			V2Authorizations: allAuthzIds,
 			// A new order is never processing because it can't be finalized yet.
 			BeganProcessing: false,
 			// An empty string is allowed. When the RA retrieves the order and
@@ -595,22 +607,6 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 			CertificateProfileName: req.NewOrder.CertificateProfileName,
 		}
 
-		if req.NewOrder.ReplacesSerial != "" {
-			// Update the replacementOrders table to indicate that this order
-			// replaces the provided certificate serial.
-			err := addReplacementOrder(ctx, tx, req.NewOrder.ReplacesSerial, orderID, req.NewOrder.Expires.AsTime())
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		// Get the partial Authorization objects for the order
-		authzValidityInfo, err := getAuthorizationStatuses(ctx, tx, res.V2Authorizations)
-		// If there was an error getting the authorizations, return it immediately
-		if err != nil {
-			return nil, err
-		}
-
 		// Calculate the order status before returning it. Since it may have reused
 		// all valid authorizations the order may be "born" in a ready status.
 		status, err := statusForOrder(res, authzValidityInfo, ssa.clk.Now())