Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set random percentages through admin wfe at runtime #313

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Set random percentages through admin wfe at runtime #313

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
80fea36
Set random percentages through admin wfe at runtime
mbaynton Jun 5, 2020
f740080
Eliminate potential data race
mbaynton May 3, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,21 @@ The endpoint returns the information as a JSON object:
"Status": "Revoked"
}

#### Updates to configuration at runtime

A couple of Pebble's configurables can be modified after Pebble has started by sending
a `PATCH` request to `https://localhost:15000/runtimeConfig` whose request body is a
json object with one or more of the following properties:

| Property | Type | Analogous Env Variable |
|-------------------|----------------|-------------------------
| AuthzReusePercent | integer, 0-100 | PEBBLE_AUTHZREUSE |
| NonceErrPercent | integer, 0-100 | PEBBLE_WFE_NONCEREJECT |

The endpoint returns HTTP 202 Accepted if the request was successful.

Changing these percentages can simplify creating test suites where certain tests exercise
authorization reuse or nonce error handling.

### OCSP Responder URL

Expand Down
39 changes: 39 additions & 0 deletions wfe/wfe.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"encoding/pem"
"errors"
"fmt"
"io"
"io/ioutil"
"log"
"math/big"
Expand Down Expand Up @@ -61,6 +62,7 @@ const (
intermediateCertPath = "/intermediates/"
intermediateKeyPath = "/intermediate-keys/"
certStatusBySerial = "/cert-status-by-serial/"
runtimeConfig = "/runtimeConfig"

// How long do pending authorizations last before expiring?
pendingAuthzExpire = time.Hour
Expand Down Expand Up @@ -484,6 +486,42 @@ func (wfe *WebFrontEndImpl) handleCertStatusBySerial(
}
}

func (wfe *WebFrontEndImpl) updateRuntimeConfig(
ctx context.Context,
response http.ResponseWriter,
request *http.Request) {

type requestSchema struct {
AuthzReusePercent *uint8 `json:",omitempty"`
NonceErrPercent *uint8 `json:",omitempty"`
}

if request.Body == nil {
response.WriteHeader(http.StatusBadRequest)
return
}
defer request.Body.Close()

var maxBodyBytes int64 = 2048
d := json.NewDecoder(io.LimitReader(request.Body, maxBodyBytes))
requestObj := &requestSchema{}
err := d.Decode(requestObj)
if err != nil {
response.WriteHeader(http.StatusBadRequest)
_, _ = response.Write([]byte(err.Error()))
return
}

if requestObj.AuthzReusePercent != nil {
wfe.authzReusePercent = int(*requestObj.AuthzReusePercent)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although hard to trigger, these create data races:

==================
WARNING: DATA RACE
Read at 0x00c0001161f8 by goroutine 66:
  github.com/letsencrypt/pebble/wfe.(*WebFrontEndImpl).verifyJWS()
      /tank/tank/src/pebble/wfe/wfe.go:934 +0xd85
  github.com/letsencrypt/pebble/wfe.(*WebFrontEndImpl).verifyPOST()
      /tank/tank/src/pebble/wfe/wfe.go:876 +0x395
  github.com/letsencrypt/pebble/wfe.(*WebFrontEndImpl).Authz()
      /tank/tank/src/pebble/wfe/wfe.go:2040 +0x91
  github.com/letsencrypt/pebble/wfe.(*WebFrontEndImpl).Authz-fm()
      /tank/tank/src/pebble/wfe/wfe.go:2033 +0x84
  github.com/letsencrypt/pebble/wfe.(*WebFrontEndImpl).HandleFunc.func1()
      /tank/tank/src/pebble/wfe/wfe.go:283 +0x9b8
  github.com/letsencrypt/pebble/wfe.wfeHandlerFunc.ServeHTTP()
      /tank/tank/src/pebble/wfe/wfe.go:134 +0x83
  github.com/letsencrypt/pebble/wfe.(*topHandler).ServeHTTP()
      /tank/tank/src/pebble/wfe/wfe.go:146 +0x6e
  net/http.StripPrefix.func1()
      /usr/local/go/1.16.0/src/net/http/server.go:2112 +0x535
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/1.16.0/src/net/http/server.go:2069 +0x51
  net/http.(*ServeMux).ServeHTTP()
      /usr/local/go/1.16.0/src/net/http/server.go:2448 +0xaf
  net/http.serverHandler.ServeHTTP()
      /usr/local/go/1.16.0/src/net/http/server.go:2887 +0xca
  net/http.(*conn).serve()
      /usr/local/go/1.16.0/src/net/http/server.go:1952 +0x87d

Previous write at 0x00c0001161f8 by goroutine 76:
  github.com/letsencrypt/pebble/wfe.(*WebFrontEndImpl).updateRuntimeConfig()
      /tank/tank/src/pebble/wfe/wfe.go:519 +0x3a4
  github.com/letsencrypt/pebble/wfe.(*WebFrontEndImpl).updateRuntimeConfig-fm()
      /tank/tank/src/pebble/wfe/wfe.go:489 +0x84
  github.com/letsencrypt/pebble/wfe.wfeHandlerFunc.ServeHTTP()
      /tank/tank/src/pebble/wfe/wfe.go:134 +0x83
  net/http.StripPrefix.func1()
      /usr/local/go/1.16.0/src/net/http/server.go:2112 +0x535
  net/http.HandlerFunc.ServeHTTP()
      /usr/local/go/1.16.0/src/net/http/server.go:2069 +0x51
  net/http.(*ServeMux).ServeHTTP()
      /usr/local/go/1.16.0/src/net/http/server.go:2448 +0xaf
  net/http.serverHandler.ServeHTTP()
      /usr/local/go/1.16.0/src/net/http/server.go:2887 +0xca
  net/http.(*conn).serve()
      /usr/local/go/1.16.0/src/net/http/server.go:1952 +0x87d

Goroutine 66 (running) created at:
  net/http.(*Server).Serve()
      /usr/local/go/1.16.0/src/net/http/server.go:3013 +0x644
  net/http.(*Server).ServeTLS()
      /usr/local/go/1.16.0/src/net/http/server.go:3053 +0x433
  net/http.(*Server).ListenAndServeTLS()
      /usr/local/go/1.16.0/src/net/http/server.go:3208 +0x192
  net/http.ListenAndServeTLS()
      /usr/local/go/1.16.0/src/net/http/server.go:3174 +0x126e
  main.main()
      /tank/tank/src/pebble/cmd/pebble/main.go:101 +0x126f

Goroutine 76 (finished) created at:
  net/http.(*Server).Serve()
      /usr/local/go/1.16.0/src/net/http/server.go:3013 +0x644
  net/http.(*Server).ServeTLS()
      /usr/local/go/1.16.0/src/net/http/server.go:3053 +0x433
  net/http.(*Server).ListenAndServeTLS()
      /usr/local/go/1.16.0/src/net/http/server.go:3208 +0x192
  net/http.ListenAndServeTLS()
      /usr/local/go/1.16.0/src/net/http/server.go:3174 +0x1e4
  main.main.func1()
      /tank/tank/src/pebble/cmd/pebble/main.go:80 +0x1e5
==================

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@squizzling thanks for the review, and props for triggering the race detector especially sans applicable tests. I think my shields were probably lowered in this respect because I anticipated use cases where adjustment of the percentages was de-facto sequential before usage of Pebble that would generate reads, but just eliminating the possibility is definitely better.

The data was conveniently of a type that can be accessed using processor-level atomics, and since there was not any traditional locking already going on in wfe I just fixed it that way.

}
if requestObj.NonceErrPercent != nil {
wfe.nonceErrPercent = int(*requestObj.NonceErrPercent)
}

response.WriteHeader(http.StatusAccepted)
}

func (wfe *WebFrontEndImpl) Handler() http.Handler {
m := http.NewServeMux()
// GET & POST handlers
Expand Down Expand Up @@ -517,6 +555,7 @@ func (wfe *WebFrontEndImpl) ManagementHandler() http.Handler {
wfe.HandleManagementFunc(m, intermediateCertPath, wfe.handleCert(wfe.ca.GetIntermediateCert, intermediateCertPath))
wfe.HandleManagementFunc(m, intermediateKeyPath, wfe.handleKey(wfe.ca.GetIntermediateKey, intermediateKeyPath))
wfe.HandleManagementFunc(m, certStatusBySerial, wfe.handleCertStatusBySerial)
wfe.HandleManagementFunc(m, runtimeConfig, wfe.updateRuntimeConfig)
return m
}

Expand Down