https-github-com-bit
diff --git a/‎ca/ca.go‎
Lines changed: 2 additions & 10 deletions b/‎ca/ca.go‎
Lines changed: 2 additions & 10 deletions
diff --git a/‎ca/ca_test.go‎
Lines changed: 13 additions & 9 deletions b/‎ca/ca_test.go‎
Lines changed: 13 additions & 9 deletions
diff --git a/‎ca/ocsp.go‎
Lines changed: 0 additions & 3 deletions b/‎ca/ocsp.go‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎cmd/admin-revoker/main.go‎
Lines changed: 2 additions & 2 deletions b/‎cmd/admin-revoker/main.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎cmd/admin-revoker/main_test.go‎
Lines changed: 5 additions & 4 deletions b/‎cmd/admin-revoker/main_test.go‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎cmd/boulder-ca/main.go‎
Lines changed: 2 additions & 3 deletions b/‎cmd/boulder-ca/main.go‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎cmd/boulder-ra/main.go‎
Lines changed: 5 additions & 5 deletions b/‎cmd/boulder-ra/main.go‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎cmd/boulder-sa/main.go‎
Lines changed: 1 addition & 2 deletions b/‎cmd/boulder-sa/main.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎cmd/boulder-wfe/main.go‎
Lines changed: 2 additions & 2 deletions b/‎cmd/boulder-wfe/main.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎cmd/boulder-wfe2/main.go‎
Lines changed: 2 additions & 3 deletions b/‎cmd/boulder-wfe2/main.go‎
Lines changed: 2 additions & 3 deletions
@@ -18,7 +18,6 @@ import (
 	"github.com/miekg/pkcs11"
 	"github.com/prometheus/client_golang/prometheus"
 	"golang.org/x/crypto/ocsp"
-	"google.golang.org/protobuf/types/known/emptypb"
 
 	capb "github.com/letsencrypt/boulder/ca/proto"
 	"github.com/letsencrypt/boulder/core"
@@ -41,13 +40,6 @@ const (
 	csrExtensionOther             = "other"
 )
 
-type certificateStorage interface {
-	AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*sapb.AddCertificateResponse, error)
-	GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
-	AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
-	AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error)
-}
-
 type certificateType string
 
 const (
@@ -69,7 +61,7 @@ type issuerMaps struct {
 type certificateAuthorityImpl struct {
 	capb.UnimplementedCertificateAuthorityServer
 	capb.UnimplementedOCSPGeneratorServer
-	sa      certificateStorage
+	sa      sapb.StorageAuthorityCertificateClient
 	pa      core.PolicyAuthority
 	ocsp    *ocspImpl
 	issuers issuerMaps
@@ -116,7 +108,7 @@ func makeIssuerMaps(issuers []*issuance.Issuer) (issuerMaps, error) {
 // from any number of issuance.Issuers according to their profiles, and can sign
 // OCSP (via delegation to an ocspImpl and its issuers).
 func NewCertificateAuthorityImpl(
-	sa certificateStorage,
+	sa sapb.StorageAuthorityCertificateClient,
 	pa core.PolicyAuthority,
 	ocsp *ocspImpl,
 	boulderIssuers []*issuance.Issuer,
 
@@ -24,6 +24,7 @@ import (
 	ctx509 "github.com/google/certificate-transparency-go/x509"
 	"github.com/jmhodges/clock"
 	"github.com/prometheus/client_golang/prometheus"
+	"google.golang.org/grpc"
 	"google.golang.org/protobuf/types/known/emptypb"
 
 	capb "github.com/letsencrypt/boulder/ca/proto"
@@ -150,23 +151,27 @@ type mockSA struct {
 	certificate core.Certificate
 }
 
-func (m *mockSA) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*sapb.AddCertificateResponse, error) {
+func (m *mockSA) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest, _ ...grpc.CallOption) (*sapb.AddCertificateResponse, error) {
 	m.certificate.DER = req.Der
 	return nil, nil
 }
 
-func (m *mockSA) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error) {
+func (m *mockSA) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
 	return &emptypb.Empty{}, nil
 }
 
-func (m *mockSA) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error) {
+func (m *mockSA) AddSerial(ctx context.Context, req *sapb.AddSerialRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
 	return &emptypb.Empty{}, nil
 }
 
-func (m *mockSA) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error) {
+func (m *mockSA) GetCertificate(ctx context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.Certificate, error) {
 	return nil, berrors.NotFoundError("cannot find the cert")
 }
 
+func (m *mockSA) GetPrecertificate(ctx context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.Certificate, error) {
+	return nil, berrors.NotFoundError("cannot find the precert")
+}
+
 var caKey crypto.Signer
 var caCert *issuance.Certificate
 var caCert2 *issuance.Certificate
@@ -257,7 +262,6 @@ func setup(t *testing.T) *testCtx {
 	}, []string{"type"})
 
 	ocsp, err := NewOCSPImpl(
-		&mockSA{},
 		boulderIssuers,
 		time.Hour,
 		0,
@@ -810,7 +814,7 @@ type dupeSA struct {
 	mockSA
 }
 
-func (m *dupeSA) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error) {
+func (m *dupeSA) GetCertificate(ctx context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.Certificate, error) {
 	return nil, nil
 }
 
@@ -819,7 +823,7 @@ type getCertErrorSA struct {
 	mockSA
 }
 
-func (m *getCertErrorSA) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error) {
+func (m *getCertErrorSA) GetCertificate(ctx context.Context, req *sapb.Serial, _ ...grpc.CallOption) (*corepb.Certificate, error) {
 	return nil, fmt.Errorf("i don't like it")
 }
 
@@ -912,7 +916,7 @@ type queueSA struct {
 	issuedPrecert time.Time
 }
 
-func (qsa *queueSA) AddCertificate(_ context.Context, req *sapb.AddCertificateRequest) (*sapb.AddCertificateResponse, error) {
+func (qsa *queueSA) AddCertificate(_ context.Context, req *sapb.AddCertificateRequest, _ ...grpc.CallOption) (*sapb.AddCertificateResponse, error) {
 	if qsa.fail {
 		return nil, errors.New("bad")
 	} else if qsa.duplicate {
@@ -922,7 +926,7 @@ func (qsa *queueSA) AddCertificate(_ context.Context, req *sapb.AddCertificateRe
 	return nil, nil
 }
 
-func (qsa *queueSA) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error) {
+func (qsa *queueSA) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest, _ ...grpc.CallOption) (*emptypb.Empty, error) {
 	if qsa.fail {
 		return nil, errors.New("bad")
 	} else if qsa.duplicate {
 
@@ -29,7 +29,6 @@ type ocspIssuerMaps struct {
 // ocspImpl provides a backing implementation for the OCSP gRPC service.
 type ocspImpl struct {
 	capb.UnimplementedOCSPGeneratorServer
-	sa             certificateStorage
 	issuers        ocspIssuerMaps
 	ocspLifetime   time.Duration
 	ocspLogQueue   *ocspLogQueue
@@ -54,7 +53,6 @@ func makeOCSPIssuerMaps(issuers []*issuance.Issuer) (ocspIssuerMaps, error) {
 }
 
 func NewOCSPImpl(
-	sa certificateStorage,
 	issuers []*issuance.Issuer,
 	ocspLifetime time.Duration,
 	ocspLogMaxLength int,
@@ -81,7 +79,6 @@ func NewOCSPImpl(
 	}
 
 	oi := &ocspImpl{
-		sa:             sa,
 		issuers:        issuerMaps,
 		ocspLifetime:   ocspLifetime,
 		ocspLogQueue:   ocspLogQueue,
 
@@ -60,7 +60,7 @@ type config struct {
 	Syslog cmd.SyslogConfig
 }
 
-func setupContext(c config) (rapb.RegistrationAuthorityClient, blog.Logger, *db.WrappedMap, core.StorageAuthority) {
+func setupContext(c config) (rapb.RegistrationAuthorityClient, blog.Logger, *db.WrappedMap, sapb.StorageAuthorityClient) {
 	logger := cmd.NewLogger(c.Syslog)
 
 	tlsConfig, err := c.Revoker.TLS.Load()
@@ -86,7 +86,7 @@ func setupContext(c config) (rapb.RegistrationAuthorityClient, blog.Logger, *db.
 
 	saConn, err := bgrpc.ClientSetup(c.Revoker.SAService, tlsConfig, clientMetrics, clk)
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
-	sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(saConn))
+	sac := sapb.NewStorageAuthorityClient(saConn)
 
 	return rac, logger, dbMap, sac
 }
 
@@ -25,7 +25,8 @@ import (
 	sapb "github.com/letsencrypt/boulder/sa/proto"
 	"github.com/letsencrypt/boulder/sa/satest"
 	"github.com/letsencrypt/boulder/test"
-	"github.com/letsencrypt/boulder/test/inmem"
+	ira "github.com/letsencrypt/boulder/test/inmem/ra"
+	isa "github.com/letsencrypt/boulder/test/inmem/sa"
 	"github.com/letsencrypt/boulder/test/vars"
 	"google.golang.org/grpc"
 	"google.golang.org/protobuf/types/known/emptypb"
@@ -59,7 +60,7 @@ func TestRevokeBatch(t *testing.T) {
 		t.Fatalf("Failed to create SA: %s", err)
 	}
 	defer test.ResetSATestDatabase(t)
-	reg := satest.CreateWorkingRegistration(t, ssa)
+	reg := satest.CreateWorkingRegistration(t, isa.SA{Impl: ssa})
 
 	issuer, err := issuance.LoadCertificate("../../test/hierarchy/int-r3.cert.pem")
 	test.AssertNotError(t, err, "Failed to load test issuer")
@@ -82,9 +83,9 @@ func TestRevokeBatch(t *testing.T) {
 		&mockPurger{},
 		[]*issuance.Certificate{issuer},
 	)
-	ra.SA = ssa
+	ra.SA = isa.SA{Impl: ssa}
 	ra.CA = &mockCA{}
-	rac := inmem.RA{Impl: ra}
+	rac := ira.RA{Impl: ra}
 
 	serialFile, err := ioutil.TempFile("", "serials")
 	test.AssertNotError(t, err, "failed to open temp file")
 
@@ -203,11 +203,11 @@ func main() {
 	cmd.FailOnError(err, "TLS config")
 
 	clk := cmd.Clock()
-
 	clientMetrics := bgrpc.NewClientMetrics(scope)
+
 	conn, err := bgrpc.ClientSetup(c.CA.SAService, tlsConfig, clientMetrics, clk)
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
-	sa := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn))
+	sa := sapb.NewStorageAuthorityClient(conn)
 
 	kp, err := goodkey.NewKeyPolicy(c.CA.WeakKeyFile, c.CA.BlockedKeyFile, sa.KeyBlocked)
 	cmd.FailOnError(err, "Unable to create key policy")
@@ -240,7 +240,6 @@ func main() {
 	var wg sync.WaitGroup
 
 	ocspi, err := ca.NewOCSPImpl(
-		sa,
 		boulderIssuers,
 		c.CA.LifespanOCSP.Duration,
 		c.CA.OCSPLogMaxLength,
 
@@ -152,8 +152,8 @@ func main() {
 	cmd.FailOnError(err, "TLS config")
 
 	clk := cmd.Clock()
-
 	clientMetrics := bgrpc.NewClientMetrics(scope)
+
 	vaConn, err := bgrpc.ClientSetup(c.RA.VAService, tlsConfig, clientMetrics, clk)
 	cmd.FailOnError(err, "Unable to create VA client")
 	vac := vapb.NewVAClient(vaConn)
@@ -163,6 +163,10 @@ func main() {
 	cmd.FailOnError(err, "Unable to create CA client")
 	cac := capb.NewCertificateAuthorityClient(caConn)
 
+	saConn, err := bgrpc.ClientSetup(c.RA.SAService, tlsConfig, clientMetrics, clk)
+	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
+	sac := sapb.NewStorageAuthorityClient(saConn)
+
 	var ctp *ctpolicy.CTPolicy
 	conn, err := bgrpc.ClientSetup(c.RA.PublisherService, tlsConfig, clientMetrics, clk)
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to Publisher")
@@ -205,10 +209,6 @@ func main() {
 	}
 	ctp = ctpolicy.New(pubc, c.RA.CTLogGroups2, c.RA.InformationalCTLogs, logger, scope)
 
-	saConn, err := bgrpc.ClientSetup(c.RA.SAService, tlsConfig, clientMetrics, clk)
-	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
-	sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(saConn))
-
 	// TODO(patf): remove once RA.authorizationLifetimeDays is deployed
 	authorizationLifetime := 300 * 24 * time.Hour
 	if c.RA.AuthorizationLifetimeDays != 0 {
 
@@ -115,8 +115,7 @@ func main() {
 	serverMetrics := bgrpc.NewServerMetrics(scope)
 	grpcSrv, listener, err := bgrpc.NewServer(c.SA.GRPC, tls, serverMetrics, clk, bgrpc.NoCancelInterceptor)
 	cmd.FailOnError(err, "Unable to setup SA gRPC server")
-	gw := bgrpc.NewStorageAuthorityServer(sai)
-	sapb.RegisterStorageAuthorityServer(grpcSrv, gw)
+	sapb.RegisterStorageAuthorityServer(grpcSrv, sai)
 	hs := health.NewServer()
 	healthpb.RegisterHealthServer(grpcSrv, hs)
 
 
@@ -80,7 +80,7 @@ type config struct {
 	}
 }
 
-func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clock.Clock) (rapb.RegistrationAuthorityClient, core.StorageAuthority, noncepb.NonceServiceClient, map[string]noncepb.NonceServiceClient) {
+func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clock.Clock) (rapb.RegistrationAuthorityClient, sapb.StorageAuthorityClient, noncepb.NonceServiceClient, map[string]noncepb.NonceServiceClient) {
 	tlsConfig, err := c.WFE.TLS.Load()
 	cmd.FailOnError(err, "TLS config")
 
@@ -91,7 +91,7 @@ func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clo
 
 	saConn, err := bgrpc.ClientSetup(c.WFE.SAService, tlsConfig, clientMetrics, clk, grpc.CancelTo408Interceptor)
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
-	sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(saConn))
+	sac := sapb.NewStorageAuthorityClient(saConn)
 
 	var rns noncepb.NonceServiceClient
 	npm := map[string]noncepb.NonceServiceClient{}
 
@@ -16,7 +16,6 @@ import (
 	"github.com/honeycombio/beeline-go"
 	"github.com/jmhodges/clock"
 	"github.com/letsencrypt/boulder/cmd"
-	"github.com/letsencrypt/boulder/core"
 	"github.com/letsencrypt/boulder/features"
 	"github.com/letsencrypt/boulder/goodkey"
 	"github.com/letsencrypt/boulder/grpc"
@@ -267,7 +266,7 @@ func loadChain(certFiles []string) (*issuance.Certificate, []byte, error) {
 	return certs[0], buf.Bytes(), nil
 }
 
-func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clock.Clock) (rapb.RegistrationAuthorityClient, core.StorageAuthority, noncepb.NonceServiceClient, map[string]noncepb.NonceServiceClient) {
+func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clock.Clock) (rapb.RegistrationAuthorityClient, sapb.StorageAuthorityClient, noncepb.NonceServiceClient, map[string]noncepb.NonceServiceClient) {
 	tlsConfig, err := c.WFE.TLS.Load()
 	cmd.FailOnError(err, "TLS config")
 	clientMetrics := bgrpc.NewClientMetrics(stats)
@@ -277,7 +276,7 @@ func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clo
 
 	saConn, err := bgrpc.ClientSetup(c.WFE.SAService, tlsConfig, clientMetrics, clk, grpc.CancelTo408Interceptor)
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
-	sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(saConn))
+	sac := sapb.NewStorageAuthorityClient(saConn)
 
 	var rns noncepb.NonceServiceClient
 	npm := map[string]noncepb.NonceServiceClient{}
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ type config struct {`
`60`	`60`	`Syslog cmd.SyslogConfig`
`61`	`61`	`}`
`62`	`62`
`63`		`-func setupContext(c config) (rapb.RegistrationAuthorityClient, blog.Logger, *db.WrappedMap, core.StorageAuthority) {`
	`63`	`+func setupContext(c config) (rapb.RegistrationAuthorityClient, blog.Logger, *db.WrappedMap, sapb.StorageAuthorityClient) {`
`64`	`64`	`logger := cmd.NewLogger(c.Syslog)`
`65`	`65`
`66`	`66`	`tlsConfig, err := c.Revoker.TLS.Load()`
`@@ -86,7 +86,7 @@ func setupContext(c config) (rapb.RegistrationAuthorityClient, blog.Logger, *db.`
`86`	`86`
`87`	`87`	`saConn, err := bgrpc.ClientSetup(c.Revoker.SAService, tlsConfig, clientMetrics, clk)`
`88`	`88`	`cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")`
`89`		`- sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(saConn))`
	`89`	`+ sac := sapb.NewStorageAuthorityClient(saConn)`
`90`	`90`
`91`	`91`	`return rac, logger, dbMap, sac`
`92`	`92`	`}`
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ type config struct {`
`80`	`80`	`}`
`81`	`81`	`}`
`82`	`82`
`83`		`-func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clock.Clock) (rapb.RegistrationAuthorityClient, core.StorageAuthority, noncepb.NonceServiceClient, map[string]noncepb.NonceServiceClient) {`
	`83`	`+func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clock.Clock) (rapb.RegistrationAuthorityClient, sapb.StorageAuthorityClient, noncepb.NonceServiceClient, map[string]noncepb.NonceServiceClient) {`
`84`	`84`	`tlsConfig, err := c.WFE.TLS.Load()`
`85`	`85`	`cmd.FailOnError(err, "TLS config")`
`86`	`86`
`@@ -91,7 +91,7 @@ func setupWFE(c config, logger blog.Logger, stats prometheus.Registerer, clk clo`
`91`	`91`
`92`	`92`	`saConn, err := bgrpc.ClientSetup(c.WFE.SAService, tlsConfig, clientMetrics, clk, grpc.CancelTo408Interceptor)`
`93`	`93`	`cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")`
`94`		`- sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(saConn))`
	`94`	`+ sac := sapb.NewStorageAuthorityClient(saConn)`
`95`	`95`
`96`	`96`	`var rns noncepb.NonceServiceClient`
`97`	`97`	`npm := map[string]noncepb.NonceServiceClient{}`