diff --git a/go/lib/infra/modules/trust/v2/export_test.go b/go/lib/infra/modules/trust/v2/export_test.go index 98bdde5e24..832afe993a 100644 --- a/go/lib/infra/modules/trust/v2/export_test.go +++ b/go/lib/infra/modules/trust/v2/export_test.go @@ -57,15 +57,14 @@ var ( ) // newTestCryptoProvider returns a new crypto provider for testing. -func newTestCryptoProvider(db DBRead, recurser Recurser, resolver Resolver, router Router, - alwaysCacheOnly bool) CryptoProvider { +func newTestCryptoProvider(db DBRead, recurser Recurser, resolver Resolver, + router Router) CryptoProvider { return &cryptoProvider{ - db: db, - recurser: recurser, - resolver: resolver, - router: router, - alwaysCacheOnly: alwaysCacheOnly, + db: db, + recurser: recurser, + resolver: resolver, + router: router, } } diff --git a/go/lib/infra/modules/trust/v2/handlers.go b/go/lib/infra/modules/trust/v2/handlers.go index 2605889d4b..c091c58ffd 100644 --- a/go/lib/infra/modules/trust/v2/handlers.go +++ b/go/lib/infra/modules/trust/v2/handlers.go @@ -66,16 +66,9 @@ func (h *chainReqHandler) Handle() *infra.HandlerResult { return infra.MetricsErrInternal } sendAck := messenger.SendAckHelper(ctx, rw) - opts := infra.ChainOpts{ - TrustStoreOpts: infra.TrustStoreOpts{ - LocalOnly: chainReq.CacheOnly, - }, - AllowInactiveTRC: true, - } raw, err := h.provider.GetRawChain(ctx, chainReq.IA(), chainReq.Version, - opts, h.request.Peer) + infra.ChainOpts{AllowInactiveTRC: true}, h.request.Peer) if err != nil { - // FIXME(roosd): We should send a negative response. logger.Error("[TrustStore:chainReqHandler] Unable to retrieve chain", "err", err) sendAck(proto.Ack_ErrCode_reject, AckNotFound) return infra.MetricsErrTrustStore(err) @@ -121,14 +114,8 @@ func (h *trcReqHandler) Handle() *infra.HandlerResult { return infra.MetricsErrInternal } sendAck := messenger.SendAckHelper(ctx, rw) - opts := infra.TRCOpts{ - TrustStoreOpts: infra.TrustStoreOpts{ - LocalOnly: trcReq.CacheOnly, - }, - AllowInactive: true, - } raw, err := h.provider.GetRawTRC(ctx, trcReq.ISD, trcReq.Version, - opts, h.request.Peer) + infra.TRCOpts{AllowInactive: true}, h.request.Peer) if err != nil { logger.Error("[TrustStore:trcReqHandler] Unable to retrieve TRC", "err", err) sendAck(proto.Ack_ErrCode_reject, AckNotFound) diff --git a/go/lib/infra/modules/trust/v2/provider.go b/go/lib/infra/modules/trust/v2/provider.go index 2a745c3c57..b60860938e 100644 --- a/go/lib/infra/modules/trust/v2/provider.go +++ b/go/lib/infra/modules/trust/v2/provider.go @@ -59,9 +59,6 @@ type cryptoProvider struct { recurser Recurser resolver Resolver router Router - // alwaysCacheOnly forces the cryptoProvider to always send cache-only - // requests. This should be set in the CS. - alwaysCacheOnly bool } func (p *cryptoProvider) GetTRC(ctx context.Context, isd addr.ISD, version scrypto.Version, @@ -153,12 +150,9 @@ func (p *cryptoProvider) fetchTRC(ctx context.Context, isd addr.ISD, version scr if err := p.recurser.AllowRecursion(client); err != nil { return decoded.TRC{}, err } - // In case the server is provided, cache-only should be set. - cacheOnly := server != nil || p.alwaysCacheOnly req := TRCReq{ - ISD: isd, - Version: version, - CacheOnly: cacheOnly, + ISD: isd, + Version: version, } // Choose remote server, if not set. if server == nil { diff --git a/go/lib/infra/modules/trust/v2/provider_test.go b/go/lib/infra/modules/trust/v2/provider_test.go index d3189e06fc..2df1810953 100644 --- a/go/lib/infra/modules/trust/v2/provider_test.go +++ b/go/lib/infra/modules/trust/v2/provider_test.go @@ -47,7 +47,6 @@ func TestCryptoProviderGetTRC(t *testing.T) { Expect func(m *mocks, dec *decoded.TRC) Opts infra.TRCOpts ExpectedErr error - CacheOnly bool }{ "TRC in database, allow inactive": { Expect: func(m *mocks, dec *decoded.TRC) { @@ -90,9 +89,8 @@ func TestCryptoProviderGetTRC(t *testing.T) { ) m.Recurser.EXPECT().AllowRecursion(gomock.Any()).Return(nil) req := trust.TRCReq{ - ISD: dec.TRC.ISD, - Version: dec.TRC.Version, - CacheOnly: true, + ISD: dec.TRC.ISD, + Version: dec.TRC.Version, } m.Resolver.EXPECT().TRC(gomock.Any(), req, ip).Return(*dec, nil) }, @@ -202,9 +200,8 @@ func TestCryptoProviderGetTRC(t *testing.T) { m.Recurser.EXPECT().AllowRecursion(gomock.Any()).Return(nil) m.Router.EXPECT().ChooseServer(gomock.Any(), dec.TRC.ISD).Return(ip, nil) req := trust.TRCReq{ - ISD: dec.TRC.ISD, - Version: dec.TRC.Version, - CacheOnly: false, + ISD: dec.TRC.ISD, + Version: dec.TRC.Version, } m.Resolver.EXPECT().TRC(gomock.Any(), req, ip).Return(decoded.TRC{}, internal) }, @@ -218,9 +215,8 @@ func TestCryptoProviderGetTRC(t *testing.T) { ) m.Recurser.EXPECT().AllowRecursion(gomock.Any()).Return(nil) req := trust.TRCReq{ - ISD: dec.TRC.ISD, - Version: dec.TRC.Version, - CacheOnly: true, + ISD: dec.TRC.ISD, + Version: dec.TRC.Version, } m.Resolver.EXPECT().TRC(gomock.Any(), req, ip).Return(decoded.TRC{}, internal) }, @@ -242,7 +238,7 @@ func TestCryptoProviderGetTRC(t *testing.T) { } decoded := loadTRC(t, trc1v1) test.Expect(&m, &decoded) - provider := trust.NewCryptoProvider(m.DB, m.Recurser, m.Resolver, m.Router, false) + provider := trust.NewCryptoProvider(m.DB, m.Recurser, m.Resolver, m.Router) ptrc, err := provider.GetTRC(nil, trc1v1.ISD, trc1v1.Version, test.Opts) if test.ExpectedErr != nil { require.Error(t, err) @@ -268,7 +264,6 @@ func TestCryptoProviderGetTRCLatest(t *testing.T) { Expect func(m *mocks, dec *decoded.TRC) decoded.TRC Opts infra.TRCOpts ExpectedErr error - CacheOnly bool }{ "TRC in database, allow inactive": { Expect: func(m *mocks, dec *decoded.TRC) decoded.TRC { @@ -288,9 +283,8 @@ func TestCryptoProviderGetTRCLatest(t *testing.T) { ip := &net.IPAddr{IP: []byte{127, 0, 0, 1}} m.Router.EXPECT().ChooseServer(gomock.Any(), dec.TRC.ISD).Return(ip, nil) req := trust.TRCReq{ - ISD: dec.TRC.ISD, - Version: scrypto.Version(scrypto.LatestVer), - CacheOnly: false, + ISD: dec.TRC.ISD, + Version: scrypto.Version(scrypto.LatestVer), } m.Resolver.EXPECT().TRC(gomock.Any(), req, ip).Return(*dec, nil) return *dec @@ -330,9 +324,8 @@ func TestCryptoProviderGetTRCLatest(t *testing.T) { ip := &net.IPAddr{IP: []byte{127, 0, 0, 1}} m.Router.EXPECT().ChooseServer(gomock.Any(), dec.TRC.ISD).Return(ip, nil) req := trust.TRCReq{ - ISD: dec.TRC.ISD, - Version: scrypto.Version(scrypto.LatestVer), - CacheOnly: false, + ISD: dec.TRC.ISD, + Version: scrypto.Version(scrypto.LatestVer), } m.Resolver.EXPECT().TRC(gomock.Any(), req, ip).Return(*dec, nil) return decoded.TRC{} @@ -354,9 +347,8 @@ func TestCryptoProviderGetTRCLatest(t *testing.T) { ip := &net.IPAddr{IP: []byte{127, 0, 0, 1}} m.Router.EXPECT().ChooseServer(gomock.Any(), dec.TRC.ISD).Return(ip, nil) req := trust.TRCReq{ - ISD: dec.TRC.ISD, - Version: scrypto.Version(scrypto.LatestVer), - CacheOnly: false, + ISD: dec.TRC.ISD, + Version: scrypto.Version(scrypto.LatestVer), } newer := decoded.TRC{TRC: &(*dec.TRC)} newer.TRC.Version += 1 @@ -382,9 +374,8 @@ func TestCryptoProviderGetTRCLatest(t *testing.T) { ip := &net.IPAddr{IP: []byte{127, 0, 0, 1}} m.Router.EXPECT().ChooseServer(gomock.Any(), dec.TRC.ISD).Return(ip, nil) req := trust.TRCReq{ - ISD: dec.TRC.ISD, - Version: scrypto.Version(scrypto.LatestVer), - CacheOnly: false, + ISD: dec.TRC.ISD, + Version: scrypto.Version(scrypto.LatestVer), } newer := decoded.TRC{TRC: &(*dec.TRC)} newer.TRC.Version += 1 @@ -410,8 +401,7 @@ func TestCryptoProviderGetTRCLatest(t *testing.T) { } decoded := loadTRC(t, trc1v1) expected := test.Expect(&m, &decoded) - provider := trust.NewCryptoProvider(m.DB, m.Recurser, m.Resolver, - m.Router, test.CacheOnly) + provider := trust.NewCryptoProvider(m.DB, m.Recurser, m.Resolver, m.Router) trcObj, err := provider.GetTRC(nil, trc1v1.ISD, scrypto.LatestVer, test.Opts) assert.Equal(t, expected.TRC, trcObj) if test.ExpectedErr != nil { diff --git a/go/lib/infra/modules/trust/v2/resolver.go b/go/lib/infra/modules/trust/v2/resolver.go index e5bc8edcc7..1009260aea 100644 --- a/go/lib/infra/modules/trust/v2/resolver.go +++ b/go/lib/infra/modules/trust/v2/resolver.go @@ -170,9 +170,8 @@ func (r *resolver) Chain(ctx context.Context, req ChainReq, return decoded.Chain{}, serrors.Wrap(ErrInvalidResponse, err) } w := resolveWrap{ - resolver: r, - server: server, - cacheOnly: req.CacheOnly, + resolver: r, + server: server, } if err := r.inserter.InsertChain(ctx, dec, w.TRC); err != nil { return decoded.Chain{}, serrors.WrapStr("unable to insert certificate chain", err, @@ -218,9 +217,8 @@ func (w *prevWrap) TRC(_ context.Context, isd addr.ISD, version scrypto.Version) // resolverWrap provides TRCs that are backed by the resolver. If a TRC is // missing in the DB, network requests are allowed. type resolveWrap struct { - resolver *resolver - server net.Addr - cacheOnly bool + resolver *resolver + server net.Addr } func (w resolveWrap) TRC(ctx context.Context, isd addr.ISD, @@ -234,9 +232,8 @@ func (w resolveWrap) TRC(ctx context.Context, isd addr.ISD, return nil, serrors.WrapStr("error querying DB for TRC", err) } req := TRCReq{ - ISD: isd, - Version: version, - CacheOnly: w.cacheOnly, + ISD: isd, + Version: version, } decoded, err := w.resolver.TRC(ctx, req, w.server) if err != nil { diff --git a/go/lib/infra/modules/trust/v2/rpc.go b/go/lib/infra/modules/trust/v2/rpc.go index 2c07d83fa7..277b5f74f9 100644 --- a/go/lib/infra/modules/trust/v2/rpc.go +++ b/go/lib/infra/modules/trust/v2/rpc.go @@ -34,9 +34,8 @@ type RPC interface { // TRCReq holds the values of a TRC request. type TRCReq struct { - ISD addr.ISD - Version scrypto.Version - CacheOnly bool + ISD addr.ISD + Version scrypto.Version } func (r TRCReq) withVersion(version scrypto.Version) TRCReq { @@ -46,7 +45,6 @@ func (r TRCReq) withVersion(version scrypto.Version) TRCReq { // ChainReq holds the values of a certificate chain request. type ChainReq struct { - IA addr.IA - Version scrypto.Version - CacheOnly bool + IA addr.IA + Version scrypto.Version }