letsencrypt · jsha · Dec 16, 2024 · Dec 11, 2024 · Dec 11, 2024 · Dec 12, 2024
@@ -301,11 +301,6 @@ func (sa *StorageAuthority) UpdateRegistration(_ context.Context, _ *corepb.Regi
 	return &emptypb.Empty{}, nil
 }
 
-// CountFQDNSets is a mock
-func (sa *StorageAuthorityReadOnly) CountFQDNSets(_ context.Context, _ *sapb.CountFQDNSetsRequest, _ ...grpc.CallOption) (*sapb.Count, error) {
-	return &sapb.Count{}, nil
-}
-
 // FQDNSetTimestampsForWindow is a mock
 func (sa *StorageAuthorityReadOnly) FQDNSetTimestampsForWindow(_ context.Context, _ *sapb.CountFQDNSetsRequest, _ ...grpc.CallOption) (*sapb.Timestamps, error) {
 	return &sapb.Timestamps{}, nil

@@ -1533,17 +1533,6 @@ func (m mockSAWithFQDNSet) CountCertificatesByNames(ctx context.Context, req *sa
 	return &sapb.CountByNames{Counts: counts}, nil
 }
 
-func (m mockSAWithFQDNSet) CountFQDNSets(_ context.Context, req *sapb.CountFQDNSetsRequest, _ ...grpc.CallOption) (*sapb.Count, error) {
-	var total int64
-	for _, name := range req.DnsNames {
-		entry, ok := m.issuanceTimestamps[name]
-		if ok {
-			total += int64(len(entry.Timestamps))
-		}
-	}
-	return &sapb.Count{Count: total}, nil
-}
-
 func (m mockSAWithFQDNSet) FQDNSetTimestampsForWindow(_ context.Context, req *sapb.CountFQDNSetsRequest, _ ...grpc.CallOption) (*sapb.Timestamps, error) {
 	if len(req.DnsNames) == 1 {
 		return m.issuanceTimestamps[req.DnsNames[0]], nil

@@ -11,7 +11,6 @@ import "google/protobuf/duration.proto";
 // StorageAuthorityReadOnly exposes only those SA methods which are read-only.
 service StorageAuthorityReadOnly {
   rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
-  rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
   rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {}
   rpc CountOrders(CountOrdersRequest) returns (Count) {}
   rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {}
@@ -46,7 +45,6 @@ service StorageAuthorityReadOnly {
 service StorageAuthority {
   // Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.
   rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
-  rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
   rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {}
   rpc CountOrders(CountOrdersRequest) returns (Count) {}
   rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {}

@@ -737,77 +737,6 @@ func TestCountCertificatesByNamesParallel(t *testing.T) {
 	}
 }
 
-func TestFQDNSets(t *testing.T) {
-	ctx := context.Background()
-	sa, fc, cleanUp := initSA(t)
-	defer cleanUp()
-
-	tx, err := sa.dbMap.BeginTx(ctx)
-	test.AssertNotError(t, err, "Failed to open transaction")
-	names := []string{"a.example.com", "B.example.com"}
-	expires := fc.Now().Add(time.Hour * 2).UTC()
-	issued := fc.Now()
-	err = addFQDNSet(ctx, tx, names, "serial", issued, expires)
-	test.AssertNotError(t, err, "Failed to add name set")
-	test.AssertNotError(t, tx.Commit(), "Failed to commit transaction")
-
-	// Invalid Window
-	req := &sapb.CountFQDNSetsRequest{
-		DnsNames: names,
-		Window:   nil,
-	}
-	_, err = sa.CountFQDNSets(ctx, req)
-	test.AssertErrorIs(t, err, errIncompleteRequest)
-
-	threeHours := time.Hour * 3
-	req = &sapb.CountFQDNSetsRequest{
-		DnsNames: names,
-		Window:   durationpb.New(threeHours),
-	}
-	// only one valid
-	count, err := sa.CountFQDNSets(ctx, req)
-	test.AssertNotError(t, err, "Failed to count name sets")
-	test.AssertEquals(t, count.Count, int64(1))
-
-	// check hash isn't affected by changing name order/casing
-	req.DnsNames = []string{"b.example.com", "A.example.COM"}
-	count, err = sa.CountFQDNSets(ctx, req)
-	test.AssertNotError(t, err, "Failed to count name sets")
-	test.AssertEquals(t, count.Count, int64(1))
-
-	// add another valid set
-	tx, err = sa.dbMap.BeginTx(ctx)
-	test.AssertNotError(t, err, "Failed to open transaction")
-	err = addFQDNSet(ctx, tx, names, "anotherSerial", issued, expires)
-	test.AssertNotError(t, err, "Failed to add name set")
-	test.AssertNotError(t, tx.Commit(), "Failed to commit transaction")
-
-	// only two valid
-	req.DnsNames = names
-	count, err = sa.CountFQDNSets(ctx, req)
-	test.AssertNotError(t, err, "Failed to count name sets")
-	test.AssertEquals(t, count.Count, int64(2))
-
-	// add an expired set
-	tx, err = sa.dbMap.BeginTx(ctx)
-	test.AssertNotError(t, err, "Failed to open transaction")
-	err = addFQDNSet(
-		ctx,
-		tx,
-		names,
-		"yetAnotherSerial",
-		issued.Add(-threeHours),
-		expires.Add(-threeHours),
-	)
-	test.AssertNotError(t, err, "Failed to add name set")
-	test.AssertNotError(t, tx.Commit(), "Failed to commit transaction")
-
-	// only two valid
-	count, err = sa.CountFQDNSets(ctx, req)
-	test.AssertNotError(t, err, "Failed to count name sets")
-	test.AssertEquals(t, count.Count, int64(2))
-}
-
 func TestFQDNSetTimestampsForWindow(t *testing.T) {
 	sa, fc, cleanUp := initSA(t)
 	defer cleanUp()

@@ -431,26 +431,6 @@ func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.Cou
 	return countNewOrders(ctx, ssa.dbReadOnlyMap, req)
 }
 
-// CountFQDNSets counts the total number of issuances, for a set of domains,
-// that occurred during a given window of time.
-func (ssa *SQLStorageAuthorityRO) CountFQDNSets(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Count, error) {
-	if core.IsAnyNilOrZero(req.Window) || len(req.DnsNames) == 0 {
-		return nil, errIncompleteRequest
-	}
-
-	var count int64
-	err := ssa.dbReadOnlyMap.SelectOne(
-		ctx,
-		&count,
-		`SELECT COUNT(*) FROM fqdnSets
-		WHERE setHash = ?
-		AND issued > ?`,
-		core.HashNames(req.DnsNames),
-		ssa.clk.Now().Add(-req.Window.AsDuration()),
-	)
-	return &sapb.Count{Count: count}, err
-}
-
 // FQDNSetTimestampsForWindow returns the issuance timestamps for each
 // certificate, issued for a set of domains, during a given window of time,
 // starting from the most recent issuance.