Store and retrieve certificate profile name from database

core/proto/core.proto

@@ -101,7 +101,7 @@ message Authorization {
 }
 
 message Order {
-  // Next unused field number: 14
+  // Next unused field number: 15
   int64 id = 1;
   int64 registrationID = 2;
   reserved 3; // Previously expiresNS
@@ -115,6 +115,7 @@ message Order {
   reserved 10; // Previously createdNS
   google.protobuf.Timestamp created = 13;
   repeated int64 v2Authorizations = 11;
+  string certificateProfileName = 14;
 }
 
 message CRLEntry {

mocks/mocks.go

@@ -374,8 +374,9 @@ func (sa *StorageAuthority) NewOrderAndAuthzs(_ context.Context, req *sapb.NewOr
 		Id:      rand.Int63(),
 		Created: timestamppb.Now(),
 		// A new order is never processing because it can't have been finalized yet.
-		BeganProcessing: false,
-		Status:          string(core.StatusPending),
+		BeganProcessing:        false,
+		Status:                 string(core.StatusPending),
+		CertificateProfileName: req.NewOrder.CertificateProfileName,
 	}
 	return response, nil
 }
@@ -407,15 +408,16 @@ func (sa *StorageAuthorityReadOnly) GetOrder(_ context.Context, req *sapb.OrderR
 	created := now.AddDate(-30, 0, 0)
 	exp := now.AddDate(30, 0, 0)
 	validOrder := &corepb.Order{
-		Id:                req.Id,
-		RegistrationID:    1,
-		Created:           timestamppb.New(created),
-		Expires:           timestamppb.New(exp),
-		Names:             []string{"example.com"},
-		Status:            string(core.StatusValid),
-		V2Authorizations:  []int64{1},
-		CertificateSerial: "serial",
-		Error:             nil,
+		Id:                     req.Id,
+		RegistrationID:         1,
+		Created:                timestamppb.New(created),
+		Expires:                timestamppb.New(exp),
+		Names:                  []string{"example.com"},
+		Status:                 string(core.StatusValid),
+		V2Authorizations:       []int64{1},
+		CertificateSerial:      "serial",
+		Error:                  nil,
+		CertificateProfileName: "defaultBoulderCertificateProfile",
 	}
 
 	// Order ID doesn't have a certificate serial yet

sa/db-next/boulder_sa/20240304000000_CertificateProfiles.sql

@@ -0,0 +1 @@
+../../db/boulder_sa/20240304000000_CertificateProfiles.sql

sa/db/boulder_sa/20240304000000_CertificateProfiles.sql

@@ -0,0 +1,38 @@
+-- +migrate Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+DROP TABLE `orders`;
+CREATE TABLE `orders` (
+  `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
+  `registrationID` bigint(20) NOT NULL,
+  `expires` datetime NOT NULL,
+  `error` mediumblob DEFAULT NULL,
+  `certificateSerial` varchar(255) DEFAULT NULL,
+  `beganProcessing` tinyint(1) NOT NULL DEFAULT 0,
+  `created` datetime NOT NULL,
+  `certificateProfileName` varchar(32) DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `reg_status_expires` (`registrationID`,`expires`),
+  KEY `regID_created_idx` (`registrationID`,`created`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
+ PARTITION BY RANGE(id)
+(PARTITION p_start VALUES LESS THAN (MAXVALUE));
+
+-- +migrate Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+DROP TABLE `orders`;
+CREATE TABLE `orders` (
+  `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
+  `registrationID` bigint(20) NOT NULL,
+  `expires` datetime NOT NULL,
+  `error` mediumblob DEFAULT NULL,
+  `certificateSerial` varchar(255) DEFAULT NULL,
+  `beganProcessing` tinyint(1) NOT NULL DEFAULT 0,
+  `created` datetime NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `reg_status_expires` (`registrationID`,`expires`),
+  KEY `regID_created_idx` (`registrationID`,`created`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
+ PARTITION BY RANGE(id)
+(PARTITION p_start VALUES LESS THAN (MAXVALUE));

sa/model.go

@@ -374,13 +374,14 @@ type precertificateModel struct {
 }
 
 type orderModel struct {
-	ID                int64
-	RegistrationID    int64
-	Expires           time.Time
-	Created           time.Time
-	Error             []byte
-	CertificateSerial string
-	BeganProcessing   bool
+	ID                     int64
+	RegistrationID         int64
+	Expires                time.Time
+	Created                time.Time
+	Error                  []byte
+	CertificateSerial      string
+	BeganProcessing        bool
+	CertificateProfileName string
 }
 
 type requestedNameModel struct {
@@ -396,12 +397,13 @@ type orderToAuthzModel struct {
 
 func orderToModel(order *corepb.Order) (*orderModel, error) {
 	om := &orderModel{
-		ID:                order.Id,
-		RegistrationID:    order.RegistrationID,
-		Expires:           order.Expires.AsTime(),
-		Created:           order.Created.AsTime(),
-		BeganProcessing:   order.BeganProcessing,
-		CertificateSerial: order.CertificateSerial,
+		ID:                     order.Id,
+		RegistrationID:         order.RegistrationID,
+		Expires:                order.Expires.AsTime(),
+		Created:                order.Created.AsTime(),
+		BeganProcessing:        order.BeganProcessing,
+		CertificateSerial:      order.CertificateSerial,
+		CertificateProfileName: order.CertificateProfileName,
 	}
 
 	if order.Error != nil {
@@ -419,12 +421,13 @@ func orderToModel(order *corepb.Order) (*orderModel, error) {
 
 func modelToOrder(om *orderModel) (*corepb.Order, error) {
 	order := &corepb.Order{
-		Id:                om.ID,
-		RegistrationID:    om.RegistrationID,
-		Expires:           timestamppb.New(om.Expires),
-		Created:           timestamppb.New(om.Created),
-		CertificateSerial: om.CertificateSerial,
-		BeganProcessing:   om.BeganProcessing,
+		Id:                     om.ID,
+		RegistrationID:         om.RegistrationID,
+		Expires:                timestamppb.New(om.Expires),
+		Created:                timestamppb.New(om.Created),
+		CertificateSerial:      om.CertificateSerial,
+		BeganProcessing:        om.BeganProcessing,
+		CertificateProfileName: om.CertificateProfileName,
 	}
 	if len(om.Error) > 0 {
 		var problem corepb.ProblemDetails

sa/model_test.go

@@ -16,12 +16,13 @@ import (
 	"time"
 
 	"github.com/jmhodges/clock"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
 	"github.com/letsencrypt/boulder/db"
 	"github.com/letsencrypt/boulder/features"
 	"github.com/letsencrypt/boulder/grpc"
 	"github.com/letsencrypt/boulder/probs"
 	"github.com/letsencrypt/boulder/test/vars"
-	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/letsencrypt/boulder/core"
 	corepb "github.com/letsencrypt/boulder/core/proto"
@@ -257,6 +258,26 @@ func TestModelToOrderBadJSON(t *testing.T) {
 	test.AssertEquals(t, string(badJSONErr.json), string(badJSON))
 }
 
+func TestOrderModelThereAndBackAgain(t *testing.T) {
+	clk := clock.New()
+	now := clk.Now()
+	order := &corepb.Order{
+		Id:                     0,
+		RegistrationID:         2016,
+		Expires:                timestamppb.New(now.Add(24 * time.Hour)),
+		Created:                timestamppb.New(now),
+		Error:                  nil,
+		CertificateSerial:      "1",
+		BeganProcessing:        true,
+		CertificateProfileName: "phljny",
+	}
+	model, err := orderToModel(order)
+	test.AssertNotError(t, err, "orderToModel should not have errored")
+	returnOrder, err := modelToOrder(model)
+	test.AssertNotError(t, err, "modelToOrder should not have errored")
+	test.AssertDeepEquals(t, order, returnOrder)
+}
+
 // TestPopulateAttemptedFieldsBadJSON tests that populating a challenge from an
 // authz2 model with an invalid validation error or an invalid validation record
 // produces the expected bad JSON error.