Test fixups

sa/model.go

@@ -695,7 +695,7 @@ func authzPBToModel(authz *corepb.Authorization) (*authzModel, error) {
 		IdentifierValue: authz.Identifier,
 		RegistrationID:  authz.RegistrationID,
 		Status:          statusToUint[core.AcmeStatus(authz.Status)],
-		Expires:         authz.Expires.AsTime().Truncate(time.Second),
+		Expires:         authz.Expires.AsTime(),
 	}
 	if authz.Id != "" {
 		// The v1 internal authorization objects use a string for the ID, the v2
@@ -734,7 +734,7 @@ func authzPBToModel(authz *corepb.Authorization) (*authzModel, error) {
 			// If validated Unix timestamp is zero then keep the core.Challenge Validated object nil.
 			var validated *time.Time
 			if !core.IsAnyNilOrZero(chall.Validated) {
-				val := chall.Validated.AsTime().Truncate(time.Second)
+				val := chall.Validated.AsTime()
 				validated = &val
 			}
 			am.AttemptedAt = validated

sa/sa.go

@@ -475,13 +475,15 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 				if err != nil {
 					return nil, err
 				}
+				// These parameters correspond to the fields listed in `authzFields`, as used in the
+				// `db.NewMultiInserter` call above, and occur in the same order.
 				err = inserter.Add([]interface{}{
 					am.ID,
 					am.IdentifierType,
 					am.IdentifierValue,
 					am.RegistrationID,
 					statusToUint[core.StatusPending],
-					am.Expires,
+					am.Expires.Truncate(time.Second),
 					am.Challenges,
 					nil,
 					nil,
@@ -503,10 +505,11 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 		var orderID int64
 		var err error
 		created := ssa.clk.Now().Truncate(time.Second)
+		expires := req.NewOrder.Expires.AsTime().Truncate(time.Second)
 		if features.Get().MultipleCertificateProfiles {
 			omv2 := orderModelv2{
 				RegistrationID:         req.NewOrder.RegistrationID,
-				Expires:                req.NewOrder.Expires.AsTime().Truncate(time.Second),
+				Expires:                expires,
 				Created:                created,
 				CertificateProfileName: req.NewOrder.CertificateProfileName,
 			}
@@ -515,7 +518,7 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 		} else {
 			omv1 := orderModelv1{
 				RegistrationID: req.NewOrder.RegistrationID,
-				Expires:        req.NewOrder.Expires.AsTime().Truncate(time.Second),
+				Expires:        expires,
 				Created:        created,
 			}
 			err = tx.Insert(ctx, &omv1)
@@ -570,20 +573,20 @@ func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb
 			req.NewOrder.Names,
 			orderID,
 			req.NewOrder.RegistrationID,
-			req.NewOrder.Expires.AsTime().Truncate(time.Second),
+			expires,
 		)
 		if err != nil {
 			return nil, err
 		}
 
-		// Finally, build the overall Order PB.
+		// Finally, build the overall Order PB to return.
 		res := &corepb.Order{
 			// ID and Created were auto-populated on the order model when it was inserted.
 			Id:      orderID,
 			Created: timestamppb.New(created),
 			// These are carried over from the original request unchanged.
 			RegistrationID: req.NewOrder.RegistrationID,
-			Expires:        req.NewOrder.Expires,
+			Expires:        timestamppb.New(expires),
 			Names:          req.NewOrder.Names,
 			// Have to combine the already-associated and newly-reacted authzs.
 			V2Authorizations: append(req.NewOrder.V2Authorizations, newAuthzIDs...),

sa/saro.go

@@ -766,7 +766,7 @@ func (ssa *SQLStorageAuthorityRO) GetOrderForNames(ctx context.Context, req *sap
 					ORDER BY expires ASC
 					LIMIT 1`,
 		fqdnHash,
-    ssa.clk.Now().Truncate(time.Second))
+		ssa.clk.Now().Truncate(time.Second))
 
 	if db.IsNoRows(err) {
 		return nil, berrors.NotFoundError("no order matching request found")