Documentation
¶
Index ¶
- Constants
- func NewCertificateAuthorityServer(rpc Server, impl core.CertificateAuthority) (err error)
- func NewPublisherServer(rpc Server, impl core.Publisher) (err error)
- func NewRegistrationAuthorityServer(rpc Server, impl core.RegistrationAuthority, log blog.Logger) error
- func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error
- func NewValidationAuthorityServer(rpc Server, impl core.ValidationAuthority) (err error)
- type AmqpRPCCLient
- type AmqpRPCServer
- type CertificateAuthorityClient
- type Client
- type DeliveryHandler
- type PublisherClient
- type RegistrationAuthorityClient
- func (rac RegistrationAuthorityClient) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, reason revocation.Reason, ...) (err error)
- func (rac RegistrationAuthorityClient) DeactivateAuthorization(ctx context.Context, authz core.Authorization) error
- func (rac RegistrationAuthorityClient) DeactivateRegistration(ctx context.Context, reg core.Registration) error
- func (rac RegistrationAuthorityClient) NewAuthorization(ctx context.Context, authz core.Authorization, regID int64) (newAuthz core.Authorization, err error)
- func (rac RegistrationAuthorityClient) NewCertificate(ctx context.Context, cr core.CertificateRequest, regID int64) (cert core.Certificate, err error)
- func (rac RegistrationAuthorityClient) NewRegistration(ctx context.Context, reg core.Registration) (newReg core.Registration, err error)
- func (rac RegistrationAuthorityClient) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, reason revocation.Reason, ...) (err error)
- func (rac RegistrationAuthorityClient) UpdateAuthorization(ctx context.Context, authz core.Authorization, index int, ...) (newAuthz core.Authorization, err error)
- func (rac RegistrationAuthorityClient) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (newReg core.Registration, err error)
- type Server
- type StorageAuthorityClient
- func (cac StorageAuthorityClient) AddCertificate(ctx context.Context, cert []byte, regID int64) (id string, err error)
- func (cac StorageAuthorityClient) AddSCTReceipt(ctx context.Context, sct core.SignedCertificateTimestamp) (err error)
- func (cac StorageAuthorityClient) CountCertificatesByNames(ctx context.Context, names []string, earliest, latest time.Time) (counts map[string]int, err error)
- func (cac StorageAuthorityClient) CountCertificatesRange(ctx context.Context, start, end time.Time) (count int64, err error)
- func (cac StorageAuthorityClient) CountFQDNSets(ctx context.Context, window time.Duration, names []string) (int64, error)
- func (cac StorageAuthorityClient) CountPendingAuthorizations(ctx context.Context, regID int64) (count int, err error)
- func (cac StorageAuthorityClient) CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest, latest time.Time) (count int, err error)
- func (cac StorageAuthorityClient) DeactivateAuthorization(ctx context.Context, id string) error
- func (cac StorageAuthorityClient) DeactivateRegistration(ctx context.Context, id int64) error
- func (cac StorageAuthorityClient) FQDNSetExists(ctx context.Context, names []string) (bool, error)
- func (cac StorageAuthorityClient) FinalizeAuthorization(ctx context.Context, authz core.Authorization) (err error)
- func (cac StorageAuthorityClient) GetAuthorization(ctx context.Context, id string) (authz core.Authorization, err error)
- func (cac StorageAuthorityClient) GetCertificate(ctx context.Context, id string) (cert core.Certificate, err error)
- func (cac StorageAuthorityClient) GetCertificateStatus(ctx context.Context, id string) (status core.CertificateStatus, err error)
- func (cac StorageAuthorityClient) GetRegistration(ctx context.Context, id int64) (reg core.Registration, err error)
- func (cac StorageAuthorityClient) GetRegistrationByKey(ctx context.Context, key *jose.JsonWebKey) (reg core.Registration, err error)
- func (cac StorageAuthorityClient) GetSCTReceipt(ctx context.Context, serial string, logID string) (receipt core.SignedCertificateTimestamp, err error)
- func (cac StorageAuthorityClient) GetValidAuthorizations(ctx context.Context, registrationID int64, names []string, now time.Time) (auths map[string]*core.Authorization, err error)
- func (cac StorageAuthorityClient) MarkCertificateRevoked(ctx context.Context, serial string, reasonCode revocation.Reason) (err error)
- func (cac StorageAuthorityClient) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (output core.Authorization, err error)
- func (cac StorageAuthorityClient) NewRegistration(ctx context.Context, reg core.Registration) (output core.Registration, err error)
- func (cac StorageAuthorityClient) RevokeAuthorizationsByDomain(ctx context.Context, ident core.AcmeIdentifier) (aRevoked int64, paRevoked int64, err error)
- func (cac StorageAuthorityClient) UpdatePendingAuthorization(ctx context.Context, authz core.Authorization) (err error)
- func (cac StorageAuthorityClient) UpdateRegistration(ctx context.Context, reg core.Registration) (err error)
- type ValidationAuthorityClient
Constants ¶
const ( AmqpExchange = "boulder" AmqpExchangeType = "topic" AmqpInternal = false AmqpDurable = false AmqpDeleteUnused = false AmqpExclusive = false AmqpNoWait = false AmqpNoLocal = false AmqpAutoAck = true AmqpMandatory = false AmqpImmediate = false )
XXX: I *think* these constants are appropriate. We will probably want to tweak these in the future.
const ( MethodNewRegistration = "NewRegistration" // RA, SA MethodNewAuthorization = "NewAuthorization" // RA MethodNewCertificate = "NewCertificate" // RA MethodUpdateRegistration = "UpdateRegistration" // RA, SA MethodUpdateAuthorization = "UpdateAuthorization" // RA MethodRevokeCertificateWithReg = "RevokeCertificateWithReg" // RA MethodAdministrativelyRevokeCertificate = "AdministrativelyRevokeCertificate" // RA MethodPerformValidation = "PerformValidation" // VA MethodIsSafeDomain = "IsSafeDomain" // VA MethodIssueCertificate = "IssueCertificate" // CA MethodGenerateOCSP = "GenerateOCSP" // CA MethodGetRegistration = "GetRegistration" // SA MethodGetRegistrationByKey = "GetRegistrationByKey" // RA, SA MethodGetAuthorization = "GetAuthorization" // SA MethodGetValidAuthorizations = "GetValidAuthorizations" // SA MethodGetCertificate = "GetCertificate" // SA MethodGetCertificateStatus = "GetCertificateStatus" // SA MethodMarkCertificateRevoked = "MarkCertificateRevoked" // SA MethodNewPendingAuthorization = "NewPendingAuthorization" // SA MethodUpdatePendingAuthorization = "UpdatePendingAuthorization" // SA MethodFinalizeAuthorization = "FinalizeAuthorization" // SA MethodAddCertificate = "AddCertificate" // SA MethodCountCertificatesRange = "CountCertificatesRange" // SA MethodCountCertificatesByNames = "CountCertificatesByNames" // SA MethodCountRegistrationsByIP = "CountRegistrationsByIP" // SA MethodCountPendingAuthorizations = "CountPendingAuthorizations" // SA MethodGetSCTReceipt = "GetSCTReceipt" // SA MethodAddSCTReceipt = "AddSCTReceipt" // SA MethodSubmitToCT = "SubmitToCT" // Pub MethodRevokeAuthorizationsByDomain = "RevokeAuthorizationsByDomain" // SA MethodCountFQDNSets = "CountFQDNSets" // SA MethodFQDNSetExists = "FQDNSetExists" // SA MethodDeactivateAuthorizationSA = "DeactivateAuthorizationSA" // SA MethodDeactivateAuthorization = "DeactivateAuthorization" // RA MethodDeactivateRegistrationSA = "DeactivateRegistrationSA" // SA MethodDeactivateRegistration = "DeactivateRegistration" // RA )
These strings are used by the RPC layer to identify function points.
Variables ¶
This section is empty.
Functions ¶
func NewCertificateAuthorityServer ¶
func NewCertificateAuthorityServer(rpc Server, impl core.CertificateAuthority) (err error)
NewCertificateAuthorityServer constructs an RPC server
CertificateAuthorityClient / Server
-> IssueCertificate
func NewPublisherServer ¶
NewPublisherServer creates a new server that wraps a CT publisher
func NewRegistrationAuthorityServer ¶
func NewRegistrationAuthorityServer(rpc Server, impl core.RegistrationAuthority, log blog.Logger) error
NewRegistrationAuthorityServer constructs an RPC server
func NewStorageAuthorityServer ¶
func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error
NewStorageAuthorityServer constructs an RPC server
func NewValidationAuthorityServer ¶
func NewValidationAuthorityServer(rpc Server, impl core.ValidationAuthority) (err error)
NewValidationAuthorityServer constructs an RPC server
ValidationAuthorityClient / Server
Types ¶
type AmqpRPCCLient ¶
type AmqpRPCCLient struct {
// contains filtered or unexported fields
}
AmqpRPCCLient is an AMQP-RPC client that sends requests to a specific server queue, and uses a dedicated response queue for responses.
To implement specific functionality, using code uses the DispatchSync() method to send a method name and body, and get back a response. So you end up with wrapper methods of the form:
```
request = /* serialize request to []byte */ response = AmqpRPCCLient.Dispatch(method, request) return /* deserialized response */
```
DispatchSync will manage the channel for you, and also enforce a timeout on the transaction.
func NewAmqpRPCClient ¶
func NewAmqpRPCClient( clientQueuePrefix string, amqpConf *cmd.AMQPConfig, rpcConf *cmd.RPCServerConfig, stats metrics.Scope, ) (rpc *AmqpRPCCLient, err error)
NewAmqpRPCClient constructs an RPC client using AMQP
func (*AmqpRPCCLient) DispatchSync ¶
func (rpc *AmqpRPCCLient) DispatchSync(method string, body []byte) (response []byte, err error)
DispatchSync sends a body to the destination, and blocks waiting on a response.
type AmqpRPCServer ¶
type AmqpRPCServer struct {
// contains filtered or unexported fields
}
AmqpRPCServer listens on a specified queue within an AMQP channel. When messages arrive on that queue, it dispatches them based on type, and returns the response to the ReplyTo queue.
To implement specific functionality, using code should use the Handle method to add specific actions.
func NewAmqpRPCServer ¶
func NewAmqpRPCServer( amqpConf *cmd.AMQPConfig, maxConcurrentRPCServerRequests int64, stats metrics.Scope, log blog.Logger, ) (*AmqpRPCServer, error)
NewAmqpRPCServer creates a new RPC server for the given queue and will begin consuming requests from the queue. To start the server you must call Start().
func (*AmqpRPCServer) Handle ¶
func (rpc *AmqpRPCServer) Handle(method string, handler messageHandler)
Handle registers a function to handle a particular method.
func (*AmqpRPCServer) Start ¶
func (rpc *AmqpRPCServer) Start(c *cmd.AMQPConfig) error
Start starts the AMQP-RPC server and handles reconnections, this will block until a fatal error is returned or AmqpRPCServer.Stop() is called and all remaining messages are processed.
func (*AmqpRPCServer) Stop ¶
func (rpc *AmqpRPCServer) Stop()
Stop gracefully stops the AmqpRPCServer, after calling AmqpRPCServer.Start will continue blocking until it has processed any messages that have already been retrieved.
type CertificateAuthorityClient ¶
type CertificateAuthorityClient struct {
// contains filtered or unexported fields
}
CertificateAuthorityClient is a client to communicate with the CA.
func NewCertificateAuthorityClient ¶
func NewCertificateAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*CertificateAuthorityClient, error)
NewCertificateAuthorityClient constructs an RPC client
func (CertificateAuthorityClient) GenerateOCSP ¶
func (cac CertificateAuthorityClient) GenerateOCSP(ctx context.Context, signRequest core.OCSPSigningRequest) (resp []byte, err error)
GenerateOCSP sends a request to generate an OCSP response
func (CertificateAuthorityClient) IssueCertificate ¶
func (cac CertificateAuthorityClient) IssueCertificate(ctx context.Context, csr x509.CertificateRequest, regID int64) (cert core.Certificate, err error)
IssueCertificate sends a request to issue a certificate
type DeliveryHandler ¶
DeliveryHandler is a function that will process an amqp.DeliveryHandler
type PublisherClient ¶
type PublisherClient struct {
// contains filtered or unexported fields
}
PublisherClient is a client to communicate with the Publisher Authority
func NewPublisherClient ¶
func NewPublisherClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*PublisherClient, error)
NewPublisherClient constructs an RPC client
func (PublisherClient) SubmitToCT ¶
func (pub PublisherClient) SubmitToCT(ctx context.Context, der []byte) (err error)
SubmitToCT sends a request to submit a certificate to CT logs
func (PublisherClient) SubmitToSingleCT ¶
func (pub PublisherClient) SubmitToSingleCT(ctx context.Context, logURL, logPublicKey string, der []byte) (err error)
The only consumer of the publisher service's `SubmitToSingleCT` func is the `ocsp-updater`. Since it will *only* use gRPC to communicate with the Publisher we *do not* implement `SubmitToSingleCT` for AQMP. This method is here only to satisfy the publisher interface
type RegistrationAuthorityClient ¶
type RegistrationAuthorityClient struct {
// contains filtered or unexported fields
}
RegistrationAuthorityClient represents an RA RPC client
func NewRegistrationAuthorityClient ¶
func NewRegistrationAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*RegistrationAuthorityClient, error)
NewRegistrationAuthorityClient constructs an RPC client
func (RegistrationAuthorityClient) AdministrativelyRevokeCertificate ¶
func (rac RegistrationAuthorityClient) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, reason revocation.Reason, user string) (err error)
AdministrativelyRevokeCertificate sends a Revoke Certificate request initiated by the admin-revoker
func (RegistrationAuthorityClient) DeactivateAuthorization ¶
func (rac RegistrationAuthorityClient) DeactivateAuthorization(ctx context.Context, authz core.Authorization) error
DeactivateAuthorization deactivates a currently valid or pending authorization
func (RegistrationAuthorityClient) DeactivateRegistration ¶
func (rac RegistrationAuthorityClient) DeactivateRegistration(ctx context.Context, reg core.Registration) error
DeactivateRegistration deactivates a currently valid registration
func (RegistrationAuthorityClient) NewAuthorization ¶
func (rac RegistrationAuthorityClient) NewAuthorization(ctx context.Context, authz core.Authorization, regID int64) (newAuthz core.Authorization, err error)
NewAuthorization sends a New Authorization request
func (RegistrationAuthorityClient) NewCertificate ¶
func (rac RegistrationAuthorityClient) NewCertificate(ctx context.Context, cr core.CertificateRequest, regID int64) (cert core.Certificate, err error)
NewCertificate sends a New Certificate request
func (RegistrationAuthorityClient) NewRegistration ¶
func (rac RegistrationAuthorityClient) NewRegistration(ctx context.Context, reg core.Registration) (newReg core.Registration, err error)
NewRegistration sends a New Registration request
func (RegistrationAuthorityClient) RevokeCertificateWithReg ¶
func (rac RegistrationAuthorityClient) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, reason revocation.Reason, regID int64) (err error)
RevokeCertificateWithReg sends a Revoke Certificate request initiated by the WFE
func (RegistrationAuthorityClient) UpdateAuthorization ¶
func (rac RegistrationAuthorityClient) UpdateAuthorization(ctx context.Context, authz core.Authorization, index int, response core.Challenge) (newAuthz core.Authorization, err error)
UpdateAuthorization sends an Update Authorization request
func (RegistrationAuthorityClient) UpdateRegistration ¶
func (rac RegistrationAuthorityClient) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (newReg core.Registration, err error)
UpdateRegistration sends an Update Registration request
type Server ¶
type Server interface {
Handle(string, messageHandler)
}
Server describes the functions an RPC Server performs
type StorageAuthorityClient ¶
type StorageAuthorityClient struct {
// contains filtered or unexported fields
}
StorageAuthorityClient is a client to communicate with the Storage Authority
func NewStorageAuthorityClient ¶
func NewStorageAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*StorageAuthorityClient, error)
NewStorageAuthorityClient constructs an RPC client
func (StorageAuthorityClient) AddCertificate ¶
func (cac StorageAuthorityClient) AddCertificate(ctx context.Context, cert []byte, regID int64) (id string, err error)
AddCertificate sends a request to record the issuance of a certificate
func (StorageAuthorityClient) AddSCTReceipt ¶
func (cac StorageAuthorityClient) AddSCTReceipt(ctx context.Context, sct core.SignedCertificateTimestamp) (err error)
AddSCTReceipt adds a new SCT to the database.
func (StorageAuthorityClient) CountCertificatesByNames ¶
func (cac StorageAuthorityClient) CountCertificatesByNames(ctx context.Context, names []string, earliest, latest time.Time) (counts map[string]int, err error)
CountCertificatesByNames calls CountCertificatesRange on the remote StorageAuthority.
func (StorageAuthorityClient) CountCertificatesRange ¶
func (cac StorageAuthorityClient) CountCertificatesRange(ctx context.Context, start, end time.Time) (count int64, err error)
CountCertificatesRange sends a request to count the number of certificates issued in a certain time range
func (StorageAuthorityClient) CountFQDNSets ¶
func (cac StorageAuthorityClient) CountFQDNSets(ctx context.Context, window time.Duration, names []string) (int64, error)
CountFQDNSets returns the number of currently valid sets with hash |setHash|
func (StorageAuthorityClient) CountPendingAuthorizations ¶
func (cac StorageAuthorityClient) CountPendingAuthorizations(ctx context.Context, regID int64) (count int, err error)
CountPendingAuthorizations calls CountPendingAuthorizations on the remote StorageAuthority.
func (StorageAuthorityClient) CountRegistrationsByIP ¶
func (cac StorageAuthorityClient) CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest, latest time.Time) (count int, err error)
CountRegistrationsByIP calls CountRegistrationsByIP on the remote StorageAuthority.
func (StorageAuthorityClient) DeactivateAuthorization ¶
func (cac StorageAuthorityClient) DeactivateAuthorization(ctx context.Context, id string) error
DeactivateAuthorization deactivates a currently valid or pending authorization
func (StorageAuthorityClient) DeactivateRegistration ¶
func (cac StorageAuthorityClient) DeactivateRegistration(ctx context.Context, id int64) error
DeactivateRegistration deactivates a currently valid registration
func (StorageAuthorityClient) FQDNSetExists ¶
FQDNSetExists returns a bool indicating whether the FQDN set |name| exists in the database
func (StorageAuthorityClient) FinalizeAuthorization ¶
func (cac StorageAuthorityClient) FinalizeAuthorization(ctx context.Context, authz core.Authorization) (err error)
FinalizeAuthorization sends a request to finalize an authorization (convert from pending)
func (StorageAuthorityClient) GetAuthorization ¶
func (cac StorageAuthorityClient) GetAuthorization(ctx context.Context, id string) (authz core.Authorization, err error)
GetAuthorization sends a request to get an Authorization by ID
func (StorageAuthorityClient) GetCertificate ¶
func (cac StorageAuthorityClient) GetCertificate(ctx context.Context, id string) (cert core.Certificate, err error)
GetCertificate sends a request to get a Certificate by ID
func (StorageAuthorityClient) GetCertificateStatus ¶
func (cac StorageAuthorityClient) GetCertificateStatus(ctx context.Context, id string) (status core.CertificateStatus, err error)
GetCertificateStatus sends a request to obtain the current status of a certificate by ID
func (StorageAuthorityClient) GetRegistration ¶
func (cac StorageAuthorityClient) GetRegistration(ctx context.Context, id int64) (reg core.Registration, err error)
GetRegistration sends a request to get a registration by ID
func (StorageAuthorityClient) GetRegistrationByKey ¶
func (cac StorageAuthorityClient) GetRegistrationByKey(ctx context.Context, key *jose.JsonWebKey) (reg core.Registration, err error)
GetRegistrationByKey sends a request to get a registration by JWK
func (StorageAuthorityClient) GetSCTReceipt ¶
func (cac StorageAuthorityClient) GetSCTReceipt(ctx context.Context, serial string, logID string) (receipt core.SignedCertificateTimestamp, err error)
GetSCTReceipt retrieves an SCT according to the serial number of a certificate and the logID of the log to which it was submitted.
func (StorageAuthorityClient) GetValidAuthorizations ¶
func (cac StorageAuthorityClient) GetValidAuthorizations(ctx context.Context, registrationID int64, names []string, now time.Time) (auths map[string]*core.Authorization, err error)
GetValidAuthorizations sends a request to get a batch of Authorizations by RegID and dnsName. The current time is also included in the request to assist filtering.
func (StorageAuthorityClient) MarkCertificateRevoked ¶
func (cac StorageAuthorityClient) MarkCertificateRevoked(ctx context.Context, serial string, reasonCode revocation.Reason) (err error)
MarkCertificateRevoked sends a request to mark a certificate as revoked
func (StorageAuthorityClient) NewPendingAuthorization ¶
func (cac StorageAuthorityClient) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (output core.Authorization, err error)
NewPendingAuthorization sends a request to store a pending authorization
func (StorageAuthorityClient) NewRegistration ¶
func (cac StorageAuthorityClient) NewRegistration(ctx context.Context, reg core.Registration) (output core.Registration, err error)
NewRegistration sends a request to store a new registration
func (StorageAuthorityClient) RevokeAuthorizationsByDomain ¶
func (cac StorageAuthorityClient) RevokeAuthorizationsByDomain(ctx context.Context, ident core.AcmeIdentifier) (aRevoked int64, paRevoked int64, err error)
RevokeAuthorizationsByDomain sends a request to revoke all pending or finalized authorizations for a single domain
func (StorageAuthorityClient) UpdatePendingAuthorization ¶
func (cac StorageAuthorityClient) UpdatePendingAuthorization(ctx context.Context, authz core.Authorization) (err error)
UpdatePendingAuthorization sends a request to update the data in a pending authorization
func (StorageAuthorityClient) UpdateRegistration ¶
func (cac StorageAuthorityClient) UpdateRegistration(ctx context.Context, reg core.Registration) (err error)
UpdateRegistration sends a request to store an updated registration
type ValidationAuthorityClient ¶
type ValidationAuthorityClient struct {
// contains filtered or unexported fields
}
ValidationAuthorityClient represents an RPC client for the VA
func NewValidationAuthorityClient ¶
func NewValidationAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*ValidationAuthorityClient, error)
NewValidationAuthorityClient constructs an RPC client
func (ValidationAuthorityClient) IsSafeDomain ¶
func (vac ValidationAuthorityClient) IsSafeDomain(ctx context.Context, req *vaPB.IsSafeDomainRequest) (resp *vaPB.IsDomainSafe, err error)
IsSafeDomain returns true if the domain given is determined to be safe by an third-party safe browsing API.
func (ValidationAuthorityClient) PerformValidation ¶
func (vac ValidationAuthorityClient) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, authz core.Authorization) ([]core.ValidationRecord, error)
PerformValidation has the VA revalidate the specified challenge and returns the updated Challenge object.
Source Files