ra

package

v0.0.0-...-8237a13 Latest Latest Go to latest Published: Feb 2, 2016 License: MPL-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jehiah/boulder

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type DomainCheck
- func (d *DomainCheck) IsSafe(domain string) (bool, error)
type RegistrationAuthorityImpl
- func NewRegistrationAuthorityImpl(clk clock.Clock, logger *blog.AuditLogger, stats statsd.Statter, ...) *RegistrationAuthorityImpl

Constants ¶

View Source

const DefaultAuthorizationLifetime = 300 * 24 * time.Hour

DefaultAuthorizationLifetime is the 10 month default authorization lifetime. When used with a 90-day cert lifetime, this allows creation of certs that will cover a whole year, plus a grace period of a month. TODO(jsha): Read from a config file.

View Source

const DefaultPendingAuthorizationLifetime = 7 * 24 * time.Hour

DefaultPendingAuthorizationLifetime is one week. If you can't respond to a challenge this quickly, then you need to request a new challenge. TODO(rlb): Read from a config file

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DomainCheck ¶

type DomainCheck struct {
	VA core.ValidationAuthority
}

DomainCheck is a little struct that allows the RA to call the VA's IsSafeDomain if its not-nil, or fails open if not. This is so that the RA can be deployed before the VA can respond to the IsSafeDomain RPC.

func (*DomainCheck) IsSafe ¶

func (d *DomainCheck) IsSafe(domain string) (bool, error)

IsSafe returns true if the VA's IsSafeDomain RPC says the domain is safe or if DomainCheck is nil.

type RegistrationAuthorityImpl ¶

type RegistrationAuthorityImpl struct {
	CA core.CertificateAuthority
	VA core.ValidationAuthority
	SA core.StorageAuthority
	PA core.PolicyAuthority

	DNSResolver bdns.DNSResolver
	// contains filtered or unexported fields
}

RegistrationAuthorityImpl defines an RA.

NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.

func NewRegistrationAuthorityImpl ¶

func NewRegistrationAuthorityImpl(clk clock.Clock, logger *blog.AuditLogger, stats statsd.Statter, dc *DomainCheck, policies cmd.RateLimitConfig, maxContactsPerReg int, keyPolicy core.KeyPolicy) *RegistrationAuthorityImpl

NewRegistrationAuthorityImpl constructs a new RA object.

func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate ¶

func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(cert x509.Certificate, revocationCode core.RevocationCode, user string) error

AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.

func (*RegistrationAuthorityImpl) MatchesCSR ¶

func (ra *RegistrationAuthorityImpl) MatchesCSR(cert core.Certificate, csr *x509.CertificateRequest) (err error)

MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:

notBefore is not more than 24 hours ago
BasicConstraintsValid is true
IsCA is false
ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
Subject only contains CommonName & Names

func (*RegistrationAuthorityImpl) NewAuthorization ¶

func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization, regID int64) (authz core.Authorization, err error)

NewAuthorization constructs a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.

func (*RegistrationAuthorityImpl) NewCertificate ¶

func (ra *RegistrationAuthorityImpl) NewCertificate(req core.CertificateRequest, regID int64) (cert core.Certificate, err error)

NewCertificate requests the issuance of a certificate.

func (*RegistrationAuthorityImpl) NewRegistration ¶

func (ra *RegistrationAuthorityImpl) NewRegistration(init core.Registration) (reg core.Registration, err error)

NewRegistration constructs a new Registration from a request.

func (*RegistrationAuthorityImpl) OnValidationUpdate ¶

func (ra *RegistrationAuthorityImpl) OnValidationUpdate(authz core.Authorization) error

OnValidationUpdate is called when a given Authorization is updated by the VA.

func (*RegistrationAuthorityImpl) RevokeCertificateWithReg ¶

func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(cert x509.Certificate, revocationCode core.RevocationCode, regID int64) (err error)

RevokeCertificateWithReg terminates trust in the certificate provided.

func (*RegistrationAuthorityImpl) UpdateAuthorization ¶

func (ra *RegistrationAuthorityImpl) UpdateAuthorization(base core.Authorization, challengeIndex int, response core.Challenge) (authz core.Authorization, err error)

UpdateAuthorization updates an authorization with new values.

func (*RegistrationAuthorityImpl) UpdateRegistration ¶

func (ra *RegistrationAuthorityImpl) UpdateRegistration(base core.Registration, update core.Registration) (reg core.Registration, err error)

UpdateRegistration updates an existing Registration with new values.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL