boulder: Index | Files | Directories

package ca

import ""


Package Files


type CertificateAuthorityImpl Uses

type CertificateAuthorityImpl struct {
    // contains filtered or unexported fields

CertificateAuthorityImpl represents a CA that signs certificates, CRLs, and OCSP responses.

func NewCertificateAuthorityImpl Uses

func NewCertificateAuthorityImpl(
    config ca_config.CAConfig,
    sa certificateStorage,
    pa core.PolicyAuthority,
    clk clock.Clock,
    stats metrics.Scope,
    issuers []Issuer,
    keyPolicy goodkey.KeyPolicy,
    logger blog.Logger,
    orphanQueue *goque.Queue,
) (*CertificateAuthorityImpl, error)

NewCertificateAuthorityImpl creates a CA instance that can sign certificates from a single issuer (the first first in the issuers slice), and can sign OCSP for any of the issuer certificates provided.

func (*CertificateAuthorityImpl) GenerateOCSP Uses

func (ca *CertificateAuthorityImpl) GenerateOCSP(ctx context.Context, xferObj core.OCSPSigningRequest) ([]byte, error)

GenerateOCSP produces a new OCSP response and returns it

func (*CertificateAuthorityImpl) IssueCertificateForPrecertificate Uses

func (ca *CertificateAuthorityImpl) IssueCertificateForPrecertificate(ctx context.Context, req *caPB.IssueCertificateForPrecertificateRequest) (core.Certificate, error)

IssueCertificateForPrecertificate takes a precertificate and a set of SCTs for that precertificate and uses the signer to create and sign a certificate from them. The poison extension is removed and a SCT list extension is inserted in its place. Except for this and the signature the certificate exactly matches the precertificate. After the certificate is signed a OCSP response is generated and the response and certificate are stored in the database.

func (*CertificateAuthorityImpl) IssuePrecertificate Uses

func (ca *CertificateAuthorityImpl) IssuePrecertificate(ctx context.Context, issueReq *caPB.IssueCertificateRequest) (*caPB.IssuePrecertificateResponse, error)

func (*CertificateAuthorityImpl) OrphanIntegrationLoop Uses

func (ca *CertificateAuthorityImpl) OrphanIntegrationLoop()

OrphanIntegrationLoop runs a loop executing integrateOrphans and then waiting a minute. It is split out into a separate function called directly by boulder-ca in order to make testing the orphan queue functionality somewhat more simple.

type Issuer Uses

type Issuer struct {
    Signer crypto.Signer
    Cert   *x509.Certificate

Issuer represents a single issuer certificate, along with its key.



Package ca imports 37 packages (graph) and is imported by 34 packages. Updated 2019-11-07. Refresh now. Tools for package owners.