ca

package

v0.0.0-...-2b8dea9 Latest Latest Go to latest Published: Apr 15, 2024 License: MPL-2.0 Imports: 38 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/letsencrypt/boulder

Links

Open Source Insights

Documentation ¶

Index ¶

func NewCRLImpl(issuers []*issuance.Issuer, profileConfig issuance.CRLProfileConfig, ...) (*crlImpl, error)
func NewCertificateAuthorityImpl(sa sapb.StorageAuthorityCertificateClient, pa core.PolicyAuthority, ...) (*certificateAuthorityImpl, error)
func NewOCSPImpl(issuers []*issuance.Issuer, ocspLifetime time.Duration, ocspLogMaxLength int, ...) (*ocspImpl, error)
type ECDSAAllowList
- func NewECDSAAllowListFromFile(filename string) (*ECDSAAllowList, int, error)
type OCSPGenerator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCRLImpl ¶

func NewCRLImpl(
	issuers []*issuance.Issuer,
	profileConfig issuance.CRLProfileConfig,
	idpBase string,
	maxLogLen int,
	logger blog.Logger) (*crlImpl, error)

NewCRLImpl returns a new object which fulfils the ca.proto CRLGenerator interface. It uses the list of issuers to determine what issuers it can issue CRLs from. lifetime sets the validity period (inclusive) of the resulting CRLs. idpBase is the base URL from which IssuingDistributionPoint URIs will constructed; it must use the http:// scheme.

func NewCertificateAuthorityImpl ¶

func NewCertificateAuthorityImpl(
	sa sapb.StorageAuthorityCertificateClient,
	pa core.PolicyAuthority,
	boulderIssuers []*issuance.Issuer,
	defaultCertProfileName string,
	ignoredCertProfileLints []string,
	certificateProfiles map[string]issuance.ProfileConfig,
	ecdsaAllowList *ECDSAAllowList,
	certExpiry time.Duration,
	certBackdate time.Duration,
	serialPrefix int,
	maxNames int,
	keyPolicy goodkey.KeyPolicy,
	logger blog.Logger,
	stats prometheus.Registerer,
	signatureCount *prometheus.CounterVec,
	signErrorCount *prometheus.CounterVec,
	clk clock.Clock,
) (*certificateAuthorityImpl, error)

NewCertificateAuthorityImpl creates a CA instance that can sign certificates from any number of issuance.Issuers according to their profiles, and can sign OCSP (via delegation to an ocspImpl and its issuers).

func NewOCSPImpl ¶

func NewOCSPImpl(
	issuers []*issuance.Issuer,
	ocspLifetime time.Duration,
	ocspLogMaxLength int,
	ocspLogPeriod time.Duration,
	logger blog.Logger,
	stats prometheus.Registerer,
	signatureCount *prometheus.CounterVec,
	signErrorCount *prometheus.CounterVec,
	clk clock.Clock,
) (*ocspImpl, error)

Types ¶

type ECDSAAllowList ¶

type ECDSAAllowList struct {
	// contains filtered or unexported fields
}

ECDSAAllowList acts as a container for a map of Registration IDs.

func NewECDSAAllowListFromFile ¶

func NewECDSAAllowListFromFile(filename string) (*ECDSAAllowList, int, error)

NewECDSAAllowListFromFile is exported to allow `boulder-ca` to construct a new `ECDSAAllowList` object. It returns the ECDSAAllowList, the size of allow list after attempting to load it (for CA logging purposes so inner fields don't need to be exported), or an error.

type OCSPGenerator ¶

type OCSPGenerator interface {
	capb.OCSPGeneratorServer
	LogOCSPLoop()
	Stop()
}

OCSPGenerator is an interface which exposes both the auto-generated gRPC methods and our special-purpose log queue start and stop methods, so that they can be called from main without exporting the ocspImpl type.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
proto

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL