boulder: Index | Files | Directories

package ra

import ""


Package Files


type RegistrationAuthorityImpl Uses

type RegistrationAuthorityImpl struct {
    CA  core.CertificateAuthority
    VA  vapb.VAClient
    SA  core.StorageAuthority
    PA  core.PolicyAuthority
    // contains filtered or unexported fields

RegistrationAuthorityImpl defines an RA.

NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.

func NewRegistrationAuthorityImpl Uses

func NewRegistrationAuthorityImpl(
    clk clock.Clock,
    logger blog.Logger,
    stats prometheus.Registerer,
    maxContactsPerReg int,
    keyPolicy goodkey.KeyPolicy,
    maxNames int,
    reuseValidAuthz bool,
    authorizationLifetime time.Duration,
    pendingAuthorizationLifetime time.Duration,
    pubc core.Publisher,
    caaClient caaChecker,
    orderLifetime time.Duration,
    ctp *ctpolicy.CTPolicy,
    purger akamaipb.AkamaiPurgerClient,
    issuers []*issuance.Certificate,
) *RegistrationAuthorityImpl

NewRegistrationAuthorityImpl constructs a new RA object.

func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate Uses

func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, user string) error

AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.

func (*RegistrationAuthorityImpl) DeactivateAuthorization Uses

func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error

DeactivateAuthorization deactivates a currently valid authorization

func (*RegistrationAuthorityImpl) DeactivateRegistration Uses

func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error

DeactivateRegistration deactivates a valid registration

func (*RegistrationAuthorityImpl) FinalizeOrder Uses

func (ra *RegistrationAuthorityImpl) FinalizeOrder(ctx context.Context, req *rapb.FinalizeOrderRequest) (*corepb.Order, error)

FinalizeOrder accepts a request to finalize an order object and, if possible, issues a certificate to satisfy the order. If an order does not have valid, unexpired authorizations for all of its associated names an error is returned. Similarly we vet that all of the names in the order are acceptable based on current policy and return an error if the order can't be fulfilled. If successful the order will be returned in processing status for the client to poll while awaiting finalization to occur.

func (*RegistrationAuthorityImpl) MatchesCSR Uses

func (ra *RegistrationAuthorityImpl) MatchesCSR(parsedCertificate *x509.Certificate, csr *x509.CertificateRequest) error

MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:

* notBefore is not more than 24 hours ago
* BasicConstraintsValid is true
* IsCA is false
* ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
* Subject only contains CommonName & Names

func (*RegistrationAuthorityImpl) NewAuthorization Uses

func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (core.Authorization, error)

NewAuthorization constructs a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.

func (*RegistrationAuthorityImpl) NewCertificate Uses

func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64, issuerNameID int64) (core.Certificate, error)

NewCertificate requests the issuance of a certificate for the v1 flow.

func (*RegistrationAuthorityImpl) NewOrder Uses

func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.NewOrderRequest) (*corepb.Order, error)

NewOrder creates a new order object

func (*RegistrationAuthorityImpl) NewRegistration Uses

func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (core.Registration, error)

NewRegistration constructs a new Registration from a request.

func (*RegistrationAuthorityImpl) PerformValidation Uses

func (ra *RegistrationAuthorityImpl) PerformValidation(
    ctx context.Context,
    req *rapb.PerformValidationRequest) (*corepb.Authorization, error)

PerformValidation initiates validation for a specific challenge associated with the given base authorization. The authorization and challenge are updated based on the results.

func (*RegistrationAuthorityImpl) RevokeCertificateWithReg Uses

func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, regID int64) error

RevokeCertificateWithReg terminates trust in the certificate provided.

func (*RegistrationAuthorityImpl) SetRateLimitPoliciesFile Uses

func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error

func (*RegistrationAuthorityImpl) UpdateRegistration Uses

func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)

UpdateRegistration updates an existing Registration with new values. Caller is responsible for making sure that update.Key is only different from base.Key if it is being called from the WFE key change endpoint.



Package ra imports 41 packages (graph) and is imported by 54 packages. Updated 2021-01-28. Refresh now. Tools for package owners.