boulder: github.com/letsencrypt/boulder/va Index | Files | Directories

package va

import "github.com/letsencrypt/boulder/va"

Index

Package Files

caa.go dns.go http.go policy.go tlsalpn.go utf8filter.go va.go

Constants

const (
    // ALPN protocol ID for TLS-ALPN-01 challenge
    // https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2
    ACMETLS1Protocol = "acme-tls/1"
)

Variables

var (
    // NOTE: unfortunately another document claimed the OID we were using in draft-ietf-acme-tls-alpn-01
    // for their own extension and IANA chose to assign it early. Because of this we had to increment
    // the id-pe-acmeIdentifier OID. Since there are in the wild implementations that use the original
    // OID we still need to support it until everyone is switched over to the new one.
    // As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.1
    // id-pe OID + 30 (acmeIdentifier) + 1 (v1)
    IdPeAcmeIdentifierV1Obsolete = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 30, 1}

    // As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-04#section-5.1
    // id-pe OID + 31 (acmeIdentifier)
    IdPeAcmeIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
)

type CAASet Uses

type CAASet struct {
    Issue     []*dns.CAA
    Issuewild []*dns.CAA
    Iodef     []*dns.CAA
    Unknown   []*dns.CAA
}

CAASet consists of filtered CAA records

type MultiVAPolicy Uses

type MultiVAPolicy struct {
    sync.RWMutex
    // contains filtered or unexported fields
}

MultiVAPolicy is a structure containing a map of disabled account IDs and domains that should not have multi-VA enforcement applied. It is safe to use concurrently and is designed to be live-updated with the reloader package.

func (*MultiVAPolicy) EnabledAccount Uses

func (p *MultiVAPolicy) EnabledAccount(acctID int64) bool

EnabledAccount returns true if the given account ID has multi-VA enabled by policy or false otherwise. It is safe to call concurrently.

func (*MultiVAPolicy) EnabledDomain Uses

func (p *MultiVAPolicy) EnabledDomain(domain string) bool

EnabledDomain returns true if the given domain has multi-VA enabled by policy or false otherwise. It is safe to call concurrently.

func (*MultiVAPolicy) LoadPolicy Uses

func (p *MultiVAPolicy) LoadPolicy(yamlBytes []byte) error

LoadPolicy loads the given yamlBytes into the multi VA policy. The new policy must specify at least one domain or account ID or an error is returned. The new policy contents will completely replace the old contents. It is safe to call concurrently and is designed to work with the reloader package as a dataCallback.

type RemoteVA Uses

type RemoteVA struct {
    core.ValidationAuthority
    Address string
}

RemoteVA wraps the core.ValidationAuthority interface and adds a field containing the address of the remote gRPC server since the interface (and the underlying gRPC client) doesn't provide a way to extract this metadata which is useful for debugging gRPC connection issues.

type ValidationAuthorityImpl Uses

type ValidationAuthorityImpl struct {
    // contains filtered or unexported fields
}

ValidationAuthorityImpl represents a VA

func NewValidationAuthorityImpl Uses

func NewValidationAuthorityImpl(
    pc *cmd.PortConfig,
    resolver bdns.DNSClient,
    remoteVAs []RemoteVA,
    maxRemoteFailures int,
    userAgent string,
    issuerDomain string,
    stats metrics.Scope,
    clk clock.Clock,
    logger blog.Logger,
    accountURIPrefixes []string,
    multiVAPolicyFile string,
) (*ValidationAuthorityImpl, error)

NewValidationAuthorityImpl constructs a new VA

func (*ValidationAuthorityImpl) IsCAAValid Uses

func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)

func (*ValidationAuthorityImpl) PerformValidation Uses

func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, authz core.Authorization) ([]core.ValidationRecord, error)

PerformValidation validates the given challenge. It always returns a list of validation records, even when it also returns an error.

Directories

PathSynopsis
proto

Package va imports 44 packages (graph) and is imported by 43 packages. Updated 2019-11-13. Refresh now. Tools for package owners.