boulder: github.com/letsencrypt/boulder/wfe2 Index | Files

package wfe2

import "github.com/letsencrypt/boulder/wfe2"

Index

Package Files

stats.go verify.go wfe.go

type WebFrontEndImpl Uses

type WebFrontEndImpl struct {
    RA  core.RegistrationAuthority
    SA  core.StorageGetter

    // Issuer certificate (DER) for /acme/issuer-cert
    IssuerCert []byte

    // URL to the current subscriber agreement (should contain some version identifier)
    SubscriberAgreementURL string

    // DirectoryCAAIdentity is used for the /directory response's "meta"
    // element's "caaIdentities" field. It should match the VA's issuerDomain
    // field value.
    DirectoryCAAIdentity string

    // DirectoryWebsite is used for the /directory response's "meta" element's
    // "website" field.
    DirectoryWebsite string

    // Allowed prefix for legacy accounts used by verify.go's `lookupJWK`.
    // See `cmd/boulder-wfe2/main.go`'s comment on the configuration field
    // `LegacyKeyIDPrefix` for more informaton.
    LegacyKeyIDPrefix string

    // CORS settings
    AllowOrigins []string

    // Maximum duration of a request
    RequestTimeout time.Duration
    // contains filtered or unexported fields
}

WebFrontEndImpl provides all the logic for Boulder's web-facing interface, i.e., ACME. Its members configure the paths for various ACME functions, plus a few other data items used in ACME. Its methods are primarily handlers for HTTPS requests for the various ACME functions.

func NewWebFrontEndImpl Uses

func NewWebFrontEndImpl(
    scope metrics.Scope,
    clk clock.Clock,
    keyPolicy goodkey.KeyPolicy,
    certificateChains map[string][]byte,
    issuerCertificates []*x509.Certificate,
    remoteNonceService noncepb.NonceServiceClient,
    noncePrefixMap map[string]noncepb.NonceServiceClient,
    logger blog.Logger,
) (WebFrontEndImpl, error)

NewWebFrontEndImpl constructs a web service for Boulder

func (*WebFrontEndImpl) Account Uses

func (wfe *WebFrontEndImpl) Account(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

Account is used by a client to submit an update to their account.

func (*WebFrontEndImpl) AuthorizationV2 Uses

func (wfe *WebFrontEndImpl) AuthorizationV2(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

func (*WebFrontEndImpl) BuildID Uses

func (wfe *WebFrontEndImpl) BuildID(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

BuildID tells the requestor what build we're running.

func (*WebFrontEndImpl) Certificate Uses

func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

Certificate is used by clients to request a copy of their current certificate, or to request a reissuance of the certificate.

func (*WebFrontEndImpl) ChallengeV2 Uses

func (wfe *WebFrontEndImpl) ChallengeV2(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

ChallengeV2 handles POST requests to challenge URLs belonging to authzv2-style authorizations. Such requests are clients' responses to the server's challenges.

func (*WebFrontEndImpl) Directory Uses

func (wfe *WebFrontEndImpl) Directory(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

Directory is an HTTP request handler that provides the directory object stored in the WFE's DirectoryEndpoints member with paths prefixed using the `request.Host` of the HTTP request.

func (*WebFrontEndImpl) FinalizeOrder Uses

func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

FinalizeOrder is used to request issuance for a existing order object. Most processing of the order details is handled by the RA but we do attempt to throw away requests with invalid CSRs here.

func (*WebFrontEndImpl) GetOrder Uses

func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

GetOrder is used to retrieve a existing order object

func (*WebFrontEndImpl) HandleFunc Uses

func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h web.WFEHandlerFunc, methods ...string)

HandleFunc registers a handler at the given path. It's http.HandleFunc(), but with a wrapper around the handler that provides some generic per-request functionality:

* Set a Replay-Nonce header.

* Respond to OPTIONS requests, including CORS preflight requests.

* Set a no cache header

* Respond http.StatusMethodNotAllowed for HTTP methods other than those listed.

* Set CORS headers when responding to CORS "actual" requests.

* Never send a body in response to a HEAD request. Anything written by the handler will be discarded if the method is HEAD. Also, all handlers that accept GET automatically accept HEAD.

func (*WebFrontEndImpl) Handler Uses

func (wfe *WebFrontEndImpl) Handler() http.Handler

Handler returns an http.Handler that uses various functions for various ACME-specified paths.

func (*WebFrontEndImpl) Index Uses

func (wfe *WebFrontEndImpl) Index(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

Index serves a simple identification page. It is not part of the ACME spec.

func (*WebFrontEndImpl) Issuer Uses

func (wfe *WebFrontEndImpl) Issuer(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

Issuer obtains the issuer certificate used by this instance of Boulder.

func (*WebFrontEndImpl) KeyRollover Uses

func (wfe *WebFrontEndImpl) KeyRollover(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

KeyRollover allows a user to change their signing key

func (*WebFrontEndImpl) NewAccount Uses

func (wfe *WebFrontEndImpl) NewAccount(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

NewAccount is used by clients to submit a new account

func (*WebFrontEndImpl) NewOrder Uses

func (wfe *WebFrontEndImpl) NewOrder(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

NewOrder is used by clients to create a new order object from a CSR

func (*WebFrontEndImpl) Nonce Uses

func (wfe *WebFrontEndImpl) Nonce(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

Nonce is an endpoint for getting a fresh nonce with an HTTP GET or HEAD request. This endpoint only returns a status code header - the `HandleFunc` wrapper ensures that a nonce is written in the correct response header.

func (*WebFrontEndImpl) Options Uses

func (wfe *WebFrontEndImpl) Options(response http.ResponseWriter, request *http.Request, methodsStr string, methodsMap map[string]bool)

Options responds to an HTTP OPTIONS request.

func (*WebFrontEndImpl) RevokeCertificate Uses

func (wfe *WebFrontEndImpl) RevokeCertificate(
    ctx context.Context,
    logEvent *web.RequestEvent,
    response http.ResponseWriter,
    request *http.Request)

RevokeCertificate is used by clients to request the revocation of a cert. The revocation request is handled uniquely based on the method of authentication used.

Package wfe2 imports 38 packages (graph) and is imported by 7 packages. Updated 2019-11-14. Refresh now. Tools for package owners.