ra

package
v0.0.0-...-e2de327 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2017 License: MPL-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type RegistrationAuthorityImpl 

type RegistrationAuthorityImpl struct {
	CA core.CertificateAuthority
	VA core.ValidationAuthority
	SA core.StorageAuthority
	PA core.PolicyAuthority

	DNSClient bdns.DNSClient
	// contains filtered or unexported fields
}

RegistrationAuthorityImpl defines an RA.

NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.

func NewRegistrationAuthorityImpl 

func NewRegistrationAuthorityImpl(
	clk clock.Clock,
	logger blog.Logger,
	stats metrics.Scope,
	maxContactsPerReg int,
	keyPolicy goodkey.KeyPolicy,
	maxNames int,
	forceCNFromSAN bool,
	reuseValidAuthz bool,
	authorizationLifetime time.Duration,
	pendingAuthorizationLifetime time.Duration,
	pubc core.Publisher,
	caaClient caaChecker,
	orderLifetime time.Duration,
) *RegistrationAuthorityImpl

NewRegistrationAuthorityImpl constructs a new RA object.

func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate 

func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, user string) error

AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.

func (*RegistrationAuthorityImpl) DeactivateAuthorization 

func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error

DeactivateAuthorization deactivates a currently valid authorization

func (*RegistrationAuthorityImpl) DeactivateRegistration 

func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error

DeactivateRegistration deactivates a valid registration

func (*RegistrationAuthorityImpl) MatchesCSR 

func (ra *RegistrationAuthorityImpl) MatchesCSR(parsedCertificate *x509.Certificate, csr *x509.CertificateRequest) error

MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:

  • notBefore is not more than 24 hours ago
  • BasicConstraintsValid is true
  • IsCA is false
  • ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
  • Subject only contains CommonName & Names

func (*RegistrationAuthorityImpl) NewAuthorization 

func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (core.Authorization, error)

NewAuthorization constructs a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.

func (*RegistrationAuthorityImpl) NewCertificate 

func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64) (core.Certificate, error)

NewCertificate requests the issuance of a certificate.

func (*RegistrationAuthorityImpl) NewOrder 

func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.NewOrderRequest) (*corepb.Order, error)

NewOrder creates a new order object

func (*RegistrationAuthorityImpl) NewRegistration 

func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (core.Registration, error)

NewRegistration constructs a new Registration from a request.

func (*RegistrationAuthorityImpl) RevokeCertificateWithReg 

func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, regID int64) error

RevokeCertificateWithReg terminates trust in the certificate provided.

func (*RegistrationAuthorityImpl) SetRateLimitPoliciesFile 

func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error

func (*RegistrationAuthorityImpl) UpdateAuthorization 

func (ra *RegistrationAuthorityImpl) UpdateAuthorization(ctx context.Context, base core.Authorization, challengeIndex int, response core.Challenge) (core.Authorization, error)

UpdateAuthorization updates an authorization with new values.

func (*RegistrationAuthorityImpl) UpdateIssuedCountForever 

func (ra *RegistrationAuthorityImpl) UpdateIssuedCountForever() error

Run this to continually update the totalIssuedCount field of this RA by calling out to the SA. It will run one update before returning, and return an error if that update failed.

func (*RegistrationAuthorityImpl) UpdateRegistration 

func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)

UpdateRegistration updates an existing Registration with new values. Caller is responsible for making sure that update.Key is only different from base.Key if it is being called from the WFE key change endpoint.

Source Files

View all Source files

Directories

Path Synopsis
Package proto is a generated protocol buffer package.
 Package proto is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.