Documentation
¶
Index ¶
- type CAASet
- type RemoteVA
- type SafeBrowsing
- type SafeBrowsingV4
- type ValidationAuthorityImpl
- func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)
- func (va *ValidationAuthorityImpl) IsSafeDomain(ctx context.Context, req *vaPB.IsSafeDomainRequest) (*vaPB.IsDomainSafe, error)
- func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, ...) ([]core.ValidationRecord, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type RemoteVA ¶
type RemoteVA struct {
core.ValidationAuthority
Addresses string
}
RemoteVA wraps the core.ValidationAuthority interface and adds a field containing the addresses of the remote gRPC server since the interface (and the underlying gRPC client) doesn't provide a way to extract this metadata which is useful for debugging gRPC connection issues.
type SafeBrowsing ¶
type SafeBrowsing interface {
// IsListed returns a non-empty string if the domain was bad. Specifically,
// it is which Google Safe Browsing list the domain was found on.
IsListed(ctx context.Context, url string) (list string, err error)
}
SafeBrowsing is an interface for a third-party safe browsing API client.
type SafeBrowsingV4 ¶
type SafeBrowsingV4 interface {
LookupURLsContext(ctx context.Context, urls []string) (threats [][]safebrowsingv4.URLThreat, err error)
}
SafeBrowsingV4 is an interface around the functions from Google safebrowsing's v4 API's *SafeBrowser type that we use. Using this interface allows mocking for tests
type ValidationAuthorityImpl ¶
type ValidationAuthorityImpl struct {
// contains filtered or unexported fields
}
ValidationAuthorityImpl represents a VA
func NewValidationAuthorityImpl ¶
func NewValidationAuthorityImpl( pc *cmd.PortConfig, sbc SafeBrowsing, resolver bdns.DNSClient, remoteVAs []RemoteVA, maxRemoteFailures int, userAgent string, issuerDomain string, stats metrics.Scope, clk clock.Clock, logger blog.Logger, ) *ValidationAuthorityImpl
NewValidationAuthorityImpl constructs a new VA
func (*ValidationAuthorityImpl) IsCAAValid ¶
func (va *ValidationAuthorityImpl) IsCAAValid( ctx context.Context, req *vapb.IsCAAValidRequest, ) (*vapb.IsCAAValidResponse, error)
func (*ValidationAuthorityImpl) IsSafeDomain ¶
func (va *ValidationAuthorityImpl) IsSafeDomain(ctx context.Context, req *vaPB.IsSafeDomainRequest) (*vaPB.IsDomainSafe, error)
IsSafeDomain returns true if the domain given is determined to be safe by a third-party safe browsing API. It's meant be called by the RA before pending authorization creation. If no third-party client was provided, it fails open and increments a Skips metric.
func (*ValidationAuthorityImpl) PerformValidation ¶
func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, authz core.Authorization) ([]core.ValidationRecord, error)
PerformValidation validates the given challenge. It always returns a list of validation records, even when it also returns an error.
TODO(#1626): remove authz parameter
Source Files
Directories