Documentation ¶
Index ¶
- type RegistrationAuthorityImpl
- func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, ...) error
- func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error
- func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error
- func (ra *RegistrationAuthorityImpl) FinalizeOrder(ctx context.Context, req *rapb.FinalizeOrderRequest) (*corepb.Order, error)
- func (ra *RegistrationAuthorityImpl) MatchesCSR(parsedCertificate *x509.Certificate, csr *x509.CertificateRequest) error
- func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (core.Authorization, error)
- func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64) (core.Certificate, error)
- func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.NewOrderRequest) (*corepb.Order, error)
- func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (core.Registration, error)
- func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, ...) error
- func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error
- func (ra *RegistrationAuthorityImpl) UpdateAuthorization(ctx context.Context, base core.Authorization, challengeIndex int, ...) (core.Authorization, error)
- func (ra *RegistrationAuthorityImpl) UpdateIssuedCountForever() error
- func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type RegistrationAuthorityImpl ¶
type RegistrationAuthorityImpl struct { CA core.CertificateAuthority VA core.ValidationAuthority SA core.StorageAuthority PA core.PolicyAuthority DNSClient bdns.DNSClient // contains filtered or unexported fields }
RegistrationAuthorityImpl defines an RA.
NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.
func NewRegistrationAuthorityImpl ¶
func NewRegistrationAuthorityImpl( clk clock.Clock, logger blog.Logger, stats metrics.Scope, maxContactsPerReg int, keyPolicy goodkey.KeyPolicy, maxNames int, forceCNFromSAN bool, reuseValidAuthz bool, authorizationLifetime time.Duration, pendingAuthorizationLifetime time.Duration, pubc core.Publisher, caaClient caaChecker, orderLifetime time.Duration, ctp *ctpolicy.CTPolicy, ) *RegistrationAuthorityImpl
NewRegistrationAuthorityImpl constructs a new RA object.
func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate ¶
func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, user string) error
AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.
func (*RegistrationAuthorityImpl) DeactivateAuthorization ¶
func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error
DeactivateAuthorization deactivates a currently valid authorization
func (*RegistrationAuthorityImpl) DeactivateRegistration ¶
func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error
DeactivateRegistration deactivates a valid registration
func (*RegistrationAuthorityImpl) FinalizeOrder ¶
func (ra *RegistrationAuthorityImpl) FinalizeOrder(ctx context.Context, req *rapb.FinalizeOrderRequest) (*corepb.Order, error)
FinalizeOrder accepts a request to finalize an order object and, if possible, issues a certificate to satisfy the order. If an order does not have valid, unexpired authorizations for all of its associated names an error is returned. Similarly we vet that all of the names in the order are acceptable based on current policy and return an error if the order can't be fulfilled. If successful the order will be returned in processing status for the client to poll while awaiting finalization to occur.
func (*RegistrationAuthorityImpl) MatchesCSR ¶
func (ra *RegistrationAuthorityImpl) MatchesCSR(parsedCertificate *x509.Certificate, csr *x509.CertificateRequest) error
MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:
- notBefore is not more than 24 hours ago
- BasicConstraintsValid is true
- IsCA is false
- ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
- Subject only contains CommonName & Names
func (*RegistrationAuthorityImpl) NewAuthorization ¶
func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (core.Authorization, error)
NewAuthorization constructs a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.
func (*RegistrationAuthorityImpl) NewCertificate ¶
func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64) (core.Certificate, error)
NewCertificate requests the issuance of a certificate.
func (*RegistrationAuthorityImpl) NewOrder ¶
func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.NewOrderRequest) (*corepb.Order, error)
NewOrder creates a new order object
func (*RegistrationAuthorityImpl) NewRegistration ¶
func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (core.Registration, error)
NewRegistration constructs a new Registration from a request.
func (*RegistrationAuthorityImpl) RevokeCertificateWithReg ¶
func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, regID int64) error
RevokeCertificateWithReg terminates trust in the certificate provided.
func (*RegistrationAuthorityImpl) SetRateLimitPoliciesFile ¶
func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error
func (*RegistrationAuthorityImpl) UpdateAuthorization ¶
func (ra *RegistrationAuthorityImpl) UpdateAuthorization( ctx context.Context, base core.Authorization, challengeIndex int, response core.Challenge) (core.Authorization, error)
UpdateAuthorization updates an authorization with new values.
func (*RegistrationAuthorityImpl) UpdateIssuedCountForever ¶
func (ra *RegistrationAuthorityImpl) UpdateIssuedCountForever() error
Run this to continually update the totalIssuedCount field of this RA by calling out to the SA. It will run one update before returning, and return an error if that update failed.
func (*RegistrationAuthorityImpl) UpdateRegistration ¶
func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)
UpdateRegistration updates an existing Registration with new values. Caller is responsible for making sure that update.Key is only different from base.Key if it is being called from the WFE key change endpoint.