ca

package

v0.0.0-...-4f04cd8 Latest Latest Go to latest Published: Jul 31, 2015 License: MPL-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jmhodges/boulder

Links

Open Source Insights

Documentation ¶

Index ¶

func NewCertificateAuthorityDatabaseImpl(driver string, name string) (cadb core.CertificateAuthorityDatabase, err error)
type CertificateAuthorityDatabaseImpl
type CertificateAuthorityImpl
- func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config, issuerCert string) (*CertificateAuthorityImpl, error)
type Config
type KeyConfig
type PKCS11Config
type SerialNumber

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCertificateAuthorityDatabaseImpl ¶

func NewCertificateAuthorityDatabaseImpl(driver string, name string) (cadb core.CertificateAuthorityDatabase, err error)

NewCertificateAuthorityDatabaseImpl constructs a Database for the Certificate Authority.

Types ¶

type CertificateAuthorityDatabaseImpl ¶

type CertificateAuthorityDatabaseImpl struct {
	// contains filtered or unexported fields
}

CertificateAuthorityDatabaseImpl represents a database used by the CA; it enforces transaction semantics, and is effectively single-threaded.

func (*CertificateAuthorityDatabaseImpl) Begin ¶

func (cadb *CertificateAuthorityDatabaseImpl) Begin() (*gorp.Transaction, error)

Begin starts a transaction at the GORP wrapper.

func (*CertificateAuthorityDatabaseImpl) CreateTablesIfNotExists ¶

func (cadb *CertificateAuthorityDatabaseImpl) CreateTablesIfNotExists() (err error)

CreateTablesIfNotExists builds the database tables and inserts the initial state, if the tables do not already exist. It is not an error for the tables to already exist.

func (*CertificateAuthorityDatabaseImpl) IncrementAndGetSerial ¶

func (cadb *CertificateAuthorityDatabaseImpl) IncrementAndGetSerial(tx *gorp.Transaction) (val int64, err error)

IncrementAndGetSerial returns the next-available serial number, incrementing it in the database before returning. There must be an active transaction to call this method. Callers should Begin the transaction, call this method, perform any other work, and Commit at the end once the certificate is issued.

type CertificateAuthorityImpl ¶

type CertificateAuthorityImpl struct {
	Signer     signer.Signer
	OCSPSigner ocsp.Signer
	SA         core.StorageAuthority
	PA         core.PolicyAuthority
	DB         core.CertificateAuthorityDatabase

	Prefix         int // Prepended to the serial number
	ValidityPeriod time.Duration
	NotAfter       time.Time
	MaxNames       int
	MaxKeySize     int
	// contains filtered or unexported fields
}

CertificateAuthorityImpl represents a CA that signs certificates, CRLs, and OCSP responses.

func NewCertificateAuthorityImpl ¶

func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config, issuerCert string) (*CertificateAuthorityImpl, error)

NewCertificateAuthorityImpl creates a CA that talks to a remote CFSSL instance. (To use a local signer, simply instantiate CertificateAuthorityImpl directly.) Communications with the CA are authenticated with MACs, using CFSSL's authenticated signature scheme. A CA created in this way issues for a single profile on the remote signer, which is indicated by name in this constructor.

func (*CertificateAuthorityImpl) GenerateOCSP ¶

func (ca *CertificateAuthorityImpl) GenerateOCSP(xferObj core.OCSPSigningRequest) ([]byte, error)

GenerateOCSP produces a new OCSP response and returns it

func (*CertificateAuthorityImpl) IssueCertificate ¶

func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest, regID int64, earliestExpiry time.Time) (core.Certificate, error)

IssueCertificate attempts to convert a CSR into a signed Certificate, while enforcing all policies.

func (*CertificateAuthorityImpl) RevokeCertificate ¶

func (ca *CertificateAuthorityImpl) RevokeCertificate(serial string, reasonCode int) (err error)

RevokeCertificate revokes the trust of the Cert referred to by the provided Serial.

type Config ¶

type Config struct {
	Profile      string
	TestMode     bool
	DBDriver     string
	DBConnect    string
	SerialPrefix int
	Key          KeyConfig
	// LifespanOCSP is how long OCSP responses are valid for; It should be longer
	// than the minTimeToExpiry field for the OCSP Updater.
	LifespanOCSP string
	// How long issued certificates are valid for, should match expiry field
	// in cfssl config.
	Expiry string
	// The maximum number of subjectAltNames in a single certificate
	MaxNames int
	CFSSL    cfsslConfig.Config

	// DebugAddr is the address to run the /debug handlers on.
	DebugAddr string
}

Config defines the JSON configuration file schema

type KeyConfig ¶

type KeyConfig struct {
	File   string
	PKCS11 PKCS11Config
}

KeyConfig should contain either a File path to a PEM-format private key, or a PKCS11Config defining how to load a module for an HSM.

type PKCS11Config ¶

type PKCS11Config struct {
	Module string
	Token  string
	PIN    string
	Label  string
}

PKCS11Config defines how to load a module for an HSM.

type SerialNumber ¶

type SerialNumber struct {
	ID          int       `db:"id"`
	Number      int64     `db:"number"`
	LastUpdated time.Time `db:"lastUpdated"`
}

SerialNumber defines the database table used to hold the serial number.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL