ra

package
v0.0.0-...-f5e5ed5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 22, 2015 License: MPL-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const DefaultAuthorizationLifetime = 300 * 24 * time.Hour

DefaultAuthorizationLifetime is the 10 month default authorization lifetime. When used with a 90-day cert lifetime, this allows creation of certs that will cover a whole year, plus a grace period of a month. TODO(jsha): Read from a config file.

View Source
const DefaultPendingAuthorizationLifetime = 7 * 24 * time.Hour

DefaultPendingAuthorizationLifetime is one week. If you can't respond to a challenge this quickly, then you need to request a new challenge. TODO(rlb): Read from a config file

Variables

This section is empty.

Functions

This section is empty.

Types

type DomainCheck

type DomainCheck struct {
	VA core.ValidationAuthority
}

DomainCheck is a little struct that allows the RA to call the VA's IsSafeDomain if its not-nil, or fails open if not. This is so that the RA can be deployed before the VA can respond to the IsSafeDomain RPC.

func (*DomainCheck) IsSafe

func (d *DomainCheck) IsSafe(domain string) (bool, error)

IsSafe returns true if the VA's IsSafeDomain RPC says the domain is safe or if DomainCheck is nil.

type RegistrationAuthorityImpl

type RegistrationAuthorityImpl struct {
	CA core.CertificateAuthority
	VA core.ValidationAuthority
	SA core.StorageAuthority
	PA core.PolicyAuthority

	DNSResolver bdns.DNSResolver
	// contains filtered or unexported fields
}

RegistrationAuthorityImpl defines an RA.

NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.

func NewRegistrationAuthorityImpl

func NewRegistrationAuthorityImpl(clk clock.Clock, logger *blog.AuditLogger, stats statsd.Statter, dc *DomainCheck, policies cmd.RateLimitConfig, maxContactsPerReg int) *RegistrationAuthorityImpl

NewRegistrationAuthorityImpl constructs a new RA object.

func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate

func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(cert x509.Certificate, revocationCode core.RevocationCode, user string) error

AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.

func (*RegistrationAuthorityImpl) MatchesCSR

func (ra *RegistrationAuthorityImpl) MatchesCSR(cert core.Certificate, csr *x509.CertificateRequest) (err error)

MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:

  • notBefore is not more than 24 hours ago
  • BasicConstraintsValid is true
  • IsCA is false
  • ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
  • Subject only contains CommonName & Names

func (*RegistrationAuthorityImpl) NewAuthorization

func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization, regID int64) (authz core.Authorization, err error)

NewAuthorization constuct a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.

func (*RegistrationAuthorityImpl) NewCertificate

func (ra *RegistrationAuthorityImpl) NewCertificate(req core.CertificateRequest, regID int64) (cert core.Certificate, err error)

NewCertificate requests the issuance of a certificate.

func (*RegistrationAuthorityImpl) NewRegistration

func (ra *RegistrationAuthorityImpl) NewRegistration(init core.Registration) (reg core.Registration, err error)

NewRegistration constructs a new Registration from a request.

func (*RegistrationAuthorityImpl) OnValidationUpdate

func (ra *RegistrationAuthorityImpl) OnValidationUpdate(authz core.Authorization) error

OnValidationUpdate is called when a given Authorization is updated by the VA.

func (*RegistrationAuthorityImpl) RevokeCertificateWithReg

func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(cert x509.Certificate, revocationCode core.RevocationCode, regID int64) (err error)

RevokeCertificateWithReg terminates trust in the certificate provided.

func (*RegistrationAuthorityImpl) UpdateAuthorization

func (ra *RegistrationAuthorityImpl) UpdateAuthorization(base core.Authorization, challengeIndex int, response core.Challenge) (authz core.Authorization, err error)

UpdateAuthorization updates an authorization with new values.

func (*RegistrationAuthorityImpl) UpdateRegistration

func (ra *RegistrationAuthorityImpl) UpdateRegistration(base core.Registration, update core.Registration) (reg core.Registration, err error)

UpdateRegistration updates an existing Registration with new values.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL