Documentation ¶
Index ¶
- Constants
- func NewCertificateAuthorityServer(rpc Server, impl core.CertificateAuthority) (err error)
- func NewPublisherServer(rpc Server, impl core.Publisher) (err error)
- func NewRegistrationAuthorityServer(rpc Server, impl core.RegistrationAuthority) error
- func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error
- func NewValidationAuthorityServer(rpc Server, impl core.ValidationAuthority) (err error)
- type AmqpRPCCLient
- type AmqpRPCServer
- type CertificateAuthorityClient
- func (cac CertificateAuthorityClient) GenerateOCSP(signRequest core.OCSPSigningRequest) (resp []byte, err error)
- func (cac CertificateAuthorityClient) IssueCertificate(csr x509.CertificateRequest, regID int64) (cert core.Certificate, err error)
- func (cac CertificateAuthorityClient) RevokeCertificate(serial string, reasonCode core.RevocationCode) (err error)
- type Client
- type DeliveryHandler
- type PublisherClient
- type RegistrationAuthorityClient
- func (rac RegistrationAuthorityClient) AdministrativelyRevokeCertificate(cert x509.Certificate, reason core.RevocationCode, user string) (err error)
- func (rac RegistrationAuthorityClient) NewAuthorization(authz core.Authorization, regID int64) (newAuthz core.Authorization, err error)
- func (rac RegistrationAuthorityClient) NewCertificate(cr core.CertificateRequest, regID int64) (cert core.Certificate, err error)
- func (rac RegistrationAuthorityClient) NewRegistration(reg core.Registration) (newReg core.Registration, err error)
- func (rac RegistrationAuthorityClient) OnValidationUpdate(authz core.Authorization) (err error)
- func (rac RegistrationAuthorityClient) RevokeCertificateWithReg(cert x509.Certificate, reason core.RevocationCode, regID int64) (err error)
- func (rac RegistrationAuthorityClient) UpdateAuthorization(authz core.Authorization, index int, response core.Challenge) (newAuthz core.Authorization, err error)
- func (rac RegistrationAuthorityClient) UpdateRegistration(base core.Registration, update core.Registration) (newReg core.Registration, err error)
- type Server
- type StorageAuthorityClient
- func (cac StorageAuthorityClient) AddCertificate(cert []byte, regID int64) (id string, err error)
- func (cac StorageAuthorityClient) AddSCTReceipt(sct core.SignedCertificateTimestamp) (err error)
- func (cac StorageAuthorityClient) AlreadyDeniedCSR(names []string) (exists bool, err error)
- func (cac StorageAuthorityClient) CountCertificatesByNames(names []string, earliest, latest time.Time) (counts map[string]int, err error)
- func (cac StorageAuthorityClient) CountCertificatesRange(start, end time.Time) (count int64, err error)
- func (cac StorageAuthorityClient) CountPendingAuthorizations(regID int64) (count int, err error)
- func (cac StorageAuthorityClient) CountRegistrationsByIP(ip net.IP, earliest, latest time.Time) (count int, err error)
- func (cac StorageAuthorityClient) FinalizeAuthorization(authz core.Authorization) (err error)
- func (cac StorageAuthorityClient) GetAuthorization(id string) (authz core.Authorization, err error)
- func (cac StorageAuthorityClient) GetCertificate(id string) (cert core.Certificate, err error)
- func (cac StorageAuthorityClient) GetCertificateStatus(id string) (status core.CertificateStatus, err error)
- func (cac StorageAuthorityClient) GetLatestValidAuthorization(registrationID int64, identifier core.AcmeIdentifier) (authz core.Authorization, err error)
- func (cac StorageAuthorityClient) GetRegistration(id int64) (reg core.Registration, err error)
- func (cac StorageAuthorityClient) GetRegistrationByKey(key jose.JsonWebKey) (reg core.Registration, err error)
- func (cac StorageAuthorityClient) GetSCTReceipt(serial string, logID string) (receipt core.SignedCertificateTimestamp, err error)
- func (cac StorageAuthorityClient) MarkCertificateRevoked(serial string, reasonCode core.RevocationCode) (err error)
- func (cac StorageAuthorityClient) NewPendingAuthorization(authz core.Authorization) (output core.Authorization, err error)
- func (cac StorageAuthorityClient) NewRegistration(reg core.Registration) (output core.Registration, err error)
- func (cac StorageAuthorityClient) UpdateOCSP(serial string, ocspResponse []byte) (err error)
- func (cac StorageAuthorityClient) UpdatePendingAuthorization(authz core.Authorization) (err error)
- func (cac StorageAuthorityClient) UpdateRegistration(reg core.Registration) (err error)
- type ValidationAuthorityClient
- func (vac ValidationAuthorityClient) CheckCAARecords(ident core.AcmeIdentifier) (present bool, valid bool, err error)
- func (vac ValidationAuthorityClient) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error)
- func (vac ValidationAuthorityClient) UpdateValidations(authz core.Authorization, index int) error
Constants ¶
const ( AmqpExchange = "boulder" AmqpExchangeType = "topic" AmqpInternal = false AmqpDurable = false AmqpDeleteUnused = false AmqpExclusive = false AmqpNoWait = false AmqpNoLocal = false AmqpAutoAck = true AmqpMandatory = false AmqpImmediate = false )
XXX: I *think* these constants are appropriate. We will probably want to tweak these in the future.
const ( MethodNewRegistration = "NewRegistration" // RA, SA MethodNewAuthorization = "NewAuthorization" // RA MethodNewCertificate = "NewCertificate" // RA MethodUpdateRegistration = "UpdateRegistration" // RA, SA MethodUpdateAuthorization = "UpdateAuthorization" // RA MethodRevokeCertificate = "RevokeCertificate" // CA MethodRevokeCertificateWithReg = "RevokeCertificateWithReg" // RA MethodAdministrativelyRevokeCertificate = "AdministrativelyRevokeCertificate" // RA MethodOnValidationUpdate = "OnValidationUpdate" // RA MethodUpdateValidations = "UpdateValidations" // VA MethodCheckCAARecords = "CheckCAARecords" // VA MethodIsSafeDomain = "IsSafeDomain" // VA MethodIssueCertificate = "IssueCertificate" // CA MethodGenerateOCSP = "GenerateOCSP" // CA MethodGetRegistration = "GetRegistration" // SA MethodGetRegistrationByKey = "GetRegistrationByKey" // RA, SA MethodGetAuthorization = "GetAuthorization" // SA MethodGetLatestValidAuthorization = "GetLatestValidAuthorization" // SA MethodGetCertificate = "GetCertificate" // SA MethodGetCertificateStatus = "GetCertificateStatus" // SA MethodMarkCertificateRevoked = "MarkCertificateRevoked" // SA MethodUpdateOCSP = "UpdateOCSP" // SA MethodNewPendingAuthorization = "NewPendingAuthorization" // SA MethodUpdatePendingAuthorization = "UpdatePendingAuthorization" // SA MethodFinalizeAuthorization = "FinalizeAuthorization" // SA MethodAddCertificate = "AddCertificate" // SA MethodAlreadyDeniedCSR = "AlreadyDeniedCSR" // SA MethodCountCertificatesRange = "CountCertificatesRange" // SA MethodCountCertificatesByNames = "CountCertificatesByNames" // SA MethodCountRegistrationsByIP = "CountRegistrationsByIP" // SA MethodCountPendingAuthorizations = "CountPendingAuthorizations" // SA MethodGetSCTReceipt = "GetSCTReceipt" // SA MethodAddSCTReceipt = "AddSCTReceipt" // SA MethodSubmitToCT = "SubmitToCT" // Pub )
These strings are used by the RPC layer to identify function points.
Variables ¶
This section is empty.
Functions ¶
func NewCertificateAuthorityServer ¶
func NewCertificateAuthorityServer(rpc Server, impl core.CertificateAuthority) (err error)
NewCertificateAuthorityServer constructs an RPC server
CertificateAuthorityClient / Server
-> IssueCertificate
func NewPublisherServer ¶
NewPublisherServer creates a new server that wraps a CT publisher
func NewRegistrationAuthorityServer ¶
func NewRegistrationAuthorityServer(rpc Server, impl core.RegistrationAuthority) error
NewRegistrationAuthorityServer constructs an RPC server
func NewStorageAuthorityServer ¶
func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error
NewStorageAuthorityServer constructs an RPC server
func NewValidationAuthorityServer ¶
func NewValidationAuthorityServer(rpc Server, impl core.ValidationAuthority) (err error)
NewValidationAuthorityServer constructs an RPC server
ValidationAuthorityClient / Server
-> UpdateValidations
Types ¶
type AmqpRPCCLient ¶
type AmqpRPCCLient struct {
// contains filtered or unexported fields
}
AmqpRPCCLient is an AMQP-RPC client that sends requests to a specific server queue, and uses a dedicated response queue for responses.
To implement specific functionality, using code uses the DispatchSync() method to send a method name and body, and get back a response. So you end up with wrapper methods of the form:
```
request = /* serialize request to []byte */ response = AmqpRPCCLient.Dispatch(method, request) return /* deserialized response */
```
DispatchSync will manage the channel for you, and also enforce a timeout on the transaction.
func NewAmqpRPCClient ¶
func NewAmqpRPCClient( clientQueuePrefix string, amqpConf *cmd.AMQPConfig, rpcConf *cmd.RPCServerConfig, stats statsd.Statter, ) (rpc *AmqpRPCCLient, err error)
NewAmqpRPCClient constructs an RPC client using AMQP
func (*AmqpRPCCLient) DispatchSync ¶
func (rpc *AmqpRPCCLient) DispatchSync(method string, body []byte) (response []byte, err error)
DispatchSync sends a body to the destination, and blocks waiting on a response.
type AmqpRPCServer ¶
type AmqpRPCServer struct {
// contains filtered or unexported fields
}
AmqpRPCServer listens on a specified queue within an AMQP channel. When messages arrive on that queue, it dispatches them based on type, and returns the response to the ReplyTo queue.
To implement specific functionality, using code should use the Handle method to add specific actions.
func NewAmqpRPCServer ¶
func NewAmqpRPCServer(amqpConf *cmd.AMQPConfig, maxConcurrentRPCServerRequests int64, stats statsd.Statter) (*AmqpRPCServer, error)
NewAmqpRPCServer creates a new RPC server for the given queue and will begin consuming requests from the queue. To start the server you must call Start().
func NewMonitorServer ¶
func NewMonitorServer(amqpConf *cmd.AMQPConfig, maxConcurrentRPCServerRequests int64, stats statsd.Statter) (*AmqpRPCServer, error)
NewMonitorServer creates an AmqpRPCServer that binds its queue to the wildcard routing key instead of the default of binding to the queue name. This allows Activity Monitor to observe all messages sent to the exchange.
func (*AmqpRPCServer) Handle ¶
func (rpc *AmqpRPCServer) Handle(method string, handler messageHandler)
Handle registers a function to handle a particular method.
func (*AmqpRPCServer) HandleDeliveries ¶
func (rpc *AmqpRPCServer) HandleDeliveries(handler DeliveryHandler)
HandleDeliveries allows a server to receive amqp.Delivery directly (e.g. ActivityMonitor), it can provide one of these. Otherwise processMessage is used by default.
func (*AmqpRPCServer) Start ¶
func (rpc *AmqpRPCServer) Start(c *cmd.AMQPConfig) error
Start starts the AMQP-RPC server and handles reconnections, this will block until a fatal error is returned or AmqpRPCServer.Stop() is called and all remaining messages are processed.
func (*AmqpRPCServer) Stop ¶
func (rpc *AmqpRPCServer) Stop()
Stop gracefully stops the AmqpRPCServer, after calling AmqpRPCServer.Start will continue blocking until it has processed any messages that have already been retrieved.
type CertificateAuthorityClient ¶
type CertificateAuthorityClient struct {
// contains filtered or unexported fields
}
CertificateAuthorityClient is a client to communicate with the CA.
func NewCertificateAuthorityClient ¶
func NewCertificateAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats statsd.Statter) (*CertificateAuthorityClient, error)
NewCertificateAuthorityClient constructs an RPC client
func (CertificateAuthorityClient) GenerateOCSP ¶
func (cac CertificateAuthorityClient) GenerateOCSP(signRequest core.OCSPSigningRequest) (resp []byte, err error)
GenerateOCSP sends a request to generate an OCSP response
func (CertificateAuthorityClient) IssueCertificate ¶
func (cac CertificateAuthorityClient) IssueCertificate(csr x509.CertificateRequest, regID int64) (cert core.Certificate, err error)
IssueCertificate sends a request to issue a certificate
func (CertificateAuthorityClient) RevokeCertificate ¶
func (cac CertificateAuthorityClient) RevokeCertificate(serial string, reasonCode core.RevocationCode) (err error)
RevokeCertificate sends a request to revoke a certificate
type DeliveryHandler ¶
DeliveryHandler is a function that will process an amqp.DeliveryHandler
type PublisherClient ¶
type PublisherClient struct {
// contains filtered or unexported fields
}
PublisherClient is a client to communicate with the Publisher Authority
func NewPublisherClient ¶
func NewPublisherClient(clientName string, amqpConf *cmd.AMQPConfig, stats statsd.Statter) (*PublisherClient, error)
NewPublisherClient constructs an RPC client
func (PublisherClient) SubmitToCT ¶
func (pub PublisherClient) SubmitToCT(der []byte) (err error)
SubmitToCT sends a request to submit a certifcate to CT logs
type RegistrationAuthorityClient ¶
type RegistrationAuthorityClient struct {
// contains filtered or unexported fields
}
RegistrationAuthorityClient represents an RA RPC client
func NewRegistrationAuthorityClient ¶
func NewRegistrationAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats statsd.Statter) (*RegistrationAuthorityClient, error)
NewRegistrationAuthorityClient constructs an RPC client
func (RegistrationAuthorityClient) AdministrativelyRevokeCertificate ¶
func (rac RegistrationAuthorityClient) AdministrativelyRevokeCertificate(cert x509.Certificate, reason core.RevocationCode, user string) (err error)
AdministrativelyRevokeCertificate sends a Revoke Certificate request initiated by the admin-revoker
func (RegistrationAuthorityClient) NewAuthorization ¶
func (rac RegistrationAuthorityClient) NewAuthorization(authz core.Authorization, regID int64) (newAuthz core.Authorization, err error)
NewAuthorization sends a New Authorization request
func (RegistrationAuthorityClient) NewCertificate ¶
func (rac RegistrationAuthorityClient) NewCertificate(cr core.CertificateRequest, regID int64) (cert core.Certificate, err error)
NewCertificate sends a New Certificate request
func (RegistrationAuthorityClient) NewRegistration ¶
func (rac RegistrationAuthorityClient) NewRegistration(reg core.Registration) (newReg core.Registration, err error)
NewRegistration sends a New Registration request
func (RegistrationAuthorityClient) OnValidationUpdate ¶
func (rac RegistrationAuthorityClient) OnValidationUpdate(authz core.Authorization) (err error)
OnValidationUpdate senda a notice that a validation has updated
func (RegistrationAuthorityClient) RevokeCertificateWithReg ¶
func (rac RegistrationAuthorityClient) RevokeCertificateWithReg(cert x509.Certificate, reason core.RevocationCode, regID int64) (err error)
RevokeCertificateWithReg sends a Revoke Certificate request initiated by the WFE
func (RegistrationAuthorityClient) UpdateAuthorization ¶
func (rac RegistrationAuthorityClient) UpdateAuthorization(authz core.Authorization, index int, response core.Challenge) (newAuthz core.Authorization, err error)
UpdateAuthorization sends an Update Authorization request
func (RegistrationAuthorityClient) UpdateRegistration ¶
func (rac RegistrationAuthorityClient) UpdateRegistration(base core.Registration, update core.Registration) (newReg core.Registration, err error)
UpdateRegistration sends an Update Registration request
type Server ¶
type Server interface {
Handle(string, messageHandler)
}
Server describes the functions an RPC Server performs
type StorageAuthorityClient ¶
type StorageAuthorityClient struct {
// contains filtered or unexported fields
}
StorageAuthorityClient is a client to communicate with the Storage Authority
func NewStorageAuthorityClient ¶
func NewStorageAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats statsd.Statter) (*StorageAuthorityClient, error)
NewStorageAuthorityClient constructs an RPC client
func (StorageAuthorityClient) AddCertificate ¶
func (cac StorageAuthorityClient) AddCertificate(cert []byte, regID int64) (id string, err error)
AddCertificate sends a request to record the issuance of a certificate
func (StorageAuthorityClient) AddSCTReceipt ¶
func (cac StorageAuthorityClient) AddSCTReceipt(sct core.SignedCertificateTimestamp) (err error)
AddSCTReceipt adds a new SCT to the database.
func (StorageAuthorityClient) AlreadyDeniedCSR ¶
func (cac StorageAuthorityClient) AlreadyDeniedCSR(names []string) (exists bool, err error)
AlreadyDeniedCSR sends a request to search for denied names
func (StorageAuthorityClient) CountCertificatesByNames ¶
func (cac StorageAuthorityClient) CountCertificatesByNames(names []string, earliest, latest time.Time) (counts map[string]int, err error)
CountCertificatesByNames calls CountCertificatesRange on the remote StorageAuthority.
func (StorageAuthorityClient) CountCertificatesRange ¶
func (cac StorageAuthorityClient) CountCertificatesRange(start, end time.Time) (count int64, err error)
CountCertificatesRange sends a request to count the number of certificates issued in a certain time range
func (StorageAuthorityClient) CountPendingAuthorizations ¶
func (cac StorageAuthorityClient) CountPendingAuthorizations(regID int64) (count int, err error)
CountPendingAuthorizations calls CountPendingAuthorizations on the remote StorageAuthority.
func (StorageAuthorityClient) CountRegistrationsByIP ¶
func (cac StorageAuthorityClient) CountRegistrationsByIP(ip net.IP, earliest, latest time.Time) (count int, err error)
CountRegistrationsByIP calls CountRegistrationsByIP on the remote StorageAuthority.
func (StorageAuthorityClient) FinalizeAuthorization ¶
func (cac StorageAuthorityClient) FinalizeAuthorization(authz core.Authorization) (err error)
FinalizeAuthorization sends a request to finalize an authorization (convert from pending)
func (StorageAuthorityClient) GetAuthorization ¶
func (cac StorageAuthorityClient) GetAuthorization(id string) (authz core.Authorization, err error)
GetAuthorization sends a request to get an Authorization by ID
func (StorageAuthorityClient) GetCertificate ¶
func (cac StorageAuthorityClient) GetCertificate(id string) (cert core.Certificate, err error)
GetCertificate sends a request to get a Certificate by ID
func (StorageAuthorityClient) GetCertificateStatus ¶
func (cac StorageAuthorityClient) GetCertificateStatus(id string) (status core.CertificateStatus, err error)
GetCertificateStatus sends a request to obtain the current status of a certificate by ID
func (StorageAuthorityClient) GetLatestValidAuthorization ¶
func (cac StorageAuthorityClient) GetLatestValidAuthorization(registrationID int64, identifier core.AcmeIdentifier) (authz core.Authorization, err error)
GetLatestValidAuthorization sends a request to get an Authorization by RegID, Identifier
func (StorageAuthorityClient) GetRegistration ¶
func (cac StorageAuthorityClient) GetRegistration(id int64) (reg core.Registration, err error)
GetRegistration sends a request to get a registration by ID
func (StorageAuthorityClient) GetRegistrationByKey ¶
func (cac StorageAuthorityClient) GetRegistrationByKey(key jose.JsonWebKey) (reg core.Registration, err error)
GetRegistrationByKey sends a request to get a registration by JWK
func (StorageAuthorityClient) GetSCTReceipt ¶
func (cac StorageAuthorityClient) GetSCTReceipt(serial string, logID string) (receipt core.SignedCertificateTimestamp, err error)
GetSCTReceipt retrieves an SCT according to the serial number of a certificate and the logID of the log to which it was submitted.
func (StorageAuthorityClient) MarkCertificateRevoked ¶
func (cac StorageAuthorityClient) MarkCertificateRevoked(serial string, reasonCode core.RevocationCode) (err error)
MarkCertificateRevoked sends a request to mark a certificate as revoked
func (StorageAuthorityClient) NewPendingAuthorization ¶
func (cac StorageAuthorityClient) NewPendingAuthorization(authz core.Authorization) (output core.Authorization, err error)
NewPendingAuthorization sends a request to store a pending authorization
func (StorageAuthorityClient) NewRegistration ¶
func (cac StorageAuthorityClient) NewRegistration(reg core.Registration) (output core.Registration, err error)
NewRegistration sends a request to store a new registration
func (StorageAuthorityClient) UpdateOCSP ¶
func (cac StorageAuthorityClient) UpdateOCSP(serial string, ocspResponse []byte) (err error)
UpdateOCSP sends a request to store an updated OCSP response
func (StorageAuthorityClient) UpdatePendingAuthorization ¶
func (cac StorageAuthorityClient) UpdatePendingAuthorization(authz core.Authorization) (err error)
UpdatePendingAuthorization sends a request to update the data in a pending authorization
func (StorageAuthorityClient) UpdateRegistration ¶
func (cac StorageAuthorityClient) UpdateRegistration(reg core.Registration) (err error)
UpdateRegistration sends a request to store an updated registration
type ValidationAuthorityClient ¶
type ValidationAuthorityClient struct {
// contains filtered or unexported fields
}
ValidationAuthorityClient represents an RPC client for the VA
func NewValidationAuthorityClient ¶
func NewValidationAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats statsd.Statter) (*ValidationAuthorityClient, error)
NewValidationAuthorityClient constructs an RPC client
func (ValidationAuthorityClient) CheckCAARecords ¶
func (vac ValidationAuthorityClient) CheckCAARecords(ident core.AcmeIdentifier) (present bool, valid bool, err error)
CheckCAARecords sends a request to check CAA records
func (ValidationAuthorityClient) IsSafeDomain ¶
func (vac ValidationAuthorityClient) IsSafeDomain(req *core.IsSafeDomainRequest) (*core.IsSafeDomainResponse, error)
IsSafeDomain returns true if the domain given is determined to be safe by an third-party safe browsing API.
func (ValidationAuthorityClient) UpdateValidations ¶
func (vac ValidationAuthorityClient) UpdateValidations(authz core.Authorization, index int) error
UpdateValidations sends an Update Validations request