cmd

package
v0.0.0-...-e77b886 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2017 License: MPL-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrDurationMustBeString = errors.New("cannot JSON unmarshal something other than a string into a ConfigDuration")

ErrDurationMustBeString is returned when a non-string value is presented to be deserialized as a ConfigDuration

Functions

func CatchSignals

func CatchSignals(logger blog.Logger, callback func())

CatchSignals catches SIGTERM, SIGINT, SIGHUP and executes a callback method before exiting

func Clock

func Clock() clock.Clock

Clock functions similarly to clock.Default(), but the returned value can be changed using the FAKECLOCK environment variable if the 'integration' build flag is set.

This function returns the default Clock.

func DebugServer

func DebugServer(addr string)

DebugServer starts a server to receive debug information. Typical usage is to start it in a goroutine, configured with an address from the appropriate configuration object:

go cmd.DebugServer(c.XA.DebugAddr)

func FailOnError

func FailOnError(err error, msg string)

FailOnError exits and prints an error message if we encountered a problem

func FilterShutdownErrors

func FilterShutdownErrors(err error) error

FilterShutdownErrors returns the input error, with the exception of "use of closed network connection," on which it returns nil Per https://github.com/grpc/grpc-go/issues/1017, a gRPC server's `Serve()` will always return an error, even when GracefulStop() is called. We don't want to log graceful stops as errors, so we filter out the meaningless error we get in that situation.

func LoadCert

func LoadCert(path string) (cert []byte, err error)

LoadCert loads a PEM-formatted certificate from the provided path, returning it as a byte array, or an error if it couldn't be decoded.

func ProfileCmd

func ProfileCmd(stats metrics.Scope)

ProfileCmd runs forever, sending Go runtime statistics to StatsD.

func ReadConfigFile

func ReadConfigFile(filename string, out interface{}) error

ReadConfigFile takes a file path as an argument and attempts to unmarshal the content of the file into a struct containing a configuration of a boulder component.

func StatsAndLogging

func StatsAndLogging(logConf SyslogConfig) (metrics.Scope, blog.Logger)

StatsAndLogging constructs a metrics.Scope and an AuditLogger based on its config parameters, and return them both. Crashes if any setup fails. Also sets the constructed AuditLogger as the default logger, and configures the cfssl, mysql, and grpc packages to use our logger. This must be called before any gRPC code is called, because gRPC's SetLogger doesn't use any locking.

func VersionString

func VersionString() string

VersionString produces a friendly Application version string.

Types

type CAADistributedResolverConfig

type CAADistributedResolverConfig struct {
	Timeout     ConfigDuration
	MaxFailures int
	Proxies     []string
}

CAADistributedResolverConfig specifies the HTTP client setup and interfaces needed to resolve CAA addresses over multiple paths

type CAConfig

type CAConfig struct {
	ServiceConfig
	DBConfig
	HostnamePolicyConfig

	GRPCCA            *GRPCServerConfig
	GRPCOCSPGenerator *GRPCServerConfig

	RSAProfile   string
	ECDSAProfile string
	TestMode     bool
	SerialPrefix int
	// TODO(jsha): Remove Key field once we've migrated to Issuers
	Key *IssuerConfig
	// Issuers contains configuration information for each issuer cert and key
	// this CA knows about. The first in the list is used as the default.
	Issuers []IssuerConfig
	// LifespanOCSP is how long OCSP responses are valid for; It should be longer
	// than the minTimeToExpiry field for the OCSP Updater.
	LifespanOCSP ConfigDuration
	// How long issued certificates are valid for, should match expiry field
	// in cfssl config.
	Expiry string
	// How far back certificates should be backdated, should match backdate
	// field in cfssl config.
	Backdate ConfigDuration
	// The maximum number of subjectAltNames in a single certificate
	MaxNames int
	CFSSL    cfsslConfig.Config

	// DoNotForceCN is a temporary config setting. It controls whether
	// to add a certificate's serial to its Subject, and whether to
	// not pull a SAN entry to be the CN if no CN was given in a CSR.
	DoNotForceCN bool

	// EnableMustStaple governs whether the Must Staple extension in CSRs
	// triggers issuance of certificates with Must Staple.
	EnableMustStaple bool

	// EnablePrecertificateFlow governs whether precertificate-based issuance
	// is enabled.
	EnablePrecertificateFlow bool

	// WeakKeyFile is the path to a JSON file containing truncated RSA modulus
	// hashes of known easily enumerable keys.
	WeakKeyFile string

	SAService *GRPCClientConfig

	Features map[string]bool
}

CAConfig structs have configuration information for the certificate authority, including database parameters as well as controls for issued certificates.

type ConfigDuration

type ConfigDuration struct {
	time.Duration
}

ConfigDuration is just an alias for time.Duration that allows serialization to YAML as well as JSON.

func (ConfigDuration) MarshalJSON

func (d ConfigDuration) MarshalJSON() ([]byte, error)

MarshalJSON returns the string form of the duration, as a byte array.

func (*ConfigDuration) UnmarshalJSON

func (d *ConfigDuration) UnmarshalJSON(b []byte) error

UnmarshalJSON parses a string into a ConfigDuration using time.ParseDuration. If the input does not unmarshal as a string, then UnmarshalJSON returns ErrDurationMustBeString.

func (*ConfigDuration) UnmarshalYAML

func (d *ConfigDuration) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML uses the same frmat as JSON, but is called by the YAML parser (vs. the JSON parser).

type DBConfig

type DBConfig struct {
	DBConnect string
	// A file containing a connect URL for the DB.
	DBConnectFile string
	MaxDBConns    int
}

DBConfig defines how to connect to a database. The connect string may be stored in a file separate from the config, because it can contain a password, which we want to keep out of configs.

func (*DBConfig) URL

func (d *DBConfig) URL() (string, error)

URL returns the DBConnect URL represented by this DBConfig object, either loading it from disk or returning a default value. Leading and trailing whitespace is stripped.

type GRPCClientConfig

type GRPCClientConfig struct {
	ServerAddresses []string
	Timeout         ConfigDuration
}

GRPCClientConfig contains the information needed to talk to the gRPC service

type GRPCServerConfig

type GRPCServerConfig struct {
	Address string `json:"address"`
	// ClientNames is a list of allowed client certificate subject alternate names
	// (SANs). The server will reject clients that do not present a certificate
	// with a SAN present on the `ClientNames` list.
	ClientNames []string `json:"clientNames"`
}

GRPCServerConfig contains the information needed to run a gRPC service

type GoogleSafeBrowsingConfig

type GoogleSafeBrowsingConfig struct {
	APIKey    string
	DataDir   string
	ServerURL string
}

GoogleSafeBrowsingConfig is the JSON config struct for the VA's use of the Google Safe Browsing API.

type HostnamePolicyConfig

type HostnamePolicyConfig struct {
	HostnamePolicyFile string
}

HostnamePolicyConfig specifies a file from which to load a policy regarding what hostnames to issue for.

type IssuerConfig

type IssuerConfig struct {
	// A file from which a pkcs11key.Config will be read and parsed, if present
	ConfigFile string
	File       string
	PKCS11     *pkcs11key.Config
	CertFile   string
	// Number of sessions to open with the HSM. For maximum performance,
	// this should be equal to the number of cores in the HSM. Defaults to 1.
	NumSessions int
}

IssuerConfig contains info about an issuer: private key and issuer cert. It should contain either a File path to a PEM-format private key, or a PKCS11Config defining how to load a module for an HSM.

type LogDescription

type LogDescription struct {
	URI string
	Key string
}

LogDescription contains the information needed to submit certificates to a CT log and verify returned receipts

type OCSPUpdaterConfig

type OCSPUpdaterConfig struct {
	ServiceConfig
	DBConfig

	NewCertificateWindow     ConfigDuration
	OldOCSPWindow            ConfigDuration
	MissingSCTWindow         ConfigDuration
	RevokedCertificateWindow ConfigDuration

	NewCertificateBatchSize     int
	OldOCSPBatchSize            int
	MissingSCTBatchSize         int
	RevokedCertificateBatchSize int

	OCSPMinTimeToExpiry          ConfigDuration
	OCSPStaleMaxAge              ConfigDuration
	OldestIssuedSCT              ConfigDuration
	ParallelGenerateOCSPRequests int

	AkamaiBaseURL           string
	AkamaiClientToken       string
	AkamaiClientSecret      string
	AkamaiAccessToken       string
	AkamaiPurgeRetries      int
	AkamaiPurgeRetryBackoff ConfigDuration

	SignFailureBackoffFactor float64
	SignFailureBackoffMax    ConfigDuration

	Publisher            *GRPCClientConfig
	SAService            *GRPCClientConfig
	OCSPGeneratorService *GRPCClientConfig

	Features map[string]bool
}

OCSPUpdaterConfig provides the various window tick times and batch sizes needed for the OCSP (and SCT) updater

type PAConfig

type PAConfig struct {
	DBConfig
	EnforcePolicyWhitelist bool
	Challenges             map[string]bool
}

PAConfig specifies how a policy authority should connect to its database, what policies it should enforce, and what challenges it should offer.

func (PAConfig) CheckChallenges

func (pc PAConfig) CheckChallenges() error

CheckChallenges checks whether the list of challenges in the PA config actually contains valid challenge names

type PasswordConfig

type PasswordConfig struct {
	Password     string
	PasswordFile string
}

PasswordConfig either contains a password or the path to a file containing a password

func (*PasswordConfig) Pass

func (pc *PasswordConfig) Pass() (string, error)

Pass returns a password, either directly from the configuration struct or by reading from a specified file

type PortConfig

type PortConfig struct {
	HTTPPort  int
	HTTPSPort int
	TLSPort   int
}

PortConfig specifies what ports the VA should call to on the remote host when performing its checks.

type RPCServerConfig

type RPCServerConfig struct {
	Server     string // Queue name where the server receives requests
	RPCTimeout ConfigDuration
}

RPCServerConfig contains configuration particular to a specific RPC server type (e.g. RA, SA, etc)

type SMTPConfig

type SMTPConfig struct {
	PasswordConfig
	Server   string
	Port     string
	Username string
}

type ServiceConfig

type ServiceConfig struct {
	// DebugAddr is the address to run the /debug handlers on.
	DebugAddr string
	GRPC      *GRPCServerConfig
	TLS       TLSConfig
}

ServiceConfig contains config items that are common to all our services, to be embedded in other config structs.

type StatsdConfig

type StatsdConfig struct {
	Server string
	Prefix string
}

StatsdConfig defines the config for Statsd.

type SyslogConfig

type SyslogConfig struct {
	StdoutLevel int
	SyslogLevel int
}

SyslogConfig defines the config for syslogging.

type TLSConfig

type TLSConfig struct {
	CertFile   *string
	KeyFile    *string
	CACertFile *string
}

TLSConfig represents certificates and a key for authenticated TLS.

func (TLSConfig) Load

func (t TLSConfig) Load() (*tls.Config, error)

Load reads and parses the certificates and key listed in the TLSConfig, and returns a *tls.Config suitable for either client or server use.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL