Documentation ¶
Index ¶
Constants ¶
const ( // ALPN protocol ID for TLS-ALPN-01 challenge // https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2 ACMETLS1Protocol = "acme-tls/1" )
Variables ¶
var ( // As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-04#section-5.1 // id-pe OID + 31 (acmeIdentifier) IdPeAcmeIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31} // OID for the Subject Alternative Name extension, as defined in // https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 IdCeSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17} )
Functions ¶
This section is empty.
Types ¶
type RemoteClients ¶
RemoteClients wraps the vapb.VAClient and vapb.CAAClient interfaces to aid in mocking remote VAs for testing.
type RemoteVA ¶
type RemoteVA struct { RemoteClients Address string }
RemoteVA embeds RemoteClients and adds a field containing the address of the remote gRPC server since the underlying gRPC client doesn't provide a way to extract this metadata which is useful for debugging gRPC connection issues.
type ValidationAuthorityImpl ¶
type ValidationAuthorityImpl struct { vapb.UnimplementedVAServer vapb.UnimplementedCAAServer // contains filtered or unexported fields }
ValidationAuthorityImpl represents a VA
func NewValidationAuthorityImpl ¶
func NewValidationAuthorityImpl( resolver bdns.Client, remoteVAs []RemoteVA, maxRemoteFailures int, userAgent string, issuerDomain string, stats prometheus.Registerer, clk clock.Clock, logger blog.Logger, accountURIPrefixes []string, ) (*ValidationAuthorityImpl, error)
NewValidationAuthorityImpl constructs a new VA
func (*ValidationAuthorityImpl) IsCAAValid ¶
func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)
IsCAAValid checks requested CAA records from a VA, and recursively any RVAs configured in the VA. It returns a response or an error.
func (*ValidationAuthorityImpl) PerformValidation ¶
func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *vapb.PerformValidationRequest) (*vapb.ValidationResult, error)
PerformValidation validates the challenge for the domain in the request. The returned result will always contain a list of validation records, even when it also contains a problem.