wfe2

package
v0.0.0-...-3baac6f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2024 License: MPL-2.0 Imports: 53 Imported by: 12

README

WFE v2

The wfe2 package is copied from the wfe package in order to implement the "ACME v2" API. This design choice was made to facilitate a clean separation between v1 and v2 code and to support running a separate API process on a different port alongside the v1 API process.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAccountCache 

func NewAccountCache(
	under AccountGetter,
	maxEntries int,
	ttl time.Duration,
	clk clock.Clock,
	stats prometheus.Registerer,
) *accountCache

Types

type AccountGetter 

type AccountGetter interface {
	GetRegistration(ctx context.Context, regID *sapb.RegistrationID, opts ...grpc.CallOption) (*corepb.Registration, error)
}

AccountGetter represents the ability to get an account by ID - either from the SA or from a cache.

type WebFrontEndImpl 

type WebFrontEndImpl struct {

	// URL to the current subscriber agreement (should contain some version identifier)
	SubscriberAgreementURL string

	// DirectoryCAAIdentity is used for the /directory response's "meta"
	// element's "caaIdentities" field. It should match the VA's issuerDomain
	// field value.
	DirectoryCAAIdentity string

	// DirectoryWebsite is used for the /directory response's "meta" element's
	// "website" field.
	DirectoryWebsite string

	// Allowed prefix for legacy accounts used by verify.go's `lookupJWK`.
	// See `cmd/boulder-wfe2/main.go`'s comment on the configuration field
	// `LegacyKeyIDPrefix` for more information.
	LegacyKeyIDPrefix string

	// CORS settings
	AllowOrigins []string
	// contains filtered or unexported fields
}

WebFrontEndImpl provides all the logic for Boulder's web-facing interface, i.e., ACME. Its members configure the paths for various ACME functions, plus a few other data items used in ACME. Its methods are primarily handlers for HTTPS requests for the various ACME functions.

func NewWebFrontEndImpl 

func NewWebFrontEndImpl(
	stats prometheus.Registerer,
	clk clock.Clock,
	keyPolicy goodkey.KeyPolicy,
	certificateChains map[issuance.NameID][][]byte,
	issuerCertificates map[issuance.NameID]*issuance.Certificate,
	logger blog.Logger,
	requestTimeout time.Duration,
	staleTimeout time.Duration,
	authorizationLifetime time.Duration,
	pendingAuthorizationLifetime time.Duration,
	rac rapb.RegistrationAuthorityClient,
	sac sapb.StorageAuthorityReadOnlyClient,
	gnc nonce.Getter,
	rnc nonce.Redeemer,
	rncKey []byte,
	accountGetter AccountGetter,
	limiter *ratelimits.Limiter,
	txnBuilder *ratelimits.TransactionBuilder,
	maxNames int,
	certProfiles map[string]string,
	unpauseSigner unpause.JWTSigner,
	unpauseJWTLifetime time.Duration,
	unpauseURL string,
) (WebFrontEndImpl, error)

NewWebFrontEndImpl constructs a web service for Boulder

func (*WebFrontEndImpl) Account 

func (wfe *WebFrontEndImpl) Account(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

Account is used by a client to submit an update to their account.

func (*WebFrontEndImpl) Authorization 

func (wfe *WebFrontEndImpl) Authorization(
	ctx context.Context,
	handlerPath string,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request,
	authzIDStr string)

Authorization handles both `/acme/authz/{authzID}` and `/acme/authz/{regID}/{authzID}` requests, after the calling function has parsed out the authzID.

func (*WebFrontEndImpl) AuthorizationHandler 

func (wfe *WebFrontEndImpl) AuthorizationHandler(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

AuthorizationHandler handles requests to authorization URLs of the form /acme/authz/{authzID}.

func (*WebFrontEndImpl) AuthorizationHandlerWithAccount 

func (wfe *WebFrontEndImpl) AuthorizationHandlerWithAccount(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

AuthorizationHandlerWithAccount handles requests to authorization URLs of the form /acme/authz/{regID}/{authzID}.

func (*WebFrontEndImpl) BuildID 

func (wfe *WebFrontEndImpl) BuildID(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

BuildID tells the requester what build we're running.

func (*WebFrontEndImpl) Certificate 

func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

Certificate is used by clients to request a copy of their current certificate, or to request a reissuance of the certificate.

func (*WebFrontEndImpl) Challenge 

func (wfe *WebFrontEndImpl) Challenge(
	ctx context.Context,
	logEvent *web.RequestEvent,
	handlerPath string,
	response http.ResponseWriter,
	request *http.Request,
	authorizationIDStr string,
	challengeID string)

Challenge handles POSTS to both formats of challenge URLs.

func (*WebFrontEndImpl) ChallengeHandler 

func (wfe *WebFrontEndImpl) ChallengeHandler(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

ChallengeHandler handles POST requests to challenge URLs of the form /acme/chall-v3/<authorizationID>/<challengeID>. Such requests are clients' responses to the server's challenges.

func (*WebFrontEndImpl) ChallengeHandlerWithAccount 

func (wfe *WebFrontEndImpl) ChallengeHandlerWithAccount(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

ChallengeHandlerWithAccount handles POST requests to challenge URLs of the form /acme/chall/{regID}/{authzID}/{challID}.

func (*WebFrontEndImpl) Directory 

func (wfe *WebFrontEndImpl) Directory(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

Directory is an HTTP request handler that provides the directory object stored in the WFE's DirectoryEndpoints member with paths prefixed using the `request.Host` of the HTTP request.

func (*WebFrontEndImpl) FinalizeOrder 

func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

FinalizeOrder is used to request issuance for a existing order object. Most processing of the order details is handled by the RA but we do attempt to throw away requests with invalid CSRs here.

func (*WebFrontEndImpl) GetOrder 

func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

GetOrder is used to retrieve a existing order object

func (*WebFrontEndImpl) HandleFunc 

func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h web.WFEHandlerFunc, methods ...string)

HandleFunc registers a handler at the given path. It's http.HandleFunc(), but with a wrapper around the handler that provides some generic per-request functionality:

* Set a Replay-Nonce header.

* Respond to OPTIONS requests, including CORS preflight requests.

* Set a no cache header

* Respond http.StatusMethodNotAllowed for HTTP methods other than those listed.

* Set CORS headers when responding to CORS "actual" requests.

* Never send a body in response to a HEAD request. Anything written by the handler will be discarded if the method is HEAD. Also, all handlers that accept GET automatically accept HEAD.

func (*WebFrontEndImpl) Handler 

func (wfe *WebFrontEndImpl) Handler(stats prometheus.Registerer, oTelHTTPOptions ...otelhttp.Option) http.Handler

Handler returns an http.Handler that uses various functions for various ACME-specified paths.

func (*WebFrontEndImpl) Index 

func (wfe *WebFrontEndImpl) Index(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

Index serves a simple identification page. It is not part of the ACME spec.

func (*WebFrontEndImpl) KeyRollover 

func (wfe *WebFrontEndImpl) KeyRollover(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

KeyRollover allows a user to change their signing key

func (*WebFrontEndImpl) NewAccount 

func (wfe *WebFrontEndImpl) NewAccount(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

NewAccount is used by clients to submit a new account

func (*WebFrontEndImpl) NewOrder 

func (wfe *WebFrontEndImpl) NewOrder(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

NewOrder is used by clients to create a new order object and a set of authorizations to fulfill for issuance.

func (*WebFrontEndImpl) Nonce 

func (wfe *WebFrontEndImpl) Nonce(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

Nonce is an endpoint for getting a fresh nonce with an HTTP GET or HEAD request. This endpoint only returns a status code header - the `HandleFunc` wrapper ensures that a nonce is written in the correct response header.

func (*WebFrontEndImpl) Options 

func (wfe *WebFrontEndImpl) Options(response http.ResponseWriter, request *http.Request, methodsStr string, methodsMap map[string]bool)

Options responds to an HTTP OPTIONS request.

func (*WebFrontEndImpl) RenewalInfo 

func (wfe *WebFrontEndImpl) RenewalInfo(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)

RenewalInfo is used to get information about the suggested renewal window for the given certificate. It only accepts unauthenticated GET requests.

func (*WebFrontEndImpl) RevokeCertificate 

func (wfe *WebFrontEndImpl) RevokeCertificate(
	ctx context.Context,
	logEvent *web.RequestEvent,
	response http.ResponseWriter,
	request *http.Request)

RevokeCertificate is used by clients to request the revocation of a cert. The revocation request is handled uniquely based on the method of authentication used.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.