Documentation ¶
Index ¶
- func NewAccountCache(under AccountGetter, maxEntries int, ttl time.Duration, clk clock.Clock, ...) *accountCache
- type AccountGetter
- type WebFrontEndImpl
- func (wfe *WebFrontEndImpl) Account(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) Authorization(ctx context.Context, handlerPath string, logEvent *web.RequestEvent, ...)
- func (wfe *WebFrontEndImpl) AuthorizationHandler(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) BuildID(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) Challenge(ctx context.Context, logEvent *web.RequestEvent, handlerPath string, ...)
- func (wfe *WebFrontEndImpl) ChallengeHandler(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) DeprecatedAuthorizationHandler(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) DeprecatedChallengeHandler(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) Directory(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h web.WFEHandlerFunc, methods ...string)
- func (wfe *WebFrontEndImpl) Handler(stats prometheus.Registerer, oTelHTTPOptions ...otelhttp.Option) http.Handler
- func (wfe *WebFrontEndImpl) Index(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) KeyRollover(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) NewAccount(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) NewOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) Nonce(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) Options(response http.ResponseWriter, request *http.Request, methodsStr string, ...)
- func (wfe *WebFrontEndImpl) RenewalInfo(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
- func (wfe *WebFrontEndImpl) RevokeCertificate(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, ...)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAccountCache ¶
func NewAccountCache( under AccountGetter, maxEntries int, ttl time.Duration, clk clock.Clock, stats prometheus.Registerer, ) *accountCache
Types ¶
type AccountGetter ¶
type AccountGetter interface {
GetRegistration(ctx context.Context, regID *sapb.RegistrationID, opts ...grpc.CallOption) (*corepb.Registration, error)
}
AccountGetter represents the ability to get an account by ID - either from the SA or from a cache.
type WebFrontEndImpl ¶
type WebFrontEndImpl struct { // URL to the current subscriber agreement (should contain some version identifier) SubscriberAgreementURL string // DirectoryCAAIdentity is used for the /directory response's "meta" // element's "caaIdentities" field. It should match the VA's issuerDomain // field value. DirectoryCAAIdentity string // DirectoryWebsite is used for the /directory response's "meta" element's // "website" field. DirectoryWebsite string // Allowed prefix for legacy accounts used by verify.go's `lookupJWK`. // See `cmd/boulder-wfe2/main.go`'s comment on the configuration field // `LegacyKeyIDPrefix` for more information. LegacyKeyIDPrefix string // CORS settings AllowOrigins []string // contains filtered or unexported fields }
WebFrontEndImpl provides all the logic for Boulder's web-facing interface, i.e., ACME. Its members configure the paths for various ACME functions, plus a few other data items used in ACME. Its methods are primarily handlers for HTTPS requests for the various ACME functions.
func NewWebFrontEndImpl ¶
func NewWebFrontEndImpl( stats prometheus.Registerer, clk clock.Clock, keyPolicy goodkey.KeyPolicy, certificateChains map[issuance.NameID][][]byte, issuerCertificates map[issuance.NameID]*issuance.Certificate, logger blog.Logger, requestTimeout time.Duration, staleTimeout time.Duration, authorizationLifetime time.Duration, pendingAuthorizationLifetime time.Duration, rac rapb.RegistrationAuthorityClient, sac sapb.StorageAuthorityReadOnlyClient, gnc nonce.Getter, rnc nonce.Redeemer, rncKey []byte, accountGetter AccountGetter, limiter *ratelimits.Limiter, txnBuilder *ratelimits.TransactionBuilder, maxNames int, certProfiles map[string]string, unpauseSigner unpause.JWTSigner, unpauseJWTLifetime time.Duration, unpauseURL string, ) (WebFrontEndImpl, error)
NewWebFrontEndImpl constructs a web service for Boulder
func (*WebFrontEndImpl) Account ¶
func (wfe *WebFrontEndImpl) Account( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
Account is used by a client to submit an update to their account.
func (*WebFrontEndImpl) Authorization ¶
func (wfe *WebFrontEndImpl) Authorization( ctx context.Context, handlerPath string, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request, authzIDStr string)
Authorization handles both `/acme/authz/{authzID}` and `/acme/authz/{regID}/{authzID}` requests, after the calling function has parsed out the authzID.
func (*WebFrontEndImpl) AuthorizationHandler ¶
func (wfe *WebFrontEndImpl) AuthorizationHandler( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
AuthorizationHandler handles requests to authorization URLs of the form /acme/authz/{regID}/{authzID}.
func (*WebFrontEndImpl) BuildID ¶
func (wfe *WebFrontEndImpl) BuildID(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
BuildID tells the requester what build we're running.
func (*WebFrontEndImpl) Certificate ¶
func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
Certificate is used by clients to request a copy of their current certificate, or to request a reissuance of the certificate.
func (*WebFrontEndImpl) Challenge ¶
func (wfe *WebFrontEndImpl) Challenge( ctx context.Context, logEvent *web.RequestEvent, handlerPath string, response http.ResponseWriter, request *http.Request, authorizationIDStr string, challengeID string)
Challenge handles POSTS to both formats of challenge URLs.
func (*WebFrontEndImpl) ChallengeHandler ¶
func (wfe *WebFrontEndImpl) ChallengeHandler( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
ChallengeHandler handles POST requests to challenge URLs of the form /acme/chall/{regID}/{authzID}/{challID}.
func (*WebFrontEndImpl) DeprecatedAuthorizationHandler ¶
func (wfe *WebFrontEndImpl) DeprecatedAuthorizationHandler( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
DeprecatedAuthorizationHandler handles requests to authorization URLs of the form /acme/authz/{authzID}.
func (*WebFrontEndImpl) DeprecatedChallengeHandler ¶
func (wfe *WebFrontEndImpl) DeprecatedChallengeHandler( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
DeprecatedChallengeHandler handles POST requests to challenge URLs of the form /acme/chall-v3/<authorizationID>/<challengeID>. Such requests are clients' responses to the server's challenges.
func (*WebFrontEndImpl) Directory ¶
func (wfe *WebFrontEndImpl) Directory( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
Directory is an HTTP request handler that provides the directory object stored in the WFE's DirectoryEndpoints member with paths prefixed using the `request.Host` of the HTTP request.
func (*WebFrontEndImpl) FinalizeOrder ¶
func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
FinalizeOrder is used to request issuance for a existing order object. Most processing of the order details is handled by the RA but we do attempt to throw away requests with invalid CSRs here.
func (*WebFrontEndImpl) GetOrder ¶
func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
GetOrder is used to retrieve a existing order object
func (*WebFrontEndImpl) HandleFunc ¶
func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h web.WFEHandlerFunc, methods ...string)
HandleFunc registers a handler at the given path. It's http.HandleFunc(), but with a wrapper around the handler that provides some generic per-request functionality:
* Set a Replay-Nonce header.
* Respond to OPTIONS requests, including CORS preflight requests.
* Set a no cache header
* Respond http.StatusMethodNotAllowed for HTTP methods other than those listed.
* Set CORS headers when responding to CORS "actual" requests.
* Never send a body in response to a HEAD request. Anything written by the handler will be discarded if the method is HEAD. Also, all handlers that accept GET automatically accept HEAD.
func (*WebFrontEndImpl) Handler ¶
func (wfe *WebFrontEndImpl) Handler(stats prometheus.Registerer, oTelHTTPOptions ...otelhttp.Option) http.Handler
Handler returns an http.Handler that uses various functions for various ACME-specified paths.
func (*WebFrontEndImpl) Index ¶
func (wfe *WebFrontEndImpl) Index(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
Index serves a simple identification page. It is not part of the ACME spec.
func (*WebFrontEndImpl) KeyRollover ¶
func (wfe *WebFrontEndImpl) KeyRollover( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
KeyRollover allows a user to change their signing key
func (*WebFrontEndImpl) NewAccount ¶
func (wfe *WebFrontEndImpl) NewAccount( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
NewAccount is used by clients to submit a new account
func (*WebFrontEndImpl) NewOrder ¶
func (wfe *WebFrontEndImpl) NewOrder( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
NewOrder is used by clients to create a new order object and a set of authorizations to fulfill for issuance.
func (*WebFrontEndImpl) Nonce ¶
func (wfe *WebFrontEndImpl) Nonce( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
Nonce is an endpoint for getting a fresh nonce with an HTTP GET or HEAD request. This endpoint only returns a status code header - the `HandleFunc` wrapper ensures that a nonce is written in the correct response header.
func (*WebFrontEndImpl) Options ¶
func (wfe *WebFrontEndImpl) Options(response http.ResponseWriter, request *http.Request, methodsStr string, methodsMap map[string]bool)
Options responds to an HTTP OPTIONS request.
func (*WebFrontEndImpl) RenewalInfo ¶
func (wfe *WebFrontEndImpl) RenewalInfo(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
RenewalInfo is used to get information about the suggested renewal window for the given certificate. It only accepts unauthenticated GET requests.
func (*WebFrontEndImpl) RevokeCertificate ¶
func (wfe *WebFrontEndImpl) RevokeCertificate( ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request)
RevokeCertificate is used by clients to request the revocation of a cert. The revocation request is handled uniquely based on the method of authentication used.