va

package

v0.0.0-...-6229936 Latest Latest Go to latest Published: Dec 18, 2024 License: MPL-2.0 Imports: 45 Imported by: 70

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/letsencrypt/boulder

Documentation ¶

Index ¶

Constants
Variables
type RemoteClients
type RemoteVA
type ValidationAuthorityImpl
- func NewValidationAuthorityImpl(resolver bdns.Client, remoteVAs []RemoteVA, userAgent string, ...) (*ValidationAuthorityImpl, error)

Constants ¶

View Source

const (
	// ALPN protocol ID for TLS-ALPN-01 challenge
	// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2
	ACMETLS1Protocol = "acme-tls/1"
)

View Source

const (
	PrimaryPerspective = "Primary"
)

Variables ¶

View Source

var (
	// As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-04#section-5.1
	// id-pe OID + 31 (acmeIdentifier)
	IdPeAcmeIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
	// OID for the Subject Alternative Name extension, as defined in
	// https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6
	IdCeSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
)

Functions ¶

This section is empty.

Types ¶

type RemoteClients ¶

type RemoteClients struct {
	vapb.VAClient
	vapb.CAAClient
}

RemoteClients wraps the vapb.VAClient and vapb.CAAClient interfaces to aid in mocking remote VAs for testing.

type RemoteVA ¶

type RemoteVA struct {
	RemoteClients
	Address     string
	Perspective string
	RIR         string
}

RemoteVA embeds RemoteClients and adds a field containing the address of the remote gRPC server since the underlying gRPC client doesn't provide a way to extract this metadata which is useful for debugging gRPC connection issues.

type ValidationAuthorityImpl ¶

type ValidationAuthorityImpl struct {
	vapb.UnsafeVAServer
	vapb.UnsafeCAAServer
	// contains filtered or unexported fields
}

ValidationAuthorityImpl represents a VA

func NewValidationAuthorityImpl ¶

func NewValidationAuthorityImpl(
	resolver bdns.Client,
	remoteVAs []RemoteVA,
	userAgent string,
	issuerDomain string,
	stats prometheus.Registerer,
	clk clock.Clock,
	logger blog.Logger,
	accountURIPrefixes []string,
	perspective string,
	rir string,
) (*ValidationAuthorityImpl, error)

NewValidationAuthorityImpl constructs a new VA

func (*ValidationAuthorityImpl) DoCAA ¶

func (va *ValidationAuthorityImpl) DoCAA(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)

DoCAA conducts a CAA check for the specified dnsName. When invoked on the primary Validation Authority (VA) and the local check succeeds, it also performs CAA checks using the configured remote VAs. Failed checks are indicated by a non-nil Problems in the returned ValidationResult. DoCAA returns error only for internal logic errors (and the client may receive errors from gRPC in the event of a communication problem). This method implements the CAA portion of Multi-Perspective Issuance Corroboration as defined in BRs Sections 3.2.2.9 and 5.4.1.

func (*ValidationAuthorityImpl) DoDCV ¶

func (va *ValidationAuthorityImpl) DoDCV(ctx context.Context, req *vapb.PerformValidationRequest) (*vapb.ValidationResult, error)

DoDCV conducts a local Domain Control Validation (DCV) for the specified challenge. When invoked on the primary Validation Authority (VA) and the local validation succeeds, it also performs DCV validations using the configured remote VAs. Failed validations are indicated by a non-nil Problems in the returned ValidationResult. DoDCV returns error only for internal logic errors (and the client may receive errors from gRPC in the event of a communication problem). ValidationResult always includes a list of ValidationRecords, even when it also contains Problems. This method implements the DCV portion of Multi-Perspective Issuance Corroboration as defined in BRs Sections 3.2.2.9 and 5.4.1.

func (*ValidationAuthorityImpl) IsCAAValid ¶

func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)

IsCAAValid checks requested CAA records from a VA, and recursively any RVAs configured in the VA. It returns a response or an error.

func (*ValidationAuthorityImpl) PerformValidation ¶

func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *vapb.PerformValidationRequest) (*vapb.ValidationResult, error)

PerformValidation conducts a local Domain Control Validation (DCV) and CAA check for the specified challenge and dnsName. When invoked on the primary Validation Authority (VA) and the local validation succeeds, it also performs DCV and CAA checks using the configured remote VAs. Failed validations are indicated by a non-nil Problems in the returned ValidationResult. PerformValidation returns error only for internal logic errors (and the client may receive errors from gRPC in the event of a communication problem). ValidationResult always includes a list of ValidationRecords, even when it also contains Problems. This method does NOT implement Multi-Perspective Issuance Corroboration as defined in BRs Sections 3.2.2.9 and 5.4.1.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
config
proto

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL