policy

package
v0.0.0-...-3814c95 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2015 License: MPL-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var BlacklistedError = errors.New("Name is blacklisted")
View Source
var InvalidIdentifierError = errors.New("Invalid identifier type")
View Source
var NonPublicError = errors.New("Name does not end in a public suffix")
View Source
var SyntaxError = errors.New("Syntax error")

Functions

This section is empty.

Types

type PolicyAuthorityImpl

type PolicyAuthorityImpl struct {
	PublicSuffixList map[string]bool // A copy of the DNS root zone
	Blacklist        map[string]bool // A blacklist of denied names
	// contains filtered or unexported fields
}

func NewPolicyAuthorityImpl

func NewPolicyAuthorityImpl(logger *blog.AuditLogger) *PolicyAuthorityImpl

func (PolicyAuthorityImpl) ChallengesFor

func (pa PolicyAuthorityImpl) ChallengesFor(identifier core.AcmeIdentifier) (challenges []core.Challenge, combinations [][]int)

For now, we just issue DVSNI and SimpleHTTPS challenges for everything

func (PolicyAuthorityImpl) WillingToIssue

func (pa PolicyAuthorityImpl) WillingToIssue(id core.AcmeIdentifier) error

We place several criteria on identifiers we are willing to issue for:

  • MUST self-identify as DNS identifiers
  • MUST contain only bytes in the DNS hostname character set
  • MUST NOT have more than maxLabels labels
  • MUST follow the DNS hostname syntax rules in RFC 1035 and RFC 2181 In particular:
  • MUST NOT contain underscores
  • MUST NOT contain IDN labels (xn--)
  • MUST NOT match the syntax of an IP address
  • MUST end in a public suffix
  • MUST have at least one label in addition to the public suffix
  • MUST NOT be a label-wise suffix match for a name on the black list, where comparison is case-independent (normalized to lower case)

XXX: Is there any need for this method to be constant-time? We're

going to refuse to issue anyway, but timing could leak whether
names are on the blacklist.

XXX: We should probably fold everything to lower-case somehow.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL