ca

package

v0.0.0-...-b20fc4b Latest Latest Go to latest Published: Jun 2, 2015 License: MPL-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rolandshoemaker/boulder

Links

Open Source Insights

Documentation ¶

Index ¶

func NewCertificateAuthorityDatabaseImpl(driver string, name string) (cadb core.CertificateAuthorityDatabase, err error)
type CertificateAuthorityDatabaseImpl
type CertificateAuthorityImpl
- func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config) (*CertificateAuthorityImpl, error)
type Config
type SerialNumber

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCertificateAuthorityDatabaseImpl ¶

func NewCertificateAuthorityDatabaseImpl(driver string, name string) (cadb core.CertificateAuthorityDatabase, err error)

NewCertificateAuthorityDatabaseImpl constructs a Database for the Certificate Authority.

Types ¶

type CertificateAuthorityDatabaseImpl ¶

type CertificateAuthorityDatabaseImpl struct {
	// contains filtered or unexported fields
}

CertificateAuthorityDatabaseImpl represents a database used by the CA; it enforces transaction semantics, and is effectively single-threaded.

func (*CertificateAuthorityDatabaseImpl) Begin ¶

func (cadb *CertificateAuthorityDatabaseImpl) Begin() (err error)

Begin starts a Database transaction. There can only be one in this object at a time.

func (*CertificateAuthorityDatabaseImpl) Commit ¶

func (cadb *CertificateAuthorityDatabaseImpl) Commit() (err error)

Commit makes permanent a database transaction; there must be an active transaction when called.

func (*CertificateAuthorityDatabaseImpl) CreateTablesIfNotExists ¶

func (cadb *CertificateAuthorityDatabaseImpl) CreateTablesIfNotExists() (err error)

createTablesIfNotExist builds the database tables and inserts the initial state, if the tables do not already exist. It is not an error for the tables to already exist.

func (*CertificateAuthorityDatabaseImpl) IncrementAndGetSerial ¶

func (cadb *CertificateAuthorityDatabaseImpl) IncrementAndGetSerial() (val int64, err error)

IncrementAndGetSerial returns the next-available serial number, incrementing it in the database before returning. There must be an active transaction to call this method. Callers should Begin the transaction, call this method, perform any other work, and Commit at the end once the certificate is issued.

func (*CertificateAuthorityDatabaseImpl) Rollback ¶

func (cadb *CertificateAuthorityDatabaseImpl) Rollback() (err error)

Rollback cancels the ongoing database transaction; there must be an active transaction when called.

type CertificateAuthorityImpl ¶

type CertificateAuthorityImpl struct {
	Signer     signer.Signer
	OCSPSigner cfsslOCSP.Signer
	SA         core.StorageAuthority
	PA         core.PolicyAuthority
	DB         core.CertificateAuthorityDatabase

	Prefix         int // Prepended to the serial number
	ValidityPeriod time.Duration
	NotAfter       time.Time
	MaxNames       int
	// contains filtered or unexported fields
}

CertificateAuthorityImpl represents a CA that signs certificates, CRLs, and OCSP responses.

func NewCertificateAuthorityImpl ¶

func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config) (*CertificateAuthorityImpl, error)

NewCertificateAuthorityImpl creates a CA that talks to a remote CFSSL instance. (To use a local signer, simply instantiate CertificateAuthorityImpl directly.) Communications with the CA are authenticated with MACs, using CFSSL's authenticated signature scheme. A CA created in this way issues for a single profile on the remote signer, which is indicated by name in this constructor.

func (*CertificateAuthorityImpl) GenerateOCSP ¶

func (ca *CertificateAuthorityImpl) GenerateOCSP(xferObj core.OCSPSigningRequest) ([]byte, error)

GenerateOCSP produces a new OCSP response and returns it

func (*CertificateAuthorityImpl) IssueCertificate ¶

func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest, regID int64, earliestExpiry time.Time) (core.Certificate, error)

IssueCertificate attempts to convert a CSR into a signed Certificate, while enforcing all policies.

func (*CertificateAuthorityImpl) RevokeCertificate ¶

func (ca *CertificateAuthorityImpl) RevokeCertificate(serial string, reasonCode int) (err error)

RevokeCertificate revokes the trust of the Cert referred to by the provided Serial.

type Config ¶

type Config struct {
	Server       string
	AuthKey      string
	Profile      string
	TestMode     bool
	DBDriver     string
	DBName       string
	SerialPrefix int
	// Path to a PEM-encoded copy of the issuer certificate.
	IssuerCert string
	// This field is only allowed if TestMode is true, indicating that we are
	// signing with a local key. In production we will use an HSM and this
	// IssuerKey must be empty (and TestMode must be false). PEM-encoded private
	// key used for signing certificates and OCSP responses.
	IssuerKey string
	// How long issue certificates are valid for, should match expiry field
	// in cfssl config.
	Expiry string
	// The maximum number of subjectAltNames in a single certificate
	MaxNames int
}

Config defines the JSON configuration file schema

type SerialNumber ¶

type SerialNumber struct {
	ID          int       `db:"id"`
	Number      int64     `db:"number"`
	LastUpdated time.Time `db:"lastUpdated"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL