cmd

package
v0.0.0-...-0335a87 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2015 License: MPL-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrDurationMustBeString = errors.New("cannot JSON unmarshal something other than a string into a ConfigDuration")

ErrDurationMustBeString is returned when a non-string value is presented to be deserialized as a ConfigDuration

Functions

func DebugServer 

func DebugServer(addr string)

DebugServer starts a server to receive debug information. Typical usage is to start it in a goroutine, configured with an address from the appropriate configuration object: 

go cmd.DebugServer(c.XA.DebugAddr)

func FailOnError 

func FailOnError(err error, msg string)

FailOnError exits and prints an error message if we encountered a problem

func LoadCert 

func LoadCert(path string) (cert []byte, err error)

LoadCert loads a PEM-formatted certificate from the provided path, returning it as a byte array, or an error if it couldn't be decoded.

func ProfileCmd 

func ProfileCmd(profileName string, stats statsd.Statter)

ProfileCmd runs forever, sending Go runtime statistics to StatsD.

func Version 

func Version() string

Version returns a string representing the version of boulder running.

Types

type AppShell 

type AppShell struct {
	Action func(Config)
	Config func(*cli.Context, Config) Config
	App    *cli.App
}

AppShell contains CLI Metadata

func NewAppShell 

func NewAppShell(name, usage string) (shell *AppShell)

NewAppShell creates a basic AppShell object containing CLI metadata

func (*AppShell) Run 

func (as *AppShell) Run()

Run begins the application context, reading config and passing control to the default commandline action.

func (*AppShell) VersionString 

func (as *AppShell) VersionString() string

VersionString produces a friendly Application version string

type CAConfig 

type CAConfig struct {
	Profile      string
	TestMode     bool
	DBConnect    string
	SerialPrefix int
	Key          KeyConfig
	// LifespanOCSP is how long OCSP responses are valid for; It should be longer
	// than the minTimeToExpiry field for the OCSP Updater.
	LifespanOCSP string
	// How long issued certificates are valid for, should match expiry field
	// in cfssl config.
	Expiry string
	// The maximum number of subjectAltNames in a single certificate
	MaxNames int
	CFSSL    cfsslConfig.Config

	MaxConcurrentRPCServerRequests int64

	// DebugAddr is the address to run the /debug handlers on.
	DebugAddr string
}

CAConfig structs have configuration information for the certificate authority, including database parameters as well as controls for issued certificates.

type Config 

type Config struct {
	ActivityMonitor struct {
		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	// General
	AMQP struct {
		Server    string
		Insecure  bool
		RA        Queue
		VA        Queue
		SA        Queue
		CA        Queue
		OCSP      Queue
		Publisher Queue
		TLS       *TLSConfig
	}

	WFE struct {
		BaseURL       string
		ListenAddress string

		AllowOrigins []string

		CertCacheDuration           string
		CertNoCacheExpirationWindow string
		IndexCacheDuration          string
		IssuerCacheDuration         string

		ShutdownStopTimeout string
		ShutdownKillTimeout string

		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	CA CAConfig

	Monolith struct {
		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	RA struct {
		RateLimitPoliciesFilename string

		MaxConcurrentRPCServerRequests int64

		MaxContactsPerRegistration int

		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	SA struct {
		DBConnect string

		MaxConcurrentRPCServerRequests int64

		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	VA struct {
		UserAgent string

		PortConfig va.PortConfig

		MaxConcurrentRPCServerRequests int64

		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	SQL struct {
		SQLDebug bool
	}

	Statsd struct {
		Server string
		Prefix string
	}

	Syslog struct {
		Network string
		Server  string
		Tag     string
	}

	Revoker struct {
		DBConnect string
	}

	Mailer struct {
		Server   string
		Port     string
		Username string
		Password string

		DBConnect string

		CertLimit int
		NagTimes  []string
		// Path to a text/template email template
		EmailTemplate string

		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	OCSPResponder struct {
		// Source indicates the source of pre-signed OCSP responses to be used. It
		// can be a DBConnect string or a file URL. The file URL style is used
		// when responding from a static file for intermediates and roots.
		Source string

		Path          string
		ListenAddress string
		// MaxAge is the max-age to set in the Cache-Controler response
		// header. It is a time.Duration formatted string.
		MaxAge ConfigDuration

		ShutdownStopTimeout string
		ShutdownKillTimeout string

		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	OCSPUpdater OCSPUpdaterConfig

	Publisher struct {
		MaxConcurrentRPCServerRequests int64

		// DebugAddr is the address to run the /debug handlers on.
		DebugAddr string
	}

	ExternalCertImporter struct {
		CertsToImportCSVFilename   string
		DomainsToImportCSVFilename string
		CertsToRemoveCSVFilename   string
		StatsdRate                 float32
	}

	PA PAConfig

	Common struct {
		BaseURL string
		// Path to a PEM-encoded copy of the issuer certificate.
		IssuerCert string

		DNSResolver               string
		DNSTimeout                string
		DNSAllowLoopbackAddresses bool

		CT publisher.CTConfig
	}

	CertChecker struct {
		Workers             int
		ReportDirectoryPath string
		DBConnect           string
	}

	SubscriberAgreementURL string
}

Config stores configuration parameters that applications will need. For simplicity, we just lump them all into one struct, and use encoding/json to read it from a file.

Note: NO DEFAULTS are provided.

type ConfigDuration 

type ConfigDuration struct {
	time.Duration
}

ConfigDuration is just an alias for time.Duration that allows serialization to YAML as well as JSON.

func (ConfigDuration) MarshalJSON 

func (d ConfigDuration) MarshalJSON() ([]byte, error)

MarshalJSON returns the string form of the duration, as a byte array.

func (*ConfigDuration) UnmarshalJSON 

func (d *ConfigDuration) UnmarshalJSON(b []byte) error

UnmarshalJSON parses a string into a ConfigDuration using time.ParseDuration. If the input does not unmarshal as a string, then UnmarshalJSON returns ErrDurationMustBeString.

func (*ConfigDuration) UnmarshalYAML 

func (d *ConfigDuration) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML uses the same frmat as JSON, but is called by the YAML parser (vs. the JSON parser).

type KeyConfig 

type KeyConfig struct {
	File   string
	PKCS11 PKCS11Config
}

KeyConfig should contain either a File path to a PEM-format private key, or a PKCS11Config defining how to load a module for an HSM.

type OCSPUpdaterConfig 

type OCSPUpdaterConfig struct {
	DBConnect string

	NewCertificateWindow     ConfigDuration
	OldOCSPWindow            ConfigDuration
	MissingSCTWindow         ConfigDuration
	RevokedCertificateWindow ConfigDuration

	NewCertificateBatchSize     int
	OldOCSPBatchSize            int
	MissingSCTBatchSize         int
	RevokedCertificateBatchSize int

	OCSPMinTimeToExpiry ConfigDuration
	OldestIssuedSCT     ConfigDuration

	// DebugAddr is the address to run the /debug handlers on.
	DebugAddr string
}

OCSPUpdaterConfig provides the various window tick times and batch sizes needed for the OCSP (and SCT) updater

type PAConfig 

type PAConfig struct {
	DBConnect              string
	EnforcePolicyWhitelist bool
}

PAConfig specifies how a policy authority should connect to its database, and what policies it should enforce.

type PKCS11Config 

type PKCS11Config struct {
	Module          string
	TokenLabel      string
	PIN             string
	PrivateKeyLabel string
}

PKCS11Config defines how to load a module for an HSM.

type Queue 

type Queue struct {
	Server string
}

Queue describes a queue name

type RateLimitConfig 

type RateLimitConfig struct {
	// Total number of certificates that can be extant at any given time.
	// The 2160h window, 90 days, is chosen to match certificate lifetime, since the
	// main capacity factor is how many OCSP requests we can sign with available
	// hardware.
	TotalCertificates RateLimitPolicy `yaml:"totalCertificates"`
	// Number of certificates that can be extant containing any given name.
	// These are counted by "base domain" aka eTLD+1, so any entries in the
	// overrides section must be an eTLD+1 according to the publicsuffix package.
	CertificatesPerName RateLimitPolicy `yaml:"certificatesPerName"`
	// Number of registrations that can be created per IP.
	// Note: Since this is checked before a registration is created, setting a
	// RegistrationOverride on it has no effect.
	RegistrationsPerIP RateLimitPolicy `yaml:"registrationsPerIP"`
	// Number of pending authorizations that can exist per account. Overrides by
	// key are not applied, but overrides by registration are.
	PendingAuthorizationsPerAccount RateLimitPolicy `yaml:"pendingAuthorizationsPerAccount"`
}

RateLimitConfig contains all application layer rate limiting policies

func LoadRateLimitPolicies 

func LoadRateLimitPolicies(filename string) (RateLimitConfig, error)

LoadRateLimitPolicies loads various rate limiting policies from a YAML configuration file

type RateLimitPolicy 

type RateLimitPolicy struct {
	// How long to count items for
	Window ConfigDuration `yaml:"window"`
	// The max number of items that can be present before triggering the rate
	// limit. Zero means "no limit."
	Threshold int `yaml:"threshold"`
	// A per-key override setting different limits than the default (higher or lower).
	// The key is defined on a per-limit basis and should match the key it counts on.
	// For instance, a rate limit on the number of certificates per name uses name as
	// a key, while a rate limit on the number of registrations per IP subnet would
	// use subnet as a key.
	// Note that a zero entry in the overrides map does not mean "not limit," it
	// means a limit of zero.
	Overrides map[string]int `yaml:"overrides"`
	// A per-registration override setting. This can be used, e.g. if there are
	// hosting providers that we would like to grant a higher rate of issuance
	// than the default. If both key-based and registration-based overrides are
	// available, the registration-based on takes priority.
	RegistrationOverrides map[int64]int `yaml:"registrationOverrides"`
}

RateLimitPolicy describes a general limiting policy

func (*RateLimitPolicy) Enabled 

func (rlp *RateLimitPolicy) Enabled() bool

Enabled returns true iff the RateLimitPolicy is enabled.

func (*RateLimitPolicy) GetThreshold 

func (rlp *RateLimitPolicy) GetThreshold(key string, regID int64) int

GetThreshold returns the threshold for this rate limit, taking into account any overrides for `key`.

func (*RateLimitPolicy) WindowBegin 

func (rlp *RateLimitPolicy) WindowBegin(windowEnd time.Time) time.Time

WindowBegin returns the time that a RateLimitPolicy's window begins, given a particular end time (typically the current time).

type TLSConfig 

type TLSConfig struct {
	CertFile   *string
	KeyFile    *string
	CACertFile *string
}

TLSConfig reprents certificates and a key for authenticated TLS.

Source Files

View all Source files

Directories

Path Synopsis
test

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.