Documentation ¶
Index ¶
- type RegistrationAuthorityImpl
- func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, ...) error
- func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error
- func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error
- func (ra *RegistrationAuthorityImpl) MatchesCSR(cert core.Certificate, csr *x509.CertificateRequest) (err error)
- func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (authz core.Authorization, err error)
- func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64) (cert core.Certificate, err error)
- func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (reg core.Registration, err error)
- func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, ...) (err error)
- func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error
- func (ra *RegistrationAuthorityImpl) UpdateAuthorization(ctx context.Context, base core.Authorization, challengeIndex int, ...) (authz core.Authorization, err error)
- func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type RegistrationAuthorityImpl ¶
type RegistrationAuthorityImpl struct { CA core.CertificateAuthority VA core.ValidationAuthority SA core.StorageAuthority PA core.PolicyAuthority DNSResolver bdns.DNSResolver // contains filtered or unexported fields }
RegistrationAuthorityImpl defines an RA.
NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.
func NewRegistrationAuthorityImpl ¶
func NewRegistrationAuthorityImpl( clk clock.Clock, logger blog.Logger, stats metrics.Scope, maxContactsPerReg int, keyPolicy goodkey.KeyPolicy, maxNames int, forceCNFromSAN bool, reuseValidAuthz bool, authorizationLifetime time.Duration, pendingAuthorizationLifetime time.Duration, ) *RegistrationAuthorityImpl
NewRegistrationAuthorityImpl constructs a new RA object.
func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate ¶
func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, user string) error
AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.
func (*RegistrationAuthorityImpl) DeactivateAuthorization ¶
func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error
DeactivateAuthorization deactivates a currently valid authorization
func (*RegistrationAuthorityImpl) DeactivateRegistration ¶
func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error
DeactivateRegistration deactivates a valid registration
func (*RegistrationAuthorityImpl) MatchesCSR ¶
func (ra *RegistrationAuthorityImpl) MatchesCSR(cert core.Certificate, csr *x509.CertificateRequest) (err error)
MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:
- notBefore is not more than 24 hours ago
- BasicConstraintsValid is true
- IsCA is false
- ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
- Subject only contains CommonName & Names
func (*RegistrationAuthorityImpl) NewAuthorization ¶
func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (authz core.Authorization, err error)
NewAuthorization constructs a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.
func (*RegistrationAuthorityImpl) NewCertificate ¶
func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64) (cert core.Certificate, err error)
NewCertificate requests the issuance of a certificate.
func (*RegistrationAuthorityImpl) NewRegistration ¶
func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (reg core.Registration, err error)
NewRegistration constructs a new Registration from a request.
func (*RegistrationAuthorityImpl) RevokeCertificateWithReg ¶
func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, regID int64) (err error)
RevokeCertificateWithReg terminates trust in the certificate provided.
func (*RegistrationAuthorityImpl) SetRateLimitPoliciesFile ¶
func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error
func (*RegistrationAuthorityImpl) UpdateAuthorization ¶
func (ra *RegistrationAuthorityImpl) UpdateAuthorization(ctx context.Context, base core.Authorization, challengeIndex int, response core.Challenge) (authz core.Authorization, err error)
UpdateAuthorization updates an authorization with new values.
func (*RegistrationAuthorityImpl) UpdateRegistration ¶
func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)
UpdateRegistration updates an existing Registration with new values.