Version: v0.0.0-...-98addd5 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 30, 2017 License: MPL-2.0 Imports: 30 Imported by: 0




This section is empty.


This section is empty.


This section is empty.


type RegistrationAuthorityImpl

type RegistrationAuthorityImpl struct {
	CA core.CertificateAuthority
	VA core.ValidationAuthority
	SA core.StorageAuthority
	PA core.PolicyAuthority

	DNSResolver bdns.DNSResolver
	// contains filtered or unexported fields

RegistrationAuthorityImpl defines an RA.

NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.

func NewRegistrationAuthorityImpl

func NewRegistrationAuthorityImpl(
	clk clock.Clock,
	logger blog.Logger,
	stats metrics.Scope,
	maxContactsPerReg int,
	keyPolicy goodkey.KeyPolicy,
	maxNames int,
	forceCNFromSAN bool,
	reuseValidAuthz bool,
	authorizationLifetime time.Duration,
	pendingAuthorizationLifetime time.Duration,
	pubc core.Publisher,
) *RegistrationAuthorityImpl

NewRegistrationAuthorityImpl constructs a new RA object.

func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate

func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, user string) error

AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.

func (*RegistrationAuthorityImpl) DeactivateAuthorization

func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error

DeactivateAuthorization deactivates a currently valid authorization

func (*RegistrationAuthorityImpl) DeactivateRegistration

func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error

DeactivateRegistration deactivates a valid registration

func (*RegistrationAuthorityImpl) MatchesCSR

func (ra *RegistrationAuthorityImpl) MatchesCSR(cert core.Certificate, csr *x509.CertificateRequest) (err error)

MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:

* notBefore is not more than 24 hours ago
* BasicConstraintsValid is true
* IsCA is false
* ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
* Subject only contains CommonName & Names

func (*RegistrationAuthorityImpl) NewAuthorization

func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (authz core.Authorization, err error)

NewAuthorization constructs a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.

func (*RegistrationAuthorityImpl) NewCertificate

func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64) (cert core.Certificate, err error)

NewCertificate requests the issuance of a certificate.

func (*RegistrationAuthorityImpl) NewRegistration

func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (reg core.Registration, err error)

NewRegistration constructs a new Registration from a request.

func (*RegistrationAuthorityImpl) RevokeCertificateWithReg

func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, regID int64) (err error)

RevokeCertificateWithReg terminates trust in the certificate provided.

func (*RegistrationAuthorityImpl) SetRateLimitPoliciesFile

func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error

func (*RegistrationAuthorityImpl) UpdateAuthorization

func (ra *RegistrationAuthorityImpl) UpdateAuthorization(ctx context.Context, base core.Authorization, challengeIndex int, response core.Challenge) (authz core.Authorization, err error)

UpdateAuthorization updates an authorization with new values.

func (*RegistrationAuthorityImpl) UpdateIssuedCountForever

func (ra *RegistrationAuthorityImpl) UpdateIssuedCountForever() error

Run this to continually update the totalIssuedCount field of this RA by calling out to the SA. It will run one update before returning, and return an error if that update failed.

func (*RegistrationAuthorityImpl) UpdateRegistration

func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)

UpdateRegistration updates an existing Registration with new values. Caller is responsible for making sure that update.Key is only different from base.Key if it is being called from the WFE key change endpoint.

Source Files


Path Synopsis
Package proto is a generated protocol buffer package.
Package proto is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL