Version: v0.0.0-...-98addd5 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 30, 2017 License: MPL-2.0 Imports: 27 Imported by: 0




View Source
const (
	AmqpExchange     = "boulder"
	AmqpExchangeType = "topic"
	AmqpInternal     = false
	AmqpDurable      = false
	AmqpDeleteUnused = false
	AmqpExclusive    = false
	AmqpNoWait       = false
	AmqpNoLocal      = false
	AmqpAutoAck      = true
	AmqpMandatory    = false
	AmqpImmediate    = false

XXX: I *think* these constants are appropriate. We will probably want to tweak these in the future.

View Source
const (
	MethodNewRegistration                   = "NewRegistration"                   // RA, SA
	MethodNewAuthorization                  = "NewAuthorization"                  // RA
	MethodNewCertificate                    = "NewCertificate"                    // RA
	MethodUpdateRegistration                = "UpdateRegistration"                // RA, SA
	MethodUpdateAuthorization               = "UpdateAuthorization"               // RA
	MethodRevokeCertificateWithReg          = "RevokeCertificateWithReg"          // RA
	MethodAdministrativelyRevokeCertificate = "AdministrativelyRevokeCertificate" // RA
	MethodPerformValidation                 = "PerformValidation"                 // VA
	MethodIsSafeDomain                      = "IsSafeDomain"                      // VA
	MethodIssueCertificate                  = "IssueCertificate"                  // CA
	MethodGenerateOCSP                      = "GenerateOCSP"                      // CA
	MethodGetRegistration                   = "GetRegistration"                   // SA
	MethodGetRegistrationByKey              = "GetRegistrationByKey"              // RA, SA
	MethodGetAuthorization                  = "GetAuthorization"                  // SA
	MethodGetValidAuthorizations            = "GetValidAuthorizations"            // SA
	MethodGetCertificate                    = "GetCertificate"                    // SA
	MethodGetCertificateStatus              = "GetCertificateStatus"              // SA
	MethodMarkCertificateRevoked            = "MarkCertificateRevoked"            // SA
	MethodNewPendingAuthorization           = "NewPendingAuthorization"           // SA
	MethodUpdatePendingAuthorization        = "UpdatePendingAuthorization"        // SA
	MethodFinalizeAuthorization             = "FinalizeAuthorization"             // SA
	MethodAddCertificate                    = "AddCertificate"                    // SA
	MethodCountCertificatesRange            = "CountCertificatesRange"            // SA
	MethodCountCertificatesByNames          = "CountCertificatesByNames"          // SA
	MethodCountRegistrationsByIP            = "CountRegistrationsByIP"            // SA
	MethodCountPendingAuthorizations        = "CountPendingAuthorizations"        // SA
	MethodGetSCTReceipt                     = "GetSCTReceipt"                     // SA
	MethodAddSCTReceipt                     = "AddSCTReceipt"                     // SA
	MethodSubmitToCT                        = "SubmitToCT"                        // Pub
	MethodRevokeAuthorizationsByDomain      = "RevokeAuthorizationsByDomain"      // SA
	MethodCountFQDNSets                     = "CountFQDNSets"                     // SA
	MethodFQDNSetExists                     = "FQDNSetExists"                     // SA
	MethodDeactivateAuthorizationSA         = "DeactivateAuthorizationSA"         // SA
	MethodDeactivateAuthorization           = "DeactivateAuthorization"           // RA
	MethodDeactivateRegistrationSA          = "DeactivateRegistrationSA"          // SA
	MethodDeactivateRegistration            = "DeactivateRegistration"            // RA

These strings are used by the RPC layer to identify function points.


This section is empty.


func NewCertificateAuthorityServer

func NewCertificateAuthorityServer(rpc Server, impl core.CertificateAuthority) (err error)

NewCertificateAuthorityServer constructs an RPC server

CertificateAuthorityClient / Server

-> IssueCertificate

func NewPublisherServer

func NewPublisherServer(rpc Server, impl core.Publisher) (err error)

NewPublisherServer creates a new server that wraps a CT publisher

func NewRegistrationAuthorityServer

func NewRegistrationAuthorityServer(rpc Server, impl core.RegistrationAuthority, log blog.Logger) error

NewRegistrationAuthorityServer constructs an RPC server

func NewStorageAuthorityServer

func NewStorageAuthorityServer(rpc Server, impl core.StorageAuthority) error

NewStorageAuthorityServer constructs an RPC server

func NewValidationAuthorityServer

func NewValidationAuthorityServer(rpc Server, impl core.ValidationAuthority) (err error)

NewValidationAuthorityServer constructs an RPC server

ValidationAuthorityClient / Server


type AmqpRPCCLient

type AmqpRPCCLient struct {
	// contains filtered or unexported fields

AmqpRPCCLient is an AMQP-RPC client that sends requests to a specific server queue, and uses a dedicated response queue for responses.

To implement specific functionality, using code uses the DispatchSync() method to send a method name and body, and get back a response. So you end up with wrapper methods of the form:


request = /* serialize request to []byte */
response = AmqpRPCCLient.Dispatch(method, request)
return /* deserialized response */


DispatchSync will manage the channel for you, and also enforce a timeout on the transaction.

func NewAmqpRPCClient

func NewAmqpRPCClient(
	clientQueuePrefix string,
	amqpConf *cmd.AMQPConfig,
	rpcConf *cmd.RPCServerConfig,
	stats metrics.Scope,
) (rpc *AmqpRPCCLient, err error)

NewAmqpRPCClient constructs an RPC client using AMQP

func (*AmqpRPCCLient) DispatchSync

func (rpc *AmqpRPCCLient) DispatchSync(method string, body []byte) (response []byte, err error)

DispatchSync sends a body to the destination, and blocks waiting on a response.

type AmqpRPCServer

type AmqpRPCServer struct {
	// contains filtered or unexported fields

AmqpRPCServer listens on a specified queue within an AMQP channel. When messages arrive on that queue, it dispatches them based on type, and returns the response to the ReplyTo queue.

To implement specific functionality, using code should use the Handle method to add specific actions.

func NewAmqpRPCServer

func NewAmqpRPCServer(
	amqpConf *cmd.AMQPConfig,
	maxConcurrentRPCServerRequests int64,
	stats metrics.Scope,
	log blog.Logger,
) (*AmqpRPCServer, error)

NewAmqpRPCServer creates a new RPC server for the given queue and will begin consuming requests from the queue. To start the server you must call Start().

func (*AmqpRPCServer) Handle

func (rpc *AmqpRPCServer) Handle(method string, handler messageHandler)

Handle registers a function to handle a particular method.

func (*AmqpRPCServer) Start

func (rpc *AmqpRPCServer) Start(c *cmd.AMQPConfig) error

Start starts the AMQP-RPC server and handles reconnections, this will block until a fatal error is returned or AmqpRPCServer.Stop() is called and all remaining messages are processed.

func (*AmqpRPCServer) Stop

func (rpc *AmqpRPCServer) Stop()

Stop gracefully stops the AmqpRPCServer, after calling AmqpRPCServer.Start will continue blocking until it has processed any messages that have already been retrieved.

type CertificateAuthorityClient

type CertificateAuthorityClient struct {
	// contains filtered or unexported fields

CertificateAuthorityClient is a client to communicate with the CA.

func NewCertificateAuthorityClient

func NewCertificateAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*CertificateAuthorityClient, error)

NewCertificateAuthorityClient constructs an RPC client

func (CertificateAuthorityClient) GenerateOCSP

func (cac CertificateAuthorityClient) GenerateOCSP(ctx context.Context, signRequest core.OCSPSigningRequest) (resp []byte, err error)

GenerateOCSP sends a request to generate an OCSP response

func (CertificateAuthorityClient) IssueCertificate

func (cac CertificateAuthorityClient) IssueCertificate(ctx context.Context, csr x509.CertificateRequest, regID int64) (cert core.Certificate, err error)

IssueCertificate sends a request to issue a certificate

type Client

type Client interface {
	DispatchSync(string, []byte) ([]byte, error)

Client describes the functions an RPC Client performs

type DeliveryHandler

type DeliveryHandler func(amqp.Delivery)

DeliveryHandler is a function that will process an amqp.DeliveryHandler

type PublisherClient

type PublisherClient struct {
	// contains filtered or unexported fields

PublisherClient is a client to communicate with the Publisher Authority

func NewPublisherClient

func NewPublisherClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*PublisherClient, error)

NewPublisherClient constructs an RPC client

func (PublisherClient) SubmitToCT

func (pub PublisherClient) SubmitToCT(ctx context.Context, der []byte) (err error)

SubmitToCT sends a request to submit a certificate to CT logs

func (PublisherClient) SubmitToSingleCT

func (pub PublisherClient) SubmitToSingleCT(ctx context.Context, logURL, logPublicKey string, der []byte) (err error)

The only consumer of the publisher service's `SubmitToSingleCT` func is the `ocsp-updater`. Since it will *only* use gRPC to communicate with the Publisher we *do not* implement `SubmitToSingleCT` for AQMP. This method is here only to satisfy the publisher interface

type RegistrationAuthorityClient

type RegistrationAuthorityClient struct {
	// contains filtered or unexported fields

RegistrationAuthorityClient represents an RA RPC client

func NewRegistrationAuthorityClient

func NewRegistrationAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*RegistrationAuthorityClient, error)

NewRegistrationAuthorityClient constructs an RPC client

func (RegistrationAuthorityClient) AdministrativelyRevokeCertificate

func (rac RegistrationAuthorityClient) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, reason revocation.Reason, user string) (err error)

AdministrativelyRevokeCertificate sends a Revoke Certificate request initiated by the admin-revoker

func (RegistrationAuthorityClient) DeactivateAuthorization

func (rac RegistrationAuthorityClient) DeactivateAuthorization(ctx context.Context, authz core.Authorization) error

DeactivateAuthorization deactivates a currently valid or pending authorization

func (RegistrationAuthorityClient) DeactivateRegistration

func (rac RegistrationAuthorityClient) DeactivateRegistration(ctx context.Context, reg core.Registration) error

DeactivateRegistration deactivates a currently valid registration

func (RegistrationAuthorityClient) NewAuthorization

func (rac RegistrationAuthorityClient) NewAuthorization(ctx context.Context, authz core.Authorization, regID int64) (newAuthz core.Authorization, err error)

NewAuthorization sends a New Authorization request

func (RegistrationAuthorityClient) NewCertificate

func (rac RegistrationAuthorityClient) NewCertificate(ctx context.Context, cr core.CertificateRequest, regID int64) (cert core.Certificate, err error)

NewCertificate sends a New Certificate request

func (RegistrationAuthorityClient) NewRegistration

func (rac RegistrationAuthorityClient) NewRegistration(ctx context.Context, reg core.Registration) (newReg core.Registration, err error)

NewRegistration sends a New Registration request

func (RegistrationAuthorityClient) RevokeCertificateWithReg

func (rac RegistrationAuthorityClient) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, reason revocation.Reason, regID int64) (err error)

RevokeCertificateWithReg sends a Revoke Certificate request initiated by the WFE

func (RegistrationAuthorityClient) UpdateAuthorization

func (rac RegistrationAuthorityClient) UpdateAuthorization(ctx context.Context, authz core.Authorization, index int, response core.Challenge) (newAuthz core.Authorization, err error)

UpdateAuthorization sends an Update Authorization request

func (RegistrationAuthorityClient) UpdateRegistration

func (rac RegistrationAuthorityClient) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (newReg core.Registration, err error)

UpdateRegistration sends an Update Registration request

type Server

type Server interface {
	Handle(string, messageHandler)

Server describes the functions an RPC Server performs

type StorageAuthorityClient

type StorageAuthorityClient struct {
	// contains filtered or unexported fields

StorageAuthorityClient is a client to communicate with the Storage Authority

func NewStorageAuthorityClient

func NewStorageAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*StorageAuthorityClient, error)

NewStorageAuthorityClient constructs an RPC client

func (StorageAuthorityClient) AddCertificate

func (cac StorageAuthorityClient) AddCertificate(ctx context.Context, cert []byte, regID int64) (id string, err error)

AddCertificate sends a request to record the issuance of a certificate

func (StorageAuthorityClient) AddSCTReceipt

func (cac StorageAuthorityClient) AddSCTReceipt(ctx context.Context, sct core.SignedCertificateTimestamp) (err error)

AddSCTReceipt adds a new SCT to the database.

func (StorageAuthorityClient) CountCertificatesByNames

func (cac StorageAuthorityClient) CountCertificatesByNames(ctx context.Context, names []string, earliest, latest time.Time) (counts map[string]int, err error)

CountCertificatesByNames calls CountCertificatesRange on the remote StorageAuthority.

func (StorageAuthorityClient) CountCertificatesRange

func (cac StorageAuthorityClient) CountCertificatesRange(ctx context.Context, start, end time.Time) (count int64, err error)

CountCertificatesRange sends a request to count the number of certificates issued in a certain time range

func (StorageAuthorityClient) CountFQDNSets

func (cac StorageAuthorityClient) CountFQDNSets(ctx context.Context, window time.Duration, names []string) (int64, error)

CountFQDNSets returns the number of currently valid sets with hash |setHash|

func (StorageAuthorityClient) CountPendingAuthorizations

func (cac StorageAuthorityClient) CountPendingAuthorizations(ctx context.Context, regID int64) (count int, err error)

CountPendingAuthorizations calls CountPendingAuthorizations on the remote StorageAuthority.

func (StorageAuthorityClient) CountRegistrationsByIP

func (cac StorageAuthorityClient) CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest, latest time.Time) (count int, err error)

CountRegistrationsByIP calls CountRegistrationsByIP on the remote StorageAuthority.

func (StorageAuthorityClient) DeactivateAuthorization

func (cac StorageAuthorityClient) DeactivateAuthorization(ctx context.Context, id string) error

DeactivateAuthorization deactivates a currently valid or pending authorization

func (StorageAuthorityClient) DeactivateRegistration

func (cac StorageAuthorityClient) DeactivateRegistration(ctx context.Context, id int64) error

DeactivateRegistration deactivates a currently valid registration

func (StorageAuthorityClient) FQDNSetExists

func (cac StorageAuthorityClient) FQDNSetExists(ctx context.Context, names []string) (bool, error)

FQDNSetExists returns a bool indicating whether the FQDN set |name| exists in the database

func (StorageAuthorityClient) FinalizeAuthorization

func (cac StorageAuthorityClient) FinalizeAuthorization(ctx context.Context, authz core.Authorization) (err error)

FinalizeAuthorization sends a request to finalize an authorization (convert from pending)

func (StorageAuthorityClient) GetAuthorization

func (cac StorageAuthorityClient) GetAuthorization(ctx context.Context, id string) (authz core.Authorization, err error)

GetAuthorization sends a request to get an Authorization by ID

func (StorageAuthorityClient) GetCertificate

func (cac StorageAuthorityClient) GetCertificate(ctx context.Context, id string) (cert core.Certificate, err error)

GetCertificate sends a request to get a Certificate by ID

func (StorageAuthorityClient) GetCertificateStatus

func (cac StorageAuthorityClient) GetCertificateStatus(ctx context.Context, id string) (status core.CertificateStatus, err error)

GetCertificateStatus sends a request to obtain the current status of a certificate by ID

func (StorageAuthorityClient) GetRegistration

func (cac StorageAuthorityClient) GetRegistration(ctx context.Context, id int64) (reg core.Registration, err error)

GetRegistration sends a request to get a registration by ID

func (StorageAuthorityClient) GetRegistrationByKey

func (cac StorageAuthorityClient) GetRegistrationByKey(ctx context.Context, key *jose.JsonWebKey) (reg core.Registration, err error)

GetRegistrationByKey sends a request to get a registration by JWK

func (StorageAuthorityClient) GetSCTReceipt

func (cac StorageAuthorityClient) GetSCTReceipt(ctx context.Context, serial string, logID string) (receipt core.SignedCertificateTimestamp, err error)

GetSCTReceipt retrieves an SCT according to the serial number of a certificate and the logID of the log to which it was submitted.

func (StorageAuthorityClient) GetValidAuthorizations

func (cac StorageAuthorityClient) GetValidAuthorizations(ctx context.Context, registrationID int64, names []string, now time.Time) (auths map[string]*core.Authorization, err error)

GetValidAuthorizations sends a request to get a batch of Authorizations by RegID and dnsName. The current time is also included in the request to assist filtering.

func (StorageAuthorityClient) MarkCertificateRevoked

func (cac StorageAuthorityClient) MarkCertificateRevoked(ctx context.Context, serial string, reasonCode revocation.Reason) (err error)

MarkCertificateRevoked sends a request to mark a certificate as revoked

func (StorageAuthorityClient) NewPendingAuthorization

func (cac StorageAuthorityClient) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (output core.Authorization, err error)

NewPendingAuthorization sends a request to store a pending authorization

func (StorageAuthorityClient) NewRegistration

func (cac StorageAuthorityClient) NewRegistration(ctx context.Context, reg core.Registration) (output core.Registration, err error)

NewRegistration sends a request to store a new registration

func (StorageAuthorityClient) RevokeAuthorizationsByDomain

func (cac StorageAuthorityClient) RevokeAuthorizationsByDomain(ctx context.Context, ident core.AcmeIdentifier) (aRevoked int64, paRevoked int64, err error)

RevokeAuthorizationsByDomain sends a request to revoke all pending or finalized authorizations for a single domain

func (StorageAuthorityClient) UpdatePendingAuthorization

func (cac StorageAuthorityClient) UpdatePendingAuthorization(ctx context.Context, authz core.Authorization) (err error)

UpdatePendingAuthorization sends a request to update the data in a pending authorization

func (StorageAuthorityClient) UpdateRegistration

func (cac StorageAuthorityClient) UpdateRegistration(ctx context.Context, reg core.Registration) (err error)

UpdateRegistration sends a request to store an updated registration

type ValidationAuthorityClient

type ValidationAuthorityClient struct {
	// contains filtered or unexported fields

ValidationAuthorityClient represents an RPC client for the VA

func NewValidationAuthorityClient

func NewValidationAuthorityClient(clientName string, amqpConf *cmd.AMQPConfig, stats metrics.Scope) (*ValidationAuthorityClient, error)

NewValidationAuthorityClient constructs an RPC client

func (ValidationAuthorityClient) IsSafeDomain

func (vac ValidationAuthorityClient) IsSafeDomain(ctx context.Context, req *vaPB.IsSafeDomainRequest) (resp *vaPB.IsDomainSafe, err error)

IsSafeDomain returns true if the domain given is determined to be safe by an third-party safe browsing API.

func (ValidationAuthorityClient) PerformValidation

func (vac ValidationAuthorityClient) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, authz core.Authorization) ([]core.ValidationRecord, error)

PerformValidation has the VA revalidate the specified challenge and returns the updated Challenge object.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL