Back to

package ra

v0.0.0 (71df093)
Latest Go to latest
Published: 1 day ago | License: MPL-2.0 | Module:


type RegistrationAuthorityImpl

type RegistrationAuthorityImpl struct {
	CA core.CertificateAuthority
	VA core.ValidationAuthority
	SA core.StorageAuthority
	PA core.PolicyAuthority
	// contains filtered or unexported fields

RegistrationAuthorityImpl defines an RA.

NOTE: All of the fields in RegistrationAuthorityImpl need to be populated, or there is a risk of panic.

func NewRegistrationAuthorityImpl

func NewRegistrationAuthorityImpl(
	clk clock.Clock,
	logger blog.Logger,
	stats prometheus.Registerer,
	maxContactsPerReg int,
	keyPolicy goodkey.KeyPolicy,
	maxNames int,
	forceCNFromSAN bool,
	reuseValidAuthz bool,
	authorizationLifetime time.Duration,
	pendingAuthorizationLifetime time.Duration,
	pubc core.Publisher,
	caaClient caaChecker,
	orderLifetime time.Duration,
	ctp *ctpolicy.CTPolicy,
	purger akamaipb.AkamaiPurgerClient,
	issuer *x509.Certificate,
) *RegistrationAuthorityImpl

NewRegistrationAuthorityImpl constructs a new RA object.

func (*RegistrationAuthorityImpl) AdministrativelyRevokeCertificate

func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, user string) error

AdministrativelyRevokeCertificate terminates trust in the certificate provided and does not require the registration ID of the requester since this method is only called from the admin-revoker tool.

func (*RegistrationAuthorityImpl) DeactivateAuthorization

func (ra *RegistrationAuthorityImpl) DeactivateAuthorization(ctx context.Context, auth core.Authorization) error

DeactivateAuthorization deactivates a currently valid authorization

func (*RegistrationAuthorityImpl) DeactivateRegistration

func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg core.Registration) error

DeactivateRegistration deactivates a valid registration

func (*RegistrationAuthorityImpl) FinalizeOrder

func (ra *RegistrationAuthorityImpl) FinalizeOrder(ctx context.Context, req *rapb.FinalizeOrderRequest) (*corepb.Order, error)

FinalizeOrder accepts a request to finalize an order object and, if possible, issues a certificate to satisfy the order. If an order does not have valid, unexpired authorizations for all of its associated names an error is returned. Similarly we vet that all of the names in the order are acceptable based on current policy and return an error if the order can't be fulfilled. If successful the order will be returned in processing status for the client to poll while awaiting finalization to occur.

func (*RegistrationAuthorityImpl) MatchesCSR

func (ra *RegistrationAuthorityImpl) MatchesCSR(parsedCertificate *x509.Certificate, csr *x509.CertificateRequest) error

MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:

* notBefore is not more than 24 hours ago
* BasicConstraintsValid is true
* IsCA is false
* ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
* Subject only contains CommonName & Names

func (*RegistrationAuthorityImpl) NewAuthorization

func (ra *RegistrationAuthorityImpl) NewAuthorization(ctx context.Context, request core.Authorization, regID int64) (core.Authorization, error)

NewAuthorization constructs a new Authz from a request. Values (domains) in request.Identifier will be lowercased before storage.

func (*RegistrationAuthorityImpl) NewCertificate

func (ra *RegistrationAuthorityImpl) NewCertificate(ctx context.Context, req core.CertificateRequest, regID int64) (core.Certificate, error)

NewCertificate requests the issuance of a certificate.

func (*RegistrationAuthorityImpl) NewOrder

func (ra *RegistrationAuthorityImpl) NewOrder(ctx context.Context, req *rapb.NewOrderRequest) (*corepb.Order, error)

NewOrder creates a new order object

func (*RegistrationAuthorityImpl) NewRegistration

func (ra *RegistrationAuthorityImpl) NewRegistration(ctx context.Context, init core.Registration) (core.Registration, error)

NewRegistration constructs a new Registration from a request.

func (*RegistrationAuthorityImpl) PerformValidation

func (ra *RegistrationAuthorityImpl) PerformValidation(
	ctx context.Context,
	req *rapb.PerformValidationRequest) (*corepb.Authorization, error)

PerformValidation initiates validation for a specific challenge associated with the given base authorization. The authorization and challenge are updated based on the results.

func (*RegistrationAuthorityImpl) RevokeCertificateWithReg

func (ra *RegistrationAuthorityImpl) RevokeCertificateWithReg(ctx context.Context, cert x509.Certificate, revocationCode revocation.Reason, regID int64) error

RevokeCertificateWithReg terminates trust in the certificate provided.

func (*RegistrationAuthorityImpl) SetRateLimitPoliciesFile

func (ra *RegistrationAuthorityImpl) SetRateLimitPoliciesFile(filename string) error

func (*RegistrationAuthorityImpl) UpdateRegistration

func (ra *RegistrationAuthorityImpl) UpdateRegistration(ctx context.Context, base core.Registration, update core.Registration) (core.Registration, error)

UpdateRegistration updates an existing Registration with new values. Caller is responsible for making sure that update.Key is only different from base.Key if it is being called from the WFE key change endpoint.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
f or F : Jump to identifier