ca

package

v0.0.0-...-0cb28c9 Latest Latest Go to latest Published: Aug 7, 2018 License: MPL-2.0 Imports: 34 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/weppos/boulder

Links

Open Source Insights

Documentation ¶

Index ¶

type CertificateAuthorityImpl
- func NewCertificateAuthorityImpl(config ca_config.CAConfig, sa certificateStorage, pa core.PolicyAuthority, ...) (*CertificateAuthorityImpl, error)
type Issuer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertificateAuthorityImpl ¶

type CertificateAuthorityImpl struct {
	// contains filtered or unexported fields
}

CertificateAuthorityImpl represents a CA that signs certificates, CRLs, and OCSP responses.

func NewCertificateAuthorityImpl ¶

func NewCertificateAuthorityImpl(
	config ca_config.CAConfig,
	sa certificateStorage,
	pa core.PolicyAuthority,
	clk clock.Clock,
	stats metrics.Scope,
	issuers []Issuer,
	keyPolicy goodkey.KeyPolicy,
	logger blog.Logger,
) (*CertificateAuthorityImpl, error)

NewCertificateAuthorityImpl creates a CA instance that can sign certificates from a single issuer (the first first in the issuers slice), and can sign OCSP for any of the issuer certificates provided.

func (*CertificateAuthorityImpl) GenerateOCSP ¶

func (ca *CertificateAuthorityImpl) GenerateOCSP(ctx context.Context, xferObj core.OCSPSigningRequest) ([]byte, error)

GenerateOCSP produces a new OCSP response and returns it

func (*CertificateAuthorityImpl) IssueCertificate ¶

func (ca *CertificateAuthorityImpl) IssueCertificate(ctx context.Context, issueReq *caPB.IssueCertificateRequest) (core.Certificate, error)

IssueCertificate attempts to convert a CSR into a signed Certificate, while enforcing all policies. Names (domains) in the CertificateRequest will be lowercased before storage. Currently it will always sign with the defaultIssuer.

func (*CertificateAuthorityImpl) IssueCertificateForPrecertificate ¶

func (ca *CertificateAuthorityImpl) IssueCertificateForPrecertificate(ctx context.Context, req *caPB.IssueCertificateForPrecertificateRequest) (core.Certificate, error)

IssueCertificateForPrecertificate takes a precertificate and a set of SCTs for that precertificate and uses the signer to create and sign a certificate from them. The poison extension is removed and a SCT list extension is inserted in its place. Except for this and the signature the certificate exactly matches the precertificate. After the certificate is signed a OCSP response is generated and the response and certificate are stored in the database.

func (*CertificateAuthorityImpl) IssuePrecertificate ¶

func (ca *CertificateAuthorityImpl) IssuePrecertificate(ctx context.Context, issueReq *caPB.IssueCertificateRequest) (*caPB.IssuePrecertificateResponse, error)

type Issuer ¶

type Issuer struct {
	Signer crypto.Signer
	Cert   *x509.Certificate
}

Issuer represents a single issuer certificate, along with its key.

Source Files ¶

View all Source files

ca.go

Directories ¶

Path	Synopsis
config
proto Package proto is a generated protocol buffer package.	Package proto is a generated protocol buffer package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL