Documentation
¶
Index ¶
- Constants
- Variables
- type CAASet
- type RemoteVA
- type SafeBrowsing
- type SafeBrowsingV4
- type ValidationAuthorityImpl
- func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)
- func (va *ValidationAuthorityImpl) IsSafeDomain(ctx context.Context, req *vaPB.IsSafeDomainRequest) (*vaPB.IsDomainSafe, error)
- func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, ...) ([]core.ValidationRecord, error)
Constants ¶
const ( // ALPN protocol ID for TLS-ALPN-01 challenge // https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2 ACMETLS1Protocol = "acme-tls/1" )
Variables ¶
var IdPeAcmeIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-04#section-5.1 id-pe OID + 31 (acmeIdentifier)
var IdPeAcmeIdentifierV1Obsolete = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 30, 1}
NOTE: unfortunately another document claimed the OID we were using in draft-ietf-acme-tls-alpn-01 for their own extension and IANA chose to assign it early. Because of this we had to increment the id-pe-acmeIdentifier OID. Since there are in the wild implementations that use the original OID we still need to support it until everyone is switched over to the new one. As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.1 id-pe OID + 30 (acmeIdentifier) + 1 (v1)
Functions ¶
This section is empty.
Types ¶
type RemoteVA ¶
type RemoteVA struct {
core.ValidationAuthority
Addresses string
}
RemoteVA wraps the core.ValidationAuthority interface and adds a field containing the addresses of the remote gRPC server since the interface (and the underlying gRPC client) doesn't provide a way to extract this metadata which is useful for debugging gRPC connection issues.
type SafeBrowsing ¶
type SafeBrowsing interface {
// IsListed returns a non-empty string if the domain was bad. Specifically,
// it is which Google Safe Browsing list the domain was found on.
IsListed(ctx context.Context, url string) (list string, err error)
}
SafeBrowsing is an interface for a third-party safe browsing API client.
type SafeBrowsingV4 ¶
type SafeBrowsingV4 interface {
LookupURLsContext(ctx context.Context, urls []string) (threats [][]safebrowsingv4.URLThreat, err error)
}
SafeBrowsingV4 is an interface around the functions from Google safebrowsing's v4 API's *SafeBrowser type that we use. Using this interface allows mocking for tests
type ValidationAuthorityImpl ¶
type ValidationAuthorityImpl struct {
// contains filtered or unexported fields
}
ValidationAuthorityImpl represents a VA
func NewValidationAuthorityImpl ¶
func NewValidationAuthorityImpl( pc *cmd.PortConfig, sbc SafeBrowsing, resolver bdns.DNSClient, remoteVAs []RemoteVA, maxRemoteFailures int, userAgent string, issuerDomain string, stats metrics.Scope, clk clock.Clock, logger blog.Logger, accountURIPrefixes []string, ) (*ValidationAuthorityImpl, error)
NewValidationAuthorityImpl constructs a new VA
func (*ValidationAuthorityImpl) IsCAAValid ¶
func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)
func (*ValidationAuthorityImpl) IsSafeDomain ¶
func (va *ValidationAuthorityImpl) IsSafeDomain(ctx context.Context, req *vaPB.IsSafeDomainRequest) (*vaPB.IsDomainSafe, error)
IsSafeDomain returns true if the domain given is determined to be safe by a third-party safe browsing API. It's meant be called by the RA before pending authorization creation. If no third-party client was provided, it fails open and increments a Skips metric.
func (*ValidationAuthorityImpl) PerformValidation ¶
func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, domain string, challenge core.Challenge, authz core.Authorization) ([]core.ValidationRecord, error)
PerformValidation validates the given challenge. It always returns a list of validation records, even when it also returns an error.
Source Files
Directories