Package ca

import "github.com/letsencrypt/boulder/ca"

Overview ▹

Overview ▾

Index ▹

Index ▾

func NewCRLImpl(issuers []*issuance.Issuer, lifetime time.Duration, idpBase string, maxLogLen int, logger blog.Logger) (*crlImpl, error)

func NewCertificateAuthorityImpl(sa sapb.StorageAuthorityCertificateClient, pa core.PolicyAuthority, boulderIssuers []*issuance.Issuer, ecdsaAllowList *ECDSAAllowList, certExpiry time.Duration, certBackdate time.Duration, serialPrefix int, maxNames int, keyPolicy goodkey.KeyPolicy, logger blog.Logger, stats prometheus.Registerer, signatureCount *prometheus.CounterVec, signErrorCount *prometheus.CounterVec, clk clock.Clock) (*certificateAuthorityImpl, error)

func NewOCSPImpl(issuers []*issuance.Issuer, ocspLifetime time.Duration, ocspLogMaxLength int, ocspLogPeriod time.Duration, logger blog.Logger, stats prometheus.Registerer, signatureCount *prometheus.CounterVec, signErrorCount *prometheus.CounterVec, clk clock.Clock) (*ocspImpl, error)

type ECDSAAllowList

func NewECDSAAllowListFromFile(filename string) (*ECDSAAllowList, int, error)

type OCSPGenerator

Package files

ca.go crl.go ecdsa_allow_list.go ocsp.go

func NewCRLImpl ¶

func NewCRLImpl(issuers []*issuance.Issuer, lifetime time.Duration, idpBase string, maxLogLen int, logger blog.Logger) (*crlImpl, error)

NewCRLImpl returns a new object which fulfils the ca.proto CRLGenerator interface. It uses the list of issuers to determine what issuers it can issue CRLs from. lifetime sets the validity period (inclusive) of the resulting CRLs. idpBase is the base URL from which IssuingDistributionPoint URIs will constructed; it must use the http:// scheme.

func NewCertificateAuthorityImpl ¶

func NewCertificateAuthorityImpl(
    sa sapb.StorageAuthorityCertificateClient,
    pa core.PolicyAuthority,
    boulderIssuers []*issuance.Issuer,
    ecdsaAllowList *ECDSAAllowList,
    certExpiry time.Duration,
    certBackdate time.Duration,
    serialPrefix int,
    maxNames int,
    keyPolicy goodkey.KeyPolicy,
    logger blog.Logger,
    stats prometheus.Registerer,
    signatureCount *prometheus.CounterVec,
    signErrorCount *prometheus.CounterVec,
    clk clock.Clock,
) (*certificateAuthorityImpl, error)

NewCertificateAuthorityImpl creates a CA instance that can sign certificates from any number of issuance.Issuers according to their profiles, and can sign OCSP (via delegation to an ocspImpl and its issuers).

func NewOCSPImpl ¶

func NewOCSPImpl(
    issuers []*issuance.Issuer,
    ocspLifetime time.Duration,
    ocspLogMaxLength int,
    ocspLogPeriod time.Duration,
    logger blog.Logger,
    stats prometheus.Registerer,
    signatureCount *prometheus.CounterVec,
    signErrorCount *prometheus.CounterVec,
    clk clock.Clock,
) (*ocspImpl, error)

type ECDSAAllowList ¶

ECDSAAllowList acts as a container for a map of Registration IDs.

type ECDSAAllowList struct {
    // contains filtered or unexported fields
}

func NewECDSAAllowListFromFile ¶

func NewECDSAAllowListFromFile(filename string) (*ECDSAAllowList, int, error)

NewECDSAAllowListFromFile is exported to allow `boulder-ca` to construct a new `ECDSAAllowList` object. It returns the ECDSAAllowList, the size of allow list after attempting to load it (for CA logging purposes so inner fields don't need to be exported), or an error.

type OCSPGenerator ¶

OCSPGenerator is an interface which exposes both the auto-generated gRPC methods and our special-purpose log queue start and stop methods, so that they can be called from main without exporting the ocspImpl type.

type OCSPGenerator interface {
    capb.OCSPGeneratorServer
    LogOCSPLoop()
    Stop()
}

Subdirectories

Name	Synopsis
..
proto