const (
// ALPN protocol ID for TLS-ALPN-01 challenge
// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2
ACMETLS1Protocol = "acme-tls/1"
)
var (
// As defined in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-04#section-5.1
// id-pe OID + 31 (acmeIdentifier)
IdPeAcmeIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
// OID for the Subject Alternative Name extension, as defined in
// https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6
IdCeSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
)
RemoteVA wraps the vapb.VAClient interface and adds a field containing the address of the remote gRPC server since the underlying gRPC client doesn't provide a way to extract this metadata which is useful for debugging gRPC connection issues.
type RemoteVA struct {
vapb.VAClient
Address string
}
ValidationAuthorityImpl represents a VA
type ValidationAuthorityImpl struct {
vapb.UnimplementedVAServer
vapb.UnimplementedCAAServer
// contains filtered or unexported fields
}
func NewValidationAuthorityImpl(
resolver bdns.Client,
remoteVAs []RemoteVA,
maxRemoteFailures int,
userAgent string,
issuerDomain string,
stats prometheus.Registerer,
clk clock.Clock,
logger blog.Logger,
accountURIPrefixes []string,
) (*ValidationAuthorityImpl, error)
NewValidationAuthorityImpl constructs a new VA
func (va *ValidationAuthorityImpl) IsCAAValid(ctx context.Context, req *vapb.IsCAAValidRequest) (*vapb.IsCAAValidResponse, error)
func (va *ValidationAuthorityImpl) PerformValidation(ctx context.Context, req *vapb.PerformValidationRequest) (*vapb.ValidationResult, error)
PerformValidation validates the challenge for the domain in the request. The returned result will always contain a list of validation records, even when it also contains a problem.