Source file src/github.com/letsencrypt/boulder/ca/ecdsa_allow_list.go

Documentation: github.com/letsencrypt/boulder/ca

     1  package ca
     2  
     3  import (
     4  	"os"
     5  
     6  	"github.com/letsencrypt/boulder/strictyaml"
     7  )
     8  
     9  // ECDSAAllowList acts as a container for a map of Registration IDs.
    10  type ECDSAAllowList struct {
    11  	regIDsMap map[int64]bool
    12  }
    13  
    14  // permitted checks if ECDSA issuance is permitted for the specified
    15  // Registration ID.
    16  func (e *ECDSAAllowList) permitted(regID int64) bool {
    17  	return e.regIDsMap[regID]
    18  }
    19  
    20  func makeRegIDsMap(regIDs []int64) map[int64]bool {
    21  	regIDsMap := make(map[int64]bool)
    22  	for _, regID := range regIDs {
    23  		regIDsMap[regID] = true
    24  	}
    25  	return regIDsMap
    26  }
    27  
    28  // NewECDSAAllowListFromFile is exported to allow `boulder-ca` to construct a
    29  // new `ECDSAAllowList` object. It returns the ECDSAAllowList, the size of allow
    30  // list after attempting to load it (for CA logging purposes so inner fields don't need to be exported), or an error.
    31  func NewECDSAAllowListFromFile(filename string) (*ECDSAAllowList, int, error) {
    32  	configBytes, err := os.ReadFile(filename)
    33  	if err != nil {
    34  		return nil, 0, err
    35  	}
    36  
    37  	var regIDs []int64
    38  	err = strictyaml.Unmarshal(configBytes, &regIDs)
    39  	if err != nil {
    40  		return nil, 0, err
    41  	}
    42  
    43  	allowList := &ECDSAAllowList{regIDsMap: makeRegIDsMap(regIDs)}
    44  	return allowList, len(allowList.regIDsMap), nil
    45  }
    46  

View as plain text