Documentation ¶
Index ¶
- func NewCRLImpl(issuers []*issuance.Issuer, profileConfig issuance.CRLProfileConfig, ...) (*crlImpl, error)
- func NewCertificateAuthorityImpl(sa sapb.StorageAuthorityCertificateClient, pa core.PolicyAuthority, ...) (*certificateAuthorityImpl, error)
- func NewOCSPImpl(issuers []*issuance.Issuer, ocspLifetime time.Duration, ocspLogMaxLength int, ...) (*ocspImpl, error)
- type ECDSAAllowList
- type OCSPGenerator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCRLImpl ¶
func NewCRLImpl( issuers []*issuance.Issuer, profileConfig issuance.CRLProfileConfig, maxLogLen int, logger blog.Logger) (*crlImpl, error)
NewCRLImpl returns a new object which fulfils the ca.proto CRLGenerator interface. It uses the list of issuers to determine what issuers it can issue CRLs from. lifetime sets the validity period (inclusive) of the resulting CRLs.
func NewCertificateAuthorityImpl ¶
func NewCertificateAuthorityImpl( sa sapb.StorageAuthorityCertificateClient, pa core.PolicyAuthority, boulderIssuers []*issuance.Issuer, defaultCertProfileName string, certificateProfiles map[string]issuance.ProfileConfig, lints lint.Registry, ecdsaAllowList *ECDSAAllowList, certExpiry time.Duration, certBackdate time.Duration, serialPrefix int, maxNames int, keyPolicy goodkey.KeyPolicy, logger blog.Logger, stats prometheus.Registerer, signatureCount *prometheus.CounterVec, signErrorCount *prometheus.CounterVec, clk clock.Clock, ) (*certificateAuthorityImpl, error)
NewCertificateAuthorityImpl creates a CA instance that can sign certificates from any number of issuance.Issuers according to their profiles, and can sign OCSP (via delegation to an ocspImpl and its issuers).
func NewOCSPImpl ¶
func NewOCSPImpl( issuers []*issuance.Issuer, ocspLifetime time.Duration, ocspLogMaxLength int, ocspLogPeriod time.Duration, logger blog.Logger, stats prometheus.Registerer, signatureCount *prometheus.CounterVec, signErrorCount *prometheus.CounterVec, clk clock.Clock, ) (*ocspImpl, error)
Types ¶
type ECDSAAllowList ¶
type ECDSAAllowList struct {
// contains filtered or unexported fields
}
ECDSAAllowList acts as a container for a map of Registration IDs.
func NewECDSAAllowListFromFile ¶
func NewECDSAAllowListFromFile(filename string) (*ECDSAAllowList, int, error)
NewECDSAAllowListFromFile is exported to allow `boulder-ca` to construct a new `ECDSAAllowList` object. It returns the ECDSAAllowList, the size of allow list after attempting to load it (for CA logging purposes so inner fields don't need to be exported), or an error.
type OCSPGenerator ¶
type OCSPGenerator interface { capb.OCSPGeneratorServer LogOCSPLoop() Stop() }
OCSPGenerator is an interface which exposes both the auto-generated gRPC methods and our special-purpose log queue start and stop methods, so that they can be called from main without exporting the ocspImpl type.