acme

package

v0.1.1 Latest Latest Go to latest Published: Dec 18, 2015 License: MIT Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/containous/lego

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetOCSPForCert(bundle []byte) ([]byte, int, error)
func GetPEMCertExpiration(cert []byte) (time.Time, error)
type CertificateResource
type Client
- func NewClient(caDirURL string, user User, keyBits int, optPort string) (*Client, error)
type Registration
type RegistrationResource
type RemoteError
- func (e RemoteError) Error() string
type TOSError
type User

Constants ¶

View Source

const (
	// OCSPGood means that the certificate is valid.
	OCSPGood = ocsp.Good
	// OCSPRevoked means that the certificate has been deliberately revoked.
	OCSPRevoked = ocsp.Revoked
	// OCSPUnknown means that the OCSP responder doesn't know about the certificate.
	OCSPUnknown = ocsp.Unknown
	// OCSPServerFailed means that the OCSP responder failed to process the request.
	OCSPServerFailed = ocsp.ServerFailed
)

Variables ¶

View Source

var Logger *log.Logger

Logger is an optional custom logger.

Functions ¶

func GetOCSPForCert ¶

func GetOCSPForCert(bundle []byte) ([]byte, int, error)

GetOCSPForCert takes a PEM encoded cert or cert bundle returning the raw OCSP response, the status code of the response and an error, if any. This []byte can be passed directly into the OCSPStaple property of a tls.Certificate. If the bundle only contains the issued certificate, this function will try to get the issuer certificate from the IssuingCertificateURL in the certificate.

func GetPEMCertExpiration ¶

func GetPEMCertExpiration(cert []byte) (time.Time, error)

GetPEMCertExpiration returns the "NotAfter" date of a PEM encoded certificate. The certificate has to be PEM encoded. Any other encodings like DER will fail.

Types ¶

type CertificateResource ¶

type CertificateResource struct {
	Domain        string `json:"domain"`
	CertURL       string `json:"certUrl"`
	CertStableURL string `json:"certStableUrl"`
	PrivateKey    []byte `json:"-"`
	Certificate   []byte `json:"-"`
}

CertificateResource represents a CA issued certificate. PrivateKey and Certificate are both already PEM encoded and can be directly written to disk. Certificate may be a certificate bundle, depending on the options supplied to create it.

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is the user-friendy way to ACME

func NewClient ¶

func NewClient(caDirURL string, user User, keyBits int, optPort string) (*Client, error)

NewClient creates a new ACME client on behalf of user. The client will depend on the ACME directory located at caDirURL for the rest of its actions. It will generate private keys for certificates of size keyBits. And, if the challenge type requires it, the client will open a port at optPort to solve the challenge. If optPort is blank, the port required by the spec will be used, but you must forward the required port to optPort for the challenge to succeed.

func (*Client) AgreeToTOS ¶

func (c *Client) AgreeToTOS() error

AgreeToTOS updates the Client registration and sends the agreement to the server.

func (*Client) ObtainCertificates ¶

func (c *Client) ObtainCertificates(domains []string, bundle bool) ([]CertificateResource, map[string]error)

ObtainCertificates tries to obtain certificates from the CA server using the challenges it has configured. The returned certificates are PEM encoded byte slices. If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.

func (*Client) ObtainSANCertificate ¶

func (c *Client) ObtainSANCertificate(domains []string, bundle bool) (CertificateResource, map[string]error)

ObtainSANCertificate tries to obtain a single certificate using all domains passed into it. The first domain in domains is used for the CommonName field of the certificate, all other domains are added using the Subject Alternate Names extension. If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle. This function will never return a partial certificate. If one domain in the list fails, the whole certificate will fail.

func (*Client) Register ¶

func (c *Client) Register() (*RegistrationResource, error)

Register the current account to the ACME server.

func (*Client) RenewCertificate ¶

func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bundle bool) (CertificateResource, error)

RenewCertificate takes a CertificateResource and tries to renew the certificate. If the renewal process succeeds, the new certificate will ge returned in a new CertResource. Please be aware that this function will return a new certificate in ANY case that is not an error. If the server does not provide us with a new cert on a GET request to the CertURL this function will start a new-cert flow where a new certificate gets generated. If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.

func (*Client) RevokeCertificate ¶

func (c *Client) RevokeCertificate(certificate []byte) error

RevokeCertificate takes a PEM encoded certificate or bundle and tries to revoke it at the CA.

type Registration ¶

type Registration struct {
	Resource string `json:"resource,omitempty"`
	ID       int    `json:"id"`
	Key      struct {
		Kty string `json:"kty"`
		N   string `json:"n"`
		E   string `json:"e"`
	} `json:"key"`
	Contact        []string `json:"contact"`
	Agreement      string   `json:"agreement,omitempty"`
	Authorizations string   `json:"authorizations,omitempty"`
	Certificates   string   `json:"certificates,omitempty"`
}

Registration is returned by the ACME server after the registration The client implementation should save this registration somewhere.

type RegistrationResource ¶

type RegistrationResource struct {
	Body        Registration `json:"body,omitempty"`
	URI         string       `json:"uri,omitempty"`
	NewAuthzURL string       `json:"new_authzr_uri,omitempty"`
	TosURL      string       `json:"terms_of_service,omitempty"`
}

RegistrationResource represents all important informations about a registration of which the client needs to keep track itself.

type RemoteError ¶

type RemoteError struct {
	StatusCode int    `json:"status,omitempty"`
	Type       string `json:"type"`
	Detail     string `json:"detail"`
}

RemoteError is the base type for all errors specific to the ACME protocol.

func (RemoteError) Error ¶

func (e RemoteError) Error() string

type TOSError ¶

type TOSError struct {
	RemoteError
}

TOSError represents the error which is returned if the user needs to accept the TOS. TODO: include the new TOS url if we can somehow obtain it.

type User ¶

type User interface {
	GetEmail() string
	GetRegistration() *RegistrationResource
	GetPrivateKey() *rsa.PrivateKey
}

User interface is to be implemented by users of this library. It is used by the client type to get user specific information.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL