Documentation
¶
Index ¶
- Constants
- Variables
- func CanSignHttpExchanges(cert *x509.Certificate, now time.Time) error
- func CertName(cert *x509.Certificate) string
- func CertificateMatches(cert *x509.Certificate, priv crypto.PrivateKey, domain string) error
- func ParsePrivateKey(keyPem []byte) (crypto.PrivateKey, error)
- func RemoveHopByHopHeaders(h http.Header)
- func TrimHeaderValue(s string) string
- func ValidateFetchURLPattern(pattern *URLPattern) error
- func ValidateForwardedRequestHeaders(hs []string) error
- func ValidateSignURLPattern(pattern *URLPattern) error
- func ValidateURLPattern(pattern *URLPattern) error
- type Config
- type HTTPError
- type URLPattern
- type URLSet
Constants ¶
const CertURLPrefix = "/amppkg/cert"
const ValidityMapPath = "/amppkg/validity"
Variables ¶
var Comma *regexp.Regexp = regexp.MustCompile(`[ \t]*,[ \t]*`)
A comma, as defined in https://tools.ietf.org/html/rfc7230#section-7, with OWS defined in https://tools.ietf.org/html/rfc7230#appendix-B. This is commonly used as a separator in header field value definitions.
var ConditionalRequestHeaders = map[string]bool{ "If-Match": true, "If-None-Match": true, "If-Modified-Since": true, "If-Unmodified-Since": true, "If-Range": true, }
Conditional request headers that ServeHTTP may receive and need to be sent with fetchURL. https://developer.mozilla.org/en-US/docs/Web/HTTP/Conditional_requests#Conditional_headers
Functions ¶
func CanSignHttpExchanges ¶
func CanSignHttpExchanges(cert *x509.Certificate, now time.Time) error
CanSignHttpExchanges returns nil if the given certificate has the CanSignHttpExchanges extension, and a valid lifetime per the SXG spec; otherwise it returns an error. These are not the only requirements for SXGs; it also needs to use the right public key type, which is not checked here.
func CertName ¶
func CertName(cert *x509.Certificate) string
CertName returns the basename for the given cert, as served by this packager's cert cache. Should be stable and unique (e.g. content-addressing). Clients should url.PathEscape this, just in case its format changes to need escaping in the future.
func CertificateMatches ¶
func CertificateMatches(cert *x509.Certificate, priv crypto.PrivateKey, domain string) error
Returns nil if the certificate matches the private key and domain, else the appropriate error.
func ParsePrivateKey ¶
func ParsePrivateKey(keyPem []byte) (crypto.PrivateKey, error)
ParsePrivateKey returns the first PEM block that looks like a private key.
func RemoveHopByHopHeaders ¶
Remove hop-by-hop headers, per https://tools.ietf.org/html/rfc7230#section-6.1.
func TrimHeaderValue ¶
Trim optional whitespace from a header value, adhering to https://tools.ietf.org/html/rfc7230#section-7 with OWS defined in https://tools.ietf.org/html/rfc7230#appendix-B.
func ValidateFetchURLPattern ¶
func ValidateFetchURLPattern(pattern *URLPattern) error
func ValidateSignURLPattern ¶
func ValidateSignURLPattern(pattern *URLPattern) error
Types ¶
type Config ¶
type Config struct {
LocalOnly bool
Port int
CertFile string // This must be the full certificate chain.
KeyFile string // Just for the first cert, obviously.
OCSPCache string
ForwardedRequestHeaders []string
URLSet []URLSet
}
func ReadConfig ¶
ReadConfig reads the config file specified at --config and validates it.
type HTTPError ¶
type HTTPError struct {
// contains filtered or unexported fields
}
HTTPError encodes an internal message to be logged and an HTTP status code to be used for the external error message. External errors should only be used to signal misconfiguration of the packager. For errors that are transient or a result of downstream server errors, the signer should fall back to proxying the content unsigned.
func NewHTTPError ¶
func (*HTTPError) LogAndRespond ¶
func (e *HTTPError) LogAndRespond(resp http.ResponseWriter)
type URLPattern ¶
type URLSet ¶
type URLSet struct {
Fetch *URLPattern
Sign *URLPattern
}
Source Files