acme

package

v0.0.0-...-48b1b68 Latest Latest Go to latest Published: Aug 3, 2020 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/go-ocf/kit

Documentation ¶

Index ¶

func GetHTTPSClient(cas []*x509.Certificate) (*http.Client, error)
type CertManager
- func NewCertManager(cas []*x509.Certificate, ...) (*CertManager, error)
- func NewCertManagerFromConfiguration(config Config) (*CertManager, error)
type Certifier
type Client
type Config
type LegoUser
- func NewUser(email string, key crypto.PrivateKey) *LegoUser

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetHTTPSClient ¶

func GetHTTPSClient(cas []*x509.Certificate) (*http.Client, error)

GetHTTPSClient gets an HTTPS client configured to trust our CA's root certificate.

Types ¶

type CertManager ¶

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager manages ACME certificate renewals and makes it easy to use certificates with the tls package.`

func NewCertManager ¶

func NewCertManager(cas []*x509.Certificate, disableVerifyClientCertificate, useSystemCertPool bool, domains []string, tickFrequency time.Duration, acmeClient Client) (*CertManager, error)

NewCertManager configures an ACME client, creates & registers a new ACME user. After creating a client you must call ObtainCertificate and RenewCertificate yourself.

func NewCertManagerFromConfiguration ¶

func NewCertManagerFromConfiguration(config Config) (*CertManager, error)

NewCertManagerFromConfiguration creates certificate manager from config.

func (*CertManager) Close ¶

func (a *CertManager) Close()

Close terminates autorenew goroutine.

func (*CertManager) GetCertificate ¶

func (a *CertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate locks around returning a tls.Certificate; use as tls.Config.GetCertificate.

func (*CertManager) GetCertificateAuthorities ¶

func (a *CertManager) GetCertificateAuthorities() []*x509.Certificate

GetCertificateAuthorities returns certificates authorities

func (*CertManager) GetClientCertificate ¶

func (a *CertManager) GetClientCertificate(*tls.CertificateRequestInfo) (*tls.Certificate, error)

GetClientCertificate locks around returning a tls.ClientCertificate; use as tls.Config.GetClientCertificate.

func (*CertManager) GetClientTLSConfig ¶

func (a *CertManager) GetClientTLSConfig() *tls.Config

func (*CertManager) GetLeaf ¶

func (a *CertManager) GetLeaf() *x509.Certificate

GetLeaf returns the currently valid leaf x509.Certificate

func (*CertManager) GetServerTLSConfig ¶

func (a *CertManager) GetServerTLSConfig() *tls.Config

func (*CertManager) NeedsRenewal ¶

func (a *CertManager) NeedsRenewal() bool

NeedsRenewal returns true if the certificate's age is more than 2/3 it's lifetime.

func (*CertManager) NextRenewal ¶

func (a *CertManager) NextRenewal() time.Time

NextRenewal returns when the certificate will be 2/3 of the way to expiration.

func (*CertManager) ObtainCertificate ¶

func (a *CertManager) ObtainCertificate() error

ObtainCertificate gets a new certificate using ACME. Not thread safe.

func (*CertManager) RenewCertificate ¶

func (a *CertManager) RenewCertificate() error

RenewCertificate renews an existing certificate using ACME. Not thread safe.

type Certifier ¶

type Certifier = interface {
	Obtain(request certificate.ObtainRequest) (*certificate.Resource, error)
	Renew(certRes certificate.Resource, bundle, mustStaple bool) (*certificate.Resource, error)
}

type Client ¶

type Client = interface {
	Certificate() Certifier
}

type Config ¶

type Config struct {
	CAPool                         string        `envconfig:"CA_POOL" env:"CA_POOL" long:"ca" description:"file path to the root certificate in PEM format"`
	CADirURL                       string        `` /* 129-byte string literal not displayed */
	Domains                        []string      `envconfig:"DOMAINS" env:"DOMAINS" long:"domains" description:"the domain's names for which we'll be getting a certificate"`
	Email                          string        `` /* 132-byte string literal not displayed */
	TickFrequency                  time.Duration `` /* 159-byte string literal not displayed */
	ChallengeListenPort            uint16        `` /* 175-byte string literal not displayed */
	DisableVerifyClientCertificate bool          `` /* 175-byte string literal not displayed */
	UseSystemCertPool              bool          `` /* 158-byte string literal not displayed */
}

Config set configuration.

type LegoUser ¶

type LegoUser struct {
	// contains filtered or unexported fields
}

LegoUser implements registration.User, required by lego.

func NewUser ¶

func NewUser(email string, key crypto.PrivateKey) *LegoUser

func (*LegoUser) GetEmail ¶

func (l *LegoUser) GetEmail() string

func (*LegoUser) GetPrivateKey ¶

func (l *LegoUser) GetPrivateKey() crypto.PrivateKey

func (*LegoUser) GetRegistration ¶

func (l *LegoUser) GetRegistration() *registration.Resource

func (*LegoUser) SetRegistration ¶

func (l *LegoUser) SetRegistration(r *registration.Resource)

Source Files ¶

View all Source files

certManager.go

Directories ¶

Path	Synopsis
client
ocf
client

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL