acme

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 30, 2023 License: MIT Imports: 19 Imported by: 0

Documentation

Overview

Package acme provides [LEGO] related utility functions.

[LEGO]:https://pkg.go.dev/github.com/go-acme/lego/v4

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeCertificate

func DecodeCertificate(certificateBytes []byte) (*x509.Certificate, error)

DecodeCertificate decodes the certificate as returned by the [LEGO client].

[LEGO client]:https://pkg.go.dev/github.com/go-acme/lego/v4

func DecodeCertificates

func DecodeCertificates(resource *certificate.Resource) (crypto.PrivateKey, *x509.Certificate, error)

DecodeCertificates decodes the certificate information (private key and certificate) as returned by the [LEGO client].

[LEGO client]:https://pkg.go.dev/github.com/go-acme/lego/v4

func DecodePrivateKey

func DecodePrivateKey(keyBytes []byte) (crypto.PrivateKey, error)

DecodePrivateKey decodes the private key as returned by the [LEGO client].

[LEGO client]:https://pkg.go.dev/github.com/go-acme/lego/v4

Types

type CertificateRequest

type CertificateRequest struct {
	Domains  []string
	Domain   *DomainConfig
	Provider *ProviderConfig
}

A CertificateRequest provides the necessary ACME parameters for obtaining a certificate.

type Config

type Config struct {
	// BasePath defines the base path to use for resolving relative paths within this configuration.
	BasePath string `yaml:"-"`
	// Providers lists the available ACME providers in this configuration.
	Providers map[string]ProviderConfig `yaml:"providers"`
	// Domains lists the obtainable domains in this configuration.
	Domains map[string]DomainConfig `yaml:"domains"`
}

A Config defines the available ACME providers as well as the obtainable domains including their challenge types.

providers:
  "Test1":
    enabled: true
    url: "https://localhost:14000/dir"
    registration_email: "webmaster@localhost"
    registration_path: "./acme-registrations.json"

domains:
  ".":
    http-01:
      enabled: true
      iface: ""
      port: 5002
    tls-apn-01:
      enabled: true
      iface: ""
      port: 5001

func LoadConfig

func LoadConfig(path string) (*Config, error)

LoadConfig loads a configuration from the given file.

func (*Config) ResolveCertificateRequest

func (config *Config) ResolveCertificateRequest(domains []string, providerName string) (*CertificateRequest, error)

ResolveCertificateRequest resolves the certificate request configured for the given domains and provider.

type DomainConfig

type DomainConfig struct {
	// Domain defines the domain pattern, this config is assigned to. The pattern defines the suffix for the matching domains in FQDN notation ('.' defining the root domain matchin all domains).
	Domain string `yaml:"-"`
	// Http01Challenge configures the HTTP-01 challenge type.
	Http01Challenge Http01ChallengeConfig `yaml:"http-01"`
	// Http01Challenge configures the TLS-ALPN-01 challenge type.
	TLSAPN01Challenge TLSAPN01ChallengeConfig `yaml:"tls-apn-01"`
}

A DomainConfig defines a domain pattern as well as the challenge types for the matching domains.

type Http01ChallengeConfig

type Http01ChallengeConfig struct {
	// Enabled defines wether this challenge type is used (true) or not (false).
	Enabled bool `yaml:"enabled"`
	// Iface sets the interface to listen on during domain verification (optional).
	Iface string `yaml:"iface"`
	// Ports sets the port to listen on during domain verification.
	Port int `ymal:"port"`
}

A Http01ChallengeConfig configures the HTTP-01 challenge type for domain validation.

type ProviderConfig

type ProviderConfig struct {
	// BasePath defines the base path to use for resolving relative paths within this configuration.
	BasePath string `yaml:"-"`
	// Name defines the name of this provider.
	Name string `yaml:"-"`
	// URL defines the URL to use for accessing this provider.
	URL string `yaml:"url"`
	// RegistrationEmail defines the email to use for registering with this provider.
	RegistrationEmail string `yaml:"registration_email"`
	// RegistrationPath defines the path where to store the registration information.
	RegistrationPath string `yaml:"registration_path"`
}

A ProviderConfig defines an ACME provider.

func (*ProviderConfig) NewClient

func (providerConfig *ProviderConfig) NewClient(keyPairFactory keys.KeyPairFactory) (*lego.Client, error)

NewClient creates a new lego.Client based on the provider configuration. A necessary provider registration is performed automatically.

type ProviderRegistration

type ProviderRegistration struct {
	// Provider contains the name of the ACME provider, this registration is related to.
	Provider string `json:"provider"`
	// Email contains the email to use for registering to the ACME provider.
	Email string `json:"email"`
	// EncodedKey contains the encoded private key used for registering to the ACME provider.
	EncodedKey string `json:"key"`
	// Registration contains the registration token returned from the ACME provider during the registration.
	Registration *registration.Resource
}

A ProviderRegistration contains an ACME provider's registration information. This includes at least the necessary information to register. In case a registration has been performed in the past, the ACME provider's registration key and token is also included. However the latter may be outdated.

func (*ProviderRegistration) GetEmail

func (providerRegistration *ProviderRegistration) GetEmail() string

GetEmail gets the email to use for registering to the ACME provider.

This function is part of registration.User interface.

func (*ProviderRegistration) GetPrivateKey

func (providerRegistration *ProviderRegistration) GetPrivateKey() crypto.PrivateKey

GetPrivateKey gets the private key used for a previous performed registration (may be nil).

This function is part of registration.User interface.

func (*ProviderRegistration) GetRegistration

func (providerRegistration *ProviderRegistration) GetRegistration() *registration.Resource

GetRegistration gets the token returned by a previous run registration (may be nil).

This function is part of registration.User interface.

type TLSAPN01ChallengeConfig

type TLSAPN01ChallengeConfig struct {
	// Enabled defines wether this challenge type is used (true) or not (false).
	Enabled bool `yaml:"enabled"`
	// Iface sets the interface to listen on during domain verification (optional).
	Iface string `yaml:"iface"`
	// Ports sets the port to listen on during domain verification.
	Port int `ymal:"port"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL