acme

package

v0.0.8 Latest Latest Go to latest Published: Oct 13, 2024 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hdecarne-github/go-certstore

Links

Open Source Insights

Documentation ¶

Overview ¶

Package acme provides [LEGO] related utility functions.

[LEGO]:https://pkg.go.dev/github.com/go-acme/lego/v4

Index ¶

func DecodeCertificate(certificateBytes []byte) (*x509.Certificate, error)
func DecodeCertificates(resource *certificate.Resource) (crypto.PrivateKey, *x509.Certificate, error)
func DecodePrivateKey(keyBytes []byte) (crypto.PrivateKey, error)
type CertificateRequest
type Config
- func LoadConfig(path string) (*Config, error)
- func (config *Config) ResolveCertificateRequest(domains []string, providerName string) (*CertificateRequest, error)
type DomainConfig
type Http01ChallengeConfig
type ProviderConfig
- func (providerConfig *ProviderConfig) NewClient(keyPairFactory keys.KeyPairFactory) (*lego.Client, error)
type ProviderRegistration
type TLSAPN01ChallengeConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecodeCertificate ¶

func DecodeCertificate(certificateBytes []byte) (*x509.Certificate, error)

DecodeCertificate decodes the certificate as returned by the [LEGO client].

[LEGO client]:https://pkg.go.dev/github.com/go-acme/lego/v4

func DecodeCertificates ¶

func DecodeCertificates(resource *certificate.Resource) (crypto.PrivateKey, *x509.Certificate, error)

DecodeCertificates decodes the certificate information (private key and certificate) as returned by the [LEGO client].

[LEGO client]:https://pkg.go.dev/github.com/go-acme/lego/v4

func DecodePrivateKey ¶

func DecodePrivateKey(keyBytes []byte) (crypto.PrivateKey, error)

DecodePrivateKey decodes the private key as returned by the [LEGO client].

[LEGO client]:https://pkg.go.dev/github.com/go-acme/lego/v4

Types ¶

type CertificateRequest ¶

type CertificateRequest struct {
	Domains  []string
	Domain   *DomainConfig
	Provider *ProviderConfig
}

A CertificateRequest provides the necessary ACME parameters for obtaining a certificate.

type Config ¶

type Config struct {
	// BasePath defines the base path to use for resolving relative paths within this configuration.
	BasePath string `yaml:"-"`
	// Providers lists the available ACME providers in this configuration.
	Providers map[string]ProviderConfig `yaml:"providers"`
	// Domains lists the obtainable domains in this configuration.
	Domains map[string]DomainConfig `yaml:"domains"`
}

A Config defines the available ACME providers as well as the obtainable domains including their challenge types.

providers:
  "Test1":
    enabled: true
    url: "https://localhost:14000/dir"
    registration_email: "webmaster@localhost"
    registration_path: "./acme-registrations.json"

domains:
  ".":
    http-01:
      enabled: true
      iface: ""
      port: 5002
    tls-apn-01:
      enabled: true
      iface: ""
      port: 5001

func LoadConfig ¶

func LoadConfig(path string) (*Config, error)

LoadConfig loads a configuration from the given file.

func (*Config) ResolveCertificateRequest ¶

func (config *Config) ResolveCertificateRequest(domains []string, providerName string) (*CertificateRequest, error)

ResolveCertificateRequest resolves the certificate request configured for the given domains and provider.

type DomainConfig ¶

type DomainConfig struct {
	// Domain defines the domain pattern, this config is assigned to. The pattern defines the suffix for the matching domains in FQDN notation ('.' defining the root domain matchin all domains).
	Domain string `yaml:"-"`
	// Http01Challenge configures the HTTP-01 challenge type.
	Http01Challenge Http01ChallengeConfig `yaml:"http-01"`
	// Http01Challenge configures the TLS-ALPN-01 challenge type.
	TLSAPN01Challenge TLSAPN01ChallengeConfig `yaml:"tls-apn-01"`
}

A DomainConfig defines a domain pattern as well as the challenge types for the matching domains.

type Http01ChallengeConfig ¶

type Http01ChallengeConfig struct {
	// Enabled defines wether this challenge type is enabled (true) or not (false).
	Enabled bool `yaml:"enabled"`
	// Iface sets the interface to listen on during domain verification (optional).
	Iface string `yaml:"iface"`
	// Ports sets the port to listen on during domain verification.
	Port int `ymal:"port"`
}

A Http01ChallengeConfig configures the HTTP-01 challenge type for domain validation.

type ProviderConfig ¶

type ProviderConfig struct {
	// BasePath defines the base path to use for resolving relative paths within this configuration.
	BasePath string `yaml:"-"`
	// Name defines the name of this provider.
	Name string `yaml:"-"`
	// Enabled defines wether this provider is enabled (true) or not (false).
	Enabled bool `yaml:"enabled"`
	// URL defines the URL to use for accessing this provider.
	URL string `yaml:"url"`
	// RegistrationEmail defines the email to use for registering with this provider.
	RegistrationEmail string `yaml:"registration_email"`
	// RegistrationPath defines the path where to store the registration information.
	RegistrationPath string `yaml:"registration_path"`
}

A ProviderConfig defines an ACME provider.

func (*ProviderConfig) NewClient ¶

func (providerConfig *ProviderConfig) NewClient(keyPairFactory keys.KeyPairFactory) (*lego.Client, error)

NewClient creates a new lego.Client based on the provider configuration. A necessary provider registration is performed automatically.

type ProviderRegistration ¶

type ProviderRegistration struct {
	// Provider contains the name of the ACME provider, this registration is related to.
	Provider string `json:"provider"`
	// Email contains the email to use for registering to the ACME provider.
	Email string `json:"email"`
	// EncodedKey contains the encoded private key used for registering to the ACME provider.
	EncodedKey string `json:"key"`
	// Registration contains the registration token returned from the ACME provider during the registration.
	Registration *registration.Resource
}

A ProviderRegistration contains an ACME provider's registration information. This includes at least the necessary information to register. In case a registration has been performed in the past, the ACME provider's registration key and token is also included. However the latter may be outdated.

func (*ProviderRegistration) GetEmail ¶

func (providerRegistration *ProviderRegistration) GetEmail() string

GetEmail gets the email to use for registering to the ACME provider.

This function is part of registration.User interface.

func (*ProviderRegistration) GetPrivateKey ¶

func (providerRegistration *ProviderRegistration) GetPrivateKey() crypto.PrivateKey

GetPrivateKey gets the private key used for a previous performed registration (may be nil).

This function is part of registration.User interface.

func (*ProviderRegistration) GetRegistration ¶

func (providerRegistration *ProviderRegistration) GetRegistration() *registration.Resource

GetRegistration gets the token returned by a previous run registration (may be nil).

This function is part of registration.User interface.

type TLSAPN01ChallengeConfig ¶

type TLSAPN01ChallengeConfig struct {
	// Enabled defines wether this challenge type is used (true) or not (false).
	Enabled bool `yaml:"enabled"`
	// Iface sets the interface to listen on during domain verification (optional).
	Iface string `yaml:"iface"`
	// Ports sets the port to listen on during domain verification.
	Port int `ymal:"port"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL