Documentation
¶
Index ¶
- type Config
- type CustomFS
- func (cm *CustomFS) All() ([]tlsfs.DomainAccount, error)
- func (cm *CustomFS) Create(acct tlsfs.NewDomain, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
- func (cm *CustomFS) CreateCA(acct tlsfs.NewDomain, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
- func (cm *CustomFS) CreateWithCSR(req x509.CertificateRequest, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
- func (cm *CustomFS) Get(email string, domain string) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
- func (cm *CustomFS) GetCertificate(email string) tlsfs.CertificateFunc
- func (cm *CustomFS) GetUser(email string) (tlsfs.Account, error)
- func (cm *CustomFS) Renew(email string, domain string) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
- func (cm *CustomFS) Revoke(email string, domain string) error
- func (cm *CustomFS) RootCA() certificates.CertificateAuthority
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// CertificatesFileSystem is the filesystem to use for storing certificate zap files
// for given domain and users. It must be different from the file system for storing
// user data.
CertificatesFileSystem tlsfs.ZapFS
// UsersFileSystem is the filesystem to use for storing user records zap files
// for registered users. It must be different from the file system for storing
// user data.
UsersFileSystem tlsfs.ZapFS
// RootFileSystem is the filesystem to use for both storing and retrieving saved
// ca certificates and configuration files for the CustomFS CA. This filesystem
// path must exists as a means to persist it's internal state and data files.
RootFilesystem tlsfs.ZapFS
// SigningLifeTime is the lifetime which all certificate must be
// signed with, all certificate must be valid within given duration since
// time of signing else be renewed with given duration.
SigningLifeTime time.Duration
// Profile specifies the profile to be used to create the root CA certificate
// which will be used to sign all certificate requests and will be used.
Profile certificates.CertificateAuthorityProfile
// RootCA contains the loaded or generated CA certificate which is used for
// all signing process for the generation of certificates.
RootCA *certificates.CertificateAuthority
// contains filtered or unexported fields
}
Config defines a configuration used for CustomFS.
type CustomFS ¶
type CustomFS struct {
// contains filtered or unexported fields
}
CustomFS implements the tlsfs.TlsFS interface, providing a tls certificate acquisition, renewal and management implementation for working with Let's Encrypt CA based certificates.
func BasicFS ¶
func BasicFS(commonName string, caLifeTime time.Duration, signLifeTime time.Duration) (*CustomFS, error)
BasicFS returns a basic instance of an instance of a CustomFS.
func FromCA ¶
func FromCA(sub *x509.Certificate, key crypto.PrivateKey, signLifeTime time.Duration) (*CustomFS, error)
FromCA returns a new instance of CustomFS using the provided certificate and key has Root CA.
func NewCustomFS ¶
NewCustomFS returns a new instance of the CustomFS.
func (*CustomFS) All ¶
func (cm *CustomFS) All() ([]tlsfs.DomainAccount, error)
All returns all existing certificates within the CustomFS regardless of renewal status allowing all state preserved to caller.
func (*CustomFS) Create ¶
func (cm *CustomFS) Create(acct tlsfs.NewDomain, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
Create attempts to create a given TLSDomainCertificate for the giving account. If a certificate already exists for the giving accounts.Domain, then the old TLSDomainCertificate is returned if its has not pass the accepted expiration time yet of 30 days. If it has then a renewal is initiated for the certificate and if successfully will return the new TLSDomainCertificate after replacing the old one. If a renewal failed and the certificate is less than two weeks to expiry or within the 30-days expiration, then the certificate is returned with an appropriate status to indicate non-critical but important reason of failure.
func (*CustomFS) CreateCA ¶
func (cm *CustomFS) CreateCA(acct tlsfs.NewDomain, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
CreateCA attempts to create a given TLSDomainCertificate for the giving account containing a certificate authority and not a regular certificate. If a certificate already exists for the giving accounts.Domain, then the old TLSDomainCertificate is returned if its has not pass the accepted expiration time yet of 30 days. If it has then a renewal is initiated for the certificate and if successfully will return the new TLSDomainCertificate after replacing the old one. If a renewal failed and the certificate is less than two weeks to expiry or within the 30-days expiration, then the certificate is returned with an appropriate status to indicate non-critical but important reason of failure. NOTE: The certificate request attached to the returned TLSDomainCertificate is invalid and is a dummy, so should not be used heavily.
func (*CustomFS) CreateWithCSR ¶
func (cm *CustomFS) CreateWithCSR(req x509.CertificateRequest, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
CreateWithCSR attempts to returns a new tlsfs.TLSDomainCertificate for giving certificate request.
func (*CustomFS) Get ¶
func (cm *CustomFS) Get(email string, domain string) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
Get attempts to retrieve a existing certificate from the underline store, if such certificate is requiring renewal then the renewal process is called for the certificate with appropriate response returned as stated for the CustomFS.Renew method. It returns a status appropriate for the certificate returned to indicate to the caller the state and needed action if any to be done.
func (*CustomFS) GetCertificate ¶
func (cm *CustomFS) GetCertificate(email string) tlsfs.CertificateFunc
GetCertificate returns a tlsfs.GetCertificateFunc which should be assigned to a tls.Config.GetCertificate field to handle automatic loading and retrieval of tls.Certificates through this filesystem. NOTE: Your are required to provide an email which will reference the account/user who signs for these certificates generated by the returned function.
func (*CustomFS) GetUser ¶
GetUser returns an existing user account associated with the provided email.
func (*CustomFS) Renew ¶
func (cm *CustomFS) Renew(email string, domain string) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)
Renew attempts to renew a existing TLSDomainCertificate for the giving domain. If a certificate does not exists exists then the operation is returned with an error. A TLSDomainCertificate is returned if its has not pass the accepted expiration time yet of 30 days. If it has then the renewal is initiated for the certificate and if successfully will return the new TLSDomainCertificate after replacing the old one. If a renewal failed and the certificate is less than two weeks to expiry or within the 30-days expiration, then the certificate is returned with an appropriate status to indicate non-critical but important reason of failure.
func (*CustomFS) Revoke ¶
Revoke attempts to revoke the existing certificate associated with the user's email and domain. If certificate is pending renewal then it will wait until the end of the renewal before making an attempt to revoke certificate. This is a custom lightweight CA, that has no revoked db that stores certificates that have being revoked. Hence a revoke call simply removes the certificate from the filesystem and cache, which ensures no other can gain access to it, but those who had access before the call to revoke will still be able to use certificate till expiry.
func (*CustomFS) RootCA ¶
func (cm *CustomFS) RootCA() certificates.CertificateAuthority
RootCA returns the root certificate used by the giving instance.
Source Files