acme

package
v0.0.0-...-899ca37 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2015 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Logger *log.Logger

Logger is used to log errors; if nil, the default log.Logger is used.

Functions

func GetPEMCertExpiration

func GetPEMCertExpiration(cert []byte) (time.Time, error)

GetPEMCertExpiration returns the "NotAfter" date of a PEM encoded certificate. The certificate has to be PEM encoded. Any other encodings like DER will fail.

Types

type CertificateResource

type CertificateResource struct {
	Domain        string `json:"domain"`
	CertURL       string `json:"certUrl"`
	CertStableURL string `json:"certStableUrl"`
	PrivateKey    []byte `json:"-"`
	Certificate   []byte `json:"-"`
}

CertificateResource represents a CA issued certificate. PrivateKey and Certificate are both already PEM encoded and can be directly written to disk.

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is the user-friendy way to ACME

func NewClient

func NewClient(caURL string, usr User, keyBits int, optPort string, devMode bool) *Client

NewClient creates a new client for the set user. caURL - The root url to the boulder instance you want certificates from usr - A filled in user struct optPort - The alternative port to listen on for challenges. devMode - If set to true, all CanSolve() checks are skipped.

func (*Client) AgreeToTos

func (c *Client) AgreeToTos() error

AgreeToTos updates the Client registration and sends the agreement to the server.

func (*Client) ObtainCertificates

func (c *Client) ObtainCertificates(domains []string) ([]CertificateResource, error)

ObtainCertificates tries to obtain certificates from the CA server using the challenges it has configured. The returned certificates are PEM encoded byte slices.

func (*Client) Register

func (c *Client) Register() (*RegistrationResource, error)

Register the current account to the ACME server.

func (*Client) RenewCertificate

func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool) (CertificateResource, error)

RenewCertificate takes a CertificateResource and tries to renew the certificate. If the renewal process succeeds, the new certificate will replace the old one in the CertResource. Please be aware that this function will return a new certificate in ANY case that is not an error. If the server does not provide us with a new cert on a GET request to the CertURL this function will start a new-cert flow where a new certificate gets generated.

func (*Client) RevokeCertificate

func (c *Client) RevokeCertificate(certificate []byte) error

RevokeCertificate takes a PEM encoded certificate and tries to revoke it at the CA.

type Registration

type Registration struct {
	Resource string `json:"resource,omitempty"`
	ID       int    `json:"id"`
	Key      struct {
		Kty string `json:"kty"`
		N   string `json:"n"`
		E   string `json:"e"`
	} `json:"key"`
	Contact        []string `json:"contact"`
	Agreement      string   `json:"agreement,omitempty"`
	Authorizations string   `json:"authorizations,omitempty"`
	Certificates   string   `json:"certificates,omitempty"`
}

Registration is returned by the ACME server after the registration The client implementation should save this registration somewhere.

type RegistrationResource

type RegistrationResource struct {
	Body        Registration
	URI         string
	NewAuthzURL string
	TosURL      string
}

RegistrationResource represents all important informations about a registration of which the client needs to keep track itself.

type User

type User interface {
	GetEmail() string
	GetRegistration() *RegistrationResource
	GetPrivateKey() *rsa.PrivateKey
}

User interface is to be implemented by users of this library. It is used by the client type to get user specific information.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL