acme

package
v2.0.0-...-057b331 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 6, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetHTTPSClient

func GetHTTPSClient(cas []*x509.Certificate) (*http.Client, error)

GetHTTPSClient gets an HTTPS client configured to trust our CA's root certificate.

Types

type CertManager

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager manages ACME certificate renewals and makes it easy to use certificates with the tls package.`

func NewCertManager

func NewCertManager(cas []*x509.Certificate, disableVerifyClientCertificate, useSystemCertPool bool, domains []string, tickFrequency time.Duration, acmeClient Client) (*CertManager, error)

NewCertManager configures an ACME client, creates & registers a new ACME user. After creating a client you must call ObtainCertificate and RenewCertificate yourself.

func NewCertManagerFromConfiguration

func NewCertManagerFromConfiguration(config Config) (*CertManager, error)

NewCertManagerFromConfiguration creates certificate manager from config.

func (*CertManager) Close

func (a *CertManager) Close()

Close terminates autorenew goroutine.

func (*CertManager) GetCertificate

func (a *CertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate locks around returning a tls.Certificate; use as tls.Config.GetCertificate.

func (*CertManager) GetCertificateAuthorities

func (a *CertManager) GetCertificateAuthorities() []*x509.Certificate

GetCertificateAuthorities returns certificates authorities

func (*CertManager) GetClientCertificate

func (a *CertManager) GetClientCertificate(*tls.CertificateRequestInfo) (*tls.Certificate, error)

GetClientCertificate locks around returning a tls.ClientCertificate; use as tls.Config.GetClientCertificate.

func (*CertManager) GetClientTLSConfig

func (a *CertManager) GetClientTLSConfig() *tls.Config

func (*CertManager) GetLeaf

func (a *CertManager) GetLeaf() *x509.Certificate

GetLeaf returns the currently valid leaf x509.Certificate

func (*CertManager) GetServerTLSConfig

func (a *CertManager) GetServerTLSConfig() *tls.Config

func (*CertManager) NeedsRenewal

func (a *CertManager) NeedsRenewal() bool

NeedsRenewal returns true if the certificate's age is more than 2/3 it's lifetime.

func (*CertManager) NextRenewal

func (a *CertManager) NextRenewal() time.Time

NextRenewal returns when the certificate will be 2/3 of the way to expiration.

func (*CertManager) ObtainCertificate

func (a *CertManager) ObtainCertificate() error

ObtainCertificate gets a new certificate using ACME. Not thread safe.

func (*CertManager) RenewCertificate

func (a *CertManager) RenewCertificate() error

RenewCertificate renews an existing certificate using ACME. Not thread safe.

type Certifier

type Certifier = interface {
	Obtain(request certificate.ObtainRequest) (*certificate.Resource, error)
	Renew(certRes certificate.Resource, bundle, mustStaple bool) (*certificate.Resource, error)
}

type Client

type Client = interface {
	Certificate() Certifier
}

type Config

type Config struct {
	CAPool                         string        `envconfig:"CA_POOL" env:"CA_POOL" long:"ca" description:"file path to the root certificate in PEM format"`
	CADirURL                       string        `` /* 129-byte string literal not displayed */
	Domains                        []string      `envconfig:"DOMAINS" env:"DOMAINS" long:"domains" description:"the domain's names for which we'll be getting a certificate"`
	Email                          string        `` /* 132-byte string literal not displayed */
	TickFrequency                  time.Duration `` /* 159-byte string literal not displayed */
	ChallengeListenPort            uint16        `` /* 175-byte string literal not displayed */
	DisableVerifyClientCertificate bool          `` /* 175-byte string literal not displayed */
	UseSystemCertPool              bool          `` /* 158-byte string literal not displayed */
}

Config set configuration.

type LegoUser

type LegoUser struct {
	// contains filtered or unexported fields
}

LegoUser implements registration.User, required by lego.

func NewUser

func NewUser(email string, key crypto.PrivateKey) *LegoUser

func (*LegoUser) GetEmail

func (l *LegoUser) GetEmail() string

func (*LegoUser) GetPrivateKey

func (l *LegoUser) GetPrivateKey() crypto.PrivateKey

func (*LegoUser) GetRegistration

func (l *LegoUser) GetRegistration() *registration.Resource

func (*LegoUser) SetRegistration

func (l *LegoUser) SetRegistration(r *registration.Resource)

Directories

Path Synopsis
ocf

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL