cert_manager

package

v0.23.17 Latest Latest Go to latest Published: Mar 22, 2021 License: MIT Imports: 31 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rekby/lets-proxy2

Links

Open Source Insights

Documentation ¶

Index ¶

type AcmeClient
type CertDescription
- func CertDescriptionFromDomain(domain DomainName, keyType KeyType, autoSubDomains []string) CertDescription
type DomainChecker
type DomainName
type GetContext
type KeyType
- func (t KeyType) Generate() (crypto.Signer, error)
- func (t KeyType) String() string
type Manager
- func New(client AcmeClient, c cache.Bytes, r prometheus.Registerer) *Manager
- func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (resultCert *tls.Certificate, err error)
- func (m *Manager) HandleHTTPValidation(w http.ResponseWriter, r *http.Request) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AcmeClient ¶ added in v0.20.2

type AcmeClient interface {
	Accept(ctx context.Context, chal *acme.Challenge) (*acme.Challenge, error)
	AuthorizeOrder(ctx context.Context, id []acme.AuthzID, opt ...acme.OrderOption) (*acme.Order, error)
	CreateOrderCert(ctx context.Context, url string, csr []byte, bundle bool) (der [][]byte, certURL string, err error)
	GetAuthorization(ctx context.Context, url string) (*acme.Authorization, error)
	HTTP01ChallengeResponse(token string) (string, error)
	RevokeAuthorization(ctx context.Context, url string) error
	TLSALPN01ChallengeCert(token, domain string, opt ...acme.CertOption) (cert tls.Certificate, err error)
	WaitAuthorization(ctx context.Context, url string) (*acme.Authorization, error)
	WaitOrder(ctx context.Context, url string) (*acme.Order, error)
}

type CertDescription ¶ added in v0.23.7

type CertDescription struct {
	MainDomain string
	KeyType    KeyType
	Subdomains []string
}

func CertDescriptionFromDomain ¶ added in v0.23.7

func CertDescriptionFromDomain(domain DomainName, keyType KeyType, autoSubDomains []string) CertDescription

func (CertDescription) CertStoreName ¶ added in v0.23.7

func (n CertDescription) CertStoreName() string

func (CertDescription) DomainNames ¶ added in v0.23.7

func (n CertDescription) DomainNames() []DomainName

func (CertDescription) KeyStoreName ¶ added in v0.23.7

func (n CertDescription) KeyStoreName() string

func (CertDescription) LockName ¶ added in v0.23.7

func (n CertDescription) LockName() string

func (CertDescription) MetaStoreName ¶ added in v0.23.7

func (n CertDescription) MetaStoreName() string

func (CertDescription) String ¶ added in v0.23.7

func (n CertDescription) String() string

func (CertDescription) ZapField ¶ added in v0.23.7

func (n CertDescription) ZapField() zap.Field

type DomainChecker ¶ added in v0.20.2

type DomainChecker interface {
	// IsDomainAllowed called for check domain for allow certificate
	// It can call concurrency for many domains same time
	// guarantee about domain will correct domain name (as minimum for character set)
	IsDomainAllowed(ctx context.Context, domain string) (bool, error)
}

type DomainName ¶

type DomainName string // Normalized domain name.

func (DomainName) ASCII ¶

func (d DomainName) ASCII() string

func (DomainName) FullString ¶

func (d DomainName) FullString() string

func (DomainName) String ¶

func (d DomainName) String() string

func (DomainName) Unicode ¶

func (d DomainName) Unicode() string

type GetContext ¶

type GetContext interface {
	GetContext() context.Context
}

type KeyType ¶ added in v0.23.7

type KeyType string

const KeyECDSA KeyType = "ecdsa"

const KeyRSA KeyType = "rsa"

func (KeyType) Generate ¶ added in v0.23.7

func (t KeyType) Generate() (crypto.Signer, error)

func (KeyType) String ¶ added in v0.23.7

func (t KeyType) String() string

type Manager ¶

type Manager struct {
	CertificateIssueTimeout time.Duration
	Cache                   cache.Bytes

	// Subdomains, auto-issued with main domain.
	// Every subdomain must have suffix dot. For example: "www."
	AutoSubdomains []string

	// Client is used to perform low-level operations, such as account registration
	// and requesting new certificates.
	//
	// If Client is nil, a zero-value acme.Client is used with acme.LetsEncryptURL
	// as directory endpoint. If the Client.Key is nil, a new ECDSA P-256 key is
	// generated and, if Cache is not nil, stored in cache.
	//
	// Mutating the field after the first call of GetCertificate method will have no effect.
	Client               AcmeClient
	DomainChecker        DomainChecker
	EnableHTTPValidation bool
	EnableTLSValidation  bool
	SaveJSONMeta         bool
	AllowECDSACert       bool
	AllowRSACert         bool
	// contains filtered or unexported fields
}

Interface inspired to https://godoc.org/golang.org/x/crypto/acme/autocert#Manager but not compatible guarantee

func New ¶

func New(client AcmeClient, c cache.Bytes, r prometheus.Registerer) *Manager

func (*Manager) GetCertificate ¶

func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (resultCert *tls.Certificate, err error)

GetCertificate implements the tls.Config.GetCertificate hook.

func (*Manager) HandleHTTPValidation ¶ added in v0.21.0

func (m *Manager) HandleHTTPValidation(w http.ResponseWriter, r *http.Request) bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL