acme

package
v0.14.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2019 License: Apache-2.0 Imports: 22 Imported by: 21

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// StatusValid -- valid
	StatusValid = "valid"
	// StatusInvalid -- invalid
	StatusInvalid = "invalid"
	// StatusPending -- pending; e.g. an Order that is not ready to be finalized.
	StatusPending = "pending"
	// StatusDeactivated -- deactivated; e.g. for an Account that is not longer valid.
	StatusDeactivated = "deactivated"
	// StatusReady -- ready; e.g. for an Order that is ready to be finalized.
	StatusReady = "ready"
)

Functions

func KeyAuthorization 

func KeyAuthorization(token string, jwk *jose.JSONWebKey) (string, error)

KeyAuthorization creates the ACME key authorization value from a token and a jwk.

func URLSafeProvisionerName 

func URLSafeProvisionerName(p provisioner.Interface) string

URLSafeProvisionerName returns a path escaped version of the ACME provisioner ID that is safe to use in URL paths.

Types

type AError 

type AError struct {
	Type        string        `json:"type"`
	Detail      string        `json:"detail"`
	Identifier  interface{}   `json:"identifier,omitempty"`
	Subproblems []interface{} `json:"subproblems,omitempty"`
	Status      int           `json:"-"`
}

AError is the error type as seen in acme request/responses.

func (*AError) Error 

func (ae *AError) Error() string

Error allows AError to implement the error interface.

func (*AError) StatusCode 

func (ae *AError) StatusCode() int

StatusCode returns the status code and implements the StatusCode interface.

type Account 

type Account struct {
	Contact []string         `json:"contact,omitempty"`
	Status  string           `json:"status"`
	Orders  string           `json:"orders"`
	ID      string           `json:"-"`
	Key     *jose.JSONWebKey `json:"-"`
}

Account is a subset of the internal account type containing only those attributes required for responses in the ACME protocol.

func (*Account) GetID 

func (a *Account) GetID() string

GetID returns the account ID.

func (*Account) GetKey 

func (a *Account) GetKey() *jose.JSONWebKey

GetKey returns the JWK associated with the account.

func (*Account) IsValid 

func (a *Account) IsValid() bool

IsValid returns true if the Account is valid.

func (*Account) ToLog 

func (a *Account) ToLog() (interface{}, error)

ToLog enables response logging.

type AccountOptions 

type AccountOptions struct {
	Key     *jose.JSONWebKey
	Contact []string
}

AccountOptions are the options needed to create a new ACME account.

type Authority 

type Authority struct {
	// contains filtered or unexported fields
}

Authority is the layer that handles all ACME interactions.

func NewAuthority 

func NewAuthority(db nosql.DB, dns, prefix string, signAuth SignAuthority) (*Authority, error)

NewAuthority returns a new Authority that implements the ACME interface.

func (*Authority) DeactivateAccount 

func (a *Authority) DeactivateAccount(p provisioner.Interface, id string) (*Account, error)

DeactivateAccount deactivates an ACME account.

func (*Authority) FinalizeOrder 

func (a *Authority) FinalizeOrder(p provisioner.Interface, accID, orderID string, csr *x509.CertificateRequest) (*Order, error)

FinalizeOrder attempts to finalize an order and generate a new certificate.

func (*Authority) GetAccount 

func (a *Authority) GetAccount(p provisioner.Interface, id string) (*Account, error)

GetAccount returns an ACME account.

func (*Authority) GetAccountByKey 

func (a *Authority) GetAccountByKey(p provisioner.Interface, jwk *jose.JSONWebKey) (*Account, error)

GetAccountByKey returns the ACME associated with the jwk id.

func (*Authority) GetAuthz 

func (a *Authority) GetAuthz(p provisioner.Interface, accID, authzID string) (*Authz, error)

GetAuthz retrieves and attempts to update the status on an ACME authz before returning.

func (*Authority) GetCertificate 

func (a *Authority) GetCertificate(accID, certID string) ([]byte, error)

GetCertificate retrieves the Certificate by ID.

func (*Authority) GetDirectory 

func (a *Authority) GetDirectory(p provisioner.Interface) *Directory

GetDirectory returns the ACME directory object. 

func (a *Authority) GetLink(typ Link, provID string, abs bool, inputs ...string) string

GetLink returns the requested link from the directory.

func (*Authority) GetOrder 

func (a *Authority) GetOrder(p provisioner.Interface, accID, orderID string) (*Order, error)

GetOrder returns an ACME order.

func (*Authority) GetOrdersByAccount 

func (a *Authority) GetOrdersByAccount(p provisioner.Interface, id string) ([]string, error)

GetOrdersByAccount returns the list of order urls owned by the account.

func (*Authority) LoadProvisionerByID 

func (a *Authority) LoadProvisionerByID(id string) (provisioner.Interface, error)

LoadProvisionerByID calls out to the SignAuthority interface to load a provisioner by ID.

func (*Authority) NewAccount 

func (a *Authority) NewAccount(p provisioner.Interface, ao AccountOptions) (*Account, error)

NewAccount creates, stores, and returns a new ACME account.

func (*Authority) NewNonce 

func (a *Authority) NewNonce() (string, error)

NewNonce generates, stores, and returns a new ACME nonce.

func (*Authority) NewOrder 

func (a *Authority) NewOrder(p provisioner.Interface, ops OrderOptions) (*Order, error)

NewOrder generates, stores, and returns a new ACME order.

func (*Authority) UpdateAccount 

func (a *Authority) UpdateAccount(p provisioner.Interface, id string, contact []string) (*Account, error)

UpdateAccount updates an ACME account.

func (*Authority) UseNonce 

func (a *Authority) UseNonce(nonce string) error

UseNonce consumes the given nonce if it is valid, returns error otherwise.

func (*Authority) ValidateChallenge 

func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID string, jwk *jose.JSONWebKey) (*Challenge, error)

ValidateChallenge attempts to validate the challenge.

type Authz 

type Authz struct {
	Identifier Identifier   `json:"identifier"`
	Status     string       `json:"status"`
	Expires    string       `json:"expires"`
	Challenges []*Challenge `json:"challenges"`
	Wildcard   bool         `json:"wildcard"`
	ID         string       `json:"-"`
}

Authz is a subset of the Authz type containing only those attributes required for responses in the ACME protocol.

func (*Authz) GetID 

func (a *Authz) GetID() string

GetID returns the Authz ID.

func (*Authz) ToLog 

func (a *Authz) ToLog() (interface{}, error)

ToLog enables response logging.

type CertOptions 

type CertOptions struct {
	AccountID     string
	OrderID       string
	Leaf          *x509.Certificate
	Intermediates []*x509.Certificate
}

CertOptions options with which to create and store a cert object.

type Challenge 

type Challenge struct {
	Type      string  `json:"type"`
	Status    string  `json:"status"`
	Token     string  `json:"token"`
	Validated string  `json:"validated,omitempty"`
	URL       string  `json:"url"`
	Error     *AError `json:"error,omitempty"`
	ID        string  `json:"-"`
	AuthzID   string  `json:"-"`
}

Challenge is a subset of the challenge type containing only those attributes required for responses in the ACME protocol.

func (*Challenge) GetAuthzID 

func (c *Challenge) GetAuthzID() string

GetAuthzID returns the parent Authz ID that owns the Challenge.

func (*Challenge) GetID 

func (c *Challenge) GetID() string

GetID returns the Challenge ID.

func (*Challenge) ToLog 

func (c *Challenge) ToLog() (interface{}, error)

ToLog enables response logging.

type ChallengeOptions 

type ChallengeOptions struct {
	AccountID  string
	AuthzID    string
	Identifier Identifier
}

ChallengeOptions is the type used to created a new Challenge.

type Clock 

type Clock int

Clock that returns time in UTC rounded to seconds.

func (*Clock) Now 

func (c *Clock) Now() time.Time

Now returns the UTC time rounded to seconds.

type Directory 

type Directory struct {
	NewNonce   string `json:"newNonce,omitempty"`
	NewAccount string `json:"newAccount,omitempty"`
	NewOrder   string `json:"newOrder,omitempty"`
	NewAuthz   string `json:"newAuthz,omitempty"`
	RevokeCert string `json:"revokeCert,omitempty"`
	KeyChange  string `json:"keyChange,omitempty"`
}

Directory represents an ACME directory for configuring clients.

func (*Directory) ToLog 

func (d *Directory) ToLog() (interface{}, error)

ToLog enables response logging for the Directory type.

type Error 

type Error struct {
	Type       ProbType
	Detail     string
	Err        error
	Status     int
	Sub        []*Error
	Identifier *Identifier
}

Error is an ACME error type complete with problem document.

func AccountDoesNotExistErr 

func AccountDoesNotExistErr(err error) *Error

AccountDoesNotExistErr returns a new acme error.

func AlreadyRevokedErr 

func AlreadyRevokedErr(err error) *Error

AlreadyRevokedErr returns a new acme error.

func BadCSRErr 

func BadCSRErr(err error) *Error

BadCSRErr returns a new acme error.

func BadNonceErr 

func BadNonceErr(err error) *Error

BadNonceErr returns a new acme error.

func BadPublicKeyErr 

func BadPublicKeyErr(err error) *Error

BadPublicKeyErr returns a new acme error.

func BadRevocationReasonErr 

func BadRevocationReasonErr(err error) *Error

BadRevocationReasonErr returns a new acme error.

func BadSignatureAlgorithmErr 

func BadSignatureAlgorithmErr(err error) *Error

BadSignatureAlgorithmErr returns a new acme error.

func CaaErr 

func CaaErr(err error) *Error

CaaErr returns a new acme error.

func CompoundErr 

func CompoundErr(err error) *Error

CompoundErr returns a new acme error.

func ConnectionErr 

func ConnectionErr(err error) *Error

ConnectionErr returns a new acme error.

func DNSErr 

func DNSErr(err error) *Error

DNSErr returns a new acme error.

func ExternalAccountRequiredErr 

func ExternalAccountRequiredErr(err error) *Error

ExternalAccountRequiredErr returns a new acme error.

func IncorrectResponseErr 

func IncorrectResponseErr(err error) *Error

IncorrectResponseErr returns a new acme error.

func InvalidContactErr 

func InvalidContactErr(err error) *Error

InvalidContactErr returns a new acme error.

func MalformedErr 

func MalformedErr(err error) *Error

MalformedErr returns a new acme error.

func OrderNotReadyErr 

func OrderNotReadyErr(err error) *Error

OrderNotReadyErr returns a new acme error.

func RateLimitedErr 

func RateLimitedErr(err error) *Error

RateLimitedErr returns a new acme error.

func RejectedIdentifierErr 

func RejectedIdentifierErr(err error) *Error

RejectedIdentifierErr returns a new acme error.

func ServerInternalErr 

func ServerInternalErr(err error) *Error

ServerInternalErr returns a new acme error.

func TLSErr 

func TLSErr(err error) *Error

TLSErr returns a new acme error.

func UnauthorizedErr 

func UnauthorizedErr(err error) *Error

UnauthorizedErr returns a new acme error.

func UnsupportedContactErr 

func UnsupportedContactErr(err error) *Error

UnsupportedContactErr returns a new acme error.

func UnsupportedIdentifierErr 

func UnsupportedIdentifierErr(err error) *Error

UnsupportedIdentifierErr returns a new acme error.

func UserActionRequiredErr 

func UserActionRequiredErr(err error) *Error

UserActionRequiredErr returns a new acme error.

func Wrap 

func Wrap(err error, wrap string) *Error

Wrap attempts to wrap the internal error.

func (*Error) Cause 

func (e *Error) Cause() error

Cause returns the internal error and implements the Causer interface.

func (*Error) Error 

func (e *Error) Error() string

Error implements the error interface.

func (*Error) StatusCode 

func (e *Error) StatusCode() int

StatusCode returns the status code and implements the StatusCode interface.

func (*Error) ToACME 

func (e *Error) ToACME() *AError

ToACME returns an acme representation of the problem type.

type Identifier 

type Identifier struct {
	Type  string `json:"type"`
	Value string `json:"value"`
}

Identifier encodes the type that an order pertains to.

type Interface 

type Interface interface {
	DeactivateAccount(provisioner.Interface, string) (*Account, error)
	FinalizeOrder(provisioner.Interface, string, string, *x509.CertificateRequest) (*Order, error)
	GetAccount(provisioner.Interface, string) (*Account, error)
	GetAccountByKey(provisioner.Interface, *jose.JSONWebKey) (*Account, error)
	GetAuthz(provisioner.Interface, string, string) (*Authz, error)
	GetCertificate(string, string) ([]byte, error)
	GetDirectory(provisioner.Interface) *Directory
	GetLink(Link, string, bool, ...string) string
	GetOrder(provisioner.Interface, string, string) (*Order, error)
	GetOrdersByAccount(provisioner.Interface, string) ([]string, error)
	LoadProvisionerByID(string) (provisioner.Interface, error)
	NewAccount(provisioner.Interface, AccountOptions) (*Account, error)
	NewNonce() (string, error)
	NewOrder(provisioner.Interface, OrderOptions) (*Order, error)
	UpdateAccount(provisioner.Interface, string, []string) (*Account, error)
	UseNonce(string) error
	ValidateChallenge(provisioner.Interface, string, string, *jose.JSONWebKey) (*Challenge, error)
}

Interface is the acme authority interface. 

type Link int

Link captures the link type. 

const (
	// NewNonceLink new-nonce
	NewNonceLink Link = iota
	// NewAccountLink new-account
	NewAccountLink
	// AccountLink account
	AccountLink
	// OrderLink order
	OrderLink
	// NewOrderLink new-order
	NewOrderLink
	// OrdersByAccountLink list of orders owned by account
	OrdersByAccountLink
	// FinalizeLink finalize order
	FinalizeLink
	// NewAuthzLink authz
	NewAuthzLink
	// AuthzLink new-authz
	AuthzLink
	// ChallengeLink challenge
	ChallengeLink
	// CertificateLink certificate
	CertificateLink
	// DirectoryLink directory
	DirectoryLink
	// RevokeCertLink revoke certificate
	RevokeCertLink
	// KeyChangeLink key rollover
	KeyChangeLink
)

func (Link) String 

func (l Link) String() string

type Order 

type Order struct {
	Status         string       `json:"status"`
	Expires        string       `json:"expires,omitempty"`
	Identifiers    []Identifier `json:"identifiers"`
	NotBefore      string       `json:"notBefore,omitempty"`
	NotAfter       string       `json:"notAfter,omitempty"`
	Error          interface{}  `json:"error,omitempty"`
	Authorizations []string     `json:"authorizations"`
	Finalize       string       `json:"finalize"`
	Certificate    string       `json:"certificate,omitempty"`
	ID             string       `json:"-"`
}

Order contains order metadata for the ACME protocol order type.

func (*Order) GetID 

func (o *Order) GetID() string

GetID returns the Order ID.

func (*Order) ToLog 

func (o *Order) ToLog() (interface{}, error)

ToLog enables response logging.

type OrderOptions 

type OrderOptions struct {
	AccountID   string       `json:"accID"`
	Identifiers []Identifier `json:"identifiers"`
	NotBefore   time.Time    `json:"notBefore"`
	NotAfter    time.Time    `json:"notAfter"`
}

OrderOptions options with which to create a new Order.

type ProbType 

type ProbType int

ProbType is the type of the ACME problem.

func (ProbType) String 

func (ap ProbType) String() string

String returns the string representation of the acme problem type, fulfilling the Stringer interface.

type SignAuthority 

type SignAuthority interface {
	Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
	LoadProvisionerByID(string) (provisioner.Interface, error)
}

SignAuthority is the interface implemented by a CA authority.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.