Documentation ¶
Index ¶
- Variables
- func KeyAuthorization(token string, jwk *jose.JSONWebKey) (string, error)
- func KeyToID(jwk *jose.JSONWebKey) (string, error)
- func WriteError(w http.ResponseWriter, err *Error)
- type Account
- type Authorization
- type Certificate
- type CertificateAuthority
- type Challenge
- type Clock
- type DB
- type Error
- type Identifier
- type MockDB
- func (m *MockDB) CreateAccount(ctx context.Context, acc *Account) error
- func (m *MockDB) CreateAuthorization(ctx context.Context, az *Authorization) error
- func (m *MockDB) CreateCertificate(ctx context.Context, cert *Certificate) error
- func (m *MockDB) CreateChallenge(ctx context.Context, ch *Challenge) error
- func (m *MockDB) CreateNonce(ctx context.Context) (Nonce, error)
- func (m *MockDB) CreateOrder(ctx context.Context, o *Order) error
- func (m *MockDB) DeleteNonce(ctx context.Context, nonce Nonce) error
- func (m *MockDB) GetAccount(ctx context.Context, id string) (*Account, error)
- func (m *MockDB) GetAccountByKeyID(ctx context.Context, kid string) (*Account, error)
- func (m *MockDB) GetAuthorization(ctx context.Context, id string) (*Authorization, error)
- func (m *MockDB) GetCertificate(ctx context.Context, id string) (*Certificate, error)
- func (m *MockDB) GetChallenge(ctx context.Context, chID, azID string) (*Challenge, error)
- func (m *MockDB) GetOrder(ctx context.Context, id string) (*Order, error)
- func (m *MockDB) GetOrdersByAccountID(ctx context.Context, accID string) ([]string, error)
- func (m *MockDB) UpdateAccount(ctx context.Context, acc *Account) error
- func (m *MockDB) UpdateAuthorization(ctx context.Context, az *Authorization) error
- func (m *MockDB) UpdateChallenge(ctx context.Context, ch *Challenge) error
- func (m *MockDB) UpdateOrder(ctx context.Context, o *Order) error
- type MockProvisioner
- func (m *MockProvisioner) AuthorizeSign(ctx context.Context, ott string) ([]provisioner.SignOption, error)
- func (m *MockProvisioner) DefaultTLSCertDuration() time.Duration
- func (m *MockProvisioner) GetID() string
- func (m *MockProvisioner) GetName() string
- func (m *MockProvisioner) GetOptions() *provisioner.Options
- type Nonce
- type Order
- type ProblemType
- type Provisioner
- type Status
- type ValidateChallengeOptions
Constants ¶
This section is empty.
Variables ¶
var ( // StatusValid -- valid StatusValid = Status("valid") // StatusInvalid -- invalid StatusInvalid = Status("invalid") // StatusPending -- pending; e.g. an Order that is not ready to be finalized. StatusPending = Status("pending") // StatusDeactivated -- deactivated; e.g. for an Account that is not longer valid. StatusDeactivated = Status("deactivated") // StatusReady -- ready; e.g. for an Order that is ready to be finalized. StatusReady = Status("ready") )
var ErrNotFound = errors.New("not found")
ErrNotFound is an error that should be used by the acme.DB interface to indicate that an entity does not exist. For example, in the new-account endpoint, if GetAccountByKeyID returns ErrNotFound we will create the new account.
Functions ¶
func KeyAuthorization ¶
func KeyAuthorization(token string, jwk *jose.JSONWebKey) (string, error)
KeyAuthorization creates the ACME key authorization value from a token and a jwk.
func KeyToID ¶ added in v0.15.12
func KeyToID(jwk *jose.JSONWebKey) (string, error)
KeyToID converts a JWK to a thumbprint.
func WriteError ¶ added in v0.15.12
func WriteError(w http.ResponseWriter, err *Error)
WriteError writes to w a JSON representation of the given error.
Types ¶
type Account ¶
type Account struct { ID string `json:"-"` Key *jose.JSONWebKey `json:"-"` Contact []string `json:"contact,omitempty"` Status Status `json:"status"` OrdersURL string `json:"orders"` }
Account is a subset of the internal account type containing only those attributes required for responses in the ACME protocol.
type Authorization ¶ added in v0.15.12
type Authorization struct { ID string `json:"-"` AccountID string `json:"-"` Token string `json:"-"` Identifier Identifier `json:"identifier"` Status Status `json:"status"` Challenges []*Challenge `json:"challenges"` Wildcard bool `json:"wildcard"` ExpiresAt time.Time `json:"expires"` Error *Error `json:"error,omitempty"` }
Authorization representst an ACME Authorization.
func (*Authorization) ToLog ¶ added in v0.15.12
func (az *Authorization) ToLog() (interface{}, error)
ToLog enables response logging.
func (*Authorization) UpdateStatus ¶ added in v0.15.12
func (az *Authorization) UpdateStatus(ctx context.Context, db DB) error
UpdateStatus updates the ACME Authorization Status if necessary. Changes to the Authorization are saved using the database interface.
type Certificate ¶ added in v0.15.12
type Certificate struct { ID string AccountID string OrderID string Leaf *x509.Certificate Intermediates []*x509.Certificate }
Certificate options with which to create and store a cert object.
type CertificateAuthority ¶ added in v0.15.12
type CertificateAuthority interface { Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) LoadProvisionerByID(string) (provisioner.Interface, error) }
CertificateAuthority is the interface implemented by a CA authority.
type Challenge ¶
type Challenge struct { ID string `json:"-"` AccountID string `json:"-"` AuthorizationID string `json:"-"` Value string `json:"-"` Type string `json:"type"` Status Status `json:"status"` Token string `json:"token"` ValidatedAt string `json:"validated,omitempty"` URL string `json:"url"` Error *Error `json:"error,omitempty"` }
Challenge represents an ACME response Challenge type.
func (*Challenge) Validate ¶ added in v0.15.12
func (ch *Challenge) Validate(ctx context.Context, db DB, jwk *jose.JSONWebKey, vo *ValidateChallengeOptions) error
Validate attempts to validate the challenge. Stores changes to the Challenge type using the DB interface. satisfactorily validated, the 'status' and 'validated' attributes are updated.
type DB ¶ added in v0.15.12
type DB interface { CreateAccount(ctx context.Context, acc *Account) error GetAccount(ctx context.Context, id string) (*Account, error) GetAccountByKeyID(ctx context.Context, kid string) (*Account, error) UpdateAccount(ctx context.Context, acc *Account) error CreateNonce(ctx context.Context) (Nonce, error) DeleteNonce(ctx context.Context, nonce Nonce) error CreateAuthorization(ctx context.Context, az *Authorization) error GetAuthorization(ctx context.Context, id string) (*Authorization, error) UpdateAuthorization(ctx context.Context, az *Authorization) error CreateCertificate(ctx context.Context, cert *Certificate) error GetCertificate(ctx context.Context, id string) (*Certificate, error) CreateChallenge(ctx context.Context, ch *Challenge) error GetChallenge(ctx context.Context, id, authzID string) (*Challenge, error) UpdateChallenge(ctx context.Context, ch *Challenge) error CreateOrder(ctx context.Context, o *Order) error GetOrder(ctx context.Context, id string) (*Order, error) GetOrdersByAccountID(ctx context.Context, accountID string) ([]string, error) UpdateOrder(ctx context.Context, o *Order) error }
DB is the DB interface expected by the step-ca ACME API.
type Error ¶
type Error struct { Type string `json:"type"` Detail string `json:"detail"` Subproblems []interface{} `json:"subproblems,omitempty"` Identifier interface{} `json:"identifier,omitempty"` Err error `json:"-"` Status int `json:"-"` }
Error represents an ACME
func NewError ¶ added in v0.15.12
func NewError(pt ProblemType, msg string, args ...interface{}) *Error
NewError creates a new Error type.
func NewErrorISE ¶ added in v0.15.12
NewErrorISE creates a new ErrorServerInternalType Error.
func WrapError ¶ added in v0.15.12
func WrapError(typ ProblemType, err error, msg string, args ...interface{}) *Error
WrapError attempts to wrap the internal error.
func WrapErrorISE ¶ added in v0.15.12
WrapErrorISE shortcut to wrap an internal server error type.
func (*Error) StatusCode ¶
StatusCode returns the status code and implements the StatusCoder interface.
type Identifier ¶
Identifier encodes the type that an order pertains to.
type MockDB ¶ added in v0.15.12
type MockDB struct { MockCreateAccount func(ctx context.Context, acc *Account) error MockGetAccount func(ctx context.Context, id string) (*Account, error) MockGetAccountByKeyID func(ctx context.Context, kid string) (*Account, error) MockUpdateAccount func(ctx context.Context, acc *Account) error MockCreateNonce func(ctx context.Context) (Nonce, error) MockDeleteNonce func(ctx context.Context, nonce Nonce) error MockCreateAuthorization func(ctx context.Context, az *Authorization) error MockGetAuthorization func(ctx context.Context, id string) (*Authorization, error) MockUpdateAuthorization func(ctx context.Context, az *Authorization) error MockCreateCertificate func(ctx context.Context, cert *Certificate) error MockGetCertificate func(ctx context.Context, id string) (*Certificate, error) MockCreateChallenge func(ctx context.Context, ch *Challenge) error MockGetChallenge func(ctx context.Context, id, authzID string) (*Challenge, error) MockUpdateChallenge func(ctx context.Context, ch *Challenge) error MockCreateOrder func(ctx context.Context, o *Order) error MockGetOrder func(ctx context.Context, id string) (*Order, error) MockGetOrdersByAccountID func(ctx context.Context, accountID string) ([]string, error) MockUpdateOrder func(ctx context.Context, o *Order) error MockRet1 interface{} MockError error }
MockDB is an implementation of the DB interface that should only be used as a mock in tests.
func (*MockDB) CreateAccount ¶ added in v0.15.12
CreateAccount mock.
func (*MockDB) CreateAuthorization ¶ added in v0.15.12
func (m *MockDB) CreateAuthorization(ctx context.Context, az *Authorization) error
CreateAuthorization mock
func (*MockDB) CreateCertificate ¶ added in v0.15.12
func (m *MockDB) CreateCertificate(ctx context.Context, cert *Certificate) error
CreateCertificate mock
func (*MockDB) CreateChallenge ¶ added in v0.15.12
CreateChallenge mock
func (*MockDB) CreateNonce ¶ added in v0.15.12
CreateNonce mock
func (*MockDB) CreateOrder ¶ added in v0.15.12
CreateOrder mock
func (*MockDB) DeleteNonce ¶ added in v0.15.12
DeleteNonce mock
func (*MockDB) GetAccount ¶ added in v0.15.12
GetAccount mock.
func (*MockDB) GetAccountByKeyID ¶ added in v0.15.12
GetAccountByKeyID mock
func (*MockDB) GetAuthorization ¶ added in v0.15.12
GetAuthorization mock
func (*MockDB) GetCertificate ¶ added in v0.15.12
GetCertificate mock
func (*MockDB) GetChallenge ¶ added in v0.15.12
GetChallenge mock
func (*MockDB) GetOrdersByAccountID ¶ added in v0.15.12
GetOrdersByAccountID mock
func (*MockDB) UpdateAccount ¶ added in v0.15.12
UpdateAccount mock
func (*MockDB) UpdateAuthorization ¶ added in v0.15.12
func (m *MockDB) UpdateAuthorization(ctx context.Context, az *Authorization) error
UpdateAuthorization mock
func (*MockDB) UpdateChallenge ¶ added in v0.15.12
UpdateChallenge mock
type MockProvisioner ¶ added in v0.14.5
type MockProvisioner struct { Mret1 interface{} Merr error MgetID func() string MgetName func() string MdefaultTLSCertDuration func() time.Duration MgetOptions func() *provisioner.Options }
MockProvisioner for testing
func (*MockProvisioner) AuthorizeSign ¶ added in v0.14.5
func (m *MockProvisioner) AuthorizeSign(ctx context.Context, ott string) ([]provisioner.SignOption, error)
AuthorizeSign mock
func (*MockProvisioner) DefaultTLSCertDuration ¶ added in v0.14.5
func (m *MockProvisioner) DefaultTLSCertDuration() time.Duration
DefaultTLSCertDuration mock
func (*MockProvisioner) GetID ¶ added in v0.15.12
func (m *MockProvisioner) GetID() string
GetID mock
func (*MockProvisioner) GetName ¶ added in v0.14.5
func (m *MockProvisioner) GetName() string
GetName mock
func (*MockProvisioner) GetOptions ¶ added in v0.15.0
func (m *MockProvisioner) GetOptions() *provisioner.Options
GetOptions mock
type Order ¶
type Order struct { ID string `json:"id"` AccountID string `json:"-"` ProvisionerID string `json:"-"` Status Status `json:"status"` ExpiresAt time.Time `json:"expires"` Identifiers []Identifier `json:"identifiers"` NotBefore time.Time `json:"notBefore"` NotAfter time.Time `json:"notAfter"` Error *Error `json:"error,omitempty"` AuthorizationIDs []string `json:"-"` AuthorizationURLs []string `json:"authorizations"` FinalizeURL string `json:"finalize"` CertificateID string `json:"-"` CertificateURL string `json:"certificate,omitempty"` }
Order contains order metadata for the ACME protocol order type.
func (*Order) Finalize ¶
func (o *Order) Finalize(ctx context.Context, db DB, csr *x509.CertificateRequest, auth CertificateAuthority, p Provisioner) error
Finalize signs a certificate if the necessary conditions for Order completion have been met.
type ProblemType ¶ added in v0.15.12
type ProblemType int
ProblemType is the type of the ACME problem.
const ( // ErrorAccountDoesNotExistType request specified an account that does not exist ErrorAccountDoesNotExistType ProblemType = iota // ErrorAlreadyRevokedType request specified a certificate to be revoked that has already been revoked ErrorAlreadyRevokedType // ErrorBadCSRType CSR is unacceptable (e.g., due to a short key) ErrorBadCSRType // ErrorBadNonceType client sent an unacceptable anti-replay nonce ErrorBadNonceType // ErrorBadPublicKeyType JWS was signed by a public key the server does not support ErrorBadPublicKeyType // ErrorBadRevocationReasonType revocation reason provided is not allowed by the server ErrorBadRevocationReasonType // ErrorBadSignatureAlgorithmType JWS was signed with an algorithm the server does not support ErrorBadSignatureAlgorithmType // ErrorCaaType Authority Authorization (CAA) records forbid the CA from issuing a certificate ErrorCaaType // ErrorCompoundType error conditions are indicated in the “subproblems” array. ErrorCompoundType // ErrorConnectionType server could not connect to validation target ErrorConnectionType // ErrorDNSType was a problem with a DNS query during identifier validation ErrorDNSType // ErrorExternalAccountRequiredType request must include a value for the “externalAccountBinding” field ErrorExternalAccountRequiredType // ErrorIncorrectResponseType received didn’t match the challenge’s requirements ErrorIncorrectResponseType // ErrorInvalidContactType URL for an account was invalid ErrorInvalidContactType // ErrorMalformedType request message was malformed ErrorMalformedType // ErrorOrderNotReadyType request attempted to finalize an order that is not ready to be finalized ErrorOrderNotReadyType // ErrorRateLimitedType request exceeds a rate limit ErrorRateLimitedType // ErrorRejectedIdentifierType server will not issue certificates for the identifier ErrorRejectedIdentifierType // ErrorServerInternalType server experienced an internal error ErrorServerInternalType // ErrorTLSType server received a TLS error during validation ErrorTLSType ErrorUnauthorizedType // ErrorUnsupportedContactType URL for an account used an unsupported protocol scheme ErrorUnsupportedContactType // ErrorUnsupportedIdentifierType identifier is of an unsupported type ErrorUnsupportedIdentifierType // ErrorUserActionRequiredType the “instance” URL and take actions specified there ErrorUserActionRequiredType // ErrorNotImplementedType operation is not implemented ErrorNotImplementedType )
func (ProblemType) String ¶ added in v0.15.12
func (ap ProblemType) String() string
String returns the string representation of the acme problem type, fulfilling the Stringer interface.
type Provisioner ¶ added in v0.14.5
type Provisioner interface { AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error) GetID() string GetName() string DefaultTLSCertDuration() time.Duration GetOptions() *provisioner.Options }
Provisioner is an interface that implements a subset of the provisioner.Interface -- only those methods required by the ACME api/authority.
type ValidateChallengeOptions ¶ added in v0.15.12
type ValidateChallengeOptions struct { HTTPGet httpGetter LookupTxt lookupTxt TLSDial tlsDialer }
ValidateChallengeOptions are ACME challenge validator functions.