Documentation ¶
Index ¶
- Variables
- func KeyAuthorization(token string, jwk *jose.JSONWebKey) (string, error)
- func URLSafeProvisionerName(p provisioner.Interface) string
- type AError
- type Account
- type AccountOptions
- type Authority
- func (a *Authority) DeactivateAccount(p provisioner.Interface, id string) (*Account, error)
- func (a *Authority) FinalizeOrder(p provisioner.Interface, accID, orderID string, csr *x509.CertificateRequest) (*Order, error)
- func (a *Authority) GetAccount(p provisioner.Interface, id string) (*Account, error)
- func (a *Authority) GetAccountByKey(p provisioner.Interface, jwk *jose.JSONWebKey) (*Account, error)
- func (a *Authority) GetAuthz(p provisioner.Interface, accID, authzID string) (*Authz, error)
- func (a *Authority) GetCertificate(accID, certID string) ([]byte, error)
- func (a *Authority) GetDirectory(p provisioner.Interface) *Directory
- func (a *Authority) GetLink(typ Link, provID string, abs bool, inputs ...string) string
- func (a *Authority) GetOrder(p provisioner.Interface, accID, orderID string) (*Order, error)
- func (a *Authority) GetOrdersByAccount(p provisioner.Interface, id string) ([]string, error)
- func (a *Authority) LoadProvisionerByID(id string) (provisioner.Interface, error)
- func (a *Authority) NewAccount(p provisioner.Interface, ao AccountOptions) (*Account, error)
- func (a *Authority) NewNonce() (string, error)
- func (a *Authority) NewOrder(p provisioner.Interface, ops OrderOptions) (*Order, error)
- func (a *Authority) UpdateAccount(p provisioner.Interface, id string, contact []string) (*Account, error)
- func (a *Authority) UseNonce(nonce string) error
- func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID string, jwk *jose.JSONWebKey) (*Challenge, error)
- type Authz
- type CertOptions
- type Challenge
- type ChallengeOptions
- type Clock
- type Directory
- type Error
- func AccountDoesNotExistErr(err error) *Error
- func AlreadyRevokedErr(err error) *Error
- func BadCSRErr(err error) *Error
- func BadNonceErr(err error) *Error
- func BadPublicKeyErr(err error) *Error
- func BadRevocationReasonErr(err error) *Error
- func BadSignatureAlgorithmErr(err error) *Error
- func CaaErr(err error) *Error
- func CompoundErr(err error) *Error
- func ConnectionErr(err error) *Error
- func DNSErr(err error) *Error
- func ExternalAccountRequiredErr(err error) *Error
- func IncorrectResponseErr(err error) *Error
- func InvalidContactErr(err error) *Error
- func MalformedErr(err error) *Error
- func OrderNotReadyErr(err error) *Error
- func RateLimitedErr(err error) *Error
- func RejectedIdentifierErr(err error) *Error
- func ServerInternalErr(err error) *Error
- func TLSErr(err error) *Error
- func UnauthorizedErr(err error) *Error
- func UnsupportedContactErr(err error) *Error
- func UnsupportedIdentifierErr(err error) *Error
- func UserActionRequiredErr(err error) *Error
- func Wrap(err error, wrap string) *Error
- type Identifier
- type Interface
- type Link
- type Order
- type OrderOptions
- type ProbType
- type SignAuthority
Constants ¶
This section is empty.
Variables ¶
var ( // StatusValid -- valid StatusValid = "valid" // StatusInvalid -- invalid StatusInvalid = "invalid" // StatusPending -- pending; e.g. an Order that is not ready to be finalized. StatusPending = "pending" // StatusDeactivated -- deactivated; e.g. for an Account that is not longer valid. StatusDeactivated = "deactivated" // StatusReady -- ready; e.g. for an Order that is ready to be finalized. StatusReady = "ready" )
Functions ¶
func KeyAuthorization ¶
func KeyAuthorization(token string, jwk *jose.JSONWebKey) (string, error)
KeyAuthorization creates the ACME key authorization value from a token and a jwk.
func URLSafeProvisionerName ¶
func URLSafeProvisionerName(p provisioner.Interface) string
URLSafeProvisionerName returns a path escaped version of the ACME provisioner ID that is safe to use in URL paths.
Types ¶
type AError ¶
type AError struct { Type string `json:"type"` Detail string `json:"detail"` Identifier interface{} `json:"identifier,omitempty"` Subproblems []interface{} `json:"subproblems,omitempty"` Status int `json:"-"` }
AError is the error type as seen in acme request/responses.
func (*AError) StatusCode ¶
StatusCode returns the status code and implements the StatusCode interface.
type Account ¶
type Account struct { Contact []string `json:"contact,omitempty"` Status string `json:"status"` Orders string `json:"orders"` ID string `json:"-"` Key *jose.JSONWebKey `json:"-"` }
Account is a subset of the internal account type containing only those attributes required for responses in the ACME protocol.
func (*Account) GetKey ¶
func (a *Account) GetKey() *jose.JSONWebKey
GetKey returns the JWK associated with the account.
type AccountOptions ¶
type AccountOptions struct { Key *jose.JSONWebKey Contact []string }
AccountOptions are the options needed to create a new ACME account.
type Authority ¶
type Authority struct {
// contains filtered or unexported fields
}
Authority is the layer that handles all ACME interactions.
func NewAuthority ¶
func NewAuthority(db nosql.DB, dns, prefix string, signAuth SignAuthority) *Authority
NewAuthority returns a new Authority that implements the ACME interface.
func (*Authority) DeactivateAccount ¶
DeactivateAccount deactivates an ACME account.
func (*Authority) FinalizeOrder ¶
func (a *Authority) FinalizeOrder(p provisioner.Interface, accID, orderID string, csr *x509.CertificateRequest) (*Order, error)
FinalizeOrder attempts to finalize an order and generate a new certificate.
func (*Authority) GetAccount ¶
GetAccount returns an ACME account.
func (*Authority) GetAccountByKey ¶
func (a *Authority) GetAccountByKey(p provisioner.Interface, jwk *jose.JSONWebKey) (*Account, error)
GetAccountByKey returns the ACME associated with the jwk id.
func (*Authority) GetAuthz ¶
GetAuthz retrieves and attempts to update the status on an ACME authz before returning.
func (*Authority) GetCertificate ¶
GetCertificate retrieves the Certificate by ID.
func (*Authority) GetDirectory ¶
func (a *Authority) GetDirectory(p provisioner.Interface) *Directory
GetDirectory returns the ACME directory object.
func (*Authority) GetOrdersByAccount ¶
GetOrdersByAccount returns the list of order urls owned by the account.
func (*Authority) LoadProvisionerByID ¶
func (a *Authority) LoadProvisionerByID(id string) (provisioner.Interface, error)
LoadProvisionerByID calls out to the SignAuthority interface to load a provisioner by ID.
func (*Authority) NewAccount ¶
func (a *Authority) NewAccount(p provisioner.Interface, ao AccountOptions) (*Account, error)
NewAccount creates, stores, and returns a new ACME account.
func (*Authority) NewOrder ¶
func (a *Authority) NewOrder(p provisioner.Interface, ops OrderOptions) (*Order, error)
NewOrder generates, stores, and returns a new ACME order.
func (*Authority) UpdateAccount ¶
func (a *Authority) UpdateAccount(p provisioner.Interface, id string, contact []string) (*Account, error)
UpdateAccount updates an ACME account.
func (*Authority) UseNonce ¶
UseNonce consumes the given nonce if it is valid, returns error otherwise.
func (*Authority) ValidateChallenge ¶
func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID string, jwk *jose.JSONWebKey) (*Challenge, error)
ValidateChallenge attempts to validate the challenge.
type Authz ¶
type Authz struct { Identifier Identifier `json:"identifier"` Status string `json:"status"` Expires string `json:"expires"` Challenges []*Challenge `json:"challenges"` Wildcard bool `json:"wildcard"` ID string `json:"-"` }
Authz is a subset of the Authz type containing only those attributes required for responses in the ACME protocol.
type CertOptions ¶
type CertOptions struct { AccountID string OrderID string Leaf *x509.Certificate Intermediates []*x509.Certificate }
CertOptions options with which to create and store a cert object.
type Challenge ¶
type Challenge struct { Type string `json:"type"` Status string `json:"status"` Token string `json:"token"` Validated string `json:"validated,omitempty"` URL string `json:"url"` Error *AError `json:"error,omitempty"` ID string `json:"-"` AuthzID string `json:"-"` }
Challenge is a subset of the challenge type containing only those attributes required for responses in the ACME protocol.
func (*Challenge) GetAuthzID ¶
GetAuthzID returns the parent Authz ID that owns the Challenge.
type ChallengeOptions ¶
type ChallengeOptions struct { AccountID string AuthzID string Identifier Identifier }
ChallengeOptions is the type used to created a new Challenge.
type Directory ¶
type Directory struct { NewNonce string `json:"newNonce,omitempty"` NewAccount string `json:"newAccount,omitempty"` NewOrder string `json:"newOrder,omitempty"` NewAuthz string `json:"newAuthz,omitempty"` RevokeCert string `json:"revokeCert,omitempty"` KeyChange string `json:"keyChange,omitempty"` }
Directory represents an ACME directory for configuring clients.
type Error ¶
type Error struct { Type ProbType Detail string Err error Status int Sub []*Error Identifier *Identifier }
Error is an ACME error type complete with problem document.
func AccountDoesNotExistErr ¶
AccountDoesNotExistErr returns a new acme error.
func AlreadyRevokedErr ¶
AlreadyRevokedErr returns a new acme error.
func BadPublicKeyErr ¶
BadPublicKeyErr returns a new acme error.
func BadRevocationReasonErr ¶
BadRevocationReasonErr returns a new acme error.
func BadSignatureAlgorithmErr ¶
BadSignatureAlgorithmErr returns a new acme error.
func ExternalAccountRequiredErr ¶
ExternalAccountRequiredErr returns a new acme error.
func IncorrectResponseErr ¶
IncorrectResponseErr returns a new acme error.
func InvalidContactErr ¶
InvalidContactErr returns a new acme error.
func OrderNotReadyErr ¶
OrderNotReadyErr returns a new acme error.
func RateLimitedErr ¶
RateLimitedErr returns a new acme error.
func RejectedIdentifierErr ¶
RejectedIdentifierErr returns a new acme error.
func ServerInternalErr ¶
ServerInternalErr returns a new acme error.
func UnauthorizedErr ¶
UnauthorizedErr returns a new acme error.
func UnsupportedContactErr ¶
UnsupportedContactErr returns a new acme error.
func UnsupportedIdentifierErr ¶
UnsupportedIdentifierErr returns a new acme error.
func UserActionRequiredErr ¶
UserActionRequiredErr returns a new acme error.
func (*Error) StatusCode ¶
StatusCode returns the status code and implements the StatusCode interface.
type Identifier ¶
Identifier encodes the type that an order pertains to.
type Interface ¶
type Interface interface { DeactivateAccount(provisioner.Interface, string) (*Account, error) FinalizeOrder(provisioner.Interface, string, string, *x509.CertificateRequest) (*Order, error) GetAccount(provisioner.Interface, string) (*Account, error) GetAccountByKey(provisioner.Interface, *jose.JSONWebKey) (*Account, error) GetAuthz(provisioner.Interface, string, string) (*Authz, error) GetCertificate(string, string) ([]byte, error) GetDirectory(provisioner.Interface) *Directory GetLink(Link, string, bool, ...string) string GetOrder(provisioner.Interface, string, string) (*Order, error) GetOrdersByAccount(provisioner.Interface, string) ([]string, error) LoadProvisionerByID(string) (provisioner.Interface, error) NewAccount(provisioner.Interface, AccountOptions) (*Account, error) NewNonce() (string, error) NewOrder(provisioner.Interface, OrderOptions) (*Order, error) UpdateAccount(provisioner.Interface, string, []string) (*Account, error) UseNonce(string) error ValidateChallenge(provisioner.Interface, string, string, *jose.JSONWebKey) (*Challenge, error) }
Interface is the acme authority interface.
type Link ¶
type Link int
Link captures the link type.
const ( // NewNonceLink new-nonce NewNonceLink Link = iota // NewAccountLink new-account NewAccountLink // AccountLink account AccountLink // OrderLink order OrderLink // NewOrderLink new-order NewOrderLink // OrdersByAccountLink list of orders owned by account OrdersByAccountLink // FinalizeLink finalize order FinalizeLink // NewAuthzLink authz NewAuthzLink // AuthzLink new-authz AuthzLink // ChallengeLink challenge ChallengeLink // CertificateLink certificate CertificateLink // DirectoryLink directory DirectoryLink // RevokeCertLink revoke certificate RevokeCertLink // KeyChangeLink key rollover KeyChangeLink )
type Order ¶
type Order struct { Status string `json:"status"` Expires string `json:"expires,omitempty"` Identifiers []Identifier `json:"identifiers"` NotBefore string `json:"notBefore,omitempty"` NotAfter string `json:"notAfter,omitempty"` Error interface{} `json:"error,omitempty"` Authorizations []string `json:"authorizations"` Finalize string `json:"finalize"` Certificate string `json:"certificate,omitempty"` ID string `json:"-"` }
Order contains order metadata for the ACME protocol order type.
type OrderOptions ¶
type OrderOptions struct { AccountID string `json:"accID"` Identifiers []Identifier `json:"identifiers"` NotBefore time.Time `json:"notBefore"` NotAfter time.Time `json:"notAfter"` }
OrderOptions options with which to create a new Order.
type SignAuthority ¶
type SignAuthority interface { Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) LoadProvisionerByID(string) (provisioner.Interface, error) }
SignAuthority is the interface implemented by a CA authority.