acme

package
v0.14.0-rc.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 8, 2020 License: Apache-2.0 Imports: 26 Imported by: 21

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// StatusValid -- valid
	StatusValid = "valid"
	// StatusInvalid -- invalid
	StatusInvalid = "invalid"
	// StatusPending -- pending; e.g. an Order that is not ready to be finalized.
	StatusPending = "pending"
	// StatusDeactivated -- deactivated; e.g. for an Account that is not longer valid.
	StatusDeactivated = "deactivated"
	// StatusReady -- ready; e.g. for an Order that is ready to be finalized.
	StatusReady = "ready"
)

Functions

func KeyAuthorization

func KeyAuthorization(token string, jwk *jose.JSONWebKey) (string, error)

KeyAuthorization creates the ACME key authorization value from a token and a jwk.

func URLSafeProvisionerName

func URLSafeProvisionerName(p provisioner.Interface) string

URLSafeProvisionerName returns a path escaped version of the ACME provisioner ID that is safe to use in URL paths.

Types

type AError

type AError struct {
	Type        string        `json:"type"`
	Detail      string        `json:"detail"`
	Identifier  interface{}   `json:"identifier,omitempty"`
	Subproblems []interface{} `json:"subproblems,omitempty"`
	Status      int           `json:"-"`
}

AError is the error type as seen in acme request/responses.

func (*AError) Error

func (ae *AError) Error() string

Error allows AError to implement the error interface.

func (*AError) StatusCode

func (ae *AError) StatusCode() int

StatusCode returns the status code and implements the StatusCode interface.

type Account

type Account struct {
	Contact []string         `json:"contact,omitempty"`
	Status  string           `json:"status"`
	Orders  string           `json:"orders"`
	ID      string           `json:"-"`
	Key     *jose.JSONWebKey `json:"-"`
}

Account is a subset of the internal account type containing only those attributes required for responses in the ACME protocol.

func (*Account) GetID

func (a *Account) GetID() string

GetID returns the account ID.

func (*Account) GetKey

func (a *Account) GetKey() *jose.JSONWebKey

GetKey returns the JWK associated with the account.

func (*Account) IsValid

func (a *Account) IsValid() bool

IsValid returns true if the Account is valid.

func (*Account) ToLog

func (a *Account) ToLog() (interface{}, error)

ToLog enables response logging.

type AccountOptions

type AccountOptions struct {
	Key     *jose.JSONWebKey
	Contact []string
}

AccountOptions are the options needed to create a new ACME account.

type Authority

type Authority struct {
	// contains filtered or unexported fields
}

Authority is the layer that handles all ACME interactions.

func NewAuthority

func NewAuthority(db nosql.DB, dns, prefix string, signAuth SignAuthority) (*Authority, error)

NewAuthority returns a new Authority that implements the ACME interface.

func (*Authority) DeactivateAccount

func (a *Authority) DeactivateAccount(p provisioner.Interface, id string) (*Account, error)

DeactivateAccount deactivates an ACME account.

func (*Authority) FinalizeOrder

func (a *Authority) FinalizeOrder(p provisioner.Interface, accID, orderID string, csr *x509.CertificateRequest) (*Order, error)

FinalizeOrder attempts to finalize an order and generate a new certificate.

func (*Authority) GetAccount

func (a *Authority) GetAccount(p provisioner.Interface, id string) (*Account, error)

GetAccount returns an ACME account.

func (*Authority) GetAccountByKey

func (a *Authority) GetAccountByKey(p provisioner.Interface, jwk *jose.JSONWebKey) (*Account, error)

GetAccountByKey returns the ACME associated with the jwk id.

func (*Authority) GetAuthz

func (a *Authority) GetAuthz(p provisioner.Interface, accID, authzID string) (*Authz, error)

GetAuthz retrieves and attempts to update the status on an ACME authz before returning.

func (*Authority) GetCertificate

func (a *Authority) GetCertificate(accID, certID string) ([]byte, error)

GetCertificate retrieves the Certificate by ID.

func (*Authority) GetDirectory

func (a *Authority) GetDirectory(p provisioner.Interface) *Directory

GetDirectory returns the ACME directory object.

func (a *Authority) GetLink(typ Link, provID string, abs bool, inputs ...string) string

GetLink returns the requested link from the directory.

func (*Authority) GetOrder

func (a *Authority) GetOrder(p provisioner.Interface, accID, orderID string) (*Order, error)

GetOrder returns an ACME order.

func (*Authority) GetOrdersByAccount

func (a *Authority) GetOrdersByAccount(p provisioner.Interface, id string) ([]string, error)

GetOrdersByAccount returns the list of order urls owned by the account.

func (*Authority) LoadProvisionerByID

func (a *Authority) LoadProvisionerByID(id string) (provisioner.Interface, error)

LoadProvisionerByID calls out to the SignAuthority interface to load a provisioner by ID.

func (*Authority) NewAccount

func (a *Authority) NewAccount(p provisioner.Interface, ao AccountOptions) (*Account, error)

NewAccount creates, stores, and returns a new ACME account.

func (*Authority) NewNonce

func (a *Authority) NewNonce() (string, error)

NewNonce generates, stores, and returns a new ACME nonce.

func (*Authority) NewOrder

func (a *Authority) NewOrder(p provisioner.Interface, ops OrderOptions) (*Order, error)

NewOrder generates, stores, and returns a new ACME order.

func (*Authority) UpdateAccount

func (a *Authority) UpdateAccount(p provisioner.Interface, id string, contact []string) (*Account, error)

UpdateAccount updates an ACME account.

func (*Authority) UseNonce

func (a *Authority) UseNonce(nonce string) error

UseNonce consumes the given nonce if it is valid, returns error otherwise.

func (*Authority) ValidateChallenge

func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID string, jwk *jose.JSONWebKey) (*Challenge, error)

ValidateChallenge attempts to validate the challenge.

type Authz

type Authz struct {
	Identifier Identifier   `json:"identifier"`
	Status     string       `json:"status"`
	Expires    string       `json:"expires"`
	Challenges []*Challenge `json:"challenges"`
	Wildcard   bool         `json:"wildcard"`
	ID         string       `json:"-"`
}

Authz is a subset of the Authz type containing only those attributes required for responses in the ACME protocol.

func (*Authz) GetID

func (a *Authz) GetID() string

GetID returns the Authz ID.

func (*Authz) ToLog

func (a *Authz) ToLog() (interface{}, error)

ToLog enables response logging.

type CertOptions

type CertOptions struct {
	AccountID     string
	OrderID       string
	Leaf          *x509.Certificate
	Intermediates []*x509.Certificate
}

CertOptions options with which to create and store a cert object.

type Challenge

type Challenge struct {
	Type      string  `json:"type"`
	Status    string  `json:"status"`
	Token     string  `json:"token"`
	Validated string  `json:"validated,omitempty"`
	URL       string  `json:"url"`
	Error     *AError `json:"error,omitempty"`
	ID        string  `json:"-"`
	AuthzID   string  `json:"-"`
}

Challenge is a subset of the challenge type containing only those attributes required for responses in the ACME protocol.

func (*Challenge) GetAuthzID

func (c *Challenge) GetAuthzID() string

GetAuthzID returns the parent Authz ID that owns the Challenge.

func (*Challenge) GetID

func (c *Challenge) GetID() string

GetID returns the Challenge ID.

func (*Challenge) ToLog

func (c *Challenge) ToLog() (interface{}, error)

ToLog enables response logging.

type ChallengeOptions

type ChallengeOptions struct {
	AccountID  string
	AuthzID    string
	Identifier Identifier
}

ChallengeOptions is the type used to created a new Challenge.

type Clock

type Clock int

Clock that returns time in UTC rounded to seconds.

func (*Clock) Now

func (c *Clock) Now() time.Time

Now returns the UTC time rounded to seconds.

type Directory

type Directory struct {
	NewNonce   string `json:"newNonce,omitempty"`
	NewAccount string `json:"newAccount,omitempty"`
	NewOrder   string `json:"newOrder,omitempty"`
	NewAuthz   string `json:"newAuthz,omitempty"`
	RevokeCert string `json:"revokeCert,omitempty"`
	KeyChange  string `json:"keyChange,omitempty"`
}

Directory represents an ACME directory for configuring clients.

func (*Directory) ToLog

func (d *Directory) ToLog() (interface{}, error)

ToLog enables response logging for the Directory type.

type Error

type Error struct {
	Type       ProbType
	Detail     string
	Err        error
	Status     int
	Sub        []*Error
	Identifier *Identifier
}

Error is an ACME error type complete with problem document.

func AccountDoesNotExistErr

func AccountDoesNotExistErr(err error) *Error

AccountDoesNotExistErr returns a new acme error.

func AlreadyRevokedErr

func AlreadyRevokedErr(err error) *Error

AlreadyRevokedErr returns a new acme error.

func BadCSRErr

func BadCSRErr(err error) *Error

BadCSRErr returns a new acme error.

func BadNonceErr

func BadNonceErr(err error) *Error

BadNonceErr returns a new acme error.

func BadPublicKeyErr

func BadPublicKeyErr(err error) *Error

BadPublicKeyErr returns a new acme error.

func BadRevocationReasonErr

func BadRevocationReasonErr(err error) *Error

BadRevocationReasonErr returns a new acme error.

func BadSignatureAlgorithmErr

func BadSignatureAlgorithmErr(err error) *Error

BadSignatureAlgorithmErr returns a new acme error.

func CaaErr

func CaaErr(err error) *Error

CaaErr returns a new acme error.

func CompoundErr

func CompoundErr(err error) *Error

CompoundErr returns a new acme error.

func ConnectionErr

func ConnectionErr(err error) *Error

ConnectionErr returns a new acme error.

func DNSErr

func DNSErr(err error) *Error

DNSErr returns a new acme error.

func ExternalAccountRequiredErr

func ExternalAccountRequiredErr(err error) *Error

ExternalAccountRequiredErr returns a new acme error.

func IncorrectResponseErr

func IncorrectResponseErr(err error) *Error

IncorrectResponseErr returns a new acme error.

func InvalidContactErr

func InvalidContactErr(err error) *Error

InvalidContactErr returns a new acme error.

func MalformedErr

func MalformedErr(err error) *Error

MalformedErr returns a new acme error.

func OrderNotReadyErr

func OrderNotReadyErr(err error) *Error

OrderNotReadyErr returns a new acme error.

func RateLimitedErr

func RateLimitedErr(err error) *Error

RateLimitedErr returns a new acme error.

func RejectedIdentifierErr

func RejectedIdentifierErr(err error) *Error

RejectedIdentifierErr returns a new acme error.

func ServerInternalErr

func ServerInternalErr(err error) *Error

ServerInternalErr returns a new acme error.

func TLSErr

func TLSErr(err error) *Error

TLSErr returns a new acme error.

func UnauthorizedErr

func UnauthorizedErr(err error) *Error

UnauthorizedErr returns a new acme error.

func UnsupportedContactErr

func UnsupportedContactErr(err error) *Error

UnsupportedContactErr returns a new acme error.

func UnsupportedIdentifierErr

func UnsupportedIdentifierErr(err error) *Error

UnsupportedIdentifierErr returns a new acme error.

func UserActionRequiredErr

func UserActionRequiredErr(err error) *Error

UserActionRequiredErr returns a new acme error.

func Wrap

func Wrap(err error, wrap string) *Error

Wrap attempts to wrap the internal error.

func (*Error) Cause

func (e *Error) Cause() error

Cause returns the internal error and implements the Causer interface.

func (*Error) Error

func (e *Error) Error() string

Error implements the error interface.

func (*Error) StatusCode

func (e *Error) StatusCode() int

StatusCode returns the status code and implements the StatusCode interface.

func (*Error) ToACME

func (e *Error) ToACME() *AError

ToACME returns an acme representation of the problem type.

type Identifier

type Identifier struct {
	Type  string `json:"type"`
	Value string `json:"value"`
}

Identifier encodes the type that an order pertains to.

type Interface

type Interface interface {
	DeactivateAccount(provisioner.Interface, string) (*Account, error)
	FinalizeOrder(provisioner.Interface, string, string, *x509.CertificateRequest) (*Order, error)
	GetAccount(provisioner.Interface, string) (*Account, error)
	GetAccountByKey(provisioner.Interface, *jose.JSONWebKey) (*Account, error)
	GetAuthz(provisioner.Interface, string, string) (*Authz, error)
	GetCertificate(string, string) ([]byte, error)
	GetDirectory(provisioner.Interface) *Directory
	GetLink(Link, string, bool, ...string) string
	GetOrder(provisioner.Interface, string, string) (*Order, error)
	GetOrdersByAccount(provisioner.Interface, string) ([]string, error)
	LoadProvisionerByID(string) (provisioner.Interface, error)
	NewAccount(provisioner.Interface, AccountOptions) (*Account, error)
	NewNonce() (string, error)
	NewOrder(provisioner.Interface, OrderOptions) (*Order, error)
	UpdateAccount(provisioner.Interface, string, []string) (*Account, error)
	UseNonce(string) error
	ValidateChallenge(provisioner.Interface, string, string, *jose.JSONWebKey) (*Challenge, error)
}

Interface is the acme authority interface.

type Link int

Link captures the link type.

const (
	// NewNonceLink new-nonce
	NewNonceLink Link = iota
	// NewAccountLink new-account
	NewAccountLink
	// AccountLink account
	AccountLink
	// OrderLink order
	OrderLink
	// NewOrderLink new-order
	NewOrderLink
	// OrdersByAccountLink list of orders owned by account
	OrdersByAccountLink
	// FinalizeLink finalize order
	FinalizeLink
	// NewAuthzLink authz
	NewAuthzLink
	// AuthzLink new-authz
	AuthzLink
	// ChallengeLink challenge
	ChallengeLink
	// CertificateLink certificate
	CertificateLink
	// DirectoryLink directory
	DirectoryLink
	// RevokeCertLink revoke certificate
	RevokeCertLink
	// KeyChangeLink key rollover
	KeyChangeLink
)

func (Link) String

func (l Link) String() string

type Order

type Order struct {
	Status         string       `json:"status"`
	Expires        string       `json:"expires,omitempty"`
	Identifiers    []Identifier `json:"identifiers"`
	NotBefore      string       `json:"notBefore,omitempty"`
	NotAfter       string       `json:"notAfter,omitempty"`
	Error          interface{}  `json:"error,omitempty"`
	Authorizations []string     `json:"authorizations"`
	Finalize       string       `json:"finalize"`
	Certificate    string       `json:"certificate,omitempty"`
	ID             string       `json:"-"`
}

Order contains order metadata for the ACME protocol order type.

func (*Order) GetID

func (o *Order) GetID() string

GetID returns the Order ID.

func (*Order) ToLog

func (o *Order) ToLog() (interface{}, error)

ToLog enables response logging.

type OrderOptions

type OrderOptions struct {
	AccountID   string       `json:"accID"`
	Identifiers []Identifier `json:"identifiers"`
	NotBefore   time.Time    `json:"notBefore"`
	NotAfter    time.Time    `json:"notAfter"`
}

OrderOptions options with which to create a new Order.

type ProbType

type ProbType int

ProbType is the type of the ACME problem.

func (ProbType) String

func (ap ProbType) String() string

String returns the string representation of the acme problem type, fulfilling the Stringer interface.

type SignAuthority

type SignAuthority interface {
	Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
	LoadProvisionerByID(string) (provisioner.Interface, error)
}

SignAuthority is the interface implemented by a CA authority.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL