Documentation ¶
Index ¶
- Constants
- Variables
- func GetOCSPForCert(bundle []byte) ([]byte, int, error)
- func GetPEMCertExpiration(cert []byte) (time.Time, error)
- type CertificateResource
- type Client
- func (c *Client) AgreeToTOS() error
- func (c *Client) ObtainCertificates(domains []string, bundle bool) ([]CertificateResource, map[string]error)
- func (c *Client) Register() (*RegistrationResource, error)
- func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bundle bool) (CertificateResource, error)
- func (c *Client) RevokeCertificate(certificate []byte) error
- type Registration
- type RegistrationResource
- type RemoteError
- type TOSError
- type User
Constants ¶
const ( // OCSPGood means that the certificate is valid. OCSPGood = ocsp.Good // OCSPRevoked means that the certificate has been deliberately revoked. OCSPRevoked = ocsp.Revoked // OCSPUnknown means that the OCSP responder doesn't know about the certificate. OCSPUnknown = ocsp.Unknown // OCSPServerFailed means that the OCSP responder failed to process the request. OCSPServerFailed = ocsp.ServerFailed )
Variables ¶
var Logger *log.Logger
Logger is an optional custom logger.
var OnSimpleHTTPEnd func(bool)
OnSimpleHTTPEnd hook will get called AFTER SimpleHTTP determined the status of the domain.
var OnSimpleHTTPStart func(string)
OnSimpleHTTPStart hook will get called BEFORE SimpleHTTP starts to listen on a port.
Functions ¶
func GetOCSPForCert ¶
GetOCSPForCert takes a PEM encoded cert or cert bundle returning the raw OCSP response, the status code of the response and an error, if any. This []byte can be passed directly into the OCSPStaple property of a tls.Certificate. If the bundle only contains the issued certificate, this function will try to get the issuer certificate from the IssuingCertificateURL in the certificate.
Types ¶
type CertificateResource ¶
type CertificateResource struct { Domain string `json:"domain"` CertURL string `json:"certUrl"` CertStableURL string `json:"certStableUrl"` PrivateKey []byte `json:"-"` Certificate []byte `json:"-"` }
CertificateResource represents a CA issued certificate. PrivateKey and Certificate are both already PEM encoded and can be directly written to disk. Certificate may be a certificate bundle, depending on the options supplied to create it.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is the user-friendy way to ACME
func NewClient ¶
NewClient creates a new client for the set user. caURL - The root url to the boulder instance you want certificates from usr - A filled in user struct keyBits - Size of the key in bits optPort - The alternative port to listen on for challenges.
func (*Client) AgreeToTOS ¶
AgreeToTOS updates the Client registration and sends the agreement to the server.
func (*Client) ObtainCertificates ¶
func (c *Client) ObtainCertificates(domains []string, bundle bool) ([]CertificateResource, map[string]error)
ObtainCertificates tries to obtain certificates from the CA server using the challenges it has configured. The returned certificates are PEM encoded byte slices. If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.
func (*Client) Register ¶
func (c *Client) Register() (*RegistrationResource, error)
Register the current account to the ACME server.
func (*Client) RenewCertificate ¶
func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bundle bool) (CertificateResource, error)
RenewCertificate takes a CertificateResource and tries to renew the certificate. If the renewal process succeeds, the new certificate will ge returned in a new CertResource. Please be aware that this function will return a new certificate in ANY case that is not an error. If the server does not provide us with a new cert on a GET request to the CertURL this function will start a new-cert flow where a new certificate gets generated. If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.
func (*Client) RevokeCertificate ¶
RevokeCertificate takes a PEM encoded certificate or bundle and tries to revoke it at the CA.
type Registration ¶
type Registration struct { Resource string `json:"resource,omitempty"` ID int `json:"id"` Key struct { Kty string `json:"kty"` N string `json:"n"` E string `json:"e"` } `json:"key"` Contact []string `json:"contact"` Agreement string `json:"agreement,omitempty"` Authorizations string `json:"authorizations,omitempty"` Certificates string `json:"certificates,omitempty"` }
Registration is returned by the ACME server after the registration The client implementation should save this registration somewhere.
type RegistrationResource ¶
type RegistrationResource struct { Body Registration `json:"body,omitempty"` URI string `json:"uri,omitempty"` NewAuthzURL string `json:"new_authzr_uri,omitempty"` TosURL string `json:"terms_of_service,omitempty"` }
RegistrationResource represents all important informations about a registration of which the client needs to keep track itself.
type RemoteError ¶
type RemoteError struct { StatusCode int `json:"status,omitempty"` Type string `json:"type"` Detail string `json:"detail"` }
RemoteError is the base type for all errors specific to the ACME protocol.
func (RemoteError) Error ¶
func (e RemoteError) Error() string
type TOSError ¶
type TOSError struct {
RemoteError
}
TOSError represents the error which is returned if the user needs to accept the TOS. TODO: include the new TOS url if we can somehow obtain it.
type User ¶
type User interface { GetEmail() string GetRegistration() *RegistrationResource GetPrivateKey() *rsa.PrivateKey }
User interface is to be implemented by users of this library. It is used by the client type to get user specific information.