acme

package
v1.7.24 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 25, 2020 License: MIT Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// RegistrationURLPathV1Regexp is a regexp which match ACME registration URL in the V1 format
	RegistrationURLPathV1Regexp = `^.*/acme/reg/\d+$`
)

Variables

View Source
var (
	// OSCPMustStaple enables OSCP stapling as from https://github.com/go-acme/lego/issues/270
	OSCPMustStaple = false
)

Functions

func CheckFile

func CheckFile(name string) (bool, error)

CheckFile checks file permissions and content size

func GetKeyType

func GetKeyType(value string) certcrypto.KeyType

GetKeyType used to determine which algo to used

Types

type Account

type Account struct {
	Email        string
	Registration *registration.Resource
	PrivateKey   []byte
	KeyType      certcrypto.KeyType
}

Account is used to store lets encrypt registration info

func NewAccount

func NewAccount(email string, keyTypeValue string) (*Account, error)

NewAccount creates an account

func (*Account) GetEmail

func (a *Account) GetEmail() string

GetEmail returns email

func (*Account) GetPrivateKey

func (a *Account) GetPrivateKey() crypto.PrivateKey

GetPrivateKey returns private key

func (*Account) GetRegistration

func (a *Account) GetRegistration() *registration.Resource

GetRegistration returns lets encrypt registration resource

type Certificate

type Certificate struct {
	Domain      types.Domain
	Certificate []byte
	Key         []byte
}

Certificate is a struct which contains all data needed from an ACME certificate

type Configuration

type Configuration struct {
	Email       string `description:"Email address used for registration"`
	ACMELogging bool   `description:"Enable debug logging of ACME actions."`
	CAServer    string `description:"CA server to use."`
	Storage     string `description:"Storage to use."`
	EntryPoint  string `description:"EntryPoint to use."`
	KeyType     string `` /* 150-byte string literal not displayed */
	OnHostRule  bool   `description:"Enable certificate generation on frontends Host rules."`
	OnDemand    bool   `` // Deprecated
	/* 189-byte string literal not displayed */
	DNSChallenge  *DNSChallenge  `description:"Activate DNS-01 Challenge"`
	HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
	TLSChallenge  *TLSChallenge  `description:"Activate TLS-ALPN-01 Challenge"`
	Domains       []types.Domain `` /* 203-byte string literal not displayed */
}

Configuration holds ACME configuration provided by users

type DNSChallenge

type DNSChallenge struct {
	Provider                string             `description:"Use a DNS-01 based challenge provider rather than HTTPS."`
	DelayBeforeCheck        flaeg.Duration     `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."`
	Resolvers               types.DNSResolvers `description:"Use following DNS servers to resolve the FQDN authority."`
	DisablePropagationCheck bool               `description:"Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended]"`
	// contains filtered or unexported fields
}

DNSChallenge contains DNS challenge Configuration

type HTTPChallenge

type HTTPChallenge struct {
	EntryPoint string `description:"HTTP challenge EntryPoint"`
}

HTTPChallenge contains HTTP challenge Configuration

type LocalStore

type LocalStore struct {
	SaveDataChan chan *StoredData `json:"-"`
	// contains filtered or unexported fields
}

LocalStore Store implementation for local file

func NewLocalStore

func NewLocalStore(filename string) *LocalStore

NewLocalStore initializes a new LocalStore with a file name

func (*LocalStore) AddTLSChallenge

func (s *LocalStore) AddTLSChallenge(domain string, cert *Certificate) error

AddTLSChallenge Add a certificate to the ACME TLS-ALPN-01 certificates storage

func (*LocalStore) GetAccount

func (s *LocalStore) GetAccount() (*Account, error)

GetAccount returns ACME Account

func (*LocalStore) GetCertificates

func (s *LocalStore) GetCertificates() ([]*Certificate, error)

GetCertificates returns ACME Certificates list

func (*LocalStore) GetHTTPChallengeToken

func (s *LocalStore) GetHTTPChallengeToken(token, domain string) ([]byte, error)

GetHTTPChallengeToken Get the http challenge token from the store

func (*LocalStore) GetTLSChallenge

func (s *LocalStore) GetTLSChallenge(domain string) (*Certificate, error)

GetTLSChallenge Get a certificate from the ACME TLS-ALPN-01 certificates storage

func (*LocalStore) RemoveHTTPChallengeToken

func (s *LocalStore) RemoveHTTPChallengeToken(token, domain string) error

RemoveHTTPChallengeToken Remove the http challenge token in the store

func (*LocalStore) RemoveTLSChallenge

func (s *LocalStore) RemoveTLSChallenge(domain string) error

RemoveTLSChallenge Remove a certificate from the ACME TLS-ALPN-01 certificates storage

func (*LocalStore) SaveAccount

func (s *LocalStore) SaveAccount(account *Account) error

SaveAccount stores ACME Account

func (*LocalStore) SaveCertificates

func (s *LocalStore) SaveCertificates(certificates []*Certificate) error

SaveCertificates stores ACME Certificates list

func (*LocalStore) SetHTTPChallengeToken

func (s *LocalStore) SetHTTPChallengeToken(token, domain string, keyAuth []byte) error

SetHTTPChallengeToken Set the http challenge token in the store

type Provider

type Provider struct {
	*Configuration
	Store Store
	// contains filtered or unexported fields
}

Provider holds configurations of the provider.

func (*Provider) AddRoutes

func (p *Provider) AddRoutes(router *mux.Router)

AddRoutes add routes on internal router

func (*Provider) GetTLSALPNCertificate

func (p *Provider) GetTLSALPNCertificate(domain string) (*tls.Certificate, error)

GetTLSALPNCertificate Get the temp certificate for ACME TLS-ALPN-O1 challenge.

func (*Provider) Init

func (p *Provider) Init(_ types.Constraints) error

Init for compatibility reason the BaseProvider implements an empty Init

func (*Provider) ListenConfiguration

func (p *Provider) ListenConfiguration(config types.Configuration)

ListenConfiguration sets a new Configuration into the configFromListenerChan

func (*Provider) ListenRequest

func (p *Provider) ListenRequest(domain string) (*tls.Certificate, error)

ListenRequest resolves new certificates for a domain from an incoming request and return a valid Certificate to serve (onDemand option)

func (*Provider) Provide

func (p *Provider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error

Provide allows the file provider to provide configurations to traefik using the given Configuration channel.

func (*Provider) SetCertificateStore

func (p *Provider) SetCertificateStore(certificateStore *traefiktls.CertificateStore)

SetCertificateStore allow to initialize certificate store

func (*Provider) SetConfigListenerChan

func (p *Provider) SetConfigListenerChan(configFromListenerChan chan types.Configuration)

SetConfigListenerChan initializes the configFromListenerChan

type Store

type Store interface {
	GetAccount() (*Account, error)
	SaveAccount(*Account) error
	GetCertificates() ([]*Certificate, error)
	SaveCertificates([]*Certificate) error

	GetHTTPChallengeToken(token, domain string) ([]byte, error)
	SetHTTPChallengeToken(token, domain string, keyAuth []byte) error
	RemoveHTTPChallengeToken(token, domain string) error

	AddTLSChallenge(domain string, cert *Certificate) error
	GetTLSChallenge(domain string) (*Certificate, error)
	RemoveTLSChallenge(domain string) error
}

Store is a generic interface to represents a storage

type StoredData

type StoredData struct {
	Account        *Account
	Certificates   []*Certificate
	HTTPChallenges map[string]map[string][]byte
	TLSChallenges  map[string]*Certificate
}

StoredData represents the data managed by the Store

type TLSChallenge

type TLSChallenge struct{}

TLSChallenge contains TLS challenge Configuration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL