acme

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2019 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultDirectoryURL = lego.LEDirectoryProduction

DefaultDirectoryURL points to Let's Encrypt's production directory.

View Source 
const DefaultKeyType = certutil.RSA2048

DefaultKeyType is the default key type to use if the CertificateRequest does not specify one.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccountCreator 

type AccountCreator interface {
	CreateAccount(key crypto.PrivateKey, email string) (string, error)
}

AccountCreator wraps the CreateAccount method which creates an new account at the ACME certificate authority.

type Agent 

type Agent struct {
	Domains      DomainRepository
	Users        UserRepository
	Certificates CertificateObtainer
	ACMEAccounts AccountCreator
}

Agent takes care of obtaining and renewing ACME certificates for the domains of its users.

Users use their unique user ID to register a domain. The Agent takes creates an ACME account for the user if necessary, and obtains a certificate for the domain. Later the user can obtain the certificate from the Agent using the domain name. Additionally it has to pass its unique user ID as a proof of ownership. This merely protects from obtaining certificates for the wrong domain from within acmeproxy. The Agent does not implement any further mechanisms to ensure the user is actually allowed to retrieve certificates belonging to a domain.

func (*Agent) RegisterDomain 

func (a *Agent) RegisterDomain(userID uuid.UUID, domainName string) error

RegisterDomain registers a new domain for the user uniquely identified by userID.

Upon registration the Agent immediately attempts to obtain a certificate for the domain.

RegisterDomain will silently ignore the domain if it was already registered with the same userID. It will return an error if the domain is already registered with a different userID.

func (*Agent) RegisterUser 

func (a *Agent) RegisterUser(userID uuid.UUID, email string) error

RegisterUser registers a new user of acme.Agent.

The Agent creates an account for the user if it does not exist yet. The Agent uses the provided email as contact address for the account. If email is empty the Agent attempts to register an account without contact address.

RegisterUser does nothing if the user has already been registered with the Agent.

func (*Agent) WriteCertificate 

func (a *Agent) WriteCertificate(userID uuid.UUID, domainName string, w io.Writer) error

WriteCertificate writes the PEM encoded certificate for the domain to w.

WriteCertificate returns an error if the domain was not registered, or was registered to a different userID. If the Agent has not yet obtained a certificate WriteCertificate returns an instance of RetryLater as error.

func (*Agent) WritePrivateKey 

func (a *Agent) WritePrivateKey(userID uuid.UUID, domainName string, w io.Writer) error

WritePrivateKey writes the PEM encoded private key for the domain to w.

WritePrivateKey returns an error if the domain was not registered, or was registered to a different userID. If the Agent has not yet obtained a certificate WritePrivateKey returns an instance of RetryLater as error.

type CertificateInfo 

type CertificateInfo struct {
	URL               string // URL of the certificate.
	AccountURL        string // URL of the certificate owner's account.
	Certificate       []byte // The actual certificate.
	PrivateKey        []byte // Private key used to generate the certificate.
	IssuerCertificate []byte // Certificate of the issuer of the certificate.
}

CertificateInfo represents an ACME certificate along with its meta information.

type CertificateObtainer 

type CertificateObtainer interface {
	ObtainCertificate(CertificateRequest) (*CertificateInfo, error)
}

CertificateObtainer wraps the ObtainCertificate method which obtains a certificate for a specific domain from an ACME certificate authority.

type CertificateRequest 

type CertificateRequest struct {
	Email      string            // Email address of the person responsible for the domains.
	AccountURL string            // URL of an already existing account; empty if no account exists.
	AccountKey crypto.PrivateKey // Private key of the account; don't confuse with the private key of a certificate.

	KeyType certutil.KeyType // Type of key to use when requesting a certificate. Defaults to DefaultKeyType if not set.
	Domains []string         // Domains for which a certificate is requested.
	Bundle  bool             // Bundle issuer certificate with issued certificate.
}

CertificateRequest represents a request by an ACME protocol User to obtain or renew a certificate.

type Domain 

type Domain struct {
	UserID      uuid.UUID
	Name        string
	Certificate []byte
	PrivateKey  []byte
}

Domain represents a domain managed by the Agent.

func (Domain) IsZero 

func (d Domain) IsZero() bool

IsZero returns true if this domain is equal to its zero value.

type DomainRepository 

type DomainRepository interface {
	UpdateDomain(string, func(d *Domain) error) (Domain, error)
	GetDomain(string) (Domain, error)
}

DomainRepository persists and retrieves information about the domains managed by the Agent.

The UpdateDomain method atomically saves or updates a Domain. GetDomain finds a domain by its domain name.

type FileBasedCertificateObtainer 

type FileBasedCertificateObtainer struct {
	T        *testing.T // test using this instance of FakeCA.
	CertFile string     // file containing PEM encoded the certificate returned by ObtainCertificate
	KeyFile  string     // file containing PEM encoded the private key returned by ObtainCertificate
}

FileBasedCertificateObtainer reads certificates from files and returns them when ObtainCertificate is called.

func (*FileBasedCertificateObtainer) AssertIssuedCertificate 

func (c *FileBasedCertificateObtainer) AssertIssuedCertificate(cert []byte)

AssertIssuedCertificate asserts that the passed certificate was issued by the file based certificate authority.

func (*FileBasedCertificateObtainer) ObtainCertificate 

func (c *FileBasedCertificateObtainer) ObtainCertificate(
	req CertificateRequest,
) (
	*CertificateInfo,
	error,
)

ObtainCertificate reads CertFail and KeyFile and returns their contents.

type InMemoryAccountCreator 

type InMemoryAccountCreator struct {
	// contains filtered or unexported fields
}

InMemoryAccountCreator is used to create fake letsencrypt accounts. It remembers the account URL and the private key that was passed when creating a fake account.

func (*InMemoryAccountCreator) AssertCreated 

func (ac *InMemoryAccountCreator) AssertCreated(t *testing.T, email string, user User)

AssertCreated asserts that this InMemoryAccountCreator created an account for user.

func (*InMemoryAccountCreator) CreateAccount 

func (ac *InMemoryAccountCreator) CreateAccount(key crypto.PrivateKey, email string) (string, error)

CreateAccount creates an random account URL and returns it.

type InMemoryDomainRepository 

type InMemoryDomainRepository struct {
	// contains filtered or unexported fields
}

InMemoryDomainRepository is a simple in-memory implementation of DomainRepository

func (*InMemoryDomainRepository) GetDomain 

func (r *InMemoryDomainRepository) GetDomain(domainName string) (Domain, error)

GetDomain retrieves a domain from the repository

func (*InMemoryDomainRepository) UpdateDomain 

func (r *InMemoryDomainRepository) UpdateDomain(domainName string, f func(*Domain) error) (Domain, error)

UpdateDomain saves or updates a domain in the InMemoryDomainRepository using the update function f.

UpdateDomain passes a pointer to an domain object to f. If f does not return an error, UpdateDomain stores the updated domain object.

Callers must not hold on to the *Domain parameter passed to f. Rather they should use the domain returned by UpdateDomain. If UpdateDomain returns an error, the result of f is not stored in the repository.

type InMemoryUserRepository 

type InMemoryUserRepository struct {
	// contains filtered or unexported fields
}

InMemoryUserRepository is a simple in-memory implementation of UserRepository.

func (*InMemoryUserRepository) GetUser 

func (r *InMemoryUserRepository) GetUser(id uuid.UUID) (User, error)

GetUser retrieves the user from the user repository

func (*InMemoryUserRepository) UpdateUser 

func (r *InMemoryUserRepository) UpdateUser(id uuid.UUID, f func(*User) error) (User, error)

UpdateUser saves or updates a user in the InMemoryUserRepository using the update function f.

UpdateUser passes a pointer to a user object to f. If f does not return an error, UpdateUser stores the updated user.

Callers must not hold on to the *User parameter passed to f. Rather they should use the user returned by UpdateUser. If UpdateUser returns an error, the result of f is not stored in the repository.

type User 

type User struct {
	ID         uuid.UUID         // Unique identifier of the user.
	Key        crypto.PrivateKey // Private key used to identify the account with the ACME certificate authority.
	AccountURL string            // URL of the user's account at the ACME certificate authority.
}

User represents a user of the Agent.

func (User) IsZero 

func (c User) IsZero() bool

IsZero returns true if this user is equal to its zero value.

type UserRepository 

type UserRepository interface {
	UpdateUser(uuid.UUID, func(c *User) error) (User, error)
	GetUser(uuid.UUID) (User, error)
}

UserRepository persists and retrieves information about the users of the Agent.

The UpdateUser method atomically saves or updates a User. GetUser finds an user by its unique ID.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.