certbot: github.com/johanbrandhorst/certbot Index | Files | Directories

package certify

import "github.com/johanbrandhorst/certbot"

Index

Package Files

cache.go certify.go issuer.go keys.go logger.go

Variables

var ErrCacheMiss = errors.New("no matching certificate found")

ErrCacheMiss should be returned by Cache implementations when a certificate could not be found.

type Cache Uses

type Cache interface {
    // Get returns a certificate data for the specified key.
    // If there's no such key, Get returns ErrCacheMiss.
    Get(context.Context, string) (*tls.Certificate, error)

    // Put stores the data in the cache under the specified key.
    Put(context.Context, string, *tls.Certificate) error

    // Delete removes a certificate data from the cache under the specified key.
    // If there's no such key in the cache, Delete returns nil.
    Delete(context.Context, string) error
}

Cache describes the interface that certificate caches must implement. Cache implementations must be thread safe.

func NewMemCache Uses

func NewMemCache() Cache

NewMemCache creates an in-memory cache that implements the Cache interface.

type CertConfig Uses

type CertConfig struct {
    SubjectAlternativeNames    []string
    IPSubjectAlternativeNames  []net.IP
    URISubjectAlternativeNames []*url.URL
    // KeyGenerator is used to create new private keys
    // for CSR requests. If not defined, defaults to ECDSA P256.
    // Only ECDSA and RSA keys are supported.
    // This is guaranteed to be provided in Issue calls.
    KeyGenerator KeyGenerator
}

CertConfig configures the specifics of the certificate requested from the Issuer.

func (*CertConfig) Clone Uses

func (cc *CertConfig) Clone() *CertConfig

Clone makes a deep copy of the CertConfig.

type Certify Uses

type Certify struct {
    // CommonName is the Certificate Common Name
    // that will be used when issuing certificates.
    // This can be a DNS record or a regular name.
    CommonName string

    // Issuer is the certificate issuer to use.
    Issuer Issuer

    // RenewBefore configures how long before
    // expiry a certificate should be considered too
    // old to use when fetched from the cache.
    RenewBefore time.Duration

    // Cache is the Cache implementation to use.
    Cache Cache

    // CertConfig is the certificate configuration that
    // should be used. It can be specified to set explicit
    // requirements of certificates issued.
    CertConfig *CertConfig

    // IssueTimeout is the upper bound of time allowed
    // per certificate call. Defaults to 1 minute.
    IssueTimeout time.Duration

    // Logger configures logging of events such as renewals.
    // Defaults to no logging. Use one of the adapters in
    // https://logur.dev/logur to use with specific
    // logging libraries, or implement the interface yourself.
    Logger Logger
    // contains filtered or unexported fields
}

Certify implements automatic certificate acquisition via the configured Issuer.

CommonName and Issuer are required. It is recommended that you specify a Cache to prevent requesting a new certificate for every incoming connection.

func (*Certify) GetCertificate Uses

func (c *Certify) GetCertificate(hello *tls.ClientHelloInfo) (cert *tls.Certificate, err error)

GetCertificate implements the GetCertificate TLS config hook.

func (*Certify) GetClientCertificate Uses

func (c *Certify) GetClientCertificate(_ *tls.CertificateRequestInfo) (cert *tls.Certificate, err error)

GetClientCertificate implements the GetClientCertificate TLS config hook.

type DirCache Uses

type DirCache string

DirCache implements Cache using a directory on the local filesystem. If the directory does not exist, it will be created with 0700 permissions.

It is strongly based on the acme/autocert DirCache type. https://github.com/golang/crypto/blob/88942b9c40a4c9d203b82b3731787b672d6e809b/acme/autocert/cache.go#L40

func (DirCache) Delete Uses

func (d DirCache) Delete(ctx context.Context, name string) error

Delete removes the specified file name.

func (DirCache) Get Uses

func (d DirCache) Get(ctx context.Context, name string) (*tls.Certificate, error)

Get reads a certificate data from the specified file name.

func (DirCache) Put Uses

func (d DirCache) Put(ctx context.Context, name string, cert *tls.Certificate) error

Put writes the certificate data to the specified file name. The file will be created with 0600 permissions.

type Issuer Uses

type Issuer interface {
    Issue(context.Context, string, *CertConfig) (*tls.Certificate, error)
}

Issuer is the interface that must be implemented by certificate issuers.

type KeyGenerator Uses

type KeyGenerator interface {
    Generate() (crypto.PrivateKey, error)
}

KeyGenerator defines an interface used to generate a private key.

type Logger Uses

type Logger interface {
    Trace(msg string, fields ...map[string]interface{})
    Debug(msg string, fields ...map[string]interface{})
    Info(msg string, fields ...map[string]interface{})
    Warn(msg string, fields ...map[string]interface{})
    Error(msg string, fields ...map[string]interface{})
}

Logger must be implemented to log events. See https://logur.dev/logur for some adapters for popular logging libraries.

Directories

PathSynopsis
mocks

Package certify imports 20 packages (graph). Updated 2020-01-09. Refresh now. Tools for package owners.