certbot: github.com/johanbrandhorst/certbot Index | Files | Directories

package certify

import "github.com/johanbrandhorst/certbot"


Package Files

cache.go certify.go issuer.go keys.go logger.go


var ErrCacheMiss = errors.New("no matching certificate found")

ErrCacheMiss should be returned by Cache implementations when a certificate could not be found.

type Cache Uses

type Cache interface {
    // Get returns a certificate data for the specified key.
    // If there's no such key, Get returns ErrCacheMiss.
    Get(context.Context, string) (*tls.Certificate, error)

    // Put stores the data in the cache under the specified key.
    Put(context.Context, string, *tls.Certificate) error

    // Delete removes a certificate data from the cache under the specified key.
    // If there's no such key in the cache, Delete returns nil.
    Delete(context.Context, string) error

Cache describes the interface that certificate caches must implement. Cache implementations must be thread safe.

func NewMemCache Uses

func NewMemCache() Cache

NewMemCache creates an in-memory cache that implements the Cache interface.

type CertConfig Uses

type CertConfig struct {
    SubjectAlternativeNames    []string
    IPSubjectAlternativeNames  []net.IP
    URISubjectAlternativeNames []*url.URL
    // KeyGenerator is used to create new private keys
    // for CSR requests. If not defined, defaults to ECDSA P256.
    // Only ECDSA and RSA keys are supported.
    // This is guaranteed to be provided in Issue calls.
    KeyGenerator KeyGenerator

CertConfig configures the specifics of the certificate requested from the Issuer.

func (*CertConfig) Clone Uses

func (cc *CertConfig) Clone() *CertConfig

Clone makes a deep copy of the CertConfig.

type Certify Uses

type Certify struct {
    // CommonName is the Certificate Common Name
    // that will be used when issuing certificates.
    // This can be a DNS record or a regular name.
    CommonName string

    // Issuer is the certificate issuer to use.
    Issuer Issuer

    // RenewBefore configures how long before
    // expiry a certificate should be considered too
    // old to use when fetched from the cache.
    RenewBefore time.Duration

    // Cache is the Cache implementation to use.
    Cache Cache

    // CertConfig is the certificate configuration that
    // should be used. It can be specified to set explicit
    // requirements of certificates issued.
    CertConfig *CertConfig

    // IssueTimeout is the upper bound of time allowed
    // per certificate call. Defaults to 1 minute.
    IssueTimeout time.Duration

    // Logger configures logging of events such as renewals.
    // Defaults to no logging. Use one of the adapters in
    // https://logur.dev/logur to use with specific
    // logging libraries, or implement the interface yourself.
    Logger Logger
    // contains filtered or unexported fields

Certify implements automatic certificate acquisition via the configured Issuer.

CommonName and Issuer are required. It is recommended that you specify a Cache to prevent requesting a new certificate for every incoming connection.

func (*Certify) GetCertificate Uses

func (c *Certify) GetCertificate(hello *tls.ClientHelloInfo) (cert *tls.Certificate, err error)

GetCertificate implements the GetCertificate TLS config hook.

func (*Certify) GetClientCertificate Uses

func (c *Certify) GetClientCertificate(_ *tls.CertificateRequestInfo) (cert *tls.Certificate, err error)

GetClientCertificate implements the GetClientCertificate TLS config hook.

type DirCache Uses

type DirCache string

DirCache implements Cache using a directory on the local filesystem. If the directory does not exist, it will be created with 0700 permissions.

It is strongly based on the acme/autocert DirCache type. https://github.com/golang/crypto/blob/88942b9c40a4c9d203b82b3731787b672d6e809b/acme/autocert/cache.go#L40

func (DirCache) Delete Uses

func (d DirCache) Delete(ctx context.Context, name string) error

Delete removes the specified file name.

func (DirCache) Get Uses

func (d DirCache) Get(ctx context.Context, name string) (*tls.Certificate, error)

Get reads a certificate data from the specified file name.

func (DirCache) Put Uses

func (d DirCache) Put(ctx context.Context, name string, cert *tls.Certificate) error

Put writes the certificate data to the specified file name. The file will be created with 0600 permissions.

type Issuer Uses

type Issuer interface {
    Issue(context.Context, string, *CertConfig) (*tls.Certificate, error)

Issuer is the interface that must be implemented by certificate issuers.

type KeyGenerator Uses

type KeyGenerator interface {
    Generate() (crypto.PrivateKey, error)

KeyGenerator defines an interface used to generate a private key.

type Logger Uses

type Logger interface {
    Trace(msg string, fields ...map[string]interface{})
    Debug(msg string, fields ...map[string]interface{})
    Info(msg string, fields ...map[string]interface{})
    Warn(msg string, fields ...map[string]interface{})
    Error(msg string, fields ...map[string]interface{})

Logger must be implemented to log events. See https://logur.dev/logur for some adapters for popular logging libraries.



Package certify imports 20 packages (graph). Updated 2020-10-05. Refresh now. Tools for package owners.