Documentation ¶
Overview ¶
Package protocol provides low-level primitives for working with the ACME protocol.
Index ¶
- Constants
- Variables
- func DNS01TXTRecord(keyAuthz string) string
- func GetCertificate(g Getter, uri string) ([]byte, *http.Response, error)
- func KeyAuthz(tok string, key *jose.JSONWebKey) (string, error)
- func MustRegisterChallengeType(name ChallengeType, c Challenge, r Response)
- func PostCertificateIssuance(p Poster, uri string, req *CertificateIssuance) ([]byte, *http.Response, error)
- func PostCertificateRevocation(p Poster, uri string, req *Certificate) (*http.Response, error)
- func RawURLEncodeToString(bs []byte) string
- func RegisterBoulderHTTP(mux HTTPHandlerHandler, s HTTPServer, ns NonceSource)
- func TLSALPN01Validation(token string, key *jose.JSONWebKey) ([]byte, error)
- type Authorization
- type AuthorizationURIs
- type Certificate
- type CertificateIssuance
- type CertificateURIs
- type Challenge
- type ChallengeType
- type Challenges
- type DERData
- type DNS01Challenge
- type DNS01Response
- type Directory
- type GenericChallenge
- type GenericResponse
- type Getter
- type HTTP01Challenge
- type HTTP01Response
- type HTTPClient
- type HTTPDispatcher
- func (d *HTTPDispatcher) ServeAuthz(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeCert(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeChallenge(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeDirectory(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeNewAuthz(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeNewCert(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeRecoverReg(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeReg(w http.ResponseWriter, r *http.Request)
- func (d *HTTPDispatcher) ServeRevokeCert(w http.ResponseWriter, r *http.Request)
- type HTTPDoer
- type HTTPHandlerHandler
- type HTTPResponse
- type HTTPServer
- type Identifier
- type IdentifierType
- type JSONWebSignature
- type NonceSource
- type NonceStack
- type Possession01Challenge
- func (c *Possession01Challenge) GetError() *Problem
- func (c *Possession01Challenge) GetResource() ResourceType
- func (c *Possession01Challenge) GetStatus() Status
- func (c *Possession01Challenge) GetType() ChallengeType
- func (c *Possession01Challenge) GetURI() string
- func (c *Possession01Challenge) GetValidated() *Time
- type Possession01Response
- type Possession01Validation
- type Poster
- type Problem
- type ProblemType
- type Recovery
- type RecoveryKey
- type RecoveryMethod
- type Registration
- type ResourceType
- type Response
- type ServerError
- type Status
- type TLSALPN01Challenge
- func (c *TLSALPN01Challenge) GetError() *Problem
- func (c *TLSALPN01Challenge) GetResource() ResourceType
- func (c *TLSALPN01Challenge) GetStatus() Status
- func (c *TLSALPN01Challenge) GetType() ChallengeType
- func (c *TLSALPN01Challenge) GetURI() string
- func (c *TLSALPN01Challenge) GetValidated() *Time
- type TLSALPN01Response
- type Time
Constants ¶
const ( ChallengeDNS01 ChallengeType = "dns-01" DNS01Label string = "_acme-challenge" )
const ( ChallengeHTTP01 ChallengeType = "http-01" HTTP01BasePath string = "/.well-known/acme-challenge" )
const ( // HTTP headers. Link = "Link" ReplayNonce = "Replay-Nonce" RetryAfter = "Retry-After" // Link rel values. Up = "up" // Content types. JSON = "application/json" ProblemJSON = "application/problem+json" PKIXCert = "application/pkix-cert" RecoveryKeyLabel = "recovery" )
const ( DirectoryPath = "/directory" NewRegPath = "/acme/new-reg" RecoverRegPath = "/acme/recover-reg" RegPath = "/acme/reg/" NewAuthzPath = "/acme/new-authz" AuthzPath = "/acme/authz/" ChallengePath = "/acme/challenge/" NewCertPath = "/acme/new-cert" CertPath = "/acme/cert/" RevokeCertPath = "/acme/revoke-cert" )
From github.com/letsencrypt/boulder/blob/master/wfe/web-front-end.go
Variables ¶
var ( ErrNoNonce = errors.New("no nonce available") ErrNoSigner = errors.New("no signer in client") )
Functions ¶
func DNS01TXTRecord ¶
DNS01TXTRecord returns a TXT record data string based on generated key authorization as created by RespondDNS01.
func GetCertificate ¶
GetCertificate requests information about a cert resource. ACME Section 6.6.
func KeyAuthz ¶
KeyAuthz returns the key authorization string for a challenge token and account key. Section 7.1.
func MustRegisterChallengeType ¶
func MustRegisterChallengeType(name ChallengeType, c Challenge, r Response)
MustRegisterChallengeType register a challenge struct for a given type. This is needed to unmarshal challenges into appropriate types. Should be called in init functions of files defining challenges.
func PostCertificateIssuance ¶
func PostCertificateIssuance(p Poster, uri string, req *CertificateIssuance) ([]byte, *http.Response, error)
PostCertificateIssuance sends a new-cert request. ACME Section 6.6.
func PostCertificateRevocation ¶
PostCertificateRevocation sends a revoke-cert request. ACME Section 6.7.
func RawURLEncodeToString ¶
RawURLEncodeToString emulates base64.RawURLEncoding.EncodeToString found in go1.5.
func RegisterBoulderHTTP ¶
func RegisterBoulderHTTP(mux HTTPHandlerHandler, s HTTPServer, ns NonceSource)
BoulderHTTPServeMux registers the dispatcher's endpoint in the given http.ServeMux-like object at the same paths as Let's Encrypt's Boulder server. These paths are not mandated by the ACME specification, but are good defaults.
func TLSALPN01Validation ¶
Types ¶
type Authorization ¶
type Authorization struct { Resource ResourceType `json:"resource"` Identifier Identifier `json:"identifier"` Status Status `json:"status,omitempty"` Expires *Time `json:"expires,omitempty"` Challenges Challenges `json:"challenges"` Combinations [][]int `json:"combinations,omitempty"` }
Authorization describes an authz resource. ACME Section 5.3.
func GetAuthorization ¶
GetAuthorization requests information about an authz resource. ACME Section 6.5.
func PostAuthorization ¶
func PostAuthorization(p Poster, uri string, req *Authorization) (*Authorization, *http.Response, error)
PostAuthorization sends a new-authz or authz request. ACME Section 6.5.
type AuthorizationURIs ¶
type AuthorizationURIs struct {
Authorizations []string `json:"authorizations"`
}
AuthorizationURIs is a list of authorization URIs. ACME Section 5.2.
func GetAuthorizationURIs ¶
type Certificate ¶
type Certificate struct { Resource ResourceType `json:"resource"` Certificate DERData `json:"certificate"` }
Certificate encapsulates an X.509 certificate.
type CertificateIssuance ¶
type CertificateIssuance struct { Resource ResourceType `json:"resource"` CSR DERData `json:"csr"` }
CertificateIssuance describes the new-cert resource; an X.509 certificate signing request.
type CertificateURIs ¶
type CertificateURIs struct {
Certificates []string `json:"certificates"`
}
CertificateURIs is a list of certificate URIs. ACME Section 5.2.
func GetCertificateURIs ¶
type Challenge ¶
type Challenge interface { GetResource() ResourceType GetType() ChallengeType GetURI() string GetStatus() Status GetValidated() *Time GetError() *Problem }
Challenge is the interface implemented by all authorization challenge types. Remember to register implementations using MustRegisterChallengeType. ACME Section 7.
type ChallengeType ¶
type ChallengeType string
const (
ChallengePossession01 ChallengeType = "proofOfPossession-01"
)
const (
ChallengeTLSALPN01 ChallengeType = "tls-alpn-01"
)
type Challenges ¶
type Challenges []Challenge
Challenges is a slice of Challenge that supports JSON encoding properly. For unmarshaling to work correctly, you must use MustRegisterChallengeType for all possible challenge types. Unregistered types will be unmarshaled as GenericChallenge.
func (Challenges) MarshalJSON ¶
func (cs Challenges) MarshalJSON() ([]byte, error)
func (*Challenges) UnmarshalJSON ¶
func (cs *Challenges) UnmarshalJSON(bs []byte) error
type DERData ¶
type DERData []byte
DERData is raw DER-encoded data.
func (DERData) MarshalJSON ¶
func (*DERData) UnmarshalJSON ¶
type DNS01Challenge ¶
type DNS01Challenge struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` URI string `json:"uri"` Status Status `json:"status,omitempty"` Validated *Time `json:"validated,omitempty"` Error *Problem `json:"error,omitempty"` Token string `json:"token"` }
func (*DNS01Challenge) GetError ¶
func (c *DNS01Challenge) GetError() *Problem
func (*DNS01Challenge) GetResource ¶
func (c *DNS01Challenge) GetResource() ResourceType
func (*DNS01Challenge) GetStatus ¶
func (c *DNS01Challenge) GetStatus() Status
func (*DNS01Challenge) GetType ¶
func (c *DNS01Challenge) GetType() ChallengeType
func (*DNS01Challenge) GetURI ¶
func (c *DNS01Challenge) GetURI() string
func (*DNS01Challenge) GetValidated ¶
func (c *DNS01Challenge) GetValidated() *Time
type DNS01Response ¶
type DNS01Response struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` KeyAuthorization string `json:"keyAuthorization"` }
func RespondDNS01 ¶
func RespondDNS01(key *jose.JSONWebKey, c *DNS01Challenge) (*DNS01Response, error)
func (*DNS01Response) GetResource ¶
func (c *DNS01Response) GetResource() ResourceType
func (*DNS01Response) GetType ¶
func (c *DNS01Response) GetType() ChallengeType
type Directory ¶
type Directory struct { NewReg string `json:"new-reg"` RecoverReg string `json:"recover-reg"` NewAuthz string `json:"new-authz"` NewCert string `json:"new-cert"` RevokeCert string `json:"revoke-cert"` }
Directory describes a directory resource. ACME Section 6.2.
type GenericChallenge ¶
type GenericChallenge struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` URI string `json:"uri"` Status Status `json:"status,omitempty"` Validated *Time `json:"validated,omitempty"` Error *Problem `json:"error,omitempty"` }
GenericChallenge is a concrete implementation of Challenge with no type-specific information. ACME Section 7.
func (*GenericChallenge) GetError ¶
func (c *GenericChallenge) GetError() *Problem
func (*GenericChallenge) GetResource ¶
func (c *GenericChallenge) GetResource() ResourceType
func (*GenericChallenge) GetStatus ¶
func (c *GenericChallenge) GetStatus() Status
func (*GenericChallenge) GetType ¶
func (c *GenericChallenge) GetType() ChallengeType
func (*GenericChallenge) GetURI ¶
func (c *GenericChallenge) GetURI() string
func (*GenericChallenge) GetValidated ¶
func (c *GenericChallenge) GetValidated() *Time
type GenericResponse ¶
type GenericResponse struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` }
GenericResponse is a concrete implementation of Response with no type-specific information. ACME Section 7.
func (*GenericResponse) GetResource ¶
func (c *GenericResponse) GetResource() ResourceType
func (*GenericResponse) GetType ¶
func (c *GenericResponse) GetType() ChallengeType
type Getter ¶
type Getter interface { // Get performs a GET request to the given URL. It sets the Accept // header and parses the response into respBody, unless it is nil. If // respBody is nil, the response body must be closed by the caller. Get(url, accept string, respBody interface{}) (*http.Response, error) }
Getter is an interface to perform ACME HTTP GET/HEAD requests. It is an adapter between the protocol and http.Client.
type HTTP01Challenge ¶
type HTTP01Challenge struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` URI string `json:"uri"` Status Status `json:"status,omitempty"` Validated *Time `json:"validated,omitempty"` Error *Problem `json:"error,omitempty"` Token string `json:"token"` }
func (*HTTP01Challenge) GetError ¶
func (c *HTTP01Challenge) GetError() *Problem
func (*HTTP01Challenge) GetResource ¶
func (c *HTTP01Challenge) GetResource() ResourceType
func (*HTTP01Challenge) GetStatus ¶
func (c *HTTP01Challenge) GetStatus() Status
func (*HTTP01Challenge) GetType ¶
func (c *HTTP01Challenge) GetType() ChallengeType
func (*HTTP01Challenge) GetURI ¶
func (c *HTTP01Challenge) GetURI() string
func (*HTTP01Challenge) GetValidated ¶
func (c *HTTP01Challenge) GetValidated() *Time
type HTTP01Response ¶
type HTTP01Response struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` KeyAuthorization string `json:"keyAuthorization"` }
func RespondHTTP01 ¶
func RespondHTTP01(key *jose.JSONWebKey, c *HTTP01Challenge) (*HTTP01Response, error)
RespondHTTP01 creates a response to a http-01 challenge given an account key.
func (*HTTP01Response) GetResource ¶
func (c *HTTP01Response) GetResource() ResourceType
func (*HTTP01Response) GetType ¶
func (c *HTTP01Response) GetType() ChallengeType
type HTTPClient ¶
type HTTPClient struct {
// contains filtered or unexported fields
}
HTTPClient is an ACME HTTP client. It is an adapter between the standard HTTP client and ACME clients. It marshals requests, identifies errors, unmarshals responses and records nonces.
func NewHTTPClient ¶
func NewHTTPClient(hc HTTPDoer, signer jose.Signer) *HTTPClient
NewHTTPClient returns a new ACME HTTP client using the HTTP client. If hc is nil, http.DefaultClient is used. signer can be nil, but will cause Post invocations to fail.
func (*HTTPClient) Get ¶
func (c *HTTPClient) Get(url, accept string, respBody interface{}) (*http.Response, error)
Get performs a GET request to the given URL. It sets the Accept header and parses the response into respBody, unless it is nil. If respBody is nil, the response body must be closed by the caller.
func (*HTTPClient) Head ¶
func (c *HTTPClient) Head(url string) (*http.Response, error)
Head performs a HEAD request to the given URL. The response body is already closed on return.
func (*HTTPClient) Post ¶
func (c *HTTPClient) Post(url, accept string, reqBody, respBody interface{}) (*http.Response, error)
Post performs a POST request to the given URL. It sets the acceptHeader and Content-Type headers and parses the response into respBody, unless it is nil. If respBody is nil, the response body must be closed by the caller. If reqBody is not nil, it is encoded (depending on contentType).
type HTTPDispatcher ¶
type HTTPDispatcher struct {
// contains filtered or unexported fields
}
An HTTPDispatcher provides the lowest level interpretation of the ACME protocol, mapping URIs to resources and validates request data.
func NewHTTPDispatcher ¶
func NewHTTPDispatcher(s HTTPServer, ns NonceSource) *HTTPDispatcher
NewHTTPDispatcher creates a new dispatcher for the given server with the given nonce source used to create response nonces and validate request nonces. Both s and ns must be concurrency-safe.
func (*HTTPDispatcher) ServeAuthz ¶
func (d *HTTPDispatcher) ServeAuthz(w http.ResponseWriter, r *http.Request)
ServeAuthz serves GetAuthorization and PostAuthorization for an authorization resource.
func (*HTTPDispatcher) ServeCert ¶
func (d *HTTPDispatcher) ServeCert(w http.ResponseWriter, r *http.Request)
ServeCert serves GetCertificate for a certificate resource.
func (*HTTPDispatcher) ServeChallenge ¶
func (d *HTTPDispatcher) ServeChallenge(w http.ResponseWriter, r *http.Request)
ServeChallenge serves PostResponse for a challenge resource.
func (*HTTPDispatcher) ServeDirectory ¶
func (d *HTTPDispatcher) ServeDirectory(w http.ResponseWriter, r *http.Request)
ServeDirectory serves up the ACME directory.
func (*HTTPDispatcher) ServeNewAuthz ¶
func (d *HTTPDispatcher) ServeNewAuthz(w http.ResponseWriter, r *http.Request)
ServeNewAuthz serves PostAuthorization for new registrations, by the NewReg directory entry.
func (*HTTPDispatcher) ServeNewCert ¶
func (d *HTTPDispatcher) ServeNewCert(w http.ResponseWriter, r *http.Request)
ServeNewCert serves PostCertificateIssuance for the NewCert directory entry.
func (*HTTPDispatcher) ServeRecoverReg ¶
func (d *HTTPDispatcher) ServeRecoverReg(w http.ResponseWriter, r *http.Request)
ServeRecoverReg serves PostAccountRecovery for a registration resource.
func (*HTTPDispatcher) ServeReg ¶
func (d *HTTPDispatcher) ServeReg(w http.ResponseWriter, r *http.Request)
ServeReg serves PostRegistration for a registration resource.
func (*HTTPDispatcher) ServeRevokeCert ¶
func (d *HTTPDispatcher) ServeRevokeCert(w http.ResponseWriter, r *http.Request)
ServeRevokeCert serves PostCertificateRevocation for the RevokeCert directory entry.
type HTTPDoer ¶
type HTTPDoer interface { // Do performs an HTTP request. Do(*http.Request) (*http.Response, error) }
An HTTPDoer is able to make HTTP requests. *net/http.Client is an example.
type HTTPHandlerHandler ¶
type HTTPHandlerHandler interface { // Handle registers the given handler to respond to requests for // the given path prefix. Handle(string, http.Handler) }
HTTPHandlerHandler is an http.ServeMux-like object that can register handlers.
type HTTPResponse ¶
type HTTPResponse struct { // StatusCode is the HTTP status code. StatusCode int // Header is a set of headers to return. Header http.Header }
An HTTPResponse describes HTTP-specific response fields reported by a server.
type HTTPServer ¶
type HTTPServer interface { // GetDirectory sends a directory response. ACME Section 6.2. GetDirectory() (*Directory, HTTPResponse, error) // PostRegistration sends a new-reg or reg response. ACME Section 6.3. PostRegistration(accountKey crypto.PublicKey, uri string, req *Registration) (*Registration, HTTPResponse, error) // PostAccountRecovery sends a recover-reg response. ACME Section 6.4. PostAccountRecovery(accountKey crypto.PublicKey, uri string, req *Recovery) (*Registration, HTTPResponse, error) // PostAuthorization sends a new-authz or authz response. ACME Section 6.5. PostAuthorization(accountKey crypto.PublicKey, uri string, req *Authorization) (*Authorization, HTTPResponse, error) // GetAuthorization returns information about an authz resource. ACME Section 6.5. GetAuthorization(uri string) (*Authorization, HTTPResponse, error) // PostResponse sends a response to a challenge. ACME Section 6.5. PostResponse(accountKey crypto.PublicKey, uri string, req Response) (Challenge, HTTPResponse, error) // PostCertificateIssuance sends a new-cert request. ACME Section 6.6. PostCertificateIssuance(accountKey crypto.PublicKey, uri string, req *CertificateIssuance) ([]byte, HTTPResponse, error) // GetCertificate returns information about a cert resource. ACME Section 6.6. GetCertificate(uri string) ([]byte, HTTPResponse, error) // PostCertificateRevocation sends a revoke-cert response. ACME Section 6.7. PostCertificateRevocation(accountKey crypto.PublicKey, uri string, req *Certificate) (HTTPResponse, error) }
An HTTPServer responds to incoming ACME requests. The request data has already been authenticated where possible.
type Identifier ¶
type Identifier struct { Type IdentifierType `json:"type"` Value string `json:"value"` }
Identifier describes a certificate subject. ACME Section 5.3.
type JSONWebSignature ¶
type JSONWebSignature jose.JSONWebSignature
func (JSONWebSignature) MarshalJSON ¶
func (s JSONWebSignature) MarshalJSON() ([]byte, error)
func (*JSONWebSignature) UnmarshalJSON ¶
func (s *JSONWebSignature) UnmarshalJSON(bs []byte) error
func (JSONWebSignature) Verify ¶
func (s JSONWebSignature) Verify(verificationKey interface{}) ([]byte, error)
type NonceSource ¶
type NonceSource interface { jose.NonceSource // Verify returns an error if the provided nonce was not issued by // this nonce source, or if it has already been used in a call to // Verify. Verify(string) error }
A NonceSource is something that can generate and verify replay nonces.
type NonceStack ¶
type NonceStack struct {
// contains filtered or unexported fields
}
NonceStack is a stack of nonces implementing jose.NonceSource.
func (*NonceStack) Nonce ¶
func (s *NonceStack) Nonce() (string, error)
Nonce pops a nonce from the stack. Can return ErrNoNonce, in which case a non-secure request should be performed to populate the pool.
type Possession01Challenge ¶
type Possession01Challenge struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` URI string `json:"uri"` Status Status `json:"status,omitempty"` Validated *Time `json:"validated,omitempty"` Error *Problem `json:"error,omitempty"` Certs []DERData `json:"certs"` }
func (*Possession01Challenge) GetError ¶
func (c *Possession01Challenge) GetError() *Problem
func (*Possession01Challenge) GetResource ¶
func (c *Possession01Challenge) GetResource() ResourceType
func (*Possession01Challenge) GetStatus ¶
func (c *Possession01Challenge) GetStatus() Status
func (*Possession01Challenge) GetType ¶
func (c *Possession01Challenge) GetType() ChallengeType
func (*Possession01Challenge) GetURI ¶
func (c *Possession01Challenge) GetURI() string
func (*Possession01Challenge) GetValidated ¶
func (c *Possession01Challenge) GetValidated() *Time
type Possession01Response ¶
type Possession01Response struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` Authorization JSONWebSignature `json:"authorization"` }
func RespondPossession01 ¶
func RespondPossession01(s jose.Signer, v *Possession01Validation, c *Possession01Challenge) (*Possession01Response, error)
RespondPossession01 creates a response based on a challenge and a signer using the old certificate key.
func (*Possession01Response) GetResource ¶
func (c *Possession01Response) GetResource() ResourceType
func (*Possession01Response) GetType ¶
func (c *Possession01Response) GetType() ChallengeType
type Possession01Validation ¶
type Possession01Validation struct { Type ChallengeType `json:"type"` Identifiers []Identifier `json:"identifiers"` AccountKey jose.JSONWebKey `json:"accountKey"` }
Possession01Validation is the payload of Possession01Response.Authorization.
type Poster ¶
type Poster interface { // Post performs a POST request to the given URL. It sets the // Accept and Content-Type headers and parses the response // into respBody, unless it is nil. The response body reader // is already closed on return. If reqBody is not nil, it is // encoded (depending on contentType). The reqBody will be // wrapped in a jose.JSONWebSignature. Post(url, accept string, reqBody, respBody interface{}) (*http.Response, error) }
Poster is an interface to perform ACME HTTP POST requests. It is an adapter between the protocol and http.Client.
type Problem ¶
type Problem struct { Type ProblemType `json:"type,omitempty"` Title string `json:"string,omitempty"` Status int `json:"status,omitempty"` Detail string `json:"detail"` Instance string `json:"instance,omitempty"` }
A Problem is used as an HTTP together with Content-Type application/problem+json and describes a high-level server-side problem. Defined in https://tools.ietf.org/html/draft-ietf-appsawg-http-problem-01, Section 3.1.
type ProblemType ¶
type ProblemType string
const ( BadCSR ProblemType = errorNamespace + "badCSR" BadNonce ProblemType = errorNamespace + "badNonce" ConnectionError ProblemType = errorNamespace + "connection" DNSSECError ProblemType = errorNamespace + "dnssec" Malformed ProblemType = errorNamespace + "malformed" ServerInternal ProblemType = errorNamespace + "serverInternal" TLSError ProblemType = errorNamespace + "tls" UnknownHost ProblemType = errorNamespace + "unknownHost" )
type Recovery ¶
type Recovery struct { Resource ResourceType `json:"resource"` Method RecoveryMethod `json:"method"` BaseURI string `json:"base"` MAC *JSONWebSignature `json:"mac,omitempty"` ContactURIs []string `json:"contact,omitempty"` }
Recovery is an account recovery request. ACME Section 6.3. TODO: The ACME spec is not clear whether this is a special Registration resource or if it is a Recovery resource.
type RecoveryKey ¶
type RecoveryKey struct { Client *jose.JSONWebKey `json:"client,omitempty"` Server *jose.JSONWebKey `json:"server,omitempty"` Length int `json:"length,omitempty"` }
RecoveryKey describes a recover-reg resource. ACME Section 6.3.1.
type RecoveryMethod ¶
type RecoveryMethod string
const ( // Section 6.4. MAC RecoveryMethod = "mac" Contact RecoveryMethod = "contact" )
type Registration ¶
type Registration struct { Resource ResourceType `json:"resource"` Key *jose.JSONWebKey `json:"key,omitempty"` ContactURIs []string `json:"contact,omitempty"` AgreementURI string `json:"agreement,omitempty"` AuthorizationsURI string `json:"authorizations,omitempty"` CertificatesURI string `json:"certificates,omitempty"` // RecoveryKey is a key used to recover an account. ACME Section 6.3.1. RecoveryKey *RecoveryKey `json:"recoveryKey,omitempty"` }
Registration describes a reg resource. ACME Section 5.2.
func PostAccountRecovery ¶
func PostAccountRecovery(p Poster, uri string, req *Recovery) (*Registration, *http.Response, error)
PostAccountRecovery sends a recover-reg request. ACME Section 6.4.
func PostRegistration ¶
func PostRegistration(p Poster, uri string, req *Registration) (*Registration, *http.Response, error)
PostRegistration sends a new-reg or reg request. ACME Section 6.3.
type ResourceType ¶
type ResourceType string
const ( // Section 5.1. ResourceNewReg ResourceType = "new-reg" ResourceRecoverReg ResourceType = "recover-reg" ResourceNewAuthz ResourceType = "new-authz" ResourceNewCert ResourceType = "new-cert" ResourceRevokeCert ResourceType = "revoke-cert" ResourceReg ResourceType = "reg" ResourceAuthz ResourceType = "authz" ResourceChallenge ResourceType = "challenge" // ResourceCert is unused. ResourceCert ResourceType = "cert" )
type Response ¶
type Response interface { GetResource() ResourceType GetType() ChallengeType }
Response is the interface implemented by all challenge response types. Unlike challenge types, it requires no registration since they are never unmarshaled from JSON in this library. ACME Section 7.
type ServerError ¶
type ServerError struct { // Method is the HTTP method used. Method string // URL is the request URL. URL *url.URL // Status is the status string returned by the server. Status string // StatusCode is the status code returned by the server. StatusCode int // Problem is the problem object, if one was supplied. Problem *Problem }
ServerError is an error reported by an ACME server.
func (*ServerError) Error ¶
func (e *ServerError) Error() string
type TLSALPN01Challenge ¶
type TLSALPN01Challenge struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` URI string `json:"uri"` Status Status `json:"status,omitempty"` Validated *Time `json:"validated,omitempty"` Error *Problem `json:"error,omitempty"` Token string `json:"token"` }
func (*TLSALPN01Challenge) GetError ¶
func (c *TLSALPN01Challenge) GetError() *Problem
func (*TLSALPN01Challenge) GetResource ¶
func (c *TLSALPN01Challenge) GetResource() ResourceType
func (*TLSALPN01Challenge) GetStatus ¶
func (c *TLSALPN01Challenge) GetStatus() Status
func (*TLSALPN01Challenge) GetType ¶
func (c *TLSALPN01Challenge) GetType() ChallengeType
func (*TLSALPN01Challenge) GetURI ¶
func (c *TLSALPN01Challenge) GetURI() string
func (*TLSALPN01Challenge) GetValidated ¶
func (c *TLSALPN01Challenge) GetValidated() *Time
type TLSALPN01Response ¶
type TLSALPN01Response struct { Resource ResourceType `json:"resource,omitempty"` Type ChallengeType `json:"type,omitempty"` }
func RespondTLSALPN01 ¶
func RespondTLSALPN01(c *TLSALPN01Challenge) (*TLSALPN01Response, error)
RespondTLSALPN01 creates a response based on a challenge.
func (*TLSALPN01Response) GetResource ¶
func (c *TLSALPN01Response) GetResource() ResourceType
func (*TLSALPN01Response) GetType ¶
func (c *TLSALPN01Response) GetType() ChallengeType