protocol

package
v0.0.0-...-4ad0245 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 25, 2018 License: MIT Imports: 18 Imported by: 1

Documentation

Overview

Package protocol provides low-level primitives for working with the ACME protocol.

Index

Constants

View Source 
const (
	ChallengeDNS01 ChallengeType = "dns-01"
	DNS01Label     string        = "_acme-challenge"
)
View Source 
const (
	ChallengeHTTP01 ChallengeType = "http-01"
	HTTP01BasePath  string        = "/.well-known/acme-challenge"
)
View Source 
const (
	// HTTP headers.
	Link        = "Link"
	ReplayNonce = "Replay-Nonce"
	RetryAfter  = "Retry-After"

	// Link rel values.
	Up = "up"

	// Content types.
	JSON        = "application/json"
	ProblemJSON = "application/problem+json"
	PKIXCert    = "application/pkix-cert"

	RecoveryKeyLabel = "recovery"
)
View Source 
const (
	DirectoryPath  = "/directory"
	NewRegPath     = "/acme/new-reg"
	RecoverRegPath = "/acme/recover-reg"
	RegPath        = "/acme/reg/"
	NewAuthzPath   = "/acme/new-authz"
	AuthzPath      = "/acme/authz/"
	ChallengePath  = "/acme/challenge/"
	NewCertPath    = "/acme/new-cert"
	CertPath       = "/acme/cert/"
	RevokeCertPath = "/acme/revoke-cert"
)

From github.com/letsencrypt/boulder/blob/master/wfe/web-front-end.go

Variables

View Source 
var (
	ErrNoNonce  = errors.New("no nonce available")
	ErrNoSigner = errors.New("no signer in client")
)

Functions

func DNS01TXTRecord 

func DNS01TXTRecord(keyAuthz string) string

DNS01TXTRecord returns a TXT record data string based on generated key authorization as created by RespondDNS01.

func GetCertificate 

func GetCertificate(g Getter, uri string) ([]byte, *http.Response, error)

GetCertificate requests information about a cert resource. ACME Section 6.6.

func KeyAuthz 

func KeyAuthz(tok string, key *jose.JSONWebKey) (string, error)

KeyAuthz returns the key authorization string for a challenge token and account key. Section 7.1.

func MustRegisterChallengeType 

func MustRegisterChallengeType(name ChallengeType, c Challenge, r Response)

MustRegisterChallengeType register a challenge struct for a given type. This is needed to unmarshal challenges into appropriate types. Should be called in init functions of files defining challenges.

func PostCertificateIssuance 

func PostCertificateIssuance(p Poster, uri string, req *CertificateIssuance) ([]byte, *http.Response, error)

PostCertificateIssuance sends a new-cert request. ACME Section 6.6.

func PostCertificateRevocation 

func PostCertificateRevocation(p Poster, uri string, req *Certificate) (*http.Response, error)

PostCertificateRevocation sends a revoke-cert request. ACME Section 6.7.

func RawURLEncodeToString 

func RawURLEncodeToString(bs []byte) string

RawURLEncodeToString emulates base64.RawURLEncoding.EncodeToString found in go1.5.

func RegisterBoulderHTTP 

func RegisterBoulderHTTP(mux HTTPHandlerHandler, s HTTPServer, ns NonceSource)

BoulderHTTPServeMux registers the dispatcher's endpoint in the given http.ServeMux-like object at the same paths as Let's Encrypt's Boulder server. These paths are not mandated by the ACME specification, but are good defaults.

func TLSALPN01Validation 

func TLSALPN01Validation(token string, key *jose.JSONWebKey) ([]byte, error)

Types

type Authorization 

type Authorization struct {
	Resource     ResourceType `json:"resource"`
	Identifier   Identifier   `json:"identifier"`
	Status       Status       `json:"status,omitempty"`
	Expires      *Time        `json:"expires,omitempty"`
	Challenges   Challenges   `json:"challenges"`
	Combinations [][]int      `json:"combinations,omitempty"`
}

Authorization describes an authz resource. ACME Section 5.3.

func GetAuthorization 

func GetAuthorization(g Getter, uri string) (*Authorization, *http.Response, error)

GetAuthorization requests information about an authz resource. ACME Section 6.5.

func PostAuthorization 

func PostAuthorization(p Poster, uri string, req *Authorization) (*Authorization, *http.Response, error)

PostAuthorization sends a new-authz or authz request. ACME Section 6.5.

type AuthorizationURIs 

type AuthorizationURIs struct {
	Authorizations []string `json:"authorizations"`
}

AuthorizationURIs is a list of authorization URIs. ACME Section 5.2.

func GetAuthorizationURIs 

func GetAuthorizationURIs(g Getter, uri string) (*AuthorizationURIs, *http.Response, error)

type Certificate 

type Certificate struct {
	Resource    ResourceType `json:"resource"`
	Certificate DERData      `json:"certificate"`
}

Certificate encapsulates an X.509 certificate.

type CertificateIssuance 

type CertificateIssuance struct {
	Resource ResourceType `json:"resource"`
	CSR      DERData      `json:"csr"`
}

CertificateIssuance describes the new-cert resource; an X.509 certificate signing request.

type CertificateURIs 

type CertificateURIs struct {
	Certificates []string `json:"certificates"`
}

CertificateURIs is a list of certificate URIs. ACME Section 5.2.

func GetCertificateURIs 

func GetCertificateURIs(g Getter, uri string) (*CertificateURIs, *http.Response, error)

type Challenge 

type Challenge interface {
	GetResource() ResourceType
	GetType() ChallengeType
	GetURI() string
	GetStatus() Status
	GetValidated() *Time
	GetError() *Problem
}

Challenge is the interface implemented by all authorization challenge types. Remember to register implementations using MustRegisterChallengeType. ACME Section 7.

func PostResponse 

func PostResponse(p Poster, uri string, req Response) (Challenge, *http.Response, error)

PostResponse sends a response to a challenge. ACME Section 6.5.

type ChallengeType 

type ChallengeType string
const (
	ChallengePossession01 ChallengeType = "proofOfPossession-01"
)
const (
	ChallengeTLSALPN01 ChallengeType = "tls-alpn-01"
)

type Challenges 

type Challenges []Challenge

Challenges is a slice of Challenge that supports JSON encoding properly. For unmarshaling to work correctly, you must use MustRegisterChallengeType for all possible challenge types. Unregistered types will be unmarshaled as GenericChallenge.

func (Challenges) MarshalJSON 

func (cs Challenges) MarshalJSON() ([]byte, error)

func (*Challenges) UnmarshalJSON 

func (cs *Challenges) UnmarshalJSON(bs []byte) error

type DERData 

type DERData []byte

DERData is raw DER-encoded data.

func (DERData) MarshalJSON 

func (d DERData) MarshalJSON() ([]byte, error)

func (*DERData) UnmarshalJSON 

func (d *DERData) UnmarshalJSON(bs []byte) error

type DNS01Challenge 

type DNS01Challenge struct {
	Resource  ResourceType  `json:"resource,omitempty"`
	Type      ChallengeType `json:"type,omitempty"`
	URI       string        `json:"uri"`
	Status    Status        `json:"status,omitempty"`
	Validated *Time         `json:"validated,omitempty"`
	Error     *Problem      `json:"error,omitempty"`
	Token     string        `json:"token"`
}

func (*DNS01Challenge) GetError 

func (c *DNS01Challenge) GetError() *Problem

func (*DNS01Challenge) GetResource 

func (c *DNS01Challenge) GetResource() ResourceType

func (*DNS01Challenge) GetStatus 

func (c *DNS01Challenge) GetStatus() Status

func (*DNS01Challenge) GetType 

func (c *DNS01Challenge) GetType() ChallengeType

func (*DNS01Challenge) GetURI 

func (c *DNS01Challenge) GetURI() string

func (*DNS01Challenge) GetValidated 

func (c *DNS01Challenge) GetValidated() *Time

type DNS01Response 

type DNS01Response struct {
	Resource         ResourceType  `json:"resource,omitempty"`
	Type             ChallengeType `json:"type,omitempty"`
	KeyAuthorization string        `json:"keyAuthorization"`
}

func RespondDNS01 

func RespondDNS01(key *jose.JSONWebKey, c *DNS01Challenge) (*DNS01Response, error)

func (*DNS01Response) GetResource 

func (c *DNS01Response) GetResource() ResourceType

func (*DNS01Response) GetType 

func (c *DNS01Response) GetType() ChallengeType

type Directory 

type Directory struct {
	NewReg     string `json:"new-reg"`
	RecoverReg string `json:"recover-reg"`
	NewAuthz   string `json:"new-authz"`
	NewCert    string `json:"new-cert"`
	RevokeCert string `json:"revoke-cert"`
}

Directory describes a directory resource. ACME Section 6.2.

func GetDirectory 

func GetDirectory(g Getter, uri string) (*Directory, *http.Response, error)

GetDirectory looks up a directory in the given location. ACME Section 6.2.

type GenericChallenge 

type GenericChallenge struct {
	Resource  ResourceType  `json:"resource,omitempty"`
	Type      ChallengeType `json:"type,omitempty"`
	URI       string        `json:"uri"`
	Status    Status        `json:"status,omitempty"`
	Validated *Time         `json:"validated,omitempty"`
	Error     *Problem      `json:"error,omitempty"`
}

GenericChallenge is a concrete implementation of Challenge with no type-specific information. ACME Section 7.

func (*GenericChallenge) GetError 

func (c *GenericChallenge) GetError() *Problem

func (*GenericChallenge) GetResource 

func (c *GenericChallenge) GetResource() ResourceType

func (*GenericChallenge) GetStatus 

func (c *GenericChallenge) GetStatus() Status

func (*GenericChallenge) GetType 

func (c *GenericChallenge) GetType() ChallengeType

func (*GenericChallenge) GetURI 

func (c *GenericChallenge) GetURI() string

func (*GenericChallenge) GetValidated 

func (c *GenericChallenge) GetValidated() *Time

type GenericResponse 

type GenericResponse struct {
	Resource ResourceType  `json:"resource,omitempty"`
	Type     ChallengeType `json:"type,omitempty"`
}

GenericResponse is a concrete implementation of Response with no type-specific information. ACME Section 7.

func (*GenericResponse) GetResource 

func (c *GenericResponse) GetResource() ResourceType

func (*GenericResponse) GetType 

func (c *GenericResponse) GetType() ChallengeType

type Getter 

type Getter interface {
	// Get performs a GET request to the given URL. It sets the Accept
	// header and parses the response into respBody, unless it is nil. If
	// respBody is nil, the response body must be closed by the caller.
	Get(url, accept string, respBody interface{}) (*http.Response, error)
}

Getter is an interface to perform ACME HTTP GET/HEAD requests. It is an adapter between the protocol and http.Client.

type HTTP01Challenge 

type HTTP01Challenge struct {
	Resource  ResourceType  `json:"resource,omitempty"`
	Type      ChallengeType `json:"type,omitempty"`
	URI       string        `json:"uri"`
	Status    Status        `json:"status,omitempty"`
	Validated *Time         `json:"validated,omitempty"`
	Error     *Problem      `json:"error,omitempty"`
	Token     string        `json:"token"`
}

func (*HTTP01Challenge) GetError 

func (c *HTTP01Challenge) GetError() *Problem

func (*HTTP01Challenge) GetResource 

func (c *HTTP01Challenge) GetResource() ResourceType

func (*HTTP01Challenge) GetStatus 

func (c *HTTP01Challenge) GetStatus() Status

func (*HTTP01Challenge) GetType 

func (c *HTTP01Challenge) GetType() ChallengeType

func (*HTTP01Challenge) GetURI 

func (c *HTTP01Challenge) GetURI() string

func (*HTTP01Challenge) GetValidated 

func (c *HTTP01Challenge) GetValidated() *Time

type HTTP01Response 

type HTTP01Response struct {
	Resource         ResourceType  `json:"resource,omitempty"`
	Type             ChallengeType `json:"type,omitempty"`
	KeyAuthorization string        `json:"keyAuthorization"`
}

func RespondHTTP01 

func RespondHTTP01(key *jose.JSONWebKey, c *HTTP01Challenge) (*HTTP01Response, error)

RespondHTTP01 creates a response to a http-01 challenge given an account key.

func (*HTTP01Response) GetResource 

func (c *HTTP01Response) GetResource() ResourceType

func (*HTTP01Response) GetType 

func (c *HTTP01Response) GetType() ChallengeType

type HTTPClient 

type HTTPClient struct {
	// contains filtered or unexported fields
}

HTTPClient is an ACME HTTP client. It is an adapter between the standard HTTP client and ACME clients. It marshals requests, identifies errors, unmarshals responses and records nonces.

func NewHTTPClient 

func NewHTTPClient(hc HTTPDoer, signer jose.Signer) *HTTPClient

NewHTTPClient returns a new ACME HTTP client using the HTTP client. If hc is nil, http.DefaultClient is used. signer can be nil, but will cause Post invocations to fail.

func (*HTTPClient) Get 

func (c *HTTPClient) Get(url, accept string, respBody interface{}) (*http.Response, error)

Get performs a GET request to the given URL. It sets the Accept header and parses the response into respBody, unless it is nil. If respBody is nil, the response body must be closed by the caller.

func (*HTTPClient) Head 

func (c *HTTPClient) Head(url string) (*http.Response, error)

Head performs a HEAD request to the given URL. The response body is already closed on return.

func (*HTTPClient) Post 

func (c *HTTPClient) Post(url, accept string, reqBody, respBody interface{}) (*http.Response, error)

Post performs a POST request to the given URL. It sets the acceptHeader and Content-Type headers and parses the response into respBody, unless it is nil. If respBody is nil, the response body must be closed by the caller. If reqBody is not nil, it is encoded (depending on contentType).

type HTTPDispatcher 

type HTTPDispatcher struct {
	// contains filtered or unexported fields
}

An HTTPDispatcher provides the lowest level interpretation of the ACME protocol, mapping URIs to resources and validates request data.

func NewHTTPDispatcher 

func NewHTTPDispatcher(s HTTPServer, ns NonceSource) *HTTPDispatcher

NewHTTPDispatcher creates a new dispatcher for the given server with the given nonce source used to create response nonces and validate request nonces. Both s and ns must be concurrency-safe.

func (*HTTPDispatcher) ServeAuthz 

func (d *HTTPDispatcher) ServeAuthz(w http.ResponseWriter, r *http.Request)

ServeAuthz serves GetAuthorization and PostAuthorization for an authorization resource.

func (*HTTPDispatcher) ServeCert 

func (d *HTTPDispatcher) ServeCert(w http.ResponseWriter, r *http.Request)

ServeCert serves GetCertificate for a certificate resource.

func (*HTTPDispatcher) ServeChallenge 

func (d *HTTPDispatcher) ServeChallenge(w http.ResponseWriter, r *http.Request)

ServeChallenge serves PostResponse for a challenge resource.

func (*HTTPDispatcher) ServeDirectory 

func (d *HTTPDispatcher) ServeDirectory(w http.ResponseWriter, r *http.Request)

ServeDirectory serves up the ACME directory.

func (*HTTPDispatcher) ServeNewAuthz 

func (d *HTTPDispatcher) ServeNewAuthz(w http.ResponseWriter, r *http.Request)

ServeNewAuthz serves PostAuthorization for new registrations, by the NewReg directory entry.

func (*HTTPDispatcher) ServeNewCert 

func (d *HTTPDispatcher) ServeNewCert(w http.ResponseWriter, r *http.Request)

ServeNewCert serves PostCertificateIssuance for the NewCert directory entry.

func (*HTTPDispatcher) ServeRecoverReg 

func (d *HTTPDispatcher) ServeRecoverReg(w http.ResponseWriter, r *http.Request)

ServeRecoverReg serves PostAccountRecovery for a registration resource.

func (*HTTPDispatcher) ServeReg 

func (d *HTTPDispatcher) ServeReg(w http.ResponseWriter, r *http.Request)

ServeReg serves PostRegistration for a registration resource.

func (*HTTPDispatcher) ServeRevokeCert 

func (d *HTTPDispatcher) ServeRevokeCert(w http.ResponseWriter, r *http.Request)

ServeRevokeCert serves PostCertificateRevocation for the RevokeCert directory entry.

type HTTPDoer 

type HTTPDoer interface {
	// Do performs an HTTP request.
	Do(*http.Request) (*http.Response, error)
}

An HTTPDoer is able to make HTTP requests. *net/http.Client is an example.

type HTTPHandlerHandler 

type HTTPHandlerHandler interface {
	// Handle registers the given handler to respond to requests for
	// the given path prefix.
	Handle(string, http.Handler)
}

HTTPHandlerHandler is an http.ServeMux-like object that can register handlers.

type HTTPResponse 

type HTTPResponse struct {
	// StatusCode is the HTTP status code.
	StatusCode int

	// Header is a set of headers to return.
	Header http.Header
}

An HTTPResponse describes HTTP-specific response fields reported by a server.

type HTTPServer 

type HTTPServer interface {
	// GetDirectory sends a directory response. ACME Section 6.2.
	GetDirectory() (*Directory, HTTPResponse, error)
	// PostRegistration sends a new-reg or reg response. ACME Section 6.3.
	PostRegistration(accountKey crypto.PublicKey, uri string, req *Registration) (*Registration, HTTPResponse, error)
	// PostAccountRecovery sends a recover-reg response. ACME Section 6.4.
	PostAccountRecovery(accountKey crypto.PublicKey, uri string, req *Recovery) (*Registration, HTTPResponse, error)
	// PostAuthorization sends a new-authz or authz response. ACME Section 6.5.
	PostAuthorization(accountKey crypto.PublicKey, uri string, req *Authorization) (*Authorization, HTTPResponse, error)
	// GetAuthorization returns information about an authz resource. ACME Section 6.5.
	GetAuthorization(uri string) (*Authorization, HTTPResponse, error)
	// PostResponse sends a response to a challenge. ACME Section 6.5.
	PostResponse(accountKey crypto.PublicKey, uri string, req Response) (Challenge, HTTPResponse, error)
	// PostCertificateIssuance sends a new-cert request. ACME Section 6.6.
	PostCertificateIssuance(accountKey crypto.PublicKey, uri string, req *CertificateIssuance) ([]byte, HTTPResponse, error)
	// GetCertificate returns information about a cert resource. ACME Section 6.6.
	GetCertificate(uri string) ([]byte, HTTPResponse, error)
	// PostCertificateRevocation sends a revoke-cert response. ACME Section 6.7.
	PostCertificateRevocation(accountKey crypto.PublicKey, uri string, req *Certificate) (HTTPResponse, error)
}

An HTTPServer responds to incoming ACME requests. The request data has already been authenticated where possible.

type Identifier 

type Identifier struct {
	Type  IdentifierType `json:"type"`
	Value string         `json:"value"`
}

Identifier describes a certificate subject. ACME Section 5.3.

type IdentifierType 

type IdentifierType string
const (
	DNS IdentifierType = "dns"
)

type JSONWebSignature 

type JSONWebSignature jose.JSONWebSignature

func (JSONWebSignature) MarshalJSON 

func (s JSONWebSignature) MarshalJSON() ([]byte, error)

func (*JSONWebSignature) UnmarshalJSON 

func (s *JSONWebSignature) UnmarshalJSON(bs []byte) error

func (JSONWebSignature) Verify 

func (s JSONWebSignature) Verify(verificationKey interface{}) ([]byte, error)

type NonceSource 

type NonceSource interface {
	jose.NonceSource

	// Verify returns an error if the provided nonce was not issued by
	// this nonce source, or if it has already been used in a call to
	// Verify.
	Verify(string) error
}

A NonceSource is something that can generate and verify replay nonces.

type NonceStack 

type NonceStack struct {
	// contains filtered or unexported fields
}

NonceStack is a stack of nonces implementing jose.NonceSource.

func (*NonceStack) Nonce 

func (s *NonceStack) Nonce() (string, error)

Nonce pops a nonce from the stack. Can return ErrNoNonce, in which case a non-secure request should be performed to populate the pool.

type Possession01Challenge 

type Possession01Challenge struct {
	Resource  ResourceType  `json:"resource,omitempty"`
	Type      ChallengeType `json:"type,omitempty"`
	URI       string        `json:"uri"`
	Status    Status        `json:"status,omitempty"`
	Validated *Time         `json:"validated,omitempty"`
	Error     *Problem      `json:"error,omitempty"`
	Certs     []DERData     `json:"certs"`
}

func (*Possession01Challenge) GetError 

func (c *Possession01Challenge) GetError() *Problem

func (*Possession01Challenge) GetResource 

func (c *Possession01Challenge) GetResource() ResourceType

func (*Possession01Challenge) GetStatus 

func (c *Possession01Challenge) GetStatus() Status

func (*Possession01Challenge) GetType 

func (c *Possession01Challenge) GetType() ChallengeType

func (*Possession01Challenge) GetURI 

func (c *Possession01Challenge) GetURI() string

func (*Possession01Challenge) GetValidated 

func (c *Possession01Challenge) GetValidated() *Time

type Possession01Response 

type Possession01Response struct {
	Resource      ResourceType     `json:"resource,omitempty"`
	Type          ChallengeType    `json:"type,omitempty"`
	Authorization JSONWebSignature `json:"authorization"`
}

func RespondPossession01 

func RespondPossession01(s jose.Signer, v *Possession01Validation, c *Possession01Challenge) (*Possession01Response, error)

RespondPossession01 creates a response based on a challenge and a signer using the old certificate key.

func (*Possession01Response) GetResource 

func (c *Possession01Response) GetResource() ResourceType

func (*Possession01Response) GetType 

func (c *Possession01Response) GetType() ChallengeType

type Possession01Validation 

type Possession01Validation struct {
	Type        ChallengeType   `json:"type"`
	Identifiers []Identifier    `json:"identifiers"`
	AccountKey  jose.JSONWebKey `json:"accountKey"`
}

Possession01Validation is the payload of Possession01Response.Authorization.

type Poster 

type Poster interface {
	// Post performs a POST request to the given URL. It sets the
	// Accept and Content-Type headers and parses the response
	// into respBody, unless it is nil. The response body reader
	// is already closed on return. If reqBody is not nil, it is
	// encoded (depending on contentType). The reqBody will be
	// wrapped in a jose.JSONWebSignature.
	Post(url, accept string, reqBody, respBody interface{}) (*http.Response, error)
}

Poster is an interface to perform ACME HTTP POST requests. It is an adapter between the protocol and http.Client.

type Problem 

type Problem struct {
	Type     ProblemType `json:"type,omitempty"`
	Title    string      `json:"string,omitempty"`
	Status   int         `json:"status,omitempty"`
	Detail   string      `json:"detail"`
	Instance string      `json:"instance,omitempty"`
}

A Problem is used as an HTTP together with Content-Type application/problem+json and describes a high-level server-side problem. Defined in https://tools.ietf.org/html/draft-ietf-appsawg-http-problem-01, Section 3.1.

type ProblemType 

type ProblemType string
const (
	BadCSR          ProblemType = errorNamespace + "badCSR"
	BadNonce        ProblemType = errorNamespace + "badNonce"
	ConnectionError ProblemType = errorNamespace + "connection"
	DNSSECError     ProblemType = errorNamespace + "dnssec"
	Malformed       ProblemType = errorNamespace + "malformed"
	ServerInternal  ProblemType = errorNamespace + "serverInternal"
	TLSError        ProblemType = errorNamespace + "tls"
	Unauthorized    ProblemType = errorNamespace + "unauthorized"
	UnknownHost     ProblemType = errorNamespace + "unknownHost"
)

type Recovery 

type Recovery struct {
	Resource    ResourceType      `json:"resource"`
	Method      RecoveryMethod    `json:"method"`
	BaseURI     string            `json:"base"`
	MAC         *JSONWebSignature `json:"mac,omitempty"`
	ContactURIs []string          `json:"contact,omitempty"`
}

Recovery is an account recovery request. ACME Section 6.3. TODO: The ACME spec is not clear whether this is a special Registration resource or if it is a Recovery resource.

type RecoveryKey 

type RecoveryKey struct {
	Client *jose.JSONWebKey `json:"client,omitempty"`
	Server *jose.JSONWebKey `json:"server,omitempty"`
	Length int              `json:"length,omitempty"`
}

RecoveryKey describes a recover-reg resource. ACME Section 6.3.1.

type RecoveryMethod 

type RecoveryMethod string
const (
	// Section 6.4.
	MAC     RecoveryMethod = "mac"
	Contact RecoveryMethod = "contact"
)

type Registration 

type Registration struct {
	Resource          ResourceType     `json:"resource"`
	Key               *jose.JSONWebKey `json:"key,omitempty"`
	ContactURIs       []string         `json:"contact,omitempty"`
	AgreementURI      string           `json:"agreement,omitempty"`
	AuthorizationsURI string           `json:"authorizations,omitempty"`
	CertificatesURI   string           `json:"certificates,omitempty"`

	// RecoveryKey is a key used to recover an account. ACME Section 6.3.1.
	RecoveryKey *RecoveryKey `json:"recoveryKey,omitempty"`
}

Registration describes a reg resource. ACME Section 5.2.

func PostAccountRecovery 

func PostAccountRecovery(p Poster, uri string, req *Recovery) (*Registration, *http.Response, error)

PostAccountRecovery sends a recover-reg request. ACME Section 6.4.

func PostRegistration 

func PostRegistration(p Poster, uri string, req *Registration) (*Registration, *http.Response, error)

PostRegistration sends a new-reg or reg request. ACME Section 6.3.

type ResourceType 

type ResourceType string
const (
	// Section 5.1.
	ResourceNewReg     ResourceType = "new-reg"
	ResourceRecoverReg ResourceType = "recover-reg"
	ResourceNewAuthz   ResourceType = "new-authz"
	ResourceNewCert    ResourceType = "new-cert"
	ResourceRevokeCert ResourceType = "revoke-cert"
	ResourceReg        ResourceType = "reg"
	ResourceAuthz      ResourceType = "authz"
	ResourceChallenge  ResourceType = "challenge"

	// ResourceCert is unused.
	ResourceCert ResourceType = "cert"
)

type Response 

type Response interface {
	GetResource() ResourceType
	GetType() ChallengeType
}

Response is the interface implemented by all challenge response types. Unlike challenge types, it requires no registration since they are never unmarshaled from JSON in this library. ACME Section 7.

type ServerError 

type ServerError struct {
	// Method is the HTTP method used.
	Method string

	// URL is the request URL.
	URL *url.URL

	// Status is the status string returned by the server.
	Status string

	// StatusCode is the status code returned by the server.
	StatusCode int

	// Problem is the problem object, if one was supplied.
	Problem *Problem
}

ServerError is an error reported by an ACME server.

func (*ServerError) Error 

func (e *ServerError) Error() string

type Status 

type Status string
const (
	// Section 5.3.
	StatusUnknown Status = "unknown"
	StatusPending Status = "pending"
	StatusValid   Status = "valid"
	StatusInvalid Status = "invalid"
	StatusRevoked Status = "revoked"

	// StatusProcessing is unused?
	StatusProcessing Status = "processing"
)

type TLSALPN01Challenge 

type TLSALPN01Challenge struct {
	Resource  ResourceType  `json:"resource,omitempty"`
	Type      ChallengeType `json:"type,omitempty"`
	URI       string        `json:"uri"`
	Status    Status        `json:"status,omitempty"`
	Validated *Time         `json:"validated,omitempty"`
	Error     *Problem      `json:"error,omitempty"`
	Token     string        `json:"token"`
}

func (*TLSALPN01Challenge) GetError 

func (c *TLSALPN01Challenge) GetError() *Problem

func (*TLSALPN01Challenge) GetResource 

func (c *TLSALPN01Challenge) GetResource() ResourceType

func (*TLSALPN01Challenge) GetStatus 

func (c *TLSALPN01Challenge) GetStatus() Status

func (*TLSALPN01Challenge) GetType 

func (c *TLSALPN01Challenge) GetType() ChallengeType

func (*TLSALPN01Challenge) GetURI 

func (c *TLSALPN01Challenge) GetURI() string

func (*TLSALPN01Challenge) GetValidated 

func (c *TLSALPN01Challenge) GetValidated() *Time

type TLSALPN01Response 

type TLSALPN01Response struct {
	Resource ResourceType  `json:"resource,omitempty"`
	Type     ChallengeType `json:"type,omitempty"`
}

func RespondTLSALPN01 

func RespondTLSALPN01(c *TLSALPN01Challenge) (*TLSALPN01Response, error)

RespondTLSALPN01 creates a response based on a challenge.

func (*TLSALPN01Response) GetResource 

func (c *TLSALPN01Response) GetResource() ResourceType

func (*TLSALPN01Response) GetType 

func (c *TLSALPN01Response) GetType() ChallengeType

type Time 

type Time time.Time

Time is a simple timestamp.

func (Time) MarshalJSON 

func (t Time) MarshalJSON() ([]byte, error)

func (*Time) UnmarshalJSON 

func (t *Time) UnmarshalJSON(bs []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.