core

package
v0.0.0-...-3814c95 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2015 License: MPL-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	StatusUnknown    = AcmeStatus("unknown")    // Unknown status; the default
	StatusPending    = AcmeStatus("pending")    // In process; client has next action
	StatusProcessing = AcmeStatus("processing") // In process; server has next action
	StatusValid      = AcmeStatus("valid")      // Validation succeeded
	StatusInvalid    = AcmeStatus("invalid")    // Validation failed
	StatusRevoked    = AcmeStatus("revoked")    // Object no longer valid
)
View Source 
const (
	ChallengeTypeSimpleHTTPS   = "simpleHttps"
	ChallengeTypeDVSNI         = "dvsni"
	ChallengeTypeDNS           = "dns"
	ChallengeTypeRecoveryToken = "recoveryToken"
)
View Source 
const (
	IdentifierDNS = IdentifierType("dns")
)

Variables

This section is empty.

Functions

func B64dec 

func B64dec(x string) ([]byte, error)

func B64enc 

func B64enc(x []byte) string

func Fingerprint256 

func Fingerprint256(data []byte) string

func NewToken 

func NewToken() string

func RandomString 

func RandomString(byteLength int) string

func VerifyCSR 

func VerifyCSR(csr *x509.CertificateRequest) error

The missing CertificateRequest.Verify() method

Types

type AcmeIdentifier 

type AcmeIdentifier struct {
	Type  IdentifierType `json:"type"`  // The type of identifier being encoded
	Value string         `json:"value"` // The identifier itself
}

An AcmeIdentifier encodes an identifier that can be validated by ACME. The protocol allows for different types of identifier to be supported (DNS names, IP addresses, etc.), but currently we only support domain names.

type AcmeStatus 

type AcmeStatus string

type AcmeURL 

type AcmeURL url.URL

URLs that automatically marshal/unmarshal to JSON strings

func (AcmeURL) MarshalJSON 

func (u AcmeURL) MarshalJSON() ([]byte, error)

func (AcmeURL) PathSegments 

func (u AcmeURL) PathSegments() (segments []string)

func (*AcmeURL) UnmarshalJSON 

func (u *AcmeURL) UnmarshalJSON(data []byte) error

type Authorization 

type Authorization struct {
	// An identifier for this authorization, unique across
	// authorizations and certificates within this instance.
	ID string `json:"id,omitempty"`

	// The identifier for which authorization is being given
	Identifier AcmeIdentifier `json:"identifier,omitempty"`

	// The account key that is authorized for the identifier
	Key jose.JsonWebKey `json:"key,omitempty"`

	// The status of the validation of this authorization
	Status AcmeStatus `json:"status,omitempty"`

	// The date after which this authorization will be no
	// longer be considered valid
	Expires time.Time `json:"expires,omitempty"`

	// An array of challenges objects used to validate the
	// applicant's control of the identifier.  For authorizations
	// in process, these are challenges to be fulfilled; for
	// final authorizations, they describe the evidence that
	// the server used in support of granting the authorization.
	Challenges []Challenge `json:"challenges,omitempty"`

	// The server may suggest combinations of challenges if it
	// requires more than one challenge to be completed.
	Combinations [][]int `json:"combinations,omitempty"`

	// The client may provide contact URIs to allow the server
	// to push information to it.
	Contact []AcmeURL `json:"contact,omitempty"`
}

An ACME authorization object represents the authorization of an account key holder to act on behalf of a domain. This struct is intended to be used both internally and for JSON marshaling on the wire. Any fields that should be suppressed on the wire (e.g., ID) must be made empty before marshaling.

type Buffer 

type Buffer []byte

type Certificate 

type Certificate struct {
	// The encoded, signed certificate
	DER jose.JsonBuffer

	// The parsed version of DER. Useful for extracting things like serial number.
	ParsedCertificate *x509.Certificate

	// The revocation status of the certificate.
	// * "valid" - not revoked
	// * "revoked" - revoked
	Status AcmeStatus
}

Certificate objects are entirely internal to the server. The only thing exposed on the wire is the certificate itself.

type CertificateAuthority 

type CertificateAuthority interface {
	// [RegistrationAuthority]
	IssueCertificate(x509.CertificateRequest) (Certificate, error)
}

type CertificateAuthorityDatabase 

type CertificateAuthorityDatabase interface {
	Begin() error
	Commit() error
	Rollback() error

	IncrementAndGetSerial() (int, error)
}

CertificateAuthorityDatabase represents an atomic sequence source

type CertificateIssuanceError 

type CertificateIssuanceError string

func (CertificateIssuanceError) Error 

func (e CertificateIssuanceError) Error() string

type CertificateRequest 

type CertificateRequest struct {
	CSR            *x509.CertificateRequest // The CSR
	Authorizations []AcmeURL                // Links to Authorization over the account key
}

An ACME certificate request is just a CSR together with URIs pointing to authorizations that should collectively authorize the certificate being requsted.

This type is never marshaled, since we only ever receive it from the client. So it carries some additional information that is useful internally. (We rely on Go's case-insensitive JSON unmarshal to properly unmarshal client requests.)

func (CertificateRequest) MarshalJSON 

func (cr CertificateRequest) MarshalJSON() ([]byte, error)

func (*CertificateRequest) UnmarshalJSON 

func (cr *CertificateRequest) UnmarshalJSON(data []byte) error

type Challenge 

type Challenge struct {
	// The type of challenge
	Type string `json:"type"`

	// The status of this challenge
	Status AcmeStatus `json:"status,omitempty"`

	// If successful, the time at which this challenge
	// was completed by the server.
	Validated *time.Time `json:"validated,omitempty"`

	// A URI to which a response can be POSTed
	URI AcmeURL `json:"uri"`

	// Used by simpleHTTPS, recoveryToken, and dns challenges
	Token string `json:"token,omitempty"`

	// Used by simpleHTTPS challenges
	Path string `json:"path,omitempty"`

	// Used by dvsni challenges
	R     string `json:"r,omitempty"`
	S     string `json:"s,omitempty"`
	Nonce string `json:"nonce,omitempty"`
}

Rather than define individual types for different types of challenge, we just throw all the elements into one bucket, together with the common metadata elements.

func DvsniChallenge 

func DvsniChallenge() Challenge

func SimpleHTTPSChallenge 

func SimpleHTTPSChallenge() Challenge

func (Challenge) MergeResponse 

func (ch Challenge) MergeResponse(resp Challenge) Challenge

Merge a client-provide response to a challenge with the issued challenge TODO: Remove return type from this method

type IdentifierType 

type IdentifierType string

type MalformedRequestError 

type MalformedRequestError string

func (MalformedRequestError) Error 

func (e MalformedRequestError) Error() string

type NotFoundError 

type NotFoundError string

func (NotFoundError) Error 

func (e NotFoundError) Error() string

type NotSupportedError 

type NotSupportedError string

func (NotSupportedError) Error 

func (e NotSupportedError) Error() string

type PolicyAuthority 

type PolicyAuthority interface {
	WillingToIssue(AcmeIdentifier) error
	ChallengesFor(AcmeIdentifier) ([]Challenge, [][]int)
}

type Registration 

type Registration struct {
	// Unique identifier
	ID string `json:"-"`

	// Account key to which the details are attached
	Key jose.JsonWebKey `json:"key"`

	// Recovery Token is used to prove connection to an earlier transaction
	RecoveryToken string `json:"recoveryToken"`

	// Contact URIs
	Contact []AcmeURL `json:"contact,omitempty"`

	// Agreement with terms of service
	Agreement string `json:"agreement,omitempty"`
}

Registration objects represent non-public metadata attached to account keys.

func (*Registration) MergeUpdate 

func (r *Registration) MergeUpdate(input Registration)

type RegistrationAuthority 

type RegistrationAuthority interface {
	// [WebFrontEnd]
	NewRegistration(Registration, jose.JsonWebKey) (Registration, error)

	// [WebFrontEnd]
	NewAuthorization(Authorization, jose.JsonWebKey) (Authorization, error)

	// [WebFrontEnd]
	NewCertificate(CertificateRequest, jose.JsonWebKey) (Certificate, error)

	// [WebFrontEnd]
	UpdateRegistration(Registration, Registration) (Registration, error)

	// [WebFrontEnd]
	UpdateAuthorization(Authorization, int, Challenge) (Authorization, error)

	// [WebFrontEnd]
	RevokeCertificate(x509.Certificate) error

	// [ValidationAuthority]
	OnValidationUpdate(Authorization)
}

type SignatureValidationError 

type SignatureValidationError string

func (SignatureValidationError) Error 

func (e SignatureValidationError) Error() string

type StorageAdder 

type StorageAdder interface {
	NewRegistration() (string, error)
	UpdateRegistration(Registration) error

	NewPendingAuthorization() (string, error)
	UpdatePendingAuthorization(Authorization) error
	FinalizeAuthorization(Authorization) error

	AddCertificate([]byte) (string, error)
}

type StorageAuthority 

type StorageAuthority interface {
	StorageGetter
	StorageAdder
}

StorageAuthority interface represents a simple key/value store. It is divided into StorageGetter and StorageUpdater interfaces for privilege separation.

type StorageGetter 

type StorageGetter interface {
	GetRegistration(string) (Registration, error)
	GetAuthorization(string) (Authorization, error)
	GetCertificate(string) ([]byte, error)
}

type SyntaxError 

type SyntaxError string

func (SyntaxError) Error 

func (e SyntaxError) Error() string

type UnauthorizedError 

type UnauthorizedError string

func (UnauthorizedError) Error 

func (e UnauthorizedError) Error() string

type ValidationAuthority 

type ValidationAuthority interface {
	// [RegistrationAuthority]
	UpdateValidations(Authorization) error
}

type WebFrontEnd 

type WebFrontEnd interface {
	// Set the base URL for authorizations
	SetAuthzBase(path string)

	// Set the base URL for certificates
	SetCertBase(path string)

	// This method represents the ACME new-registration resource
	NewRegistration(response http.ResponseWriter, request *http.Request)

	// This method represents the ACME new-authorization resource
	NewAuthz(response http.ResponseWriter, request *http.Request)

	// This method represents the ACME new-certificate resource
	NewCert(response http.ResponseWriter, request *http.Request)

	// Provide access to requests for registration resources
	Registration(response http.ResponseWriter, request *http.Request)

	// Provide access to requests for authorization resources
	Authz(response http.ResponseWriter, request *http.Request)

	// Provide access to requests for authorization resources
	Cert(response http.ResponseWriter, request *http.Request)
}

A WebFrontEnd object supplies methods that can be hooked into the Go http module's server functions, principally http.HandleFunc()

It also provides methods to configure the base for authorization and certificate URLs.

It is assumed that the ACME server is laid out as follows: * One URL for new-authorization -> NewAuthz * One URL for new-certificate -> NewCert * One path for authorizations -> Authz * One path for certificates -> Cert

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.