wfe

package
Version: v0.0.0-...-eff5e3f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2019 License: MPL-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// POST requests with a JWS body must have the following Content-Type header.
	ExpectedJWSContentType = "application/jose+json"

	// RFC 1034 says DNS labels have a max of 63 octets, and names have a max of 255
	// octets: https://tools.ietf.org/html/rfc1035#page-10. Since two of those octets
	// are taken up by the leading length byte and the trailing root period the actual
	// max length becomes 253.
	MaxDNSIdentifierLength = 253

	// ToS URL.
	ToSURL = "data:text/plain,Do%20what%20thou%20wilt"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type WebFrontEnd

type WebFrontEnd struct {
	// contains filtered or unexported fields
}

func (*WebFrontEnd) Authz

func (wfe *WebFrontEnd) Authz(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) Certificate

func (wfe *WebFrontEnd) Certificate(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) Challenge

func (wfe *WebFrontEnd) Challenge(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) Directory

func (wfe *WebFrontEnd) Directory(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) FinalizeOrder

func (wfe *WebFrontEnd) FinalizeOrder(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) HandleFunc

func (wfe *WebFrontEnd) HandleFunc(mux *http.ServeMux, pattern string, handler wfeHandlerFunc, methods ...string)

func (*WebFrontEnd) HandleManagementFunc

func (wfe *WebFrontEnd) HandleManagementFunc(
	mux *http.ServeMux,
	pattern string,
	handler wfeHandlerFunc)

func (*WebFrontEnd) Handler

func (wfe *WebFrontEnd) Handler() http.Handler

func (*WebFrontEnd) KeyRollover

func (wfe *WebFrontEnd) KeyRollover(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) ManagementHandler

func (wfe *WebFrontEnd) ManagementHandler() http.Handler

ManagementHandler handles the endpoints exposed on the management interface that is configured by the `managementListenAddress` parameter in Pebble JSON config file.

func (*WebFrontEnd) NewAccount

func (wfe *WebFrontEnd) NewAccount(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) NewOrder

func (wfe *WebFrontEnd) NewOrder(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

NewOrder creates a new Order request and populates its authorizations

func (*WebFrontEnd) Nonce

func (wfe *WebFrontEnd) Nonce(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

func (*WebFrontEnd) Order

func (wfe *WebFrontEnd) Order(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

Order retrieves the details of an existing order

func (*WebFrontEnd) RevokeCert

func (wfe *WebFrontEnd) RevokeCert(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

RevokeCert revokes an ACME certificate. It currently only implements one method of ACME revocation: Signing the revocation request by signing it with the certificate to be revoked's private key and embedding the certificate to be revoked's public key as a JWK in the JWS.

Pebble's idea of certificate revocation is to forget the certificate exists. This method does not percolate to a CRL or an OCSP response.

func (*WebFrontEnd) UpdateAccount

func (wfe *WebFrontEnd) UpdateAccount(
	ctx context.Context,
	response http.ResponseWriter,
	request *http.Request)

type WebFrontEndOpts

type WebFrontEndOpts struct {
	// Default: "/dir"
	DirectoryPath string

	// Defaults: "/nonce-plz"
	NoncePath string

	// Defaults: "/sign-me-up"
	NewAccountPath string

	// Defaults: "/my-account/"
	AcctPath string

	// Defaults: "/order-plz"
	NewOrderPath string

	// Defaults: "/my-order/"
	OrderPath string

	// Defaults: "/finalize-order/"
	OrderFinalizePath string

	// Defaults: "/authZ/"
	AuthzPath string

	// Defaults: "/chalZ/"
	ChallengePath string

	// Defaults: "/certZ/"
	CertPath string

	// Defaults: "/revoke-cert"
	RevokeCertPath string

	// Defaults: "/rollover-account-key"
	KeyRolloverPath string

	// Defaults: "/roots/"
	RootCertPath string

	// Defaults: "/root-keys/"
	RootKeyPath string

	// Defaults: "/intermediates/"
	IntermediateCertPath string

	// Defaults: "/intermediate-keys/"
	IntermediateKeyPath string

	// Defaults: "/cert-status-by-serial/"
	CertStatusBySerial string

	// How long do pending authorizations last before expiring?
	//   Defaults: 1 * time.Hour
	PendingAuthzExpire time.Duration

	// How many contacts is an account allowed to have?
	//   Defaults: 2
	MaxContactsPerAcct int

	// Defaults: 0
	BadNoncePercentage int

	// Defaults: 5
	DefaultNonceReject int

	// Invalid revocation reason codes.
	// The full list of codes can be found in Section 8.5.3.1 of ITU-T X.509
	// http://www.itu.int/rec/T-REC-X.509-201210-I/en
	//   Defaults: 7
	UnusedRevocationReason uint
	//   Defaults: 10
	AACompromiseRevocationReason uint

	// AuthzReusePercentage defines an environment variable name used to provide a
	// percentage value for how often Pebble should try to reuse valid authorizations
	// for each identifier in an order. The percentage is independent of whether a
	// valid authorization exists or not for each identifier in an order.
	//   Defaults: 0
	AuthzReusePercentage int
	// Defaults: 50
	DefaultAuthzReuse int

	Strict bool

	// Logger
	Logger *logrus.Logger
}

Options used to configure the WebFrontEnd. Most of these options are not exposed via the ACME standard, but they are left exposed as this is an integration test suite.

func NewDefaultWebFrontEndOpts

func NewDefaultWebFrontEndOpts() *WebFrontEndOpts

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL