Documentation ¶
Index ¶
- Constants
- type WebFrontEnd
- func (wfe *WebFrontEnd) Authz(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) Certificate(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) Challenge(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) Directory(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) FinalizeOrder(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) HandleFunc(mux *http.ServeMux, pattern string, handler wfeHandlerFunc, methods ...string)
- func (wfe *WebFrontEnd) HandleManagementFunc(mux *http.ServeMux, pattern string, handler wfeHandlerFunc)
- func (wfe *WebFrontEnd) Handler() http.Handler
- func (wfe *WebFrontEnd) KeyRollover(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) ManagementHandler() http.Handler
- func (wfe *WebFrontEnd) NewAccount(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) NewOrder(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) Nonce(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) Order(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) RevokeCert(ctx context.Context, response http.ResponseWriter, request *http.Request)
- func (wfe *WebFrontEnd) UpdateAccount(ctx context.Context, response http.ResponseWriter, request *http.Request)
- type WebFrontEndOpts
Constants ¶
const ( // POST requests with a JWS body must have the following Content-Type header. ExpectedJWSContentType = "application/jose+json" // RFC 1034 says DNS labels have a max of 63 octets, and names have a max of 255 // octets: https://tools.ietf.org/html/rfc1035#page-10. Since two of those octets // are taken up by the leading length byte and the trailing root period the actual // max length becomes 253. MaxDNSIdentifierLength = 253 // ToS URL. ToSURL = "data:text/plain,Do%20what%20thou%20wilt" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type WebFrontEnd ¶
type WebFrontEnd struct {
// contains filtered or unexported fields
}
func New ¶
func New(db db.GravelStore, va *va.VerificationAuthority, ca *ca.CertificateAuthority, opts *WebFrontEndOpts) *WebFrontEnd
func (*WebFrontEnd) Authz ¶
func (wfe *WebFrontEnd) Authz( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) Certificate ¶
func (wfe *WebFrontEnd) Certificate( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) Challenge ¶
func (wfe *WebFrontEnd) Challenge( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) Directory ¶
func (wfe *WebFrontEnd) Directory( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) FinalizeOrder ¶
func (wfe *WebFrontEnd) FinalizeOrder( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) HandleFunc ¶
func (wfe *WebFrontEnd) HandleFunc(mux *http.ServeMux, pattern string, handler wfeHandlerFunc, methods ...string)
func (*WebFrontEnd) HandleManagementFunc ¶
func (wfe *WebFrontEnd) HandleManagementFunc( mux *http.ServeMux, pattern string, handler wfeHandlerFunc)
func (*WebFrontEnd) Handler ¶
func (wfe *WebFrontEnd) Handler() http.Handler
func (*WebFrontEnd) KeyRollover ¶
func (wfe *WebFrontEnd) KeyRollover( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) ManagementHandler ¶
func (wfe *WebFrontEnd) ManagementHandler() http.Handler
ManagementHandler handles the endpoints exposed on the management interface that is configured by the `managementListenAddress` parameter in Pebble JSON config file.
func (*WebFrontEnd) NewAccount ¶
func (wfe *WebFrontEnd) NewAccount( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) NewOrder ¶
func (wfe *WebFrontEnd) NewOrder( ctx context.Context, response http.ResponseWriter, request *http.Request)
NewOrder creates a new Order request and populates its authorizations
func (*WebFrontEnd) Nonce ¶
func (wfe *WebFrontEnd) Nonce( ctx context.Context, response http.ResponseWriter, request *http.Request)
func (*WebFrontEnd) Order ¶
func (wfe *WebFrontEnd) Order( ctx context.Context, response http.ResponseWriter, request *http.Request)
Order retrieves the details of an existing order
func (*WebFrontEnd) RevokeCert ¶
func (wfe *WebFrontEnd) RevokeCert( ctx context.Context, response http.ResponseWriter, request *http.Request)
RevokeCert revokes an ACME certificate. It currently only implements one method of ACME revocation: Signing the revocation request by signing it with the certificate to be revoked's private key and embedding the certificate to be revoked's public key as a JWK in the JWS.
Pebble's idea of certificate revocation is to forget the certificate exists. This method does not percolate to a CRL or an OCSP response.
func (*WebFrontEnd) UpdateAccount ¶
func (wfe *WebFrontEnd) UpdateAccount( ctx context.Context, response http.ResponseWriter, request *http.Request)
type WebFrontEndOpts ¶
type WebFrontEndOpts struct { // Default: "/dir" DirectoryPath string // Defaults: "/nonce-plz" NoncePath string // Defaults: "/sign-me-up" NewAccountPath string // Defaults: "/my-account/" AcctPath string // Defaults: "/order-plz" NewOrderPath string // Defaults: "/my-order/" OrderPath string // Defaults: "/finalize-order/" OrderFinalizePath string // Defaults: "/authZ/" AuthzPath string // Defaults: "/chalZ/" ChallengePath string // Defaults: "/certZ/" CertPath string // Defaults: "/revoke-cert" RevokeCertPath string // Defaults: "/rollover-account-key" KeyRolloverPath string // Defaults: "/roots/" RootCertPath string // Defaults: "/root-keys/" RootKeyPath string // Defaults: "/intermediates/" IntermediateCertPath string // Defaults: "/intermediate-keys/" IntermediateKeyPath string // Defaults: "/cert-status-by-serial/" CertStatusBySerial string // How long do pending authorizations last before expiring? // Defaults: 1 * time.Hour PendingAuthzExpire time.Duration // How many contacts is an account allowed to have? // Defaults: 2 MaxContactsPerAcct int // Defaults: 0 BadNoncePercentage int // Defaults: 5 DefaultNonceReject int // Invalid revocation reason codes. // The full list of codes can be found in Section 8.5.3.1 of ITU-T X.509 // http://www.itu.int/rec/T-REC-X.509-201210-I/en // Defaults: 7 UnusedRevocationReason uint // Defaults: 10 AACompromiseRevocationReason uint // AuthzReusePercentage defines an environment variable name used to provide a // percentage value for how often Pebble should try to reuse valid authorizations // for each identifier in an order. The percentage is independent of whether a // valid authorization exists or not for each identifier in an order. // Defaults: 0 AuthzReusePercentage int // Defaults: 50 DefaultAuthzReuse int Strict bool // Logger Logger *logrus.Logger }
Options used to configure the WebFrontEnd. Most of these options are not exposed via the ACME standard, but they are left exposed as this is an integration test suite.
func NewDefaultWebFrontEndOpts ¶
func NewDefaultWebFrontEndOpts() *WebFrontEndOpts