certificate

package

v0.2.0 Latest Latest Go to latest Published: Dec 1, 2020 License: MIT, MIT, MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/TeaWeb/build

Links

Open Source Insights

Documentation ¶

Index ¶

type Certifier
- func NewCertifier(core *api.Core, resolver resolver, options CertifierOptions) *Certifier
type CertifierOptions
type ObtainRequest
type Resource

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Certifier ¶

type Certifier struct {
	// contains filtered or unexported fields
}

Certifier A service to obtain/renew/revoke certificates.

func (*Certifier) Get ¶

func (c *Certifier) Get(url string, bundle bool) (*Resource, error)

Get attempts to fetch the certificate at the supplied URL. The URL is the same as what would normally be supplied at the Resource's CertURL.

The returned Resource will not have the PrivateKey and CSR fields populated as these will not be available.

If bundle is true, the Certificate field in the returned Resource includes the issuer certificate.

func (*Certifier) GetOCSP ¶

func (c *Certifier) GetOCSP(bundle []byte) ([]byte, *ocsp.Response, error)

GetOCSP takes a PEM encoded cert or cert bundle returning the raw OCSP response, the parsed response, and an error, if any.

The returned []byte can be passed directly into the OCSPStaple property of a tls.Certificate. If the bundle only contains the issued certificate, this function will try to get the issuer certificate from the IssuingCertificateURL in the certificate.

If the []byte and/or ocsp.Response return values are nil, the OCSP status may be assumed OCSPUnknown.

func (*Certifier) GetRecords ¶

func (c *Certifier) GetRecords(request ObtainRequest) (records []string, err error)

func (*Certifier) Obtain ¶

func (c *Certifier) Obtain(request ObtainRequest) (*Resource, error)

Obtain tries to obtain a single certificate using all domains passed into it.

This function will never return a partial certificate. If one domain in the list fails, the whole certificate will fail.

func (*Certifier) ObtainForCSR ¶

func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*Resource, error)

ObtainForCSR tries to obtain a certificate matching the CSR passed into it.

The domains are inferred from the CommonName and SubjectAltNames, if any. The private key for this CSR is not required.

If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.

This function will never return a partial certificate. If one domain in the list fails, the whole certificate will fail.

func (*Certifier) Renew ¶

func (c *Certifier) Renew(certRes Resource, bundle, mustStaple bool) (*Resource, error)

Renew takes a Resource and tries to renew the certificate.

If the renewal process succeeds, the new certificate will ge returned in a new CertResource. Please be aware that this function will return a new certificate in ANY case that is not an error. If the server does not provide us with a new cert on a GET request to the CertURL this function will start a new-cert flow where a new certificate gets generated.

If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.

For private key reuse the PrivateKey property of the passed in Resource should be non-nil.

func (*Certifier) Revoke ¶

func (c *Certifier) Revoke(cert []byte) error

Revoke takes a PEM encoded certificate or bundle and tries to revoke it at the CA.

type CertifierOptions ¶

type CertifierOptions struct {
	KeyType certcrypto.KeyType
	Timeout time.Duration
}

type ObtainRequest ¶

type ObtainRequest struct {
	Domains    []string
	Bundle     bool
	PrivateKey crypto.PrivateKey
	MustStaple bool
}

ObtainRequest The request to obtain certificate.

The first domain in domains is used for the CommonName field of the certificate, all other domains are added using the Subject Alternate Names extension.

A new private key is generated for every invocation of the function Obtain. If you do not want that you can supply your own private key in the privateKey parameter. If this parameter is non-nil it will be used instead of generating a new one.

If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.

type Resource ¶

type Resource struct {
	Domain            string `json:"domain"`
	CertURL           string `json:"certUrl"`
	CertStableURL     string `json:"certStableUrl"`
	PrivateKey        []byte `json:"-"`
	Certificate       []byte `json:"-"`
	IssuerCertificate []byte `json:"-"`
	CSR               []byte `json:"-"`
}

Resource represents a CA issued certificate. PrivateKey, Certificate and IssuerCertificate are all already PEM encoded and can be directly written to disk. Certificate may be a certificate bundle, depending on the options supplied to create it.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

Types ¶

type Certifier ¶

func NewCertifier ¶

func (*Certifier) Get ¶

func (*Certifier) GetOCSP ¶

func (*Certifier) GetRecords ¶

func (*Certifier) Obtain ¶

func (*Certifier) ObtainForCSR ¶

func (*Certifier) Renew ¶

func (*Certifier) Revoke ¶

type CertifierOptions ¶

type ObtainRequest ¶

type Resource ¶

Source Files ¶