tlss

package

v0.1.2 Latest Latest Go to latest Published: May 5, 2026 License: MIT Imports: 40 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/agberohq/agbero

Links

Open Source Insights

Documentation ¶

Index ¶

func BootstrapEnv(logger *ll.Logger) error
func IsCARootInstalled(certDir expect.Folder) bool
type ACMEProvider
- func NewACMEProvider(logger *ll.Logger, storage tlsstore.Store, challenges *ChallengeStore, ...) *ACMEProvider
- func (p *ACMEProvider) ObtainCert(domain string, setting alaye.LetsEncrypt) (*tls.Certificate, []byte, []byte, error)
type AcmeUser
type ChallengeStore
- func NewChallengeStore(logger *ll.Logger) *ChallengeStore
type ClusterBroadcaster
type Local
- func NewLocal(logger *ll.Logger, store tlsstore.Store) *Local
type Manager
- func NewManager(logger *ll.Logger, hm *discovery.Host, global *alaye.Global, ...) *Manager

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BootstrapEnv ¶

func BootstrapEnv(logger *ll.Logger) error

func IsCARootInstalled ¶

func IsCARootInstalled(certDir expect.Folder) bool

Types ¶

type ACMEProvider ¶

type ACMEProvider struct {
	// contains filtered or unexported fields
}

func NewACMEProvider ¶

func NewACMEProvider(logger *ll.Logger, storage tlsstore.Store, challenges *ChallengeStore, global alaye.LetsEncrypt) *ACMEProvider

func (*ACMEProvider) ObtainCert ¶

func (p *ACMEProvider) ObtainCert(domain string, setting alaye.LetsEncrypt) (*tls.Certificate, []byte, []byte, error)

type AcmeUser ¶

type AcmeUser struct {
	Email        string
	Registration *registration.Resource
	// contains filtered or unexported fields
}

func (*AcmeUser) GetEmail ¶

func (u *AcmeUser) GetEmail() string

func (*AcmeUser) GetPrivateKey ¶

func (u *AcmeUser) GetPrivateKey() crypto.PrivateKey

func (*AcmeUser) GetRegistration ¶

func (u *AcmeUser) GetRegistration() *registration.Resource

type ChallengeStore ¶

type ChallengeStore struct {
	// contains filtered or unexported fields
}

func NewChallengeStore ¶

func NewChallengeStore(logger *ll.Logger) *ChallengeStore

NewChallengeStore initializes an in-memory repository for ACME tokens. It bridges standard HTTP-01 challenges to the gossip mesh.

func (*ChallengeStore) CleanUp ¶

func (s *ChallengeStore) CleanUp(domain, token, keyAuth string) error

CleanUp deletes a fulfilled challenge and broadcasts the teardown.

func (*ChallengeStore) GetKeyAuth ¶

func (s *ChallengeStore) GetKeyAuth(token string) (string, bool)

GetKeyAuth serves HTTP-01 validation requests directly from memory.

func (*ChallengeStore) Present ¶

func (s *ChallengeStore) Present(domain, token, keyAuth string) error

Present surfaces an ACME challenge token locally and relays it to peers. Allows any node in the cluster to respond successfully to Let's Encrypt.

func (*ChallengeStore) SetCluster ¶

func (s *ChallengeStore) SetCluster(c ClusterBroadcaster)

SetCluster binds the distributed broadcaster to the local store.

func (*ChallengeStore) SyncFromCluster ¶

func (s *ChallengeStore) SyncFromCluster(token, keyAuth string, deleted bool)

SyncFromCluster registers ACME tokens generated by other nodes.

type ClusterBroadcaster ¶

type ClusterBroadcaster interface {
	BroadcastChallenge(token, keyAuth string, deleted bool)
	BroadcastCert(domain string, certPEM, keyPEM []byte) error
	TryAcquireLock(key string) bool
}

type Local ¶

type Local struct {
	// contains filtered or unexported fields
}

func NewLocal ¶

func NewLocal(logger *ll.Logger, store tlsstore.Store) *Local

NewLocal creates a Local instance with the required storage backend.

func (*Local) CAExists ¶

func (ci *Local) CAExists() bool

CAExists is the public API for checking CA presence in storage.

func (*Local) CAExistsInSystem ¶

func (ci *Local) CAExistsInSystem() bool

CAExistsInSystem is the public API for checking CA trust store presence.

func (*Local) EnsureForHost ¶

func (ci *Local) EnsureForHost(host string, port int) (certFile, keyFile string, err error)

EnsureForHost ensures a certificate exists for a specific host and port.

func (*Local) EnsureLocalhostCert ¶

func (ci *Local) EnsureLocalhostCert() (string, string, error)

EnsureLocalhostCert ensures a local development certificate exists for the configured hosts. Returns the domain identifier (for storage lookup) on success.

func (*Local) HasCertutil ¶

func (ci *Local) HasCertutil() bool

HasCertutil reports whether certutil is available on the system.

func (*Local) InstallCARootIfNeeded ¶

func (ci *Local) InstallCARootIfNeeded() error

InstallCARootIfNeeded generates a CA root if missing and installs it to system trust stores.

func (*Local) ListCertificates ¶

func (ci *Local) ListCertificates() ([]string, error)

func (*Local) RemoveCA ¶

func (ci *Local) RemoveCA()

RemoveCA deletes the CA certificate from storage.

func (*Local) SetHosts ¶

func (ci *Local) SetHosts(hosts []string, port int)

SetHosts configures the hosts and port for certificate generation.

func (*Local) SetMockMode ¶

func (ci *Local) SetMockMode(mock bool)

SetMockMode enables or disables mock mode (skips system trust store operations).

func (*Local) UninstallCARoot ¶

func (ci *Local) UninstallCARoot() error

type Manager ¶

type Manager struct {
	Challenges *ChallengeStore
	// contains filtered or unexported fields
}

func NewManager ¶

func NewManager(logger *ll.Logger, hm *discovery.Host, global *alaye.Global, keeperStore *keeper.Keeper) *Manager

func (*Manager) ApplyClusterCertificate ¶

func (m *Manager) ApplyClusterCertificate(domain string, certPEM, keyPEM []byte) error

func (*Manager) ApplyClusterChallenge ¶

func (m *Manager) ApplyClusterChallenge(token, keyAuth string, deleted bool)

func (*Manager) Close ¶

func (m *Manager) Close()

func (*Manager) DeleteCertificate ¶

func (m *Manager) DeleteCertificate(domain string) error

func (*Manager) EnsureCertMagic ¶

func (m *Manager) EnsureCertMagic(next http.Handler) (http.Handler, error)

func (*Manager) GetCertificate ¶

func (m *Manager) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)

func (*Manager) GetConfigForClient ¶

func (m *Manager) GetConfigForClient(chi *tls.ClientHelloInfo) (*tls.Config, error)

func (*Manager) LikelyInternal ¶

func (m *Manager) LikelyInternal(name string) bool

func (*Manager) ListCertificates ¶

func (m *Manager) ListCertificates() ([]string, error)

func (*Manager) LoadCertificate ¶

func (m *Manager) LoadCertificate(domain string) (certPEM, keyPEM []byte, err error)

func (*Manager) PreloadLocalCertificates ¶

func (m *Manager) PreloadLocalCertificates(hosts map[string]*alaye.Host)

PreloadLocalCertificates generates and caches TLS certificates for all hosts that use ModeLocalAuto before any listeners start.

Calling this during server startup eliminates the first-request race condition where concurrent browser connections all find an empty cache, trigger parallel on-demand generation, and some receive nil mid-write. getCertificateLocal continues to use localFlight as a safety net for domains that are added dynamically after startup or that are not present at boot.

Hosts whose certificate is already in the cache (loaded by loadFromStorage) are skipped — no duplicate work is done.

func (*Manager) SetCluster ¶

func (m *Manager) SetCluster(c ClusterBroadcaster)

func (*Manager) SetUpdateCallback ¶

func (m *Manager) SetUpdateCallback(fn func(domain string, certPEM, keyPEM []byte))

func (*Manager) UpdateCertificate ¶

func (m *Manager) UpdateCertificate(domain string, certPEM, keyPEM []byte) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
tlsstore

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL