meepmeep

package module
v0.0.0-...-8bb9369 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2018 License: MIT Imports: 18 Imported by: 0

README

MeepMeep

MeepMeep is an minimal ACME V2 client library for Go.

It's compatible with the ACME draft 09, and it intentionally ignores any draft before that version.

MeepMeep is designed to be used inside an application that handles challenge requests and any other additional logic required to manage ACME certificates.

Documentation: https://godoc.org/github.com/calavera/meepmeep

State

MeepMeep is still in early development and it has not been tested with Let's Encrypt staging environment yet.

Development

MeepMeep uses Pebble as testing ACME server, but you don't need to install it, or run it. MeepMeep also uses Docker to run tests in isolation.

Run tests

  1. Ensure you have Docker installed and you can run it as non-root user. See Docker's installation guide if you're not sure about this:

  2. Run all tests with make run-tests.

LICENSE

MIT

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Account 

type Account struct {
	acme.Account
	URL string
}

Account holds information about the ACME account. The URL field is the key ID to use in privileged order requests.

type Authorization 

type Authorization struct {
	acme.Authorization
	URL string
}

Authorization holds information about an ACME authorization.

type Certificate 

type Certificate struct {
	Certificate *x509.Certificate
	Chain       []*x509.Certificate
}

Certificate holds a certificate chain in x509 DER format.

type Challenge 

type Challenge struct {
	acme.Challenge
	URL string
}

Challenge holds information abount an ACME challenge.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client executes requests to the ACME server.

func NewClient 

func NewClient(directoryURL, algorithm string, signer crypto.Signer, options ...Optional) (*Client, error)

NewClient creates a new Client with a specific directory. The new client requires the algorithm and private key to use to sign requests.

Example 
pk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	log.Fatal(err)
}

dirURL := "https://acme-staging-v02.api.letsencrypt.org/directory"
client, err := NewClient(dirURL, "RS256", pk)
if err != nil {
	log.Fatal(err)
}

client.GetDirectory(context.Background())

Output:
Example (WithAccountKey) 
pk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	log.Fatal(err)
}

dirURL := "https://acme-staging-v02.api.letsencrypt.org/directory"
accountKey := "https://acme-staging-v02.api.letsencrypt.org/my-account/96f7fbfaf92c1625a8f4073f3f890b3fc73bc61809753ea60bca687cd417b6f6"

client, err := NewClient(dirURL, "RS256", pk, NewOptionalAccountKey(accountKey))
if err != nil {
	log.Fatal(err)
}

client.GetDirectory(context.Background())

Output:
Example (WithHttpClient) 
pk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	log.Fatal(err)
}

dirURL := "https://acme-staging-v02.api.letsencrypt.org/directory"
accountKey := "https://acme-staging-v02.api.letsencrypt.org/my-account/96f7fbfaf92c1625a8f4073f3f890b3fc73bc61809753ea60bca687cd417b6f6"

client, err := NewClient(dirURL, "RS256", pk, NewOptionalAccountKey(accountKey), NewOptionalHTTPClient(http.DefaultClient))
if err != nil {
	log.Fatal(err)
}

client.GetDirectory(context.Background())

Output:

func (*Client) AcceptChallenge 

func (c *Client) AcceptChallenge(ctx context.Context, challenge *acme.Challenge) (*Challenge, error)

AcceptChallenge requests a challenge verification from the ACME server.

func (*Client) DeactivateAccount 

func (c *Client) DeactivateAccount(ctx context.Context, url string) (*Account, error)

DeactivateAccount changes an account status to deactivated. This ensures that a pending authorization can be ignored in a safe way.

func (*Client) DeactivateAuthorization 

func (c *Client) DeactivateAuthorization(ctx context.Context, url string) (*Authorization, error)

DeactivateAuthorization changes the authorization status to deactivated. This ensures that a pending authorization can be ignored in a safe way.

func (*Client) FinalizeOrder 

func (c *Client) FinalizeOrder(ctx context.Context, o *Order) (*Order, error)

FinalizeOrder changes the order status to finalized.

func (*Client) GetAuthorization 

func (c *Client) GetAuthorization(ctx context.Context, url string) (*Authorization, error)

GetAuthorization fetches an ACME authorization. This method can be used to check the status after a certificate challenge has been requested.

func (*Client) GetChallenge 

func (c *Client) GetChallenge(ctx context.Context, url string) (*Challenge, error)

GetChallenge requests an existent challenge object from the ACME server.

func (*Client) GetDirectory 

func (c *Client) GetDirectory(ctx context.Context) (*Directory, error)

GetDirectory fetches the directory payload from the ACME server.

func (*Client) GetOrder 

func (c *Client) GetOrder(ctx context.Context, url string) (*Order, error)

GetOrder requests an existent order object from the ACME server.

func (*Client) NewAccount 

func (c *Client) NewAccount(ctx context.Context, contact ...string) (*Account, error)

NewAccount creates a new ACME account. It forces the client to accept the terms of service.

func (*Client) NewOrder 

func (c *Client) NewOrder(ctx context.Context, identifiers ...acme.Identifier) (*Order, error)

NewOrder issues a new certificate order with a list of identifiers.

func (*Client) RequestCertificate 

func (c *Client) RequestCertificate(ctx context.Context, url string) (*Certificate, error)

RequestCertificate fetches the final ACME certificate.

func (*Client) WithOptions 

func (c *Client) WithOptions(options ...Optional) (*Client, error)

WithOptions allows to change configuration options after a client has been initialize. This method is convenient to add the account key to the client if it didn't have it when it was initialized.

type Directory 

type Directory struct {
	NewNonce    string                 `json:"newNonce"`
	NewAccount  string                 `json:"newAccount"`
	NewOrder    string                 `json:"newOrder"`
	NewAuthz    string                 `json:"newAuthz"`
	RevokeCerts string                 `json:"revokeCerts"`
	KeyExchange string                 `json:"keyExchange"`
	Meta        map[string]interface{} `json:"meta,omitempty"`
}

Directory holds the ACME directory information fetched from a server.

type Optional 

type Optional func(c *Client) error

Optional is a function interface to set optional client settings.

func NewOptionalAccountKey 

func NewOptionalAccountKey(k string) Optional

NewOptionalAccountKey allows you to set the ACME account key for privileged requests. You can get this key from the Account object.

func NewOptionalHTTPClient 

func NewOptionalHTTPClient(t *http.Client) Optional

NewOptionalHTTPClient allows to use a given http client rather than the default http client. Use this if you want your http client to handle retries, network partitions, and server outages.

type Order 

type Order struct {
	acme.Order
	URL string
}

Order hold information about an ACME order.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.