Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Details ¶
type Details struct {
Issuer string `json:"issuer"`
PrivateKey string `json:"privateKey"`
Certificate string `json:"certificate"`
Subject string `json:"subject"`
AltNames []string `json:"altNames"`
NotAfter time.Time `json:"notAfter"`
OcspResponse []byte `json:"ocspResponse"`
NextOcspUpdate time.Time `json:"nextOcspUpdate"`
}
Details contains the details of a certificate we've previously obtained and saved for future use.
func (*Details) HasStapleFor ¶
HasStapleFor indicates whether the OCSP staple covers the entirety of the given period.
type JsonStore ¶
type JsonStore struct {
// contains filtered or unexported fields
}
JsonStore is responsible for storing and managing certificates. It can save and load data to/from a JSON file.
func NewStore ¶
NewStore creates a new certificate store using the specified path for storage, and tries to load any saved data.
func (*JsonStore) GetCertificate ¶
GetCertificate returns a previously stored certificate with the given subject and alt names, or `nil` if none exists.
Returned certificates are not guaranteed to be valid.
func (*JsonStore) LockCertificate ¶ added in v0.3.0
LockCertificate acquires a lock over the writing of the given certificate. All calls to LockCertificate should be followed by calls to UnlockCertificate.
func (*JsonStore) SaveCertificate ¶
SaveCertificate adds the given certificate to the store. Any previously saved certificates for the same subject and alt names will be removed. The store will be saved to disk after the certificate is added.
Callers should acquire a lock on the certificate by calling LockCertificate before saving it.
func (*JsonStore) UnlockCertificate ¶ added in v0.3.0
UnlockCertificate releases a previously acquired lock over the writing of the given certificate.
type LegoSupplier ¶
type LegoSupplier struct {
// contains filtered or unexported fields
}
LegoSupplier uses a lego client to obtain certificates from an ACME endpoint.
func NewLegoSupplier ¶ added in v0.2.0
func NewLegoSupplier(config *LegoSupplierConfig) (*LegoSupplier, error)
NewLegoSupplier creates a new supplier, registering or retrieving an account with the ACME server as necessary.
func (*LegoSupplier) GetCertificate ¶
func (s *LegoSupplier) GetCertificate(subject string, altNames []string) (*Details, error)
GetCertificate obtains a new certificate for the given names, and immediately requests a new OCSP staple.
func (*LegoSupplier) MinCertificateValidity ¶ added in v0.2.0
func (s *LegoSupplier) MinCertificateValidity() time.Duration
func (*LegoSupplier) MinStapleValidity ¶ added in v0.2.0
func (s *LegoSupplier) MinStapleValidity() time.Duration
func (*LegoSupplier) UpdateStaple ¶
func (s *LegoSupplier) UpdateStaple(cert *Details) error
UpdateStaple requests a new OCSP staple for the given certificate.
type LegoSupplierConfig ¶
type LegoSupplierConfig struct {
// Path is the path to a file on disk where registration data may be cached.
Path string
// Email is the contact address to supply to the ACME endpoint
Email string
// DirUrl is the URL of the ACME endpoint.
DirUrl string
// KeyType is the type of key to use when generating a certificate.
KeyType certcrypto.KeyType
// DnsProvider is the DNS-01 challenge provider that will verify domain ownership.
DnsProvider challenge.Provider
}
LegoSupplierConfig contains the configuration used to create a new LegoSupplier.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is responsible for co-ordinating a certificate store and supplier, providing a means to obtain a valid certificate with an OCSP staple.
func NewManager ¶
NewManager returns a new certificate manager backed by the given store and supplier.
func (*Manager) GetCertificate ¶
func (m *Manager) GetCertificate(preferredSupplier string, subject string, altNames []string) (*tls.Certificate, error)
GetCertificate returns a certificate for the given subject and alternate names. This may take some time if a new certificate needs to be obtained, or the OCSP staple needs to be updated.
func (*Manager) GetExistingCertificate ¶ added in v0.3.0
func (m *Manager) GetExistingCertificate(preferredSupplier string, subject string, altNames []string) (*tls.Certificate, bool, error)
GetExistingCertificate returns a previously saved certificate with the given subject and alternate names if it is still valid. It also indicates whether the certificate is in need of renewal or not. Certificates should be renewed by calling GetCertificate which will block and return the new certificate.
type Provider ¶ added in v0.2.0
type Provider interface {
GetCertificate(preferredSupplier string, subject string, altNames []string) (*tls.Certificate, error)
GetExistingCertificate(preferredSupplier string, subject string, altNames []string) (*tls.Certificate, bool, error)
}
Provider defines the interface for providing certificates to a WildcardResolver.
type SelfSignedSupplier ¶ added in v0.2.0
type SelfSignedSupplier struct {
}
func NewSelfSignedSupplier ¶ added in v0.2.0
func NewSelfSignedSupplier() *SelfSignedSupplier
func (*SelfSignedSupplier) GetCertificate ¶ added in v0.2.0
func (s *SelfSignedSupplier) GetCertificate(subject string, altNames []string) (*Details, error)
func (*SelfSignedSupplier) MinCertificateValidity ¶ added in v0.2.0
func (s *SelfSignedSupplier) MinCertificateValidity() time.Duration
func (*SelfSignedSupplier) MinStapleValidity ¶ added in v0.2.0
func (s *SelfSignedSupplier) MinStapleValidity() time.Duration
func (*SelfSignedSupplier) UpdateStaple ¶ added in v0.2.0
func (s *SelfSignedSupplier) UpdateStaple(_ *Details) error
type Store ¶
type Store interface {
GetCertificate(subject string, altNames []string) *Details
SaveCertificate(cert *Details) error
LockCertificate(subjectName string, altNames []string)
UnlockCertificate(subjectName string, altNames []string)
}
Store provides functions to get and store certificates.
type Supplier ¶
type Supplier interface {
GetCertificate(subject string, altNames []string) (*Details, error)
UpdateStaple(cert *Details) error
MinCertificateValidity() time.Duration
MinStapleValidity() time.Duration
}
Supplier provides new certificates and OCSP staples.
type WildcardResolver ¶ added in v0.2.0
type WildcardResolver struct {
// contains filtered or unexported fields
}
WildcardResolver wraps around a certificate provider and modifies the domain and altNames of any request according to set of wildcard rules.
For example if the domain ".example.com" is treated as a wildcard domain, any certificate requests for "foo.example.com", "bar.example.com", etc, will be converted to "*.example.com". Requests for "example.com" or "a.b.example.com" will not be modified.
func NewWildcardResolver ¶ added in v0.2.0
func NewWildcardResolver(upstream Provider, domains []string) *WildcardResolver
NewWildcardResolver creates a new WildcardResolver that will modify any domain in the given list to be wildcards.
func (*WildcardResolver) GetCertificate ¶ added in v0.2.0
func (w *WildcardResolver) GetCertificate(preferredSupplier string, subject string, altNames []string) (*tls.Certificate, error)
GetCertificate returns a certificate from the upstream provider that will cover the given subject and altNames, taking into account the configured wildcard domains.
func (*WildcardResolver) GetExistingCertificate ¶ added in v0.3.0
func (w *WildcardResolver) GetExistingCertificate(preferredSupplier string, subject string, altNames []string) (*tls.Certificate, bool, error)
GetExistingCertificate returns an existing, saved certificate from the upstream provider that will cover the given subject and altNames, taking into account the configured wildcard domains.
Source Files