client

package
v2.0.0-...-057b331 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 6, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Certifier

type Certifier struct {
	// contains filtered or unexported fields
}

Certifier A service to obtain/renew/revoke certificates.

func NewCertifier

func NewCertifier(core *api.Core, resolver resolverInternal, options certificate.CertifierOptions) *Certifier

NewCertifier creates a Certifier. Only difference is that the domains are inferred only from the SubjectAltNames for ObtainCSR. This cause that the certifier is not compatible with let's encrypt.

func (*Certifier) Get

func (c *Certifier) Get(url string, bundle bool) (*certificate.Resource, error)

Get attempts to fetch the certificate at the supplied URL. The URL is the same as what would normally be supplied at the Resource's CertURL.

The returned Resource will not have the PrivateKey and CSR fields populated as these will not be available.

If bundle is true, the Certificate field in the returned Resource includes the issuer certificate.

func (*Certifier) GetOCSP

func (c *Certifier) GetOCSP(bundle []byte) ([]byte, *ocsp.Response, error)

GetOCSP takes a PEM encoded cert or cert bundle returning the raw OCSP response, the parsed response, and an error, if any.

The returned []byte can be passed directly into the OCSPStaple property of a tls.Certificate. If the bundle only contains the issued certificate, this function will try to get the issuer certificate from the IssuingCertificateURL in the certificate.

If the []byte and/or ocsp.Response return values are nil, the OCSP status may be assumed OCSPUnknown.

func (*Certifier) Obtain

Obtain tries to obtain a single certificate using all domains passed into it.

This function will never return a partial certificate. If one domain in the list fails, the whole certificate will fail.

func (*Certifier) ObtainForCSR

func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*certificate.Resource, error)

ObtainForCSR tries to obtain a certificate matching the CSR passed into it.

The domains are inferred from the SubjectAltNames, if any. The private key for this CSR is not required.

If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.

This function will never return a partial certificate. If one domain in the list fails, the whole certificate will fail.

func (*Certifier) Renew

func (c *Certifier) Renew(certRes certificate.Resource, bundle, mustStaple bool) (*certificate.Resource, error)

Renew takes a Resource and tries to renew the certificate.

If the renewal process succeeds, the new certificate will ge returned in a new CertResource. Please be aware that this function will return a new certificate in ANY case that is not an error. If the server does not provide us with a new cert on a GET request to the CertURL this function will start a new-cert flow where a new certificate gets generated.

If bundle is true, the []byte contains both the issuer certificate and your issued certificate as a bundle.

For private key reuse the PrivateKey property of the passed in Resource should be non-nil.

func (*Certifier) Revoke

func (c *Certifier) Revoke(cert []byte) error

Revoke takes a PEM encoded certificate or bundle and tries to revoke it at the CA.

type Client

type Client struct {
	Certificate  *Certifier
	Challenge    *resolver.SolverManager
	Registration *registration.Registrar
	// contains filtered or unexported fields
}

Client is the user-friendly way to ACME

func NewClient

func NewClient(config *origLego.Config) (*Client, error)

NewClient creates a new ACME client on behalf of the user. The client will depend on the ACME directory located at CADirURL for the rest of its actions. A private key of type keyType (see KeyType constants) will be generated when requesting a new certificate if one isn't provided.

func (*Client) GetExternalAccountRequired

func (c *Client) GetExternalAccountRequired() bool

GetExternalAccountRequired returns the External Account Binding requirement of the Directory

func (*Client) GetToSURL

func (c *Client) GetToSURL() string

GetToSURL returns the current ToS URL from the Directory

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL