certstore

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2025 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Overview

Package certstore implements an HTTP provider for solving the HTTP-01 challenge using kvring in combination with a webserver.

Index

Constants

View Source 
const (
	CertificatePrefix = "certificate"
	TokenPrefix       = "token"
	ChallengePrefix   = "challenge"
)

Key prefixes

Variables

View Source 
var (
	AmCertificateRingKey = "collectors/certificate"
	AmChallengeRingKey   = "collectors/challenge"
	AmTokenRingKey       = "collectors/token"
	AmStore              *CertStore
)
View Source 
var (
	AcmeClient = make(map[string]*lego.Client)
)

Functions

func CheckCertExpiration 

func CheckCertExpiration(amStore *CertStore, logger log.Logger) error

func Cleanup 

func Cleanup(logger log.Logger, interval time.Duration, certExpDays int, cleanupCertRevokeLastVersion bool)

func CleanupCertificateVersions 

func CleanupCertificateVersions(logger log.Logger, certExpDays int, cleanupCertRevokeLastVersion bool)

func CleanupTokens 

func CleanupTokens(logger log.Logger)

func CreateRemoteCertificateResource 

func CreateRemoteCertificateResource(certData *models.Certificate, logger log.Logger) (*models.Certificate, error)

func DeleteRemoteCertificateResource 

func DeleteRemoteCertificateResource(certData *models.Certificate, logger log.Logger) error

func GenerateCertificateKey 

func GenerateCertificateKey(owner, issuer, domain string) string

GenerateCertificateKey creates a hierarchical key for certificates

func GenerateChallengeKey 

func GenerateChallengeKey(challengeID string) string

GenerateChallengeKey creates a hierarchical key for challenges

func GenerateTokenKey 

func GenerateTokenKey(tokenID string) string

GenerateTokenKey creates a hierarchical key for tokens

func GetCertificateKeysForOwner 

func GetCertificateKeysForOwner(owner string) string

GetCertificateKeysForOwner generates a prefix to list all certificates for an owner

func GetCertificateKeysForOwnerAndIssuer 

func GetCertificateKeysForOwnerAndIssuer(owner, issuer string) string

GetCertificateKeysForOwnerAndIssuer generates a prefix to list certificates for owner+issuer

func GetTokenKeysForOwner 

func GetTokenKeysForOwner(owner string) string

GetTokenKeysForOwner generates a prefix to list all tokens for an owner

func MapInterfaceToCertMap 

func MapInterfaceToCertMap(data map[string]interface{}) models.CertMap

func NewHTTPChallengeProviderByName 

func NewHTTPChallengeProviderByName(name, config string, logger log.Logger) (challenge.Provider, error)

NewHTTPChallengeProviderByName Factory for HTTP providers.

func NewStatusCodeRetryPolicy 

func NewStatusCodeRetryPolicy(customLogger *logrus.Logger, retryStatusCodes []int) retryablehttp.CheckRetry

NewStatusCodeRetryPolicy creates a CheckRetry function that retries on connection errors, 5xx status codes (default behavior), and any additional status codes provided in the `retryStatusCodes` list.

func OnStartup 

func OnStartup(logger log.Logger) error

func ParseTokenKey 

func ParseTokenKey(key string) (tokenID string, err error)

ParseTokenKey extracts components from a token key

func SaveResource 

func SaveResource(logger log.Logger, filepath string, certRes *certificate.Resource)

func Setup 

func Setup(logger log.Logger, customLogger *logrus.Logger, cfg config.Config, version string) error

func WatchCertExpiration 

func WatchCertExpiration(logger log.Logger, interval time.Duration)

func WatchConfigFileChanges 

func WatchConfigFileChanges(logger log.Logger, customLogger *logrus.Logger, interval time.Duration, configPath, version string)

func WatchIssuerHealth 

func WatchIssuerHealth(logger log.Logger, customLogger *logrus.Logger, interval time.Duration, version string)

func WatchTokenExpiration 

func WatchTokenExpiration(logger log.Logger, interval time.Duration)

Types

type Account 

type Account struct {
	Email        string                 `json:"email"`
	Registration *registration.Resource `json:"registration"`
	// contains filtered or unexported fields
}

Account represents a users local saved credentials.

func (*Account) GetEmail 

func (a *Account) GetEmail() string

GetEmail returns the email address for the account.

func (*Account) GetPrivateKey 

func (a *Account) GetPrivateKey() crypto.PrivateKey

GetPrivateKey returns the private RSA account key.

func (*Account) GetRegistration 

func (a *Account) GetRegistration() *registration.Resource

GetRegistration returns the server registration.

type CertStore 

type CertStore struct {
	RingConfig ring.AcmeManagerRing
	Logger     log.Logger
}

func (*CertStore) DeleteCertificate 

func (c *CertStore) DeleteCertificate(owner, issuer, domain string) error

Delete certificate

func (*CertStore) DeleteChallenge 

func (c *CertStore) DeleteChallenge(challengeID string) error

Delete challenge

func (*CertStore) DeleteToken 

func (c *CertStore) DeleteToken(tokenID string) error

Delete token

func (*CertStore) GetCertificate 

func (c *CertStore) GetCertificate(owner, issuer, domain string) (*models.Certificate, error)

Get certificate

func (*CertStore) GetChallenge 

func (c *CertStore) GetChallenge(challengeID string) (string, error)

Get challenge

func (*CertStore) GetToken 

func (c *CertStore) GetToken(tokenID string) (*models.Token, error)

Get token

func (*CertStore) ListAllCertificates 

func (c *CertStore) ListAllCertificates() (map[string]*models.Certificate, error)

List all certificates

func (*CertStore) ListAllChallenges 

func (c *CertStore) ListAllChallenges() (map[string]string, error)

List all challenges

func (*CertStore) ListAllTokens 

func (c *CertStore) ListAllTokens() (map[string]*models.Token, error)

List all tokens

func (*CertStore) ListCertificateKVRingKeys 

func (c *CertStore) ListCertificateKVRingKeys(prefix string) ([]string, error)

func (*CertStore) ListCertificatesForOwner 

func (c *CertStore) ListCertificatesForOwner(owner string) ([]*models.Certificate, error)

List all certificates for an owner

func (*CertStore) ListChallengeKVRingKeys 

func (c *CertStore) ListChallengeKVRingKeys() ([]string, error)

func (*CertStore) ListTokenKVRingKeys 

func (c *CertStore) ListTokenKVRingKeys() ([]string, error)

func (*CertStore) PutCertificate 

func (c *CertStore) PutCertificate(cert *models.Certificate) error

Store certificate

func (*CertStore) PutChallenge 

func (c *CertStore) PutChallenge(challengeID string, keyAuth string) error

Store challenge

func (*CertStore) PutToken 

func (c *CertStore) PutToken(tokenID string, token *models.Token) error

Store token

type CertificateCollector 

type CertificateCollector struct {
	Logger log.Logger
}

func NewCertificateCollector 

func NewCertificateCollector(logger log.Logger) *CertificateCollector

func (*CertificateCollector) Collect 

func (c *CertificateCollector) Collect(ch chan<- prometheus.Metric)

func (*CertificateCollector) Describe 

func (c *CertificateCollector) Describe(_ chan<- *prometheus.Desc)

type HTTPProvider 

type HTTPProvider struct {
	// contains filtered or unexported fields
}

HTTPProvider implements HTTPProvider for `http-01` challenge.

func NewKVRingProvider 

func NewKVRingProvider(logger log.Logger) (*HTTPProvider, error)

NewMemcacheProvider returns a HTTPProvider instance with a configured webroot path.

func (*HTTPProvider) CleanUp 

func (w *HTTPProvider) CleanUp(_, token, _ string) error

CleanUp removes the file created for the challenge.

func (*HTTPProvider) Present 

func (w *HTTPProvider) Present(_, token, keyAuth string) error

Present makes the token available at `HTTP01ChallengePath(token)` by creating the key in the kvring.

type NodeCollector 

type NodeCollector struct {
	Logger log.Logger
}

func NewNodeCollector 

func NewNodeCollector(logger log.Logger) *NodeCollector

func (*NodeCollector) Collect 

func (nc *NodeCollector) Collect(ch chan<- prometheus.Metric)

func (*NodeCollector) Describe 

func (nc *NodeCollector) Describe(_ chan<- *prometheus.Desc)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.